1327 matches found
Cmsimple 5.4 Remote Code Execution
Exploit Title: Cmsimple 5.4 - Remote Code Execution RCE Authenticated Date: 29.09.2021 Exploit Author: pussycat0x Vendor Homepage: https://www.cmsimple.org/ Version: 5.4 Tested on: ubuntu-20.04.1 import argparse from bs4 import BeautifulSoup from argparse import ArgumentParser import requests...
Cmsimple 5.4 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Cmsimple 5.4 - Remote Code Execution RCE Authenticated Date: 29.09.2021 Exploit Author: pussycat0x Vendor Homepage: https://www.cmsimple.org/ Version: 5.4 Tested on: ubuntu-20.04.1 import argparse from bs4 import BeautifulSoup from argparse import ArgumentParser import requests...
Simple Attendance System 1.0 Authentication Bypass
Exploit Title: Simple Attendance System v1.0 - Unauthenticated Add Admin Account Exploit Author: Richard Jones Date: September 26, 2021 Vendor Homepage: https://www.sourcecodester.com/php/14948/simple-attendance-system-php-and-sqlite-free-source-code.html Software Link:...
Exploit for Path Traversal in Vmware Cloud_Foundation
CVE-2021-22005 – Batch validation of Python...
AlphaWeb XE - File Upload Remote Code Execution (Authenticated) Exploit
Exploit Title: AlphaWeb XE - File Upload Remote Code Execution RCE Authenticated Exploit Author: Ricardo Ruiz @ricardojoserf Vendor website: https://www.zenitel.com/ Product website: https://wiki.zenitel.com/wiki/AlphaWeb Example: python3 CVE-2021-40845.py -u "http://$ip:80/" -c "whoami" Referenc...
Purchase Order Management System 1.0 Shell Upload
Exploit Title: Purchase Order Management System 1.0 - Remote File Upload Date: 2021-09-14 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html...
SmartFTP Client 10.0.2909.0 Denial Of Service
Exploit Title: SmartFTP Client 10.0.2909.0 - 'Multiple' Denial of Service Date: 9/5/2021 Exploit Author: Eric Salario Vendor Homepage: https://www.smartftp.com/en-us/ Software Link: https://www.smartftp.com/en-us/download Version: 10.0.2909.0 32 and 64 bit Tested on: Microsoft Windows 10 32 bit a...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2021-26084 An OGNL injection vulnerability exists that...
exprolog
This is a Python script that exploits a vulnerability in Microsoft Exchange Server. The script is designed to target a specific version of the server and exploit a vulnerability to gain access to the system. Here is a summary of the script's functionality: 1. The script starts by importing the...
Exploit for SQL Injection in Agentejo Cockpit
Cockpit CMS NoSQL Injection CVE-2020-35847, CVE-2020-35848...
3 Steps to Integrate Rapid7 Products Into the DevSecOps Cycle
DevSecOps is the concept and practice of integrating security into the DevOps cycle. The idea is to bring the different phases of security into the DevOps model and try to automate the entire process, so security is integrated directly into the initial application builds. In this post, we’ll take...
Exploit for CVE-2021-36934
CVE-2021-36934 !Screenshothttps://github...
Exploit for CVE-2020-1472
PoC exploit for CVE-2020-1472 ZeroLogon vulnerability. The target product/service is Windows Domain Controller DC. The vulnerability class/vector is authentication bypass via all-zero challenge. The probable entry point is the Netlogon service, which is accessed via the Impacket library. Notable...
Exploit for SQL Injection in Agentejo Cockpit
CVE-2020-35846 - Leak Cockpit Usernames PoC John Hammond...
Exploit for SQL Injection in Apache Skywalking
CVE-2020-9483 PoC of SQL Injection vulCVE-2020-9483,Apache...
Exploit for OS Command Injection in Systeminformation
CVE-2021-21315 Exploit - Des: My python Scri...
Exploit for OS Command Injection in Openbsd Openssh
CVE-2020-15778-Exploit Exploit for CVE-2020-15778OpenSSH v...
Exploit for CVE-2020-1472
PoC exploit for CVE-2020-1472, a vulnerability in the Windows Netlogon service that allows authentication bypass. The exploit uses the Impacket library to test the vulnerability and attempt to perform a Netlogon authentication bypass. It targets the Netlogon service on a domain controller and sen...
Online Voting System 1.0 SQL Injection / Remote Code Execution
Exploit Title: Online Voting System 1.0 - SQLi Authentication Bypass + Remote Code Execution RCE Exploit Author: Geiseric Original Exploit Author: deathflash1411 - https://www.exploit-db.com/exploits/50076 - https://www.exploit-db.com/exploits/50075 Date 02.07.2021 Vendor Homepage:...
Incorrect Permission Assignment for Critical Resource in Plone
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...