Incorrect Permission Assignment for Critical Resource in Plone

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

Rocket.Chat 3.12.1 NoSQL Injection / Code Execution

Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated Author: enox Date: 06-06-2021 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat !/usr/bin/python...

Inkpad Notepad And To Do List 4.3.61 Denial Of Service

Exploit Title: Inkpad Notepad & To do list 4.3.61 - Denial of Service PoC Date: 2021-06-03 Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=com.workpail.inkpad.notepad.notes&hl=esMX Version: 4.3.61 Category: DoS Android Vulnerability InkPad Bloc de notas - Tare...

BasicNote 1.1.9 - Denial of Service Exploit

Exploit Title: BasicNote 1.1.9 - Denial of Service PoC Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=notizen.basic.notes.notas.note.notepad&hl=esMX Version: 1.1.9 Category: DoS Android Vulnerability BasicNote - Notas, Bloc de notas is vulnerable to a DoS...

Exploit for SQL Injection in Cacti

CVE-2020-14295 CVE-2020-14295 proof of concept. The original p...

CommScope Ruckus IoT Controller Web Application Directory Traversal

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', CWE-250: Execution with Unnecessary Privileges...

RarmaRadio 2.72.8 Denial Of Service

Exploit Title: RarmaRadio 2.72.8 - Denial of Service PoC Date: 2021-05-25 Exploit Author: Ismael Nava Vendor Homepage: http://www.raimersoft.com/ Software Link: http://raimersoft.com/downloads/rarmaradiosetup.exe Version: 2.75.8 Tested on: Windows 10 Home x64 STEPS Open the program RarmaRadio Cli...

RarmaRadio 2.72.8 - Denial of Service Exploit

Exploit Title: RarmaRadio 2.72.8 - Denial of Service PoC Exploit Author: Ismael Nava Vendor Homepage: http://www.raimersoft.com/ Software Link: http://raimersoft.com/downloads/rarmaradiosetup.exe Version: 2.75.8 Tested on: Windows 10 Home x64 STEPS Open the program RarmaRadio Click in Edit and...

monkey

This is a Python script repository for a tool called "Infection Monkey". The tool is designed to simulate a cyber attack on a network by injecting malware into the network and observing the behavior of the malware as it spreads. The script is written in Python and uses the "monkey" framework to...

CVE-2021-33509

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

CVE-2021-33509

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

Code injection

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

PYSEC-2021-81

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

CVE-2021-33509

Plone 5.2.4 and earlier are affected by an arbitrary file-write vulnerability. Remote authenticated managers can cause disk I/O by sending crafted keyword arguments to the ReStructuredText transform in Python scripts, enabling potential file writes to the server. Root cause is exposed via docutil...

GHSA-J756-F273-XHP4 github.com/nats-io/nats-server Import token permissions checking not enforced

This advisory is canonically Problem Description The NATS server provides for Subjects which are namespaced by Account; all Subjects are supposed to be private to an account, with an Export/Import system used to grant cross-account access to some Subjects. Some Exports are public, such that anyon...

Exploit for OS Command Injection in Cacti

Cacti-CVE-2020-8813 Usage: cactirce.py options Op...

Microweber CMS 1.1.20 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Microweber CMS 1.1.20 - Remote Code Execution Authenticated Exploit Author: sl1nki Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/tree/1.1.20 Version: " . shellexec$REQUEST"fexec" . ""; ?' Notes: SSL verification is disabled by...

Exploit for CVE-2018-10933

PoC exploit for CVE-2018-10933, a vulnerability in libSSH that allows authentication bypass. The target product/service is libSSH, a free and open-source implementation of the Secure Shell protocol. The vulnerability class/vector is authentication bypass, allowing an attacker to spawn a shell...

Exploit for Use After Free in Adobe Flash_Player

This is a Python script, CVE-2018-15982EXP.py, which appears to be an exploit for the CVE-2018-15982 vulnerability. The script is designed to exploit a vulnerability in a specific product or service, likely a web application, to achieve remote code execution. The script starts with a logo and the...

Cacti 1.2.12 - 'filter' SQL Injection

Exploit Title: Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution Date: 04/28/2021 Exploit Author: Leonardo Paiva Vendor Homepage: https://www.cacti.net/ Software Link: https://www.cacti.net/downloads/cacti-1.2.12.tar.gz Version: 1.2.12 Tested on: Ubuntu 20.04 CVE : CVE-2020-14295...