1327 matches found
Exploit for Path Traversal in Jenkins
🤵🏻 CVE-2024-23897 Arbitrary-file-read 🤵🏻 ============= ---------...
Novel Smishing Kit Leverages Cloud Platform
Summary: SNS Sender, a malicious Python script that leverages AWS SNS for mass SMS spamming, presents a novel approach to cloud-based attack tools, particularly in the area of smishing. The ARDUINODAS threat actor is linked to the operation that uses this cloud capability to send out a lot of...
XAMPP - Buffer Overflow Exploit
Exploit Title: XAMPP v3.3.0 — '.ini' Buffer Overflow Unicode + SEH Author: Talson @Ripp3rdoc Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.0.28/xampp-windows-x64-8.0.28-0-VS16-installer.exe Version: 3.3.0 Tested on: Windows 11 CVE-2023-46517 \ / \ \ /| | || | /| ||...
Wondercms 4.3.2 - XSS to RCE
Author: prodigiousMind Exploit: Wondercms 4.3.2 XSS to RCE import sys import requests import os import bs4 if lensys.argv4: print"usage: python3 exploit.py loginURL IPAddress Port\nexample: python3 exploit.py http://localhost/wondercms/loginURL 192.168.29.165 5252" else: data = ''' var url =...
Exploit for Injection in Vm2_Project Vm2
CVE-2023-30547 Vulnerability de...
Milesight UR5X / UR32L / UR32 / UR35 / UR41 Credential Leakage
!/usr/bin/env python3 -- coding: utf-8 -- """ Title: Credential Leakage Through Unprotected System Logs and Weak Password Encryption CVE: CVE-2023-43261 Script Author: Bipin Jitiya @win3zz Vendor: Milesight IoT - https://www.milesight-iot.com/ Formerly Xiamen Ursalink Technology Co., Ltd...
Exploit for Command Injection in Ivanti Connect_Secure
Introduction 🌐 This repository contains a Python script desi...
Exploit for Cross-Site Request Forgery (CSRF) in Moxa Iologik_E1210_Firmware
This repository contains a Python script and a nuclei template d...
Exploit for Code Injection in Craftcms Craft_Cms
This python script exploits the Remote Code Execution vulnerabil...
Exploit for Path Traversal in Jenkins
CVE-2024-23897 | Jenkins -p -f or bash python CVE-...
Exploit for CVE-2023-47400
CVE-2023-47400 Proof of Concept for the CVE-2023-47400 Aut...
Exploit for Heap-based Buffer Overflow in Gnu Glibc
GNU C Library's Dynamic Loader Vulnerability CVE-2023-4911...
Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass
Description The plugin is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handleauthrequest' and 'hadleloginrequest'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an...
Web3 – Crypto wallet Login & NFT token gating < 3.0.0 - Authentication Bypass
Description The plugin is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handleauthrequest' and 'hadleloginrequest'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an...
Exploit for Weak Password Recovery Mechanism for Forgotten Password in Gitlab
CVE-2023-7028 | Account-Take-Over Gitlab Disclamer This co...
Exploit for Insufficient Verification of Data Authenticity in Postfix
PoC for CVE-2023-51764 SMTP SMUGGLING Postfix CVE-2023-51...
Exploit for Server-Side Request Forgery in Resf Rocky_Linux
CVE-2021-40438 - Apache = 2.4.48 - SSRF Python exploit A craf...
WP Go Maps < 9.0.28 - Unauthenticated Stored XSS
Description The plugin does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site. Run the following Python script, then visit https://vulnerable-site.tld/wp-admin/admin.php?page=wp-google-maps-menu&action=edit&mapid=1...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio
CVE-2023-28432 CVE-2023-28432 Minio Information isclosure Exp...
Exploit for Code Injection in Qodeinteractive Qode_Essential_Addons
CVE-2023-47840 Qode Essential Addons = 1.5.2 - Missing Aut...