Lucene search
K

28 matches found

GithubExploit
GithubExploit
added 2024/05/01 9:37 p.m.475 views

Exploit for Incorrect Authorization in Pydio Cells

PoC for CVE-2023-32749 This is a quick and dirty PoC I wrote...

8.8CVSS8.8AI score0.14197EPSS
Exploits6
0day.today
0day.today
added 2023/03/28 12:0 a.m.326 views

ZKTeco ZEM/ZMM 8.88 - Missing Authentication Vulnerability

Exploit Title: ZKTeco ZEM/ZMM 8.88 - Missing Authentication Exploit Author: RedTeam Pentesting GmbH CVE: CVE-2022-42953 Advisory: Missing Authentication in ZKTeco ZEM/ZMM Web Interface The ZKTeco time attendance device does not require authentication to use the web interface, exposing the databas...

7.5CVSS7.6AI score0.04834EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/03/28 12:0 a.m.289 views

ZKTeco ZEM/ZMM 8.88 - Missing Authentication

Exploit Title: ZKTeco ZEM/ZMM 8.88 - Missing Authentication Exploit Author: RedTeam Pentesting GmbH CVE: CVE-2022-42953 Advisory: Missing Authentication in ZKTeco ZEM/ZMM Web Interface The ZKTeco time attendance device does not require authentication to use the web interface, exposing the databas...

7.5CVSS7.6AI score0.04834EPSS
Exploits5
0day.today
0day.today
added 2022/01/18 12:0 a.m.283 views

Creston Web Interface 1.0.0.2159 - Credential Disclosure Vulnerability

Exploit Title: Creston Web Interface 1.0.0.2159 - Credential Disclosure Exploit Author: RedTeam Pentesting GmbH Advisory: Credential Disclosure in Web Interface of Crestron Device When the administrative web interface of the Crestron HDMI switcher is accessed unauthenticated, user credentials are...

10CVSS9.7AI score0.75711EPSS
Exploits5
HackRead
HackRead
added 2021/12/21 5:1 p.m.20 views

Two backdoors detected in Auerswald VoIP ystem

By Deeba Ahmed The backdoors were detected during penetration testing by RedTeam Pentesting GmbH. This is a post from HackRead.com Read the original post: Two backdoors detected in Auerswald VoIP ystem...

3.4AI score
Exploits0
0day.today
0day.today
added 2021/12/06 12:0 a.m.500 views

Auerswald COMfortel 2.8F - Authentication Bypass Vulnerability

Exploit Title: Auerswald COMfortel 2.8F - Authentication Bypass Exploit Author: RedTeam Pentesting GmbH Version: 1400/2600/3600 Advisory: Auerswald COMfortel 1400/2600/3600 IP Authentication Bypass RedTeam Pentesting discovered a vulnerability in the web-based configuration management interface o...

7.5CVSS7.6AI score0.5106EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/10/19 12:0 a.m.605 views

myfactory FMS 7.1-911 - 'Multiple' Reflected Cross-Site Scripting (XSS)

Exploit Title: myfactory FMS 7.1-911 - 'Multiple' Reflected Cross-Site Scripting XSS Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://www.myfactory.com/ Version: Enfold input NAME="txtUID" VALU...

6.1CVSS6.3AI score0.05832EPSS
Exploits4
Exploit DB
Exploit DB
added 2021/08/12 12:0 a.m.549 views

Altova MobileTogether Server 7.3 - XML External Entity Injection (XXE)

Exploit Title: Altova MobileTogether Server 7.3 - XML External Entity Injection XXE Date: 2021-08-10 Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://www.altova.com/mobiletogether-server Version: 7.3 CVE: 2021-37425 Advisory: XML External Entity Expansion in MobileTogether Server...

9.1CVSS8.6AI score0.66278EPSS
Exploits4
0day.today
0day.today
added 2020/12/18 12:0 a.m.52 views

FRITZ!Box 7.20 - DNS Rebinding Protection Bypass Vulnerability

Exploit Title: FRITZ!Box 7.20 - DNS Rebinding Protection Bypass Date: 2020-06-23 Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://en.avm.de/ Version: 7.20 CVE: 2020-26887 Advisory: FRITZ!Box DNS Rebinding Protection Bypass RedTeam Pentesting discovered a vulnerability in FRITZ!Box...

7.8CVSS0.1AI score0.01402EPSS
Exploits4
Exploit DB
Exploit DB
added 2019/04/03 12:0 a.m.235 views

Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cisco RV320 and RV325 Unauthenticated Remote Code Execution", 'Description' = %q This exploit module combines an information disclosure...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2019/03/30 12:0 a.m.525 views

Cisco RV320 / RV325 Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Cisco RV320 and RV325 Unauthenticated Remote Code Execution", 'Description' = %q This exploit module combines an information disclosure...

9CVSS0.5AI score0.99876EPSS
Exploits26
Metasploit
Metasploit
added 2019/02/25 2:51 p.m.97 views

Cisco RV320 and RV325 Unauthenticated Remote Code Execution

This exploit module combines an information disclosure CVE-2019-1653 and a command injection vulnerability CVE-2019-1652 together to gain unauthenticated remote code execution on Cisco RV320 and RV325 small business routers. Can be exploited via the WAN interface of the router. Either via HTTPS o...

7.5CVSS7.9AI score0.99876EPSS
Exploits26
The Hacker News
The Hacker News
added 2018/04/09 2:46 p.m.97 views

Critical Code Execution Flaw Found in CyberArk Enterprise Password Vault

A critical remote code execution vulnerability has been discovered in CyberArk Enterprise Password Vault application that could allow an attacker to gain unauthorized access to the system with the privileges of the web application. Enterprise password manager EPV solutions help organizations...

9.8CVSS2AI score0.17336EPSS
Exploits5
Symfony
Symfony
added 2015/11/23 12:0 a.m.25 views

CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature

Affected Versions Symfony 2.3.0 to 2.3.34, 2.6.0 - 2.6.11, 2.7.0 - 2.7.6 versions of the Security component are affected by this security issue. This issue has been fixed in Symfony 2.3.35, 2.6.12, and 2.7.7. Note that no fixes are provided for Symfony 2.4 and 2.5 as they are not maintained...

6.8CVSS5.8AI score0.02712EPSS
Exploits1
exploitpack
exploitpack
added 2015/06/16 12:0 a.m.69 views

TYPO3 Extension Akronymmanager 0.5.0 - SQL Injection

TYPO3 Extension Akronymmanager 0.5.0 - SQL Injection Advisory: SQL Injection in TYPO3 Extension Akronymmanager An SQL injection vulnerability in the TYPO3 extension "Akronymmanager" allows authenticated attackers to inject SQL statements and thereby read data from the TYPO3 database. Details...

6CVSS0.2AI score0.03157EPSS
Exploits5
Packet Storm
Packet Storm
added 2015/01/13 12:0 a.m.59 views

WoltLab Burning Board 4.0 Tapatalk Open Redirect

The Tapatalk Plugin com.tapatalk.wbb4 for WoltLab Burning Board 4.0 prior to version 1.1.2 allowed to redirect users to arbitrary URLs. This was possible by specifying the target URL in the URL parameter boardurl in URLs like the following:...

5.8CVSS6.7AI score0.01268EPSS
Exploits2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.28 views

Exim sender_address Parameter - RCE Exploit

No description provided by source. !/usr/bin/env python Exim senderaddress Parameter - Remote Command Execution Exploit Vulnerability found by RedTeam Pentesting GmbH https://www.redteam-pentesting.de/en/advisories/rt-sa-2013-001/ Exploit written by eKKiM...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.358 views

TLS Renegotiation Vulnerability PoC

No description provided by source. !/usr/bin/env python RedTeam Pentesting GmbH [email protected] http://www.redteam-pentesting.de PoC exploit for the TLS renegotiation vulnerability CVE-2009-3555 License ------- CC-BY-SA http://creativecommons.org/licenses/by-sa/3.0/ Timeline -------...

5.8CVSS7.9AI score0.87264EPSS
Exploits15
0day.today
0day.today
added 2013/06/06 12:0 a.m.32 views

Exim sender_address Parameter - RCE Exploit

Exploit for linux platform in category remote exploits !/usr/bin/env python Exim senderaddress Parameter - Remote Command Execution Exploit Vulnerability found by RedTeam Pentesting GmbH https://www.redteam-pentesting.de/en/advisories/rt-sa-2013-001/ Exploit written by eKKiM...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2013/06/05 12:0 a.m.21 views

Exim - sender_address Remote Code Execution

Exim - senderaddress Remote Code Execution !/usr/bin/env python Exim senderaddress Parameter - Remote Command Execution Exploit Vulnerability found by RedTeam Pentesting GmbH https://www.redteam-pentesting.de/en/advisories/rt-sa-2013-001/ Exploit written by eKKiM...

Exploits0
Rows per page
Query Builder