Exploit for Command Injection in Apache Airflow

Apache Airflow SQL injection PoC CVE-2023-22884 PoC for C...

Code injection in PowerJob

PowerJob v4.3.3 was discovered to contain a remote command execution RCE vulnerability via the instanceId parameter at /instance/detail...

CVE-2023-37754

PowerJob v4.3.3 was discovered to contain a remote command execution RCE vulnerability via the instanceId parameter at /instance/detail...

Exploit for CVE-2023-38646

For educational purposes only Inspired by Assetnote resea...

Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook, EoP MSHTML and ERS, other RCEs

Microsoft Patch Tuesday July 2023: Vulristics improvements, Office RCE, SFB SmartScreen and Outlook, EoP MSHTML and ERS, other RCEs. Hello everyone! This episode will be about Microsoft Patch Tuesday for July 2023, including vulnerabilities that were added between June and July Patch Tuesdays...

CVE-2023-37754

PowerJob v4.3.3 was discovered to contain a remote command execution RCE vulnerability via the instanceId parameter at /instance/detail...

CVE-2023-37754

PowerJob v4.3.3 was discovered to contain a remote command execution RCE vulnerability via the instanceId parameter at /instance/detail...

Zomplog 3.9 - Remote Code Execution Exploit

Exploit Title: zomplog 3.9 - Remote Code Execution RCE Application: zomplog Version: v3.9 Bugs: RCE Technology: PHP Vendor URL: http://zomp.nl/zomplog/ Software Link: http://zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip Date of found: 22.07.2023 Author: Mirabbas Ağalarov Tested on: Linux impor...

The vulnerability of the Active Directory Certificate Services (AD CS) service, which manages the distribution and usage of certificates, allows a perpetrator to execute arbitrary code.

The vulnerability of the Active Directory Certificate Services AD CS service, which manages the distribution and usage of certificates on Windows operating systems, is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to execute...

CVE-2023-37754

CVE-2023-37754 affects PowerJob v4.3.3. The vulnerability is a remote command execution (RCE) via the instanceId parameter in the /instance/detail endpoint. The root cause is improper validation/filtering of constructor commands in the instanceId input, enabling arbitrary code/command execution o...

MikroTik RouterOS < 6.48.7, 6.49.x < 6.49.8, 7.x < 7.9.1 RCE Vulnerability

MikroTik RouterOS is prone to a remote code execution RCE vulnerability in the IPv6 advertisement receiver functionality. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Exploit for CVE-2021-3129

CVE-2021-3129 Laravel RCE CVE-2021-3129 Test Environment...

CVE-2023-38647

CVE-2023-38647 describes a deserialization vulnerability in Apache Helix workflow and REST where SnakeYAML can deserialize java.net.URLClassLoader to load a JAR from a URL, and then javax.script.ScriptEngineManager to execute code with that ClassLoader. This unbounded deserialization can likely l...

CVE-2023-37677

Pligg CMS v2.0.2 also known as Kliqqi was discovered to contain a remote code execution RCE vulnerability in the component admineditor.php...

Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The Wordpress plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users, but is also works in an...

CVE-2023-37895 Apache Jackrabbit RMI access can lead to RCE

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to including 2.20.10 stable branch and 2.21.17 unstable branch use the component "commons-beanutils", which contains a class that can be used for remote...

Exploit for Use of Externally-Controlled Format String in Asus Rt-Ac86U_Firmware

CVE-2023-35086-POC July 25 2023, Altin tin-z, github.com/t...

WordPress File Manager Advanced Shortcode 2.3.2 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution through shortcode', 'Description' = %q The Wordpress plug...

CVE-2023-37677

Pligg CMS v2.0.2 also known as Kliqqi was discovered to contain a remote code execution RCE vulnerability in the component admineditor.php...

CVE-2023-37677

CVE-2023-37677 affects Pligg CMS v2.0.2 (aka Kliqqi) and is a remote code execution vulnerability in the admin_editor.php component. The NVD entry provides a CVSSv3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating a high-severity, unauthenticated, network-exploitable issue wi...