OS Command Injection in sztheory/exifcleaner

✍️ Description Command Injection using XSS via EXIF Data. The application displays the image metadata in HTML format without removing malicious tags, therefore an XSS attack can be performed. bash exiftool -Comment='OverJT' MYIMAGE.png Being an application made in electron, it allows to easily...

Windows/x64 Inject All Processes With Meterpreter Reverse Shell Shellcode (655 bytes)

Shellcode Title: Windows/x64 - Inject All Processes with Meterpreter Reverse Shell 655 Bytes Shellcode Author: Bobby Cooke boku Tested on: Windows 10 v2004 x64 Compiled from: Kali Linux x8664 Shellcode Description: 64bit Windows 10 shellcode that injects all processes with Meterpreter reverse...

PwnLnX - An Advanced Multi-Threaded, Multi-Client Python Reverse Shell For Hacking Linux Systems

An advanced multi-threaded , multi-client python reverse shell for hacking linux systems. There's still more work to do so feel free to help out with the development. Disclaimer : This reverse shell should only be used in the lawful, remote administration of authorized systems. Accessing a comput...

Webmin Cross-Site Request Forgery Vulnerability (CNVD-2021-31910)

Webmin is a Web-based system configuration tool for Unix-like systems, and the latest version can also be installed and run on Windows. A cross-site request forgery vulnerability exists in Webmin version 1.973. An attacker can use this vulnerability to create an elevated privilege user via Webmin...

CVE-2021-31762

Webmin 1.973 is affected by Cross Site Request Forgery CSRF to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature...

CVE-2021-31762

Webmin 1.973 is affected by Cross Site Request Forgery CSRF to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature...

Cross site request forgery (csrf)

Webmin 1.973 is affected by Cross Site Request Forgery CSRF to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature...

CVE-2021-31762

CVE-2021-31762 affects Webmin 1.973 and is a Cross-Site Request Forgery (CSRF) vulnerability that enables an attacker to create a privileged user via Webmin’s Add Users feature and, via Webmin’s Run Process feature, obtain a reverse shell. The connected sources confirm the vulnerability leads to ...

CVE-2021-31762

Webmin 1.973 is affected by Cross Site Request Forgery CSRF to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature...

Webmin 跨站请求伪造漏洞

Webmin is a Web-based system configuration tool for Unix-like systems, and the latest version can also be installed and run on Windows. A cross-site request forgery vulnerability exists in Webmin version 1.973. An attacker can use this vulnerability to create an elevated privilege user via Webmin...

OTRS 6.0.1 - Remote Command Execution Exploit (2)

Exploit Title: OTRS 6.0.1 - Remote Command Execution 2 Exploit Author: Hex26 Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version: 4.0.1 - 4.0.26, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS 7.2.1511 CVE : CVE-2017-16921 !/usr/bin/env python3...

Exploit for Cross-Site Request Forgery (CSRF) in Webmin

..| CVE-2021-31762 |.. Description : Exploiting a Cross-sit...

Online Reviewer System SQL Injection Vulnerability

Online Reviewer System is a software application. An online reviewer system. Online Reviewer System version 1.0 suffers from a SQL injection vulnerability that stems from an authentication bypass SQL injection vulnerability that could result in a reverse shell upload. No detailed vulnerability...

CVE-2021-27130

Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload...

CVE-2021-27130

Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload...

Sql injection

Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload...

CVE-2021-27130

Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload...

CVE-2021-27130

Online Reviewer System 1.0 is affected by a SQL injection vulnerability that stems from an authentication bypass, enabling an attacker to bypass login and potentially upload a reverse shell. The flaw is documented across multiple sources (Red Hat, CNVD/CNNVD, CVE records) as a SQL injection throu...

Online Reviewer System SQL注入漏洞

Online Reviewer System is a software application. An online reviewer system. Online Reviewer System version 1.0 suffers from a SQL injection vulnerability that stems from an authentication bypass SQL injection vulnerability that could result in a reverse shell upload. No detailed vulnerability...

MariaDB 10.2 /MySQL - (wsrep_provider) OS Command Execution Vulnerability

Exploit Title: MariaDB 10.2 /MySQL - 'wsrepprovider' OS Command Execution Exploit Author: Central InfoSec Version: MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL...