Zyxel Firewall ZTP Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zyxel Firewall ZTP Unauthenticated Command Injection', 'Description' = %q This module exploits CVE-2022-30525, an unauthenticated remote command...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

It is an offensive tool for Log4Shell exploitation. The tool is...

CVE-2022-30525 (FIXED): Zyxel Firewall Unauthenticated Remote Command Injection

Rapid7 discovered and reported a vulnerability that affects Zyxel firewalls supporting Zero Touch Provisioning ZTP, which includes the ATP series, VPN series, and the USG FLEX series including USG20-VPN and USG20W-VPN. The vulnerability, identified as CVE-2022-30525, allows an unauthenticated and...

Powershell Exec, Windows Encrypted Reverse Shell

Execute an x64 payload from a command via PowerShell. Connect back to attacker and spawn an encrypted command shell Module Options msf use payload/cmd/windows/powershell/x64/encryptedshellreversetcp msf payloadencryptedshellreversetcp show actions ...actions... msf payloadencryptedshellreversetcp...

ExifTool 12.23 Arbitrary Code Execution

Exploit Title: ExifTool 12.23 - Arbitrary Code Execution Date: 04/30/2022 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://exiftool.org/ Software Link: https://github.com/exiftool/exiftool/archive/refs/tags/12.23.zip Version: 7.44-12.23 Tested on: ExifTool 12.23 Debian CVE:...

Wondershare Dr.Fone 11.4.10 Insecure Permissions

Exploit Title: Wondershare Dr.Fone 11.4.10 - Insecure File Permissions Date: 04/25/2022 Exploit Author: AkuCyberSec https://github.com/AkuCyberSec Vendor Homepage: https://drfone.wondershare.com/ Software Link: https://download.wondershare.com/drfonefull3360.exe Version: 11.4.10 Tested on: Window...

CVE-2021-42645

CMSimpleXH 1.7.4 is affected by a remote code execution RCE vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host...

CVE-2021-42645

CMSimpleXH 1.7.4 is affected by a remote code execution RCE vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host...

Design/Logic Flaw

CMSimpleXH 1.7.4 is affected by a remote code execution RCE vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host...

CVE-2021-42645

CMSimpleXH 1.7.4 is affected by a remote code execution RCE vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host...

CVE-2021-42645

CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability that can be triggered by the File parameter to upload a PHP payload and obtain a reverse shell on the vulnerable host. The CVE entry (CVE-2021-42645) and multiple connected sources corroborate an RCE path via file upload...

Hacking Ham Radio: WinAPRS – Part 4

In part three of this series, we discovered and traced a memory corruption bug in WinAPRS using IDA Pro and WinDbg. We discovered that it could be used to gain control over the CPUs EIP register to obtain remote code execution. We found that there were limitations on the address that could be...

Hacking Ham Radio: WinAPRS – Part 3

In part two of this series, we reviewed our WinAPRS software and hardware configuration. We then began reverse engineering WinAPRS and fuzzing it for vulnerabilities using modified open-source software. Finally, we identified a potentially exploitable vulnerability. This installment will dig into...

Presshell - Quick And Dirty Wordpress Command Execution Shell

presshell Quick & dirty Wordpress Command Execution Shell. Execute shell commands on your wordpress server. Uploaded shell will probably be at /wp-content/plugins/shell/shell.php Installation To install the shell, we are assuming you have administrative rights to Wordpress and can install plugins...

Exploit for Path Traversal in Apache Http_Server

This is a Python script that exploits a remote code execution R...

Aiven Ltd: Kafka Connect RCE via connector SASL JAAS JndiLoginModule configuration

Summary: When configuring the connector via the Aiven API or the Kafka Connect REST API, the attacker can set the database.history.producer.sasl.jaas.config connector property for the io.debezium.connector.mysql.MySqlConnector connector. This is likely true for other debezium connectors too. By...

Exploit for Code Injection in Vmware Spring_Framework

CVE-2022-22965 poc CVE-2022-22965 poc including reverse-shell...

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 CVE-2022-22963 PoC Slight modified for Englis...

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 CVE-2022-22963 Spring-Cloud-Function-SpELRCE漏...

LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly

A low-dependency command-line tool for generating reverse shell payloads on the fly. Description LAZYPARIAH is a simple and easily installable command-line tool written in pure Ruby that can be used during penetration tests and capture-the-flag CTF competitions to generate a range of reverse shel...