1195 matches found
Backdoor.Win32.Augudor.b MVID-2022-0644 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/94ccd337cbdd4efbbcc0a6c888abb87d.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Augudor.b Vulnerability: Remote File Write Code Execution Description: The...
pfBlockerNG 2.1.4_26 Shell Upload
!/usr/bin/env python3 Original Advisory: https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/ import argparse import requests import time import sys import urllib.parse from requests.packages.urllib3.exceptions import InsecureRequestWarning...
Exploit for Argument Injection in Atlassian Bitbucket
Atlassian Bitbucket RCE PoC - CVE-2022-36804 This repo contai...
Exploit for Argument Injection in Atlassian Bitbucket
CVE-2022-36804 You can find a python script to exploit the vul...
CVE-2022-36065 GrowthBook account creation and file upload vulnerability in self-hosted configurations
GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the righ...
CVE-2022-36065 GrowthBook account creation and file upload vulnerability in self-hosted configurations
GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations in versions prior to 2022-08-29, attackers can register new accounts and upload files to arbitrary directories within the container. If the attacker uploads a Python script to the righ...
PT-2022-23153 · Unknown · Growthbook
Name of the Vulnerable Software and Affected Versions: GrowthBook versions prior to 2022-08-29 Description: GrowthBook is an open-source platform for feature flagging and A/B testing. With some self-hosted configurations, attackers can register new accounts and upload files to arbitrary directori...
Stripe: Mass Accounts Takeover Without any user Interaction at https://app.taxjar.com/
@mrasg discovered an improper access control issue in TaxJar. This could have allowed for account takeover using the email change functionality. The vulnerability was caused by not correctly validating whether or not the reset password token was connected to the user being reset and was resolved ...
Exploit for Improper Input Validation in Realtek Ecos_Rsdk_Firmware
CVE-2022-27255-checker Simple checker for CVE-2022...
User Enumeration via Response Timing
Description There is a significant timing difference in the login functionality of the Nakama Console for valid and invalid email addresses or usernames. Proof of Concept 1. Login to the Nakama Console as admin and create a User [email protected] 2. Logout 3. Attempt a Login with an incorrect passwor...
Exploit for Improper Encoding or Escaping of Output in Webmin
A Python script to exploit CVE-202...
mPDF 7.0 Local File Inclusion
Exploit Title: mPDF 7.0 - Local File Inclusion Google Dork: N/A Date: 2022-07-23 Exploit Author: Musyoka Ian Vendor Homepage: https://mpdf.github.io/ Software Link: https://mpdf.github.io/ Version: CuteNews Tested on: Ubuntu 20.04, mPDF 7.0.x CVE: N/A !/usr/bin/env python3 from urllib.parse impor...
NanoCMS 0.4 Remote Code Execution
Exploit Title: NanoCMS v0.4 - Remote Code Execution RCE Authenticated Date: 2022-07-26 Exploit Auuthor: p1ckzi Vendor Homepage: https://github.com/kalyan02/NanoCMS Version: NanoCMS v0.4 Tested on: Linux Mint 20.3 CVE: N/A Description: this script uploads a php reverse shell to the target. NanoCMS...
Loan Management System 1.0 SQL Injection
Exploit Title: Loan Management System - SQL Injection via login page Date: 28/07/2022 Exploit Author: saitamang Vendor Homepage: sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip Version: 1.0 Tested on: Centos 7 apache2 + MySQL The attack...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2022-26134 A remote attacker can construct OGNL expressi...
CodoForum v5.1 - Remote Code Execution (RCE)
Exploit Title: CodoForum v5.1 - Remote Code Execution RCE Date: 06/07/2022 Exploit Author: Krish Pandey @vikaran101 Vendor Homepage: https://codoforum.com/ Software Link: https://bitbucket.org/evnix/codoforumdownloads/downloads/codoforum.v.5.1.zip Version: CodoForum v5.1 Tested on: Ubuntu 20.04...
CVE-2022-36126
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script...
CVE-2022-36126
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script...
CVE-2022-36126
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script...
Code injection
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script...