1797 matches found
Online Marriage Registration System 1.0 Remote Code Execution
Exploit Title: Online Marriage Registration System OMRS 1.0 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-14-12 Exploit Author: Andrea Bruschi - www.andreabruschi.net Vendor Homepage: https://phpgurukul.com/ Software Link:...
GitLab 11.4.7 - Remote Code Execution (Authenticated) (1)
Exploit Title: Gitlab 11.4.7 - Remote Code Execution Date: 14-12-2020 Exploit Author: Fortunato Lodari fox at thebrain dot net, foxlox Vendor Homepage: https://about.gitlab.com/ POC: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/ Tested On: Debian 10 +...
Karkinos - Penetration Testing And Hacking CTF's Swiss Army Knife With: Reverse Shell Handling - Encoding/Decoding - Encryption/Decryption - Cracking Hashes / Hashing
Karkinos is a light-weight 'Swiss Army Knife' for penetration testing and/or hacking CTF's. Currently, Karkinos offers the following: Encoding/Decoding characters Encrypting/Decrypting text or files Reverse shell handling Cracking and generating hashes Dependancies Any server capable of hosting...
Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path Vulnerability
Exploit Title: Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path Discovery by: Jok3r Vendor Homepage: https://home.pearsonvue.com/ Software Link: https://vss.pearsonvue.com/VSSFiles/Documents/ENUTCInstallGuide/DownloadVTSInstaller.htm Tested Version: 2.3.1911...
10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)
Exploit Title: 10-Strike Network Inventory Explorer 8.65 - Buffer Overflow SEH Date: 2020-09-02 Exploit Author: Sectechs Vendor Homepage: https://www.10-strike.com Version: 8.65 Tested on: Windows 7 x86 SP1 import os import sys import struct import socket crash ="A" 209 jmp short 8...
CMSUno 1.6.2 Remote Code Execution
Exploit Title: CMSUno 1.6.2 - 'user' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.09.30 Exploit Author: Fatih Çelik Vendor Homepage: https://github.com/boiteasite/cmsuno/ Software Link: https://github.com/boiteasite/cmsuno/ Blog:...
paradoxiaRAT - Native Windows Remote Access Tool
Paradoxia Remote Access Tool. Features Paradoxia Console Feature | Description ---|--- Easy to use | Paradoxia is extremely easy to use, So far the easiest rat! Root Shell | - Automatic Client build | Build Paradoxia Client easily with or without the icon of your choice. Multithreaded |...
Snakes and Ladder Logic
A click to a reverse shell in OpenPLC and ladder logic OR Why you shouldn’t run everything as root in PLC and RTUs. TL;DR Most of the RTU’s and PLC’s that run a Unix based OS that we test and, and some devices on Windows that we’ve tested on maritime engagements, run as root and/or admin. They al...
git-lfs Remote Code Execution Exploit
Proof of concept git-lfs remote code execution exploit written in Go. Affects Git, GitHub CLI, GitHub Desktop, Visual Studio, GitKraken, SmartGit, SourceTree, and more. / Go PoC exploit for git-lfs - Remote Code Execution RCE vulnerability CVE-2020-27955 git-lfs-RCE-exploit-CVE-2020-27955.go...
Sentrifugo Version 3.2 - 'announcements' Remote Code Execution (Authenticated)
Exploit Title: Sentrifugo Version 3.2 - 'announcements' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.10.06 Exploit Author: Fatih Çelik Vendor Homepage: https://sourceforge.net/projects/sentrifugo/ Software Link: https://sourceforge.net/projects/sentrifugo/ Blog:...
Sentrifugo 3.2 Remote Code Execution
Exploit Title: Sentrifugo 3.2 - 'assets' Remote Code Execution Authenticated Google Dork: N/A Date: 2020.10.06 Exploit Author: Fatih Çelik Vendor Homepage: https://sourceforge.net/projects/sentrifugo/ Software Link: https://sourceforge.net/projects/sentrifugo/ Blog:...
git-lfs Remote Code Execution
/ Go PoC exploit for git-lfs - Remote Code Execution RCE vulnerability CVE-2020-27955 git-lfs-RCE-exploit-CVE-2020-27955.go Discovered by Dawid Golunski https://legalhackers.com https://exploitbox.io Affected RCE exploit: Git / GitHub CLI / GitHub Desktop / Visual Studio / GitKraken / SmartGit /...
Complaints Report Management System 1.0 SQL Injection / Remote Code Execution
Exploit Title: Complaints Report Management System 1.0 - 'username' SQL Injection / Remote Code Execution Date: 3-11-2020 Exploit Author: mosaaed Vendor Homepage: https://www.sourcecodester.com/php/14566/complaints-report-management-system-using-phpmysqli-source-code.html Software Link:...
Simple College Website 1.0 Code Execution / SQL Injection
Exploit Title: Simple College Website 1.0 - SQL Injection / Remote Code Execution Date: 30-10-2020 Exploit Author: yunaranyancat Vendor Homepage: https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html Software Link:...
Simple College Website 1.0 - 'username' SQL Injection / Remote Code Execution
Exploit Title: Simple College Website 1.0 - SQL Injection / Remote Code Execution Date: 30-10-2020 Exploit Author: yunaranyancat Vendor Homepage: https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html Software Link:...
CS-Cart 1.3.3 - authenticated RCE
Exploit Title: CS-Cart authenticated RCE Date: 2020-09-22 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html Tested at: ver. 1.3.3 Vulnerability Type: authenticated RCE get PHP shells from http://pentestmonkey.net/tools/web-shells/php-reverse-shell edit ...
aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)
Exploit Title: aaPanel 6.6.6 - Authenticated Privilege Escalation Google Dork: Date: 04.05.2020 Exploit Author: Ünsal Furkan Harani Zemarkhos Vendor Homepage: https://www.aapanel.com/ Software Link: https://github.com/aaPanel/aaPanel Version: 6.6.6 REQUIRED Tested on: Linux ubuntu 4.4.0-131-gener...
Exploit for OS Command Injection in Webmin
CVE-2019–15107 - Unauthenticated RCE Webmin =1.920 This...
Exploit for Code Injection in Nette Application
CVE-2020-15227 ============== DISCLAIMER! I take no responsibil...
Exploit for Code Injection in Nette Application
CVE-2020-15227 ============== DISCLAIMER! I take no responsibil...