WordPress Booking Calendar 8.4.3 SQL Injection

Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Date: 2018-12-28 Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link: https://wordpress.org/plugins/booking/ Version: Tested on version 8.4.3 older versions may also be...

WordPress Booking Calendar 8.4.3 Plugin - Authenticated SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link: https://wordpress.org/plugins/booking/ Version: Tested on version...

WordPress Plugin Booking Calendar 8.4.3 - (Authenticated) SQL Injection

WordPress Plugin Booking Calendar 8.4.3 - Authenticated SQL Injection Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Date: 2018-12-28 Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link:...

WordPress Plugin Booking Calendar 8.4.3 - (Authenticated) SQL Injection

Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Date: 2018-12-28 Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link: https://wordpress.org/plugins/booking/ Version: Tested on version 8.4.3 older versions may also be...

DEBIAN-CVE-2019-7283

An issue was discovered in rcp in NetKit through 0.17. For an rcp operation, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned. A malicious rsh server or Man-in-The-Middle attacker can overwrite...

How CB LiveOps Helps with Incident Response

Security and IT Operations teams often have no reliable way to assess the current state of endpoints across their enterprise, leading to increased risk of breach, inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance. A real-time endpoint query a...

PT-2019-6235 · Netkit · Netkit

Name of the Vulnerable Software and Affected Versions: NetKit versions through 0.17 Description: The issue allows a malicious rsh server or a Man-in-The-Middle attacker to overwrite arbitrary files in a directory on the rcp client machine due to the rcp client only performing cursory validation o...

WordPress WP-Ajax-Form-Pro 5.0.2 Shell Upload

Exploit Title : WordPress WP-Ajax-Form-Pro Plugins 5.0.2 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org ajaxformpro.com Software Download Link : ajaxformpro.com Software Script Owner and...

WordPress ChenPress 3.1.1 Shell Upload

Exploit Title : WordPress ChenPress Plugins 3.1.1 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 20/12/2018 Vendor Homepage : wordpress.org groups-beta.google.com/group/ChenPress Software Download Link :...

WordPress Monsters-Editor-10-For-WP-Super-Edit 2.3.1 Shell Upload

Exploit Title : WordPress Monsters-Editor-10-For-WP-Super-Edit Plugins 2.3.1 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 20/12/2018 Vendor Homepage : thedevcouple.com wordpress.org/plugins/monsters-editor-10-for-wp-super-edit/...

WordPress Sem-Wysiwyg 1.0 Shell Upload

Exploit Title : WordPress Sem-Wysiwyg Plugins 1.0 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 20/12/2018 Vendor Homepage : wordpress.org Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version...

WordPress FCKEditor-For-Wordpress-Plugin 3.3.1 Shell Upload

Exploit Title : WordPress FCKEditor-For-Wordpress-Plugin 3.3.1 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 20/12/2018 Vendor Homepage : wordpress.org/support/plugin/fckeditor-for-wordpress-plugin Software Download Link :...

Apache Superset 0.23 - Remote Code Execution

Apache Superset 0.23 - Remote Code Execution Exploit Title: Apache Superset ' sys.exit else: Script arguments supersetIP = sys.argv1 supersetPort = sys.argv2 Verify these URLs match your environment loginURL = 'http://' + supersetIP + ':' + supersetPort + '/login/' uploadURL = 'http://' +...

OCS Inventory NG <= 2.5.0 Remote Shell Upload Vulnerability

OCS Inventory NG is prone to a remote shell upload vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

The vulnerability of the Remote Shell (RSH) service on the JunOS operating system allows a hacker to gain access to devices with root privileges.

The vulnerability of the Remote Shell RSH service in the JunOS operating system is related to insufficient access control. Exploiting this vulnerability could allow a malicious actor to gain access to the device with root privileges...

CVE-2018-0052

If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command...

Junos OS: Unauthenticated remote root access possible when RSH service is enabled

If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service. However, an undocumented CLI command...

Hershell - Simple TCP reverse shell written in Go

Simple TCP reverse shell written in Go. It uses TLS to secure the communications, and provide a certificate public key fingerprint pinning feature, preventing from traffic interception. Supported OS are: Windows Linux Mac OS FreeBSD and derivatives Why ? Although meterpreter payloads are great,...

Tenable WAS-Scanner 7.4.1708 - Remote Command Execution Vulnerability

Exploit Title: Tenable WAS-Scanner 7.4.1708 - Remote Command Execution Discovery by: Sameer Goyal Vendor Homepage: https://www.tenable.com/ Software Link: https://www.tenable.com/products/tenable-io/web-application-scanning Tested Version: WAS-20180328 Vulnerability Type: Remote Command Execution...

iBombShell: A Dynamic Post-Exploitation Remote Shell

PenTestIT RSS Feed Consider you have a shell on a system and other post-exploitation do not work for you as they are being caught by a security solution on the system. Worry not as we now have iBombShell, a dynamic remote shell that can be run on any system that supports PowerShell. The reason th...