1828 matches found
Uffizio GPS Tracker 安全漏洞
Uffizio Gps Tracker is a Gps tracker by Uffizio India. Uffizio GPS Tracker suffers from a security vulnerability that stems from the software's lack of effective restrictions on the types of files that users can upload. An attacker could compromise the web server by uploading and executing a web...
Exploit for Race Condition in Canonical Ubuntu_Linux
This repository is an exploit module for the Dirty COW CVE-2016-5195 vulnerability. The exploit relies on ptrace to patch the vDSO Virtual Dynamic Shared Object and gain root privileges. The payload is written in assembly and is executed whenever a process makes a call to clockgettime. If the...
Storage Unit Rental Management System 1.0 Shell Upload
Exploit Title: Storage Unit Rental Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 28.09.2021 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html Software Lin...
Storage Unit Rental Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Storage Unit Rental Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 28.09.2021 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html Software Lin...
Working PoC Is Out for VMware vCenter CVE-2021-22005 Flaw
A fully working exploit for the critical CVE-2021-22005 remote code-execution RCE vulnerability in VMware vCenter is now public and being exploited in the wild. Released on Monday by Rapid7 security engineer William Vu who goes by the Twitter handle wvu, this one’s different from the incomplete...
Apache James Server 2.3.2 - Remote Command Execution (Authenticated) Exploit (2)
Exploit Title: Apache James Server 2.3.2 - Remote Command Execution RCE Authenticated 2 Exploit Author: shinris3n Vendor Homepage: http://james.apache.org/server/ Software Link: http://ftp.ps.pl/pub/apache/james/server/apache-james-2.3.2.zip Version: Apache James Server 2.3.2 Tested on: Ubuntu...
Apache James Server 2.3.2 - Remote Command Execution (RCE) (Authenticated) (2)
Exploit Title: Apache James Server 2.3.2 - Remote Command Execution RCE Authenticated 2 Date: 27/09/2021 Exploit Author: shinris3n Vendor Homepage: http://james.apache.org/server/ Software Link: http://ftp.ps.pl/pub/apache/james/server/apache-james-2.3.2.zip Version: Apache James Server 2.3.2...
Sentry 8.2.0 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Sentry 8.2.0 - Remote Code Execution RCE Authenticated Date: 22/09/2021 Exploit Author: Mohin Paramasivam Shad0wQu35t Vulnerability Discovered By : Clement Berthaux SYNACKTIV Software Link: https://sentry.io/welcome/ Advisory:...
CVE-2021-36582
In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...
Design/Logic Flaw
In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...
Kooboo 代码问题漏洞
Kooboo is a new web development tool capable of developing static pages or complex websites. A security vulnerability exists in Kooboo CMS 2.1.1.0, which stems from the software's lack of effective validation and filtering of user uploaded files. An attacker can upload a remote shell e.g. aspx to...
Apartment Visitor Management System (AVMS) 1.0 - SQL injection to Remote Code Execution 0day Exploit
Exploit Title: Apartment Visitor Management System AVMS 1.0 - SQLi to RCE Exploit Author: mari0x00 Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=10395 Version: 1.0 Tested on:...
Apartment Visitor Management System (AVMS) 1.0 - 'username' SQL Injection
Exploit Title: Apartment Visitor Management System AVMS 1.0 - 'username' SQL Injection Date: 2021-08-13 Exploit Author: mari0x00 Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link:...
Exploit for Deserialization of Untrusted Data in Google Tensorflow
CVE-2021-37678 Explo...
Rittal CMC PU III 操作系统命令注入漏洞
Rittal CMC PU III is a monitoring system from Rittal, Germany. A security vulnerability exists in the Rittal CMC PU III Web management version V3.11.002, which originates from the inability of the web application to clean up user input on the network TCP/IP configuration page. The vulnerability c...
WPanel 4.3.1 Remote Code Execution
Exploit Title: WPanel 4.3.1 - Remote Code Execution RCE Authenticated Date: 07/06/2021 Exploit Author: Sentinal920 Vendor Homepage: https://github.com/wpanel Software Link: https://github.com/wpanel/wpanel4-cms Version: 4.3.1 Tested on: Linux import requests import random,string Change This url =...
WPanel 4.3.1 - Remote Code Execution (Authenticated) Exploit
Exploit Title: WPanel 4.3.1 - Remote Code Execution RCE Authenticated Exploit Author: Sentinal920 Vendor Homepage: https://github.com/wpanel Software Link: https://github.com/wpanel/wpanel4-cms Version: 4.3.1 Tested on: Linux import requests import random,string Change This url =...
WPanel 4.3.1 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: WPanel 4.3.1 - Remote Code Execution RCE Authenticated Date: 07/06/2021 Exploit Author: Sentinal920 Vendor Homepage: https://github.com/wpanel Software Link: https://github.com/wpanel/wpanel4-cms Version: 4.3.1 Tested on: Linux import requests import random,string Change This url =...
Exploit for OS Command Injection in Draytek Vigor2960_Firmware
CVE-2020-8515 Draytek CVE-2020-8515 PoC I had kicking about...
Exploit for OS Command Injection in Sophos Unified_Threat_Management
sophucked CVE-2020-25223 RCE PoC, gets reverse shell. Pre-auth...