VMware vCenter Server Virtual SAN Health Check Remote Code Execution Exploit

This Metasploit module exploits Java unsafe reflection and SSRF in the VMware vCenter Server Virtual SAN Health Check plugin's ProxygenController class to execute code as the vsphere-ui user. See the vendor advisory for affected and patched versions. Tested against VMware vCenter Server 6.7 Updat...

Exploit for OS Command Injection in Docker

🖥️ -h3x0v3rl0rd- ️⃣ CVE-2019-5736 Usage : machine is vuln...

Exploit for CVE-2017-0143

MS17-010 🖥️ -h3x0v3rl0rd- ️⃣ CVE-2017-0143 Docker Usin...

Exploit for CVE-2017-0143

MS17-010 🖥️ -h3x0v3rl0rd- ️⃣ CVE-2017-0143 Docker Usin...

Exploit for CVE-2017-0143

MS17-010 🖥️ -h3x0v3rl0rd- ️⃣ CVE-2017-0143 Docker Usin...

Exploit for CVE-2017-0143

MS17-010 🖥️ -h3x0v3rl0rd- ️⃣ CVE-2017-0143 Docker Usin...

Exploit for CVE-2017-0143

MS17-010 🖥️ -h3x0v3rl0rd- ️⃣ CVE-2017-0143 Docker Usin...

Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution (Unauthenticated)

Exploit Title: Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution Unauthenticated Date: 2021-07-07 Exploit Author: faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Okta Access Gateway 2020.5.5 Authenticated Remote Root Vulnerability

Okta Access Gateway v2020.5.5 Post-Auth Remote Root RCE CVE-2021-28113 ======= Details ======= There are two command injection bugs can that be triggered after authenticating to the web UI. Since the injection occurs when a script is executed with sudo, the commands are ran with root privileges...

Online Voting System 1.0 SQL Injection / Remote Code Execution

Exploit Title: Online Voting System 1.0 - SQLi Authentication Bypass + Remote Code Execution RCE Exploit Author: Geiseric Original Exploit Author: deathflash1411 - https://www.exploit-db.com/exploits/50076 - https://www.exploit-db.com/exploits/50075 Date 02.07.2021 Vendor Homepage:...

Exploit for Improper Input Validation in Microsoft

This is a PoC Proof of Concept exploit for CVE-2020-1350, also known as SigRed. The exploit is designed to target DNS servers and allows for remote code execution. The exploit is written in Python and consists of several files: configure.py: This script is used to set up the payload and Apache HT...

Exploit for Unrestricted Upload of File with Dangerous Type in Adobe Coldfusion

CVE-2018-15961 - Adobe ColdFusion 2018 RCE This repository co...

rConfig <= 3.9.6 Shell Upload Exploit

This Metasploit module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php. This module requires Metasploit: https://metasploit.com/download Current source:...

rConfig Vendors Auth File Upload RCE

This module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php. Then, the uploaded payload can be triggered by a call to images/vendor/.php Module Options msf use...

rConfig Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'rConfig Vendors Auth File Upload RCE', 'Description' = %q This module allows an attacker with a privileged rConfig account to start a reverse she...

Dlink DSL2750U Command Injection

Exploit Title: Dlink DSL2750U - 'Reboot' Command Injection Date: 17-06-2021 Exploit Author: Mohammed Hadi HadiMed Vendor Homepage: https://me.dlink.com/consumer Software Link: https://dlinkmea.com/index.php/product/details?det=c0lvN0JoeVVhSXh4TVhjTnd1OUpUUT09 Version: ME1.16 Tested on: firmware...

Metasploit Wrap-Up

NSClient++ Community contributor Yann Castel has contributed an exploit module for NSClient++ which targets an authenticated command execution vulnerability. Users that are able to authenticate to the service as admin can leverage the external scripts feature to execute commands with SYSTEM level...

charlotte

It is an offensive tool for Windows. The repository contains a Python script, charlotte.py, which is a fully undetected shellcode launcher. The script uses XOR encryption to encrypt the shellcode and function names. The script is designed to be used with the Metasploit framework, and it can be us...

Mcafee Database Security Server Code Issue Vulnerability

Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A code...

Mcafee Database Security Server Code Issue Vulnerability (CNVD-2021-39504)

Mcafee Database Security Server is a database security software from Mcafee USA. The software provides users with a holistic view of the database and the corresponding security status, protecting business-critical databases from external, internal and insider database threats in real time. A code...