1819 matches found
Online Voting System 1.0 SQL Injection / Remote Code Execution
Exploit Title: Online Voting System 1.0 - SQLi Authentication Bypass + Remote Code Execution RCE Exploit Author: Geiseric Original Exploit Author: deathflash1411 - https://www.exploit-db.com/exploits/50076 - https://www.exploit-db.com/exploits/50075 Date 02.07.2021 Vendor Homepage:...
Exploit for Improper Input Validation in Microsoft
This is a PoC Proof of Concept exploit for CVE-2020-1350, also known as SigRed. The exploit is designed to target DNS servers and allows for remote code execution. The exploit is written in Python and consists of several files: configure.py: This script is used to set up the payload and Apache HT...
Exploit for Unrestricted Upload of File with Dangerous Type in Adobe Coldfusion
CVE-2018-15961 - Adobe ColdFusion 2018 RCE This repository co...
rConfig <= 3.9.6 Shell Upload Exploit
This Metasploit module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php. This module requires Metasploit: https://metasploit.com/download Current source:...
rConfig Vendors Auth File Upload RCE
This module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php. Then, the uploaded payload can be triggered by a call to images/vendor/.php Module Options msf use...
rConfig Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'rConfig Vendors Auth File Upload RCE', 'Description' = %q This module allows an attacker with a privileged rConfig account to start a reverse she...
Dlink DSL2750U Command Injection
Exploit Title: Dlink DSL2750U - 'Reboot' Command Injection Date: 17-06-2021 Exploit Author: Mohammed Hadi HadiMed Vendor Homepage: https://me.dlink.com/consumer Software Link: https://dlinkmea.com/index.php/product/details?det=c0lvN0JoeVVhSXh4TVhjTnd1OUpUUT09 Version: ME1.16 Tested on: firmware...
Metasploit Wrap-Up
NSClient++ Community contributor Yann Castel has contributed an exploit module for NSClient++ which targets an authenticated command execution vulnerability. Users that are able to authenticate to the service as admin can leverage the external scripts feature to execute commands with SYSTEM level...
charlotte
It is an offensive tool for Windows. The repository contains a Python script, charlotte.py, which is a fully undetected shellcode launcher. The script uses XOR encryption to encrypt the shellcode and function names. The script is designed to be used with the Metasploit framework, and it can be us...
Mcafee Database Security Server Code Issue Vulnerability (CNVD-2021-39504)
Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A code...
Mcafee Database Security Server Code Issue Vulnerability
Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A code...
McAfee 安全漏洞
Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A...
CVE-2021-23895
Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...
CVE-2021-23895
Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...
CVE-2021-23894
Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...
PT-2021-15597 · Mcafee · Mcafee Database Security
Name of the Vulnerable Software and Affected Versions: McAfee Database Security versions prior to 4.8.2 Description: The issue allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent t...
Mcafee Database Security Server 代码问题漏洞
Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A code...
Mcafee Database Security Server 代码问题漏洞
Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A code...
slopShell - The Only Php Webshell You Need
php webshell Since I derped, and forgot to talk about usage. Here goes. For this shell to work, you need 2 things, a victim that allows php file uploadyourself, in an educational environment and a way to send http requests to this webshell. Basic Usage VideoHosted on Youtube: Current VT Detection...
Admidio 代码问题漏洞
Admidio is an open source member management system from the Admidio team. The system supports member lists, event management, guestbooks, photo albums and downloads. A security vulnerability exists in versions prior to Admidio 4.0.4, which stems from the fact that someone with upload privileges c...