Evolution CMS 3.1.6 Remote Code Execution

Exploit Title: Evolution CMS 3.1.6 - Remote Code Execution RCE Authenticated Date: 15-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://evo.im/ Software Link: https://github.com/evolution-cms/evolution/releases Version: 3.1.6 Category: Webapps Tested on: Linux/Windows Exampl...

Security fix for the ALT Linux 10 package python3-module-django version 3.2.6-alt1

3.2.6-alt1 built Sept. 10, 2021 Alexey Shabalin in task 283535 Aug. 18, 2021 Alexey Shabalin - new version 3.2.6 - Rename dbbackend-psycopg2 to dbbackend-postgresql - Add dbbackend-oracle package - Fixes for the following security vulnerabilities: + CVE-2021-35042 Potential SQL injection via...

ROS-2-810

2.810 Buffer Overflow in Python3 CVE-2021-3177 1. Vulnerability Description: CVE-2021-3177 The vulnerability is capable of causing code execution when processing unchecked floating point numbers in handlers that call C functions using the ctypes mechanism. 2. Possible measures to eliminate the...

ROS-2-1228

2.1228 Buffer overflow in Python3 CVE-2021-3177 1. Vulnerability Description: CVE-2021-3177 The vulnerability is capable of causing code execution when processing unchecked floating point numbers in handlers that call C functions using the ctypes mechanism. 2. Possible measures to eliminate the...

ROS-2-453

2.453 Buffer Overflow in Python3 CVE-2021-3177 1. Vulnerability Description: CVE-2021-3177 The vulnerability is capable of causing code execution when processing unchecked floating point numbers in handlers that call C functions using the ctypes mechanism. 2. Possible measures to eliminate the...

ROS-2-1180

2.1180 Buffer Overflow in Python3 CVE-2021-3177 1. Vulnerability Description: CVE-2021-3177 The vulnerability is capable of causing code execution when processing unchecked floating point numbers in handlers that call C functions using the ctypes mechanism. 2. Possible measures to eliminate the...

ROS-2-792

2.792 Open redirect in aiohttp CVE-2021-21330 1. Vulnerability Description: Vulnerability allows cross-site scripting and bypass of security restrictions.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: BDU:2021-01528 2. Possible measures to eliminate the...

Penelope - Shell Handler

Penelope is an advanced shell handler. Its main aim is to replace netcat as shell catcher during exploiting RCE vulnerabilities. It works on Linux and macOS and the only requirement is Python3. It is one script without 3rd party dependencies and hopefully it will stay that way. Among the main...

FlatCore CMS 2.0.7 Remote Code Execution

Exploit Title: FlatCore CMS 2.0.7 - Remote Code Execution RCE Authenticated Date: 04/10/2021 Exploit Author: Mason Soroka-Gill @sgizoid Vendor Homepage: https://flatcore.org/ Software Link: https://github.com/flatCore/flatCore-CMS/archive/refs/tags/v2.0.7.tar.gz Version: 2.0.7 Tested on: Ubuntu...

RHEL 8 : python3 (RHSA-2021:3366)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3366 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2021-26084 CVE-2021-26084 - Confluence Pre-Auth RCE | O...

Exploit for OS Command Injection in Strapi

CVE-2019-19609 Strapi Framework Vulnerable to Remote Code Exec...

ZesleCP 3.1.9 Remote Code Execution

Title: ZesleCP 3.1.9 - Remote Code Execution RCE Authenticated Date: 27.08.2021 Author: Numan Türle Vendor Homepage: https://zeslecp.com/ Software Link: https://zeslecp.com/ Version: =3.1.9 https://www.youtube.com/watch?v=5lTDTEBVq-0 !/usr/bin/python3 -- coding: utf-8 -- ZesleCP - Remote Code...

[SECURITY] Fedora 34 Update: hivex-1.3.21-1.fc34

Hive files are the undocumented binary files that Windows uses to store the Windows Registry on disk. Hivex is a library that can read and write to these files. 'hivexsh' is a shell you can use to interactively navigate a hive binary file. 'hivexregedit' in perl-hivex lets you export and merge to...

PickleC2 - A Post-Exploitation And Lateral Movements Framework

PickleC2 is a post-exploitation and lateral movements framework. Documentation ReadTheDocs Overview PickleC2 is a simple C2 framework written in python3 used to help the community in Penetration Testers in their red teaming engagements. PickleC2 has the ability to import your own PowerShell modul...

IPCop 2.1.9 Remote Code Execution

Exploit Title: IPCop 2.1.9 - Remote Code Execution RCE Authenticated Date: 02/08/2021 Exploit Author: Mücahit Saratar Vendor Homepage: https://www.ipcop.org/ Software Link: https://sourceforge.net/projects/ipcop/files/IPCop/IPCop%202.1.8/ipcop-2.1.8-install-cd.i486.iso -...

Photon OS 4.0: Python3 PHSA-2021-4.0-0072

An update of the python3 package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-4.0-0072. The text itself is copyright C VMware, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2021-2280)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload (Unauthenticated)

Exploit Title: GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload Unauthenticated Date: 21/03/2021 Exploit Author: Amin Bohio Original Research & Code By: Paul Taylor / Foregenix Ltd Original Exploit: https://github.com/bao7uo/RAUcrypto Vendor Homepage: https://www.gfi.com Softwa...

GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload (Unauthenticated) Exploit

Exploit Title: GFI Mail Archiver 15.1 - Telerik UI Component Arbitrary File Upload Unauthenticated Exploit Author: Amin Bohio Original Research & Code By: Paul Taylor / Foregenix Ltd Original Exploit: https://github.com/bao7uo/RAUcrypto Vendor Homepage: https://www.gfi.com Software Link:...