1795 matches found
CVE-2021-42645
CMSimpleXH 1.7.4 is affected by a remote code execution RCE vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host...
CVE-2021-42645
CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability that can be triggered by the File parameter to upload a PHP payload and obtain a reverse shell on the vulnerable host. The CVE entry (CVE-2021-42645) and multiple connected sources corroborate an RCE path via file upload...
Hacking Ham Radio: WinAPRS – Part 4
In part three of this series, we discovered and traced a memory corruption bug in WinAPRS using IDA Pro and WinDbg. We discovered that it could be used to gain control over the CPUs EIP register to obtain remote code execution. We found that there were limitations on the address that could be...
Hacking Ham Radio: WinAPRS – Part 3
In part two of this series, we reviewed our WinAPRS software and hardware configuration. We then began reverse engineering WinAPRS and fuzzing it for vulnerabilities using modified open-source software. Finally, we identified a potentially exploitable vulnerability. This installment will dig into...
Presshell - Quick And Dirty Wordpress Command Execution Shell
presshell Quick & dirty Wordpress Command Execution Shell. Execute shell commands on your wordpress server. Uploaded shell will probably be at /wp-content/plugins/shell/shell.php Installation To install the shell, we are assuming you have administrative rights to Wordpress and can install plugins...
Exploit for Path Traversal in Apache Http_Server
This is a Python script that exploits a remote code execution R...
Aiven Ltd: Kafka Connect RCE via connector SASL JAAS JndiLoginModule configuration
Summary: When configuring the connector via the Aiven API or the Kafka Connect REST API, the attacker can set the database.history.producer.sasl.jaas.config connector property for the io.debezium.connector.mysql.MySqlConnector connector. This is likely true for other debezium connectors too. By...
Exploit for Code Injection in Vmware Spring_Framework
CVE-2022-22965 poc CVE-2022-22965 poc including reverse-shell...
Exploit for Code Injection in Vmware Spring_Cloud_Function
CVE-2022-22963 CVE-2022-22963 PoC Slight modified for Englis...
Exploit for Code Injection in Vmware Spring_Cloud_Function
CVE-2022-22963 CVE-2022-22963 Spring-Cloud-Function-SpELRCE漏...
LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly
A low-dependency command-line tool for generating reverse shell payloads on the fly. Description LAZYPARIAH is a simple and easily installable command-line tool written in pure Ruby that can be used during penetration tests and capture-the-flag CTF competitions to generate a range of reverse shel...
Tdarr 2.00.15 Command Injection
Exploit Title: Tdarr 2.00.15 - Command Injection Date: 10/03/2022 Exploit Author: Sam Smith Vendor Homepage: https://tdarr.io Software Link: https://f000.backblazeb2.com/file/tdarrs/versions/2.00.15/linuxarm64/TdarrServer.zip Version: 2.00.15 likely also older versions Tested on: 2.00.15 Exploit:...
Windows Encrypted Reverse Shell
Connect back to attacker and spawn an encrypted command shell Module Options msf use payload/windows/x64/encryptedshellreversetcp msf payloadencryptedshellreversetcp show actions ...actions... msf payloadencryptedshellreversetcp set ACTION msf payloadencryptedshellreversetcp show options ...show...
Exploit for OS Command Injection in Gitea
CVE-2020-14144 - GiTea authenticated RCE A script to explo...
Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway
CVE-2022-22947-Spring-Cloud-Gateway-SpelRCE Overview of CVE...
Exploit for Improper Access Control in Webmin
Webmin-CVE-2022-0824-revshell Vulnerability Description...
WebHMI 4.1.1 Remote Code Execution Exploit
Exploit Title: WebHMI 4.1.1 - Remote Code Execution RCE Authenticated Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://webhmi.com.ua/en/ Version: WebHMI 4.1.1.7662 Tested on: WebHMI-4.1.1.7662 !/usr/bin/python import sys import re import argparse import requests import time import...
Exploit for Code Injection in Exiftool_Project Exiftool
CVE-2021-22204-exiftool Python exploit for the CVE-2021-22204...
Exploit for Code Injection in Exiftool_Project Exiftool
CVE-2021-22204-exiftool Python exploit for the CVE-2021-22204...
Exploit for Code Injection in Exiftool_Project Exiftool
CVE-2021-22204-exiftool Python exploit for the CVE-2021-22204...