PT-2022-25940 · Tibco Software · Tibco Jasperreports Server For Microsoft Azure +4

Name of the Vulnerable Software and Affected Versions: TIBCO JasperReports Server versions 8.0.2 and below TIBCO JasperReports Server version 8.1.0 TIBCO JasperReports Server - Community Edition versions 8.1.0 and below TIBCO JasperReports Server - Developer Edition versions 8.1.0 and below TIBCO...

Judging Management System 1.0 Shell Upload Exploit

Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Date: 12/11/2022 Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.ht...

Log4j: One Year Later

One year ago, the Log4j remote code execution vulnerability known as Log4Shell CVE-2021-44228 was announced. The critical severity level vulnerability in a logging framework used across virtually all Java environments quickly set the internet on fire when it was released and exploited. It’s...

Exploit for Incorrect Authorization in Hashicorp Consul

CVE-2021-41805 Hashicorp Consul RCE via API Has...

Exploit for Incorrect Authorization in Hashicorp Consul

CVE-2021-41805 Hashicorp Consul RCE via API Has...

Exploit for CVE-2022-25765

CVE-2022-25765-pdfkit-Exploit-Reverse-Shell pdfkit 0.8.6 c...

Malicious Package

Overview msfpath is a malicious package. It launches a reverse shell that connects back to a malicious host. Remediation Avoid using all malicious instances of the msfpath package. Credit: Raul Onitza-Klugman from Snyk Research Team...

SSCMS-PluginShell

安装VisualStudio 2. 导入该项目 3. 修改Startup.cs文件中的IPAddress.Parse值 c using Microsoft.Extensions.DependencyInjection; using SSCMS.Advertisement.Abstractions; using SSCMS.Advertisement.Core; using SSCMS.Plugins; using System.Diagnostics; using System; using System.Text; using System.Net.Sockets; using...

Open Web Analytics 1.7.3 - Remote Code Execution

Exploit Title: Open Web Analytics 1.7.3 - Remote Code Execution RCE Date: 2022-08-30 Exploit Author: Jacob Ebben Vendor Homepage: https://www.openwebanalytics.com/ Software Link: https://github.com/Open-Web-Analytics Version: 1.7.4 Tested on: Linux CVE : CVE-2022-24637 import argparse import...

Open Web Analytics 1.7.3 - Remote Code Execution Exploit

Exploit Title: Open Web Analytics 1.7.3 - Remote Code Execution RCE Exploit Author: Jacob Ebben Vendor Homepage: https://www.openwebanalytics.com/ Software Link: https://github.com/Open-Web-Analytics Version: 1.7.4 Tested on: Linux CVE : CVE-2022-24637 import argparse import requests import base6...

Exploit for Improper Access Control in Webmin

WebminRCE-exploit CVE-2022-0824, CVE-2022-0829 - File Manger p...

Exploit for Code Injection in Vmware Spring_Framework

Target machine bash docker run -itd -p 80:8080 vulfocus/spr...

Webmin 1.984 File Manager Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin File Manager RCE', 'Description' = %q In Webmin version 1.984, any authenticated low privilege user without access rights to the File...

Exploit for OS Command Injection in Newspaperclub Pdf_Info

CVE-2022-36231 The ruby gem pdfinfohttps://rubygems.org/g...

Apache Commons Text vulnerability CVE-2022-42889

Updated Oct. 19, 2022 CVE-2022-42889 was recently added to the NVD catalog, with a critical score of 9.8. This vulnerability allows remote code execution RCE in Apache Commons Text. It affects version numbers 1.5-1.9, and an upgrade to Apache Commons Text 1.10.0 disables the problem by default...

Exploit for Improper Access Control in Webmin

golang-webmin-CVE-2022-0824-revshell RCE in Webmin target ur...

GodGenesis - A Python3 Based C2 Server To Make Life Of Red Teamer A Bit Easier. The Payload Is Capable To Bypass All The Known Antiviruses And Endpoints

God Genesis is a C2 server purely coded in Python3 created to help Red Teamers and Penetration Testers. Currently It only supports TCP reverse shell but wait a min, its a FUD and can give u admin shell from any targeted WINDOWS Machine. The List Of Commands It Supports :-...

CVE-2022-42457

Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches runupdate in /usr/bin/gxserve-update.sh e.g., command execution can occur via a reverse shell installed by install.sh...

PSAsyncShell - PowerShell Asynchronous TCP Reverse Shell

PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell. Unlike other reverse shells, all the communication and execution flow is done asynchronously, allowing to bypass some firewalls and some countermeasures against this kind of remote connections. Additionally, this tool...

Multiple Authenticated Remote Code Execution Vulnerabilities in Admin Panel

Description An attacker with administrative privileges in the openEMR application can execute arbitrary code on the server remote code execution RCE. This was tested in openEMR version 7.0.0 1 but also affects previous versions of openEMR. Proof of Concept First of all, start a netcat listener on...