1804 matches found
Hubstaff 1.6.14-61e5e22e - (wow64log) DLL Search Order Hijacking Vulnerability
Exploit Title: Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking Exploit Author: Ahsan Azad Vendor Homepage: https://hubstaff.com/ Software Link: https://app.hubstaff.com/download Version: 1.6.13, 1.6.14 Tested On: 64-bit operating system, x64-based processor Description Hubstaff i...
Trend Micro OfficeScan Client 10.0 - ACL Service Local Privilege Escalation Vulnerability
Exploit Title: Trend Micro OfficeScan Client 10.0 - ACL Service LPE Exploit Author: msd0pe Vendor Homepage: https://www.trendmicro.com My Github: https://github.com/msd0pe-1 Trend Micro OfficeScan Client: Versions = icacls "C:\Program Files x86\Trend Micro\OfficeScan Client" C:\Program Files...
Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking
Exploit Title: Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking Date: 14/05/2023 Exploit Author: Ahsan Azad Vendor Homepage: https://hubstaff.com/ Software Link: https://app.hubstaff.com/download Version: 1.6.13, 1.6.14 Tested On: 64-bit operating system, x64-based processor...
TFTP Fetch, Windows Encrypted Reverse Shell
Fetch and execute an x64 payload from a TFTP server. Connect back to attacker and spawn an encrypted command shell Module Options msf use payload/cmd/windows/tftp/x64/encryptedshellreversetcp msf payloadencryptedshellreversetcp show actions ...actions... msf payloadencryptedshellreversetcp set...
HTTPS Fetch, Windows Encrypted Reverse Shell
Fetch and execute an x64 payload from an HTTPS server. Connect back to attacker and spawn an encrypted command shell Module Options msf use payload/cmd/windows/https/x64/encryptedshellreversetcp msf payloadencryptedshellreversetcp show actions ...actions... msf payloadencryptedshellreversetcp set...
Exploit for CVE-2022-30190
CVE 30190 Amine TITROFINE | December 17, 2022 ------------...
Exploit for Code Injection in Exiftool_Project Exiftool
CVE-2021-22204 Exploit for CVE-2021-22204 ExifTool - Arb...
New Stealthy Variant of Linux Backdoor BPFDoor Emerges from the Shadows
A previously undocumented and mostly undetected variant of a Linux backdoor called BPFDoor has been spotted in the wild, cybersecurity firm Deep Instinct said in a technical report published this week. "BPFDoor retains its reputation as an extremely stealthy and difficult-to-detect malware with...
New Variant of BPFDoor Linux Malware Features Enhanced Encryption and Stealthy Communication
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of the Linux malware BPFDoor has been discovered, featuring more robust encryption and reverse shell communication. It uses the BPF to bypass firewall restrictions, allowing threat actors t...
PT-2023-3014 · Teltonika · Teltonika'S Remote Management System
Name of the Vulnerable Software and Affected Versions: Teltonika’s Remote Management System versions prior to 4.10.0 Description: The issue allows users to access managed devices’ local secure shell SSH/web management services over the cloud proxy. A user can request a web proxy and obtain a URL ...
CVE-2022-29841
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to...
Command injection
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to...
Information disclosure
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install...
Western Digital My Cloud 操作系统命令注入漏洞
Western Digital My Cloud is a personal cloud storage device from Western Digital. A security vulnerability exists in Western Digital My Cloud OS 5 prior to version 5.26.119, which stems from an operating system command injection vulnerability that can be exploited by an attacker to remotely execu...
CVE-2023-31471
An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install...
CVE-2023-31471
The CVE-2023-31471 entry concerns GL.iNet devices prior to version 3.216. The issue arises via the software installation feature, where restrictions on the available package list are only client-side verified, allowing installation of arbitrary software (including a reverse shell) from the filesy...
CVE-2023-29944
Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...
Command injection
Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...
CVE-2023-29944
Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...
Exploit for Incorrect Authorization in Cacti
CVE-2022-41343 🐍 Python Exploit for CVE-2022-46169 Staged Rev...