GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit

!/usr/bin/env python3 Exploit Title: GL.iNet = 3.216 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit

!/usr/bin/env python3 Exploit Title: GL.iNet = 4.3.7 Remote Code Execution via OpenVPN Client Google Dork: intitle:"GL.iNet Admin Panel" Date: XX/11/2023 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://www.gli-net.com Software Link:...

BoidCMS 2.0.0 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BoidCMS Command Injection', 'Description' = %q This module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS version 2.0.0 and...

Exploit for Injection in Vm2_Project Vm2

CVE-2023-30547 Vulnerability de...

Exploit for Injection in Vm2_Project Vm2

CVE-2023-30547 This is a Proof-of-Concept to CVE-2023-30547 h...

CVE-2023-32479

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by...

CVE-2023-32479

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by...

Privilege escalation

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by...

CVE-2023-32479

Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by...

WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution

Exploit Title: WebCatalog 48.4 - Arbitrary Protocol Execution Date: 9/27/2023 Exploit Author: ItsSixtyN3in Vendor Homepage: https://webcatalog.io/en/ Software Link: https://cdn-2.webcatalog.io/webcatalog/WebCatalog%20Setup%2052.3.0.exe Version: 48.4.0 Tested on: Windows CVE : CVE-2023-42222...

Exploit for Code Injection in Craftcms Craft_Cms

This python script exploits the Remote Code Execution vulnerabil...

Arbitrary Code Execution

Processwire is vulnerable to Arbitrary Code Execution. The vulnerability is due to the downloadzipurl parameter when installing new modules. which allows an attacker to execute arbitrary code and install a reverse shell...

Typora v1.7.4 - OS Command Injection Vulnerability

Exploit Title: Typora v1.7.4 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Vendor Homepage: http://www.typora.io Software Link: https://download.typora.io/windows/typora-setup-ia32.exe Tested Version: v1.7.4 latest Tested on: Windows 2019 Server 64bit Steps to Reproduce Open the...

7 Sticky Notes v1.9 - OS Command Injection Vulnerability

Exploit Title: 7 Sticky Notes v1.9 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Vendor Homepage: http://www.7stickynotes.com Software Link: http://www.7stickynotes.com/download/Setup7StickyNotesv19.exe Tested Version: 1.9 latest Tested on: Windows 2019 Server 64bit Steps to Reproduce...

Arbitrary Code Execution in Processwire

An issue found in Processwire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the downloadzipurl parameter when installing a new module...

GHSA-2CVG-W29M-J8XC Arbitrary Code Execution in Processwire

An issue found in Processwire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the downloadzipurl parameter when installing a new module...

CVE-2023-24676

An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the downloadzipurl parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a...

Code injection

An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the downloadzipurl parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a...

CVE-2023-24676

An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the downloadzipurl parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a...

PT-2024-12039 · Unknown · Processwire

Name of the Vulnerable Software and Affected Versions: ProcessWire version 3.0.210 Description: An issue in ProcessWire allows attackers to execute arbitrary code and install a reverse shell via the download zip url parameter when installing a new module. This issue is disputed as it requires the...