PrestaShop 1.7.6.7 SQL Injection

Exploit Title: PrestaShop 1.7.6.7 - 'location' Blind Sql Injection Date: 2021-04-08 Exploit Author: Vanshal Gaur Vendor Homepage: https://www.prestashop.com/ Version: 1.7.5.x 1.7.6.8 Tested on: Debian 10 buster CVE : CVE-2020-15160 !/usr/bin/python3 ''' Setup Vulnerable Docker on "localhost:8080"...

SaltStack Salt API Unauthenticated Remote Command Execution Exploit

This Metasploit module leverages an authentication bypass and directory traversal vulnerabilities in Saltstack Salt's REST API to execute commands remotely on the master as the root user. Every 60 seconds, salt-master service performs a maintenance process check that reloads and executes all the...

DD-WRT 缓冲区溢出漏洞（CVE-2021-27137）

SSD Advisory – DD-WRT UPNP Buffer Overflow March 24, 2021 SSD Disclosure / Technical Lead Uncategorized TL;DR Find out how a vulnerability in DD-WRT allows an unauthenticated attacker to overflow an internal buffer used by UPNP and trigger a code execution vulnerability. Vulnerability Summary...

Exploit for Server-Side Request Forgery in F5 Big-Ip_Access_Policy_Manager

CVE-2021-22986Check CVE-2021-22986 Checker Script in Python3...

ProxyLogon - PoC Exploit for Microsoft Exchange

PoC Exploit for Microsoft Exchange Launche Original PoC: https://github.com/testanull How to use: python proxylogon.py Example: python proxylogon.py primary [email protected] If successful you will be dropped into a webshell. exit or quit to escape from the webshell or ctrl+c By default, it...

Exploit for Server-Side Request Forgery in F5 Big-Ip_Access_Policy_Manager

Usage python3 f5rce.py -u Specify target URL -f Batch d...

GeoGebra Classic 5.0.631.0-d - Denial of Service Exploit

Exploit Title: GeoGebra Classic 5.0.631.0-d - Denial of Service PoC Exploit Author: Brian Rodriguez Vendor Homepage: https://www.geogebra.org Software Link: https://www.geogebra.org/download Version: 5.0.631.0-d Tested on: Windows 8.1 Pro STEPS Open the program GeoGebra Run the python exploit...

Nsasoft Hardware Software Inventory 1.6.4.0 - (multiple) Denial of Service Exploit

Exploit Title: Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service PoC Exploit Author : Enes Özeser Vendor Homepage : https://www.nsauditor.com/ Link Software : https://www.nsauditor.com/downloads/nhsisetup.exe Version: 1.6.4.0 Tested on: Windows 10 Steps: 1- Run the python...

Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC)

Exploit Title: Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service PoC Exploit Author : Enes Özeser Exploit Date: 2021-02-28 Vendor Homepage : https://www.nsauditor.com/ Link Software : https://www.nsauditor.com/downloads/nhsisetup.exe Version: 1.6.4.0 Tested on: Windows 10...

Textpattern CMS 4.8.3 Remote Code Execution

Exploit Title: Textpattern 4.8.3 - Remote code execution Authenticated 2 Date: 03/03/2021 Exploit Author: Ricardo Ruiz @ricardojoserf Vendor Homepage: https://textpattern.com/ Software Link: https://textpattern.com/start Version: Previous to 4.8.3 Tested on: CentOS, textpattern 4.5.7 and 4.6.0...

Product Key Explorer 4.2.7 Denial Of Service

Exploit Title: Product Key Explorer 4.2.7 - 'multiple' Denial of Service PoC Exploit Author : Sinem Şahin Exploit Date: 2021-02-23 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/productkeyexplorersetup.exe Version: 4.2.7 Tested on: Windows 7 x64...

SpotAuditor 5.3.5 Denial Of Service

Exploit Title: SpotAuditor 5.3.5 - 'multiple' Denial Of Service PoC Exploit Author : Sinem Şahin Exploit Date: 2021-02-10 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested on: Windows 7 x64 Version: 5.3.5 Steps: 1- R...

Batflat CMS 1.3.6 - Remote Code Execution (Authenticated)

Exploit Title: Batflat CMS 1.3.6 - Remote Code Execution Authenticated Date: 2020-12-27 Exploit Author: mari0x00 Vendor Homepage: https://batflat.org/ Software Link: https://github.com/sruupl/batflat/archive/master.zip Description:...

AgataSoft PingMaster Pro 2.1 Denial Of Service

Exploit Title: AgataSoft PingMaster Pro 2.1 - Denial of Service PoC Date: 2021-02-15 Exploit Author: Ismael Nava Vendor Homepage: http://agatasoft.com/ Software Link: http://agatasoft.com/PingMasterPro.exe Version: 2.1 Tested on: Windows 10 Home x64 STEPS Open the program AgataSoft PingMaster Pro...

CSSG - Cobalt Strike Shellcode Generator

Adds Shellcode - Shellcode Generator to the Cobalt Strike top menu bar CSSG is an aggressor and python script used to more easily generate and format beacon shellcode Generates beacon stageless shellcode with exposed exit method, additional formatting, encryption, encoding, compression, multiline...

Exploit for Path Traversal in Gitlab

The warn For demonstration purpose and ethical hacking only...

Linux Devices Under Attack by New FreakOut Malware

Researchers are warning a novel malware variant is targeting Linux devices, in order to add endpoints to a botnet to then be utilized in distributed-denial-of-service DDoS attacks and cryptomining. The malware variant, called FreakOut, has a variety of capabilities. Those include port scanning,...

FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities

An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in network-attached storage NAS devices running on Linux systems to co-opt the machines into an IRC botnet for launching distributed denial-of-service DDoS attacks and mining Monero cryptocurrency. The attack...

Cisco RV110W 1.2.1.7 Denial Of Service

Exploit Title: Cisco RV110W 1.2.1.7 - 'vpnaccount' Denial of Service PoC Date: 2021-01 Exploit Author: Shizhi He Vendor Homepage: https://www.cisco.com/ Software Link: https://software.cisco.com/download/home/283879340/type/282487380/release/1.2.1.7 Version: V1.2.1.7 Tested on: RV110W V1.2.1.7 CV...

ProtOSINT - A Python Script That Helps You Investigate Protonmail Accounts And ProtonVPN IP Addresses

ProtOSINT is a Python script that helps you investigate ProtonMail accounts and ProtonVPN IP addresses. Description This tool can help you in your OSINT investigation on Proton service for educational purposes only. ProtOSINT is separated in 3 sub-modules: 1 Test the validity of one protonmail...