Multiple Authenticated Remote Code Execution Vulnerabilities in Admin Panel

Description An attacker with administrative privileges in the openEMR application can execute arbitrary code on the server remote code execution RCE. This was tested in openEMR version 7.0.0 1 but also affects previous versions of openEMR. Proof of Concept First of all, start a netcat listener on...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-...

Exploit for Argument Injection in Atlassian Bitbucket

CVE-2022-36804-PoC Multithreaded exploit script for CVE-2022-3...

Microsoft Teams' GIFShell Attack: What Is It and How You Can Protect Yourself from It

Organizations and security teams work to protect themselves from any vulnerability, and often don't realize that risk is also brought on by configurations in their SaaS apps that have not been hardened. The newly published GIFShell attack method, which occurs through Microsoft Teams, is a perfect...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 🐛 Path traversal and file disclosure vulnera...

CVE-2022-36667

Garage Management System 1.0 is vulnerable to the Remote Code Execution RCE due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE...

CVE-2022-36667

Garage Management System 1.0 is vulnerable to the Remote Code Execution RCE due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE...

Design/Logic Flaw

Garage Management System 1.0 is vulnerable to the Remote Code Execution RCE due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE...

Garage Management System 代码问题漏洞

SourceCodester Garage Management System Cms-Website is a garage management system by mayurik personal developer. It helps you to manage all your vehicles, cars and motorcycles. A security vulnerability exists in Garage Management System version 1.0, which stems from a lack of file upload filterin...

Reverse Shell Commands Over HTTP Payload (CVE-2022-29078)

A reverse shell command Injection over HTTP vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine...

Exploit for Argument Injection in Atlassian Bitbucket

CVE-2022-36804 PoC This repo contains a simple proof of concep...

Exploit for Missing Authorization in Redis

CVE-2022-0543 Fully featured exploit for Redis RCE through Lua...

Exploit for Path Traversal in Synacor Zimbra_Collaboration_Suite

Zimbra Unauthenticated Remote Code Execution Exploit CVE-2022-2...

Hoaxshell - An Unconventional Windows Reverse Shell, Currently Undetected By Microsoft Defender And Various Other AV Solutions, Solely Based On Http(S) Traffic

hoaxshell is an unconventional Windows reverse shell, currently undetected by Microsoft Defender and possibly other AV solutions as it is solely based on https traffic. The tool is easy to use, it generates it's own PowerShell payload and it supports encryption ssl. So far, it has been tested on...

AirSpot 5410 0.3.4.1-4 Remote Command Injection Exploit

-- coding: utf-8 -- Exploit Title: AirSpot unauthenticated remote command injection Date: 7/26/2022 Exploit Author: Samy Younsi NSLABS https://samy.link Vendor Homepage: https://www.airspan.com/ Software Link: https://wdi.rfwel.com/cdn/techdocs/AirSpot5410.pdf Version: 0.3.4.1-4 and under. Tested...

Analyzing Attack Data and Trends Targeting Log4J

The Log4j vulnerability, initially reported in November 2021, has affected millions of devices and applications around the world. It has the potential to allow a malicious actor to take full control of vulnerable devices. As a result of how Log4j controls the logging of strings and code, the...

Exploit for CVE-2022-30190

Five Nights at Follina's A Fullstack Academy Cybersecurity pro...

NanoCMS v0.4 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: NanoCMS v0.4 - Remote Code Execution RCE Authenticated Date: 2022-07-26 Exploit Auuthor: p1ckzi Vendor Homepage: https://github.com/kalyan02/NanoCMS Version: NanoCMS v0.4 Tested on: Linux Mint 20.3 CVE: N/A Description: this script uploads a php reverse shell to the target. NanoCMS...

Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Webmin 1.996 - Remote Code Execution RCE Authenticated Date: 2022-07-25 Exploit Author: Emir Polat Technical analysis: https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165 Vendor Homepage: https://www.webmin.com/ Software Link: https://www.webmin.com/download.html...

NanoCMS v0.4 - Remote Code Execution (Authenticated) Exploit

Exploit Title: NanoCMS v0.4 - Remote Code Execution RCE Authenticated Exploit Auuthor: p1ckzi Vendor Homepage: https://github.com/kalyan02/NanoCMS Version: NanoCMS v0.4 Tested on: Linux Mint 20.3 CVE: N/A Description: this script uploads a php reverse shell to the target. NanoCMS does not sanitis...