1812 matches found
WordPress Modern Events Calendar Remote Code Execution Exploit
This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check of the uploaded file extension. Indeed, by...
Wordpress Plugin SP Project and Document - Authenticated Remote Code Execution
This module allows an attacker with a privileged Wordpress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin SP Project & Document /.php Module Options msf use exploit/multi/http/wppluginspprojectdocumentrce msf exploitwppluginspprojectdocumentrce...
Wordpress Plugin Backup Guard - Authenticated Remote Code Execution
This module allows an attacker with a privileged Wordpress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard .php Module Options msf use exploit/multi/http/wppluginbackupguardrce msf exploitwppluginbackupguardrce show targets...
WordPress Backup Guard Authenticated Remote Code Execution Exploit
This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard versions prior to 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP...
VMware vCenter Server Virtual SAN Health Check Remote Code Execution Exploit
This Metasploit module exploits Java unsafe reflection and SSRF in the VMware vCenter Server Virtual SAN Health Check plugin's ProxygenController class to execute code as the vsphere-ui user. See the vendor advisory for affected and patched versions. Tested against VMware vCenter Server 6.7 Updat...
Exploit for OS Command Injection in Docker
🖥️ -h3x0v3rl0rd- ️⃣ CVE-2019-5736 Usage : machine is vuln...
Exploit for CVE-2017-0143
MS17-010 🖥️ -h3x0v3rl0rd- ️⃣ CVE-2017-0143 Docker Usin...
Exploit for CVE-2017-0143
MS17-010 🖥️ -h3x0v3rl0rd- ️⃣ CVE-2017-0143 Docker Usin...
Exploit for CVE-2017-0143
MS17-010 🖥️ -h3x0v3rl0rd- ️⃣ CVE-2017-0143 Docker Usin...
Exploit for CVE-2017-0143
MS17-010 🖥️ -h3x0v3rl0rd- ️⃣ CVE-2017-0143 Docker Usin...
Exploit for CVE-2017-0143
MS17-010 🖥️ -h3x0v3rl0rd- ️⃣ CVE-2017-0143 Docker Usin...
Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution (Unauthenticated)
Exploit Title: Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution Unauthenticated Date: 2021-07-07 Exploit Author: faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Okta Access Gateway 2020.5.5 Authenticated Remote Root Vulnerability
Okta Access Gateway v2020.5.5 Post-Auth Remote Root RCE CVE-2021-28113 ======= Details ======= There are two command injection bugs can that be triggered after authenticating to the web UI. Since the injection occurs when a script is executed with sudo, the commands are ran with root privileges...
Online Voting System 1.0 SQL Injection / Remote Code Execution
Exploit Title: Online Voting System 1.0 - SQLi Authentication Bypass + Remote Code Execution RCE Exploit Author: Geiseric Original Exploit Author: deathflash1411 - https://www.exploit-db.com/exploits/50076 - https://www.exploit-db.com/exploits/50075 Date 02.07.2021 Vendor Homepage:...
Exploit for Improper Input Validation in Microsoft
This is a PoC Proof of Concept exploit for CVE-2020-1350, also known as SigRed. The exploit is designed to target DNS servers and allows for remote code execution. The exploit is written in Python and consists of several files: configure.py: This script is used to set up the payload and Apache HT...
Exploit for Unrestricted Upload of File with Dangerous Type in Adobe Coldfusion
CVE-2018-15961 - Adobe ColdFusion 2018 RCE This repository co...
rConfig <= 3.9.6 Shell Upload Exploit
This Metasploit module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php. This module requires Metasploit: https://metasploit.com/download Current source:...
rConfig Vendors Auth File Upload RCE
This module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php. Then, the uploaded payload can be triggered by a call to images/vendor/.php Module Options msf use...
rConfig Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'rConfig Vendors Auth File Upload RCE', 'Description' = %q This module allows an attacker with a privileged rConfig account to start a reverse she...
Dlink DSL2750U Command Injection
Exploit Title: Dlink DSL2750U - 'Reboot' Command Injection Date: 17-06-2021 Exploit Author: Mohammed Hadi HadiMed Vendor Homepage: https://me.dlink.com/consumer Software Link: https://dlinkmea.com/index.php/product/details?det=c0lvN0JoeVVhSXh4TVhjTnd1OUpUUT09 Version: ME1.16 Tested on: firmware...