Design/Logic Flaw

Garage Management System 1.0 is vulnerable to the Remote Code Execution RCE due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE...

Garage Management System 代码问题漏洞

SourceCodester Garage Management System Cms-Website is a garage management system by mayurik personal developer. It helps you to manage all your vehicles, cars and motorcycles. A security vulnerability exists in Garage Management System version 1.0, which stems from a lack of file upload filterin...

Reverse Shell Commands Over HTTP Payload (CVE-2022-29078)

A reverse shell command Injection over HTTP vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine...

Exploit for Argument Injection in Atlassian Bitbucket

CVE-2022-36804 PoC This repo contains a simple proof of concep...

Exploit for Missing Authorization in Redis

CVE-2022-0543 Fully featured exploit for Redis RCE through Lua...

Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite

Zimbra Unauthenticated Remote Code Execution Exploit CVE-2022-2...

Hoaxshell - An Unconventional Windows Reverse Shell, Currently Undetected By Microsoft Defender And Various Other AV Solutions, Solely Based On Http(S) Traffic

hoaxshell is an unconventional Windows reverse shell, currently undetected by Microsoft Defender and possibly other AV solutions as it is solely based on https traffic. The tool is easy to use, it generates it's own PowerShell payload and it supports encryption ssl. So far, it has been tested on...

AirSpot 5410 0.3.4.1-4 Remote Command Injection Exploit

-- coding: utf-8 -- Exploit Title: AirSpot unauthenticated remote command injection Date: 7/26/2022 Exploit Author: Samy Younsi NSLABS https://samy.link Vendor Homepage: https://www.airspan.com/ Software Link: https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf Version: 0.3.4.1-4 and under. Tested...

Analyzing Attack Data and Trends Targeting Log4J

The Log4j vulnerability, initially reported in November 2021, has affected millions of devices and applications around the world. It has the potential to allow a malicious actor to take full control of vulnerable devices. As a result of how Log4j controls the logging of strings and code, the...

Exploit for CVE-2022-30190

Five Nights at Follina's A Fullstack Academy Cybersecurity pro...

NanoCMS v0.4 - Remote Code Execution (Authenticated) Exploit

Exploit Title: NanoCMS v0.4 - Remote Code Execution RCE Authenticated Exploit Auuthor: p1ckzi Vendor Homepage: https://github.com/kalyan02/NanoCMS Version: NanoCMS v0.4 Tested on: Linux Mint 20.3 CVE: N/A Description: this script uploads a php reverse shell to the target. NanoCMS does not sanitis...

Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Webmin 1.996 - Remote Code Execution RCE Authenticated Date: 2022-07-25 Exploit Author: Emir Polat Technical analysis: https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165 Vendor Homepage: https://www.webmin.com/ Software Link: https://www.webmin.com/download.html...

NanoCMS v0.4 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: NanoCMS v0.4 - Remote Code Execution RCE Authenticated Date: 2022-07-26 Exploit Auuthor: p1ckzi Vendor Homepage: https://github.com/kalyan02/NanoCMS Version: NanoCMS v0.4 Tested on: Linux Mint 20.3 CVE: N/A Description: this script uploads a php reverse shell to the target. NanoCMS...

Exploit for OS Command Injection in Apache Spark

CVE-2022-33891 Apache Spark Shell Command Injection Vulnerabil...

Exploit for CVE-2022-30190

CVE-2022-30190 | MS-MSDT "Follina" Attack Vector Srikesh Ma...

Notionterm - Embed Reverse Shell In Notion Pages

Embedreverse shell in Notion pages. Hack while taking notes FOR: Hiding attacker IP in reverse shell No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell Demo/Quick proof insertion within report High available and shareable reverse shell...

K0Otkit - Universal Post-Penetration Technique Which Could Be Used In Penetrations Against Kubernetes Clusters

k0otkit is a universal post-penetration technique which could be used in penetrations against Kubernetes clusters. With k0otkit, you can manipulate all the nodes in the target Kubernetes cluster in a rapid, covert and continuous way reverse shell. k0otkit is the combination of Kubernetes and...

Exploit for OS Command Injection in Zyxel Usg_Flex_100W_Firmware

CVE-2022-30525 Zyxel Firewall Command Injection Vulnerability...

Tornado - Anonymously Reverse Shell Over Tor Network Using Hidden Services Without Portforwarding

anonymously reverse shell over onion network using hidden services without portfortwarding Explore the docs fully undetectable reverse shell · View Demo · bulletproof anonymity If you are having any operating system compatiblity issue, let me know. I will try to fix as soon as possible so let's...

Code injection in `saved_model_cli` in TensorFlow

Impact TensorFlow's savedmodelcli tool is vulnerable to a code injection: savedmodelcli run --inputexprs 'x=print"malicious code to run"' --dir ./ --tagset serve --signaturedef servingdefault This can be used to open a reverse shell savedmodelcli run --inputexprs 'hello=exec"""\nimport...