User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality of the Nakama Console for valid and invalid email addresses or usernames. Proof of Concept 1. Login to the Nakama Console as admin and create a User [email protected] 2. Logout 3. Attempt a Login with an incorrect passwor...

Exploit for Improper Encoding or Escaping of Output in Webmin

A Python script to exploit CVE-202...

NanoCMS 0.4 Remote Code Execution

Exploit Title: NanoCMS v0.4 - Remote Code Execution RCE Authenticated Date: 2022-07-26 Exploit Auuthor: p1ckzi Vendor Homepage: https://github.com/kalyan02/NanoCMS Version: NanoCMS v0.4 Tested on: Linux Mint 20.3 CVE: N/A Description: this script uploads a php reverse shell to the target. NanoCMS...

mPDF 7.0 Local File Inclusion

Exploit Title: mPDF 7.0 - Local File Inclusion Google Dork: N/A Date: 2022-07-23 Exploit Author: Musyoka Ian Vendor Homepage: https://mpdf.github.io/ Software Link: https://mpdf.github.io/ Version: CuteNews Tested on: Ubuntu 20.04, mPDF 7.0.x CVE: N/A !/usr/bin/env python3 from urllib.parse impor...

Loan Management System 1.0 SQL Injection

Exploit Title: Loan Management System - SQL Injection via login page Date: 28/07/2022 Exploit Author: saitamang Vendor Homepage: sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip Version: 1.0 Tested on: Centos 7 apache2 + MySQL The attack...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 A remote attacker can construct OGNL expressi...

CodoForum v5.1 - Remote Code Execution (RCE)

Exploit Title: CodoForum v5.1 - Remote Code Execution RCE Date: 06/07/2022 Exploit Author: Krish Pandey @vikaran101 Vendor Homepage: https://codoforum.com/ Software Link: https://bitbucket.org/evnix/codoforumdownloads/downloads/codoforum.v.5.1.zip Version: CodoForum v5.1 Tested on: Ubuntu 20.04...

CVE-2022-36126

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script...

CVE-2022-36126

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script...

CVE-2022-36126

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script...

Code injection

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script...

CVE-2022-36126

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

This is a PoC exploit for CVE-2022-26134, a vulnerability in Con...

awsEnum - Enumerate AWS Cloud Resources Based On Provided Credential

Enumrate AWS services! with no nosies awsEnum is a python script enumrate AWS services through the provided credential. ▄▄▄▄▄▄ ▄ ▄ ▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄ ▄▄ ▄ ▄▄ ▄▄ ▄▄ ▄▄ █ █ █ ▄ █ █ █ █ █ █ █ █ █ █ █▄█ █ █ ▄ █ ██ ██ █ ▄▄▄▄▄█ ▄▄▄█ █▄█ █ █ █ █ █ █ █▄█ █ █ █▄▄▄▄▄█ █▄▄▄█ █ █▄█ █ █ █ █ █▄▄▄▄▄ █ ▄▄▄█ ▄ █ █ █...

phpIPAM 1.4.5 Remote Code Execution

Exploit Title: phpIPAM 1.4.5 - Remote Code Execution RCE Authenticated Date: 2022-04-10 Exploit Author: Guilherme '@behiNdyk1' Alves Vendor Homepage: https://phpipam.net/ Software Link: https://github.com/phpipam/phpipam/releases/tag/v1.4.5 Version: 1.4.5 Tested on: Linux Ubuntu 20.04.3 LTS...

Kitty 0.76.0.8 Stack Buffer Overflow

Exploit Title: Kitty 0.76.0.8 Stack Buffer Overflow Discovered by: Yehia Elghaly Discovered Date: 2022-06-08 Vendor Homepage: http://www.9bis.net/kitty/index.html!index.md Software Link : https://www.fosshub.com/KiTTY.html?dwl=kittyportable-0.76.0.8.exe Tested Version: 0.76.0.8 Vulnerability Type...

Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware

CVE-2022-30525 A OS Command Injection Vulnerability in the CGI...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 （CVE-2022-26134）an unauthenticated and remote O...

EnemyBot Malware Targets Web Servers, CMS Tools and Android OS

A rapidly evolving IoT malware dubbed “EnemyBot” is targeting content management systems CMS, web servers and Android devices. Threat actor group “Keksec” is believed behind the distribution of the malware, according to researchers. “Services such as VMware Workspace ONE, Adobe ColdFusion,...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

PoC exploit for CVE-2022-22947, an arbitrary file upload vulnera...