Lucene search
K

117 matches found

cnvd
cnvd
added 2018/05/29 12:0 a.m.3 views

pfSense Post-Auth Command Execution Vulnerability

pfSense is a free and open source firewall and router software under FreeBSD. A command execution vulnerability exists in pfSense Post-Auth. An attacker can exploit this vulnerability to gain privileges to execute commands in the root user's environment...

7.9AI score
Exploits0References1
cvelist
cvelist
added 2018/03/01 7:0 p.m.20 views

CVE-2017-9270 post-auth arbitrary file write on cryptctl server

In cryptctl before version 2.0 a malicious server could send RPC requests that could overwrite files outside of the cryptctl key database...

8.7CVSS9.2AI score0.0198EPSS
Exploits0References3
exploitpack
exploitpack
added 2018/02/12 12:0 a.m.25 views

LogicalDOC Enterprise 7.7.4 - Directory Traversal

LogicalDOC Enterprise 7.7.4 - Directory Traversal LogicalDOC Enterprise 7.7.4 Multiple Directory Traversal Vulnerabilities Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free...

Exploits0
exploitpack
exploitpack
added 2017/06/09 12:0 a.m.22 views

IPFire 2.19 - Remote Code Execution

IPFire 2.19 - Remote Code Execution Title : IPFire 2.19 Firewall Post-Auth RCE Date : 09/06/2017 Author : 0x09AL https://twitter.com/0x09AL Tested on: IPFire 2.19 x8664 - Core Update 110 Vendor : http://www.ipfire.org/ Software :...

Exploits0
metasploit
metasploit
added 2017/01/09 8:39 p.m.60 views

Cisco Firepower Management Console 6.0 Post Auth Report Download Directory Traversal

This module exploits a directory traversal vulnerability in Cisco Firepower Management under the context of www user. Authentication is required to exploit this vulnerability. This module requires Metasploit: https://metasploit.com/download Current source:...

6.5CVSS10AI score0.36617EPSS
Exploits5
exploitdb
exploitdb
added 2016/09/22 12:0 a.m.67 views

JCraft/JSch Java Secure Channel 0.1.53 - Recursive sftp-get Directory Traversal

Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725 Version: 0.3 Date: Aug 31st, 2016 Complete Proof of Concept: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725 https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40411.zip Tag: jsch...

5.9CVSS6.2AI score0.24143EPSS
Exploits3
zdt
zdt
added 2016/09/22 12:0 a.m.137 views

JCraft / JSch Java Secure Channel 0.1.53 - Recursive sftp-get Directory Traversal

Exploit for windows platform in category dos / poc Ref: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725 Version: 0.3 Date: Aug 31st, 2016 Complete Proof of Concept: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725...

4.3CVSS6AI score0.24143EPSS
Exploits3
exploitpack
exploitpack
added 2016/07/29 12:0 a.m.14 views

Barracuda Web Application Firewall 8.0.1.008 - (Authenticated) Remote Command Execution (Metasploit)

Barracuda Web Application Firewall 8.0.1.008 - Authenticated Remote Command Execution Metasploit Exploit Title: Barracuda Web Application Firewall 'Barracuda Web Application Firewall %q This module exploits a remote command execution vulnerability in the Barracuda Web Application Firweall firmwar...

0.4AI score
Exploits0
packetstorm
packetstorm
added 2016/07/22 12:0 a.m.26 views

Barracuda Spam And Virus Firewall 5.1.3.007 Remote Root

Exploit Title: Barracuda Spam & Virus Firewall Post Auth Remote Root Exploit Date: 07/21/16 Exploit Author: xort [email protected] Vendor Homepage: https://www.barracuda.com/ Software Link: https://www.barracuda.com/landing/pages/spamfirewall/ Version: Spam and Virus Firewall 'Barracuda Spam...

0.2AI score
Exploits0
packetstorm
packetstorm
added 2016/05/10 12:0 a.m.40 views

Dell SonicWall Scrutinizer 11.0.1 SQL Injection / Code Execution

!/usr/local/bin/python """ Dell SonicWall Scrutinizer Summary: ======== This exploits an pre-auth SQL Injection in the login.php script within an update statement to steal session data. You could also steal login creds which require absolutely no hash cracking since the target uses symmetric...

0.3AI score
Exploits0
exploitdb
exploitdb
added 2016/05/09 12:0 a.m.42 views

Dell SonicWALL Scrutinizer 11.0.1 - setUserSkin/deleteTab SQL Injection Remote Code Execution

!/usr/local/bin/python """ Dell SonicWall Scrutinizer Summary: ======== This exploits an pre-auth SQL Injection in the login.php script within an update statement to steal session data. You could also steal login creds which require absolutely no hash cracking since the target uses symmetric...

7.4AI score
Exploits0
zdt
zdt
added 2016/05/09 12:0 a.m.36 views

Dell SonicWALL Scrutinizer 11.0.1 - setUserSkin/deleteTab SQL Injection Remote Code Execution

Exploit for windows platform in category remote exploits !/usr/local/bin/python """ Dell SonicWall Scrutinizer Summary: ======== This exploits an pre-auth SQL Injection in the login.php script within an update statement to steal session data. You could also steal login creds which require...

7.1AI score
Exploits0
packetstorm
packetstorm
added 2015/08/19 12:0 a.m.138 views

Magento CE Remote Command Execution

!/usr/bin/python Exploit Title: Magento CE \nExample: python %s http://localhost "uname -a"" sys.exit if lensys.argv != 3: usage Command-line args target = sys.argv1 arg = sys.argv2 Config. username = '' password = '' phpfunction = 'system' Note: we can only pass 1 argument to the function...

0.1AI score
Exploits0
exploitdb
exploitdb
added 2015/08/18 12:0 a.m.85 views

Magento CE < 1.9.0.1 - (Authenticated) Remote Code Execution

!/usr/bin/python Exploit Title: Magento CE \nExample: python %s http://localhost "uname -a"" sys.exit if lensys.argv != 3: usage Command-line args target = sys.argv1 arg = sys.argv2 Config. username = '' password = '' phpfunction = 'system' Note: we can only pass 1 argument to the function...

7.4AI score
Exploits0
zdt
zdt
added 2014/12/26 12:0 a.m.34 views

PMB 4.1.3 Post-Auth SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: PMB = 4.1.3 Post-Auth SQL Injection Vulnerability Google Dork: inurl:opaccss Date: 25-12-2014 Exploit Author: XD4rker Ismail Belkacim Email: xd4rkeratgmail.com Twitter: @xd4rker Vendor Homepage: http://www.sigb.net Software Link...

7.1AI score
Exploits0
packetstorm
packetstorm
added 2014/12/26 12:0 a.m.35 views

PMB 4.1.3 SQL Injection

Exploit Title: PMB = 4.1.3 Post-Auth SQL Injection Vulnerability Google Dork: inurl:opaccss Date: 25-12-2014 Exploit Author: XD4rker Ismail Belkacim Email: xd4rkeratgmail.com Twitter: @xd4rker Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files...

0.1AI score
Exploits0
exploitdb
exploitdb
added 2014/11/06 12:0 a.m.26 views

X7 Chat 2.0.5 - 'message.php' PHP Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'X7 Chat 2.0.5 lib/message.php pregreplace PHP Code Execution', 'Description' = %q This module exploits a post-auth vulnerability fou...

7.4AI score
Exploits0
zdt
zdt
added 2014/10/29 12:0 a.m.563 views

CUPS Filter Bash Environment Variable Code Injection Exploit

This Metasploit module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTERINFO and PRINTERLOCATION variables by default. This module requires Metasploit: http://metasploit.com/download Current source:...

10CVSS0.6AI score0.99999EPSS
Exploits148
seebug
seebug
added 2014/07/01 12:0 a.m.29 views

GWebmail 0.7.3 XSS & LFI RCE Vulnerabilities

No description provided by source. !/usr/bin/python ''' Exploit Title: XSS & LFI RCE Vulnerabilities in GWebmail Date: 11/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: https://www.gwebmail.net Software Link: https://www.gwebmail.net/download/ Version: 0.7.3 Gr33Tz: @aviadgolan ,...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.13 views

Sysax Multi Server 5.53 SFTP Post Auth SEH Exploit

No description provided by source. !/usr/bin/python Title: Sysax Multi Server 5.53 SFTP Post Auth SEH Exploit Egghunter Author: Craig Freyman @cd1zz Tested on: XP SP3 32bit Software Versions Tested: 5.53 Date Discovered: Febrary 22, 2012 Vendor Contacted: Febrary 23, 2012 Vendor Response: Februar...

7.1AI score
Exploits0
Rows per page
Query Builder