Request Smuggling

tomcat-coyote is vulnerable request smuggling. Incorrect way of parsing of the HTTP transfer-encoding request header causes request smuggling when it is used with a reverse proxy and if the client declared it would only accept an HTTP/1.0 response...

Radare2 - UNIX-like Reverse Engineering Framework And Command-Line Toolset

r2 is a rewrite from scratch of radare. It provies a set of libraries, tools and plugins to ease reverse engineering tasks. The radare project started as a simple command-line hexadecimal editor focused on forensics, over time more features were added to support a scriptable command-line low leve...

Exploit for OS Command Injection in Gnu Bash

CVE-2014-6271 - Shellshock.py Shellshock exploit aka CVE-2014...

PHP 7.3.15-3 - 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection

Exploit Title: PHP 7.3.15-3 - 'PHPSESSIONUPLOADPROGRESS' Session Data Injection Date: 26/7/2021 Exploit Author: SiLvER | Faisal Alhadlaq Tested on: PHP Version is 7.3.15-3 This poc will abusing PHPSESSIONUPLOADPROGRESS then will trigger race condition to get remote code execution, the script will...

Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution

This module allows an attacker with a privileged Wordpress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Modern Events Calendar .php Module Options msf use exploit/multi/http/wppluginmoderneventscalendarrce msf...

WordPress Modern Events Calendar Remote Code Execution Exploit

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check of the uploaded file extension. Indeed, by...

WordPress Modern Events Calendar Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Modern Events Calendar - Authenticated Remote Code Execution', 'Description' = %q This module allows an attacker with a privileg...

WordPress SP Project And Document Remote Code Execution Exploit

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress SP Project and Document plugin versions prior to 4.22. The security check only searches for lowercase file extensions such as .php,...

Rconn - Rconn Is A Multiplatform Program For Creating Generic Reverse Connections

rconn reverse connection is a multiplatform program for creating reverse connections. It lets you consume services that are behind NAT and/or firewall without adding firewall rules or port-forwarding. This is achieved by creating a connection from the node behind the firewall/NAT to a port on you...

Wordpress Plugin SP Project and Document - Authenticated Remote Code Execution

This module allows an attacker with a privileged Wordpress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin SP Project & Document /.php Module Options msf use exploit/multi/http/wppluginspprojectdocumentrce msf exploitwppluginspprojectdocumentrce...

OESA-2021-1275 tomcat security update

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...

Sage X3 Administration Service Authentication Bypass Command Execution

This module leverages an authentication bypass exploit within Sage X3 AdxSrv's administration protocol to execute arbitrary commands as SYSTEM against a Sage X3 Server running an available AdxAdmin service. Module Options msf use exploit/windows/sage/x3adxsrvauthbypasscmdexec msf...

Wordpress Plugin Backup Guard - Authenticated Remote Code Execution

This module allows an attacker with a privileged Wordpress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard .php Module Options msf use exploit/multi/http/wppluginbackupguardrce msf exploitwppluginbackupguardrce show targets...

WordPress Backup Guard Authenticated Remote Code Execution Exploit

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard versions prior to 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP...

This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection

Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign. "The attackers behind MosaicLoader created a piece of malware that can deliver any payloa...

Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode

Exploit Title: Linux/x86 - Linux/x86 - Egghunter Reverse TCP Shell dynamic IP and port Shellcode Exploit Author: d7x Tested on: Ubuntu x86 / Linux/x86 - Egghunter Reverse TCP Shell Shellcode Generator with dynamic IP and port Shellcode Author: d7x https://d7x.promiselabs.net/...

capa 2.0: Better, Stronger, Faster

We are excited to announce version 2.0 of our open-source tool called capa. capa automatically identifies capabilities in programs using an extensible rule set. The tool supports both malware triage and deep dive reverse engineering. If you haven’t heard of capa before, or need a refresher, check...

VMware vCenter Server Virtual SAN Health Check Remote Code Execution Exploit

This Metasploit module exploits Java unsafe reflection and SSRF in the VMware vCenter Server Virtual SAN Health Check plugin's ProxygenController class to execute code as the vsphere-ui user. See the vendor advisory for affected and patched versions. Tested against VMware vCenter Server 6.7 Updat...

Linux/x86 - Reverse (dynamic IP and port/TCP) Shell (/bin/sh) Shellcode (86 bytes)

Exploit Title: Linux/x86 - Reverse dynamic IP and port/TCP Shell /bin/sh Shellcode 86 bytes Exploit Author: d7x Tested on: Ubuntu x86 / Linux/x86 Reverse TCP Shell with dynamic IP and port binding Shellcode tested on Ubuntu 12.04 LTS Usage: gcc -z execstack -o shellreversetcp shellreversetcp.c $...

SAP Web Dispatcher 和 Internet Communication Manager 环境问题漏洞

SAP Web dispatcher is a core component of SAP Load Balancing, which supports load balancing and provides reverse proxy functionality to enable external users to access internal applications. A security vulnerability exists in SAP Web Dispatcher and Internet Communication Manager that stems from a...