1795 matches found
Mediator - An Extensible, End-To-End Encrypted Reverse Shell With A Novel Approach To Its Architecture
Mediator is an end-to-end encrypted reverse shell in which the operator and the shell connect to a "mediator" server that bridges the connections. This removes the need for the operator/handler to set up port forwarding in order to listen for the connection. Mediator also allows you to create...
OpenClinic GA 5.194.18 Privilege Escalation
Exploit Title: OpenClinic GA 5.194.18 - Local Privilege Escalation Date: 2021-07-24 Author: Alessandro Salzano Vendor Homepage: https://sourceforge.net/projects/open-clinic/ Software Homepage: https://sourceforge.net/projects/open-clinic/ Software Link:...
Gestionale Open 11.00.00 - Local Privilege Escalation Vulnerability
Exploit Title: Gestionale Open 11.00.00 - Local Privilege Escalation Author: Alessandro 'mindsflee' Salzano Vendor Homepage: https://www.gestionaleopen.org/ Software Homepage: https://www.gestionaleopen.org/ Software Link:...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-42013Reverse-Shell PoC CVE-2021-42013 reverse shell...
Apache HTTP Server 2.4.50 Remote Code Execution
Exploit: Apache HTTP Server 2.4.50 - Remote Code Execution RCE 2 Credits: Ash Daulton & cPanel Security Team Date: 24/07/2021 Exploit Author: TheLastVvV.com Vendor Homepage: https://apache.org/ Version: Apache 2.4.50 with CGI enable Tested on : Debian 5.10.28 CVE : CVE-2021-42013 !/bin/bash echo...
Active-Directory-Exploitation-Cheat-Sheet
This is a cheat sheet for Windows Active Directory exploitation, containing common enumeration and attack methods. The repository is a collection of PowerShell scripts and modules that can be used to perform various attacks on Active Directory, including domain enumeration, lateral movement, and...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-42013 Introduction It was found that the fix for C...
Exploit for OS Command Injection in Saltstack Salt
CVE-2020-16846-Saltstack-Salt-API Vulnerability Explained: An...
Uffizio GPS Tracker 安全漏洞
Uffizio Gps Tracker is a Gps tracker by Uffizio India. Uffizio GPS Tracker suffers from a security vulnerability that stems from the software's lack of effective restrictions on the types of files that users can upload. An attacker could compromise the web server by uploading and executing a web...
Exploit for Race Condition in Canonical Ubuntu_Linux
This repository is an exploit module for the Dirty COW CVE-2016-5195 vulnerability. The exploit relies on ptrace to patch the vDSO Virtual Dynamic Shared Object and gain root privileges. The payload is written in assembly and is executed whenever a process makes a call to clockgettime. If the...
Storage Unit Rental Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Storage Unit Rental Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 28.09.2021 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html Software Lin...
Storage Unit Rental Management System 1.0 Shell Upload
Exploit Title: Storage Unit Rental Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 28.09.2021 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://www.sourcecodester.com/php/14932/storage-unit-rental-management-system-using-php-free-source-code.html Software Lin...
Working PoC Is Out for VMware vCenter CVE-2021-22005 Flaw
A fully working exploit for the critical CVE-2021-22005 remote code-execution RCE vulnerability in VMware vCenter is now public and being exploited in the wild. Released on Monday by Rapid7 security engineer William Vu who goes by the Twitter handle wvu, this one’s different from the incomplete...
Apache James Server 2.3.2 - Remote Command Execution (RCE) (Authenticated) (2)
Exploit Title: Apache James Server 2.3.2 - Remote Command Execution RCE Authenticated 2 Date: 27/09/2021 Exploit Author: shinris3n Vendor Homepage: http://james.apache.org/server/ Software Link: http://ftp.ps.pl/pub/apache/james/server/apache-james-2.3.2.zip Version: Apache James Server 2.3.2...
Apache James Server 2.3.2 - Remote Command Execution (Authenticated) Exploit (2)
Exploit Title: Apache James Server 2.3.2 - Remote Command Execution RCE Authenticated 2 Exploit Author: shinris3n Vendor Homepage: http://james.apache.org/server/ Software Link: http://ftp.ps.pl/pub/apache/james/server/apache-james-2.3.2.zip Version: Apache James Server 2.3.2 Tested on: Ubuntu...
Sentry 8.2.0 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Sentry 8.2.0 - Remote Code Execution RCE Authenticated Date: 22/09/2021 Exploit Author: Mohin Paramasivam Shad0wQu35t Vulnerability Discovered By : Clement Berthaux SYNACKTIV Software Link: https://sentry.io/welcome/ Advisory:...
CVE-2021-36582
In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...
Design/Logic Flaw
In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...
Kooboo 代码问题漏洞
Kooboo is a new web development tool capable of developing static pages or complex websites. A security vulnerability exists in Kooboo CMS 2.1.1.0, which stems from the software's lack of effective validation and filtering of user uploaded files. An attacker can upload a remote shell e.g. aspx to...
Apartment Visitor Management System (AVMS) 1.0 - SQL injection to Remote Code Execution 0day Exploit
Exploit Title: Apartment Visitor Management System AVMS 1.0 - SQLi to RCE Exploit Author: mari0x00 Vendor Homepage: https://phpgurukul.com/apartment-visitors-management-system-using-php-and-mysql/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=10395 Version: 1.0 Tested on:...