1797 matches found
exacqVision ESM 5.12.2 Privilege Escalation
Exploit Title: exacqVision ESM 5.12.2 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Date: 2019-02-13 Vulnerable Software: http://cdnpublic.exacq.com/5.12/exacqVisionEnterpriseSystemManager5.12.2.150128x86.exe Vendor Homepage: https://www.exacq.com Version: 5.12.2.150128 Tested Window...
Jinja2 2.10 - from_string Server Side Template Injection
Jinja2 2.10 - fromstring Server Side Template Injection ''' Exploit Title: Jinja2 Command injection fromstring function Date: date Exploit Author: JameelNabbo Website: Ordina.nl Vendor Homepage: http://jinja.pocoo.org Software Link: https://pypi.org/project/Jinja2/files Version: 2.10 Tested on:...
exacqVision ESM 5.12.2 - Privilege Escalation
exacqVision ESM 5.12.2 - Privilege Escalation Exploit Title: exacqVision ESM 5.12.2 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Date: 2019-02-13 Vulnerable Software: http://cdnpublic.exacq.com/5.12/exacqVisionEnterpriseSystemManager5.12.2.150128x86.exe Vendor Homepage:...
exacqVision ESM 5.12.2 - Privilege Escalation
Exploit Title: exacqVision ESM 5.12.2 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Date: 2019-02-13 Vulnerable Software: http://cdnpublic.exacq.com/5.12/exacqVisionEnterpriseSystemManager5.12.2.150128x86.exe Vendor Homepage: https://www.exacq.com Version: 5.12.2.150128 Tested Window...
BEEMKA: Basic Electron Post-Exploitation Framework
PenTestIT RSS Feed There are a lot of applications today that use Electron Framework, as it helps you build cross platform desktop apps with JavaScript, HTML, and CSS. Examples are applications such as Skype, Station, etc. A new post-exploitation framework - BEEMKA can now help you in maintaining...
Splunk Enterprise 7.2.3 - Authenticated Custom App Remote Code Execution Exploit
Exploit for windows platform in category web applications !/usr/bin/python Exploit Title: Splunk Enterprise 7.2.3 Custom App RCE persistent backdoor Exploit Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link: https://www.splunk.com/enus/download/splunk-enterprise.html...
Splunk Enterprise 7.2.3 Command Execution
!/usr/bin/python Exploit Title: Splunk Enterprise 7.2.3 Custom App RCE persistent backdoor Date: January 23, 2019 Exploit Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link: https://www.splunk.com/enus/download/splunk-enterprise.html Version: 7.2.3 Tested on: kali...
Nagios XI 5.5.6 - Remote Code Execution / Privilege Escalation Exploit
Exploit for linux platform in category web applications Exploit Title: Nagios XI 5.5.6 Remote Code Execution and Privilege Escalation Exploit Author: Chris Lyne @lynerc Vendor Homepage: https://www.nagios.com/ Product: Nagios XI Software Link:...
Hack Allows Escape of Play-with-Docker Containers
Researchers hacked the Docker test platform called Play-with-Docker, allowing them to access data and manipulate any test Docker containers running on the host system. The proof-of-concept hack does not impact production Docker instances, according to CyberArk researchers that developed the...
Reverse-Shell
Establish a reverse shell and get persistance on your target using this script,copy this script to your target and leave it run it on the background after a successfull exploitation. Multi-sessions are supported. Shell Script created using Exploit Pack http://www.exploitpack.com -...
Apache Superset 0.23 Remote Code Execution
Exploit Title: Apache Superset 0.23 - Remote Code Execution Date: 2018-05-17 Exploit Author: David May [email protected] Vendor Homepage: https://superset.apache.org/ Software Link: https://github.com/apache/incubator-superset Version: Any before 0.23 Tested on: Ubuntu 18.04 CVE-ID:...
Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)
/ reverse shell tcp 1907 port shellcode C language - Linux/x8664 Author : Kağan Çapar contact: email protected shellcode len : 119 bytes compilation: gcc -fno-stack-protector -z execstack reverse-shell.c -o reverse-shell Test: run your machine: nc -vlp 1907 and run exploit ./reverse-shell check...
Apache Superset 0.23 - Remote Code Execution Exploit
Exploit for linux platform in category web applications Exploit Title: Apache Superset 0.23 - Remote Code Execution Exploit Author: David May email protected Vendor Homepage: https://superset.apache.org/ Software Link: https://github.com/apache/incubator-superset Version: Any before 0.23 Tested o...
Apache Superset < 0.23 - Remote Code Execution
Exploit Title: Apache Superset ' sys.exit else: Script arguments supersetIP = sys.argv1 supersetPort = sys.argv2 Verify these URLs match your environment loginURL = 'http://' + supersetIP + ':' + supersetPort + '/login/' uploadURL = 'http://' + supersetIP + ':' + supersetPort +...
Mcreator - Encoded Reverse Shell Generator With Techniques To Bypass AV's
Encoded Reverse Shell Generator With Techniques To Bypass AV's Installation git clone https://github.com/blacknbunny/mcreator.git && cd mcreator/ && python mcreator.py Version python 2.7. can't be lower or higher than 2.7 cause of the """ syntax in scripts. Runnig mcreator console python...
Shellver - Reverse Shell Cheat Sheet Tool
Reverse Shell Cheat Sheet Tool Install Note Clone the repository: git clone https://github.com/0xR0/shellver.git Then go inside: cd shellver/ Then install it: python setup.py -i run shellver -h or "shellver bash or perl python php ruby netcat xterm shell all".format or Example shellver python...
GitLab: CRLF injection & SSRF in git:// protocal lead to arbitrary code execution
Summary: The implementation of git:// protocal in GitLab is vulnerable to CRLF injection and Server-Side Request Forgery. If the redis server is configured to listen on TCP socket eg. port 6379, an attacker can abuse SSRF to manipulate redis server, injecting malicious payload into systemhookpush...
Java deserialization vulnerability: in a restricted environment from vulnerability discovery to get a reverse Shell-vulnerability warning-the black bar safety net
Java deserialization vulnerability can be said that the Java security a piece of heart disease, in recent years more in the security sector“in the limelight”in. Actually say to the Java deserialization issues, as early as the beginning of 2015 in AppSecCali conference, two security researchers,...
Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.loadbalancer.org/ Version: . Such JavaScript is stored in "Apache User Log". This way attacker can...
Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution
Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Exploit Title: Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Date: 2018-07-24 Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.loadbalancer.org/ Version: . Such JavaScript is stored in "Apache User...