Exploit for CVE-2021-33766

POC Exploit CVE-2021-33766 ProxyToken POC Exploit for CVE-...

Exploit for Code Injection in Playsms

CVE-playsms There is a vulnerability in playsms 1.4.3 that a...

OS Command Injection in OpenTSDB

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

WordPress Social Warfare 3.5.2 Remote Code Execution

Author = Raed Ahsan Creation Date = 24/07/2021 Vulnerability : SocialWarfare 3.5.2 plugin wordpress Remote Code Execution Linkedin = https://linkedin.com/in/raed-ahsan/ import socket import requests import subprocess import time import pyautogui print"Start your python SimpleHTTPServer on port 12...

CVE-2012-2666

golang/go in 1.0.2 fixes all.bash on shared machines. dotest in src/pkg/debug/gosym/pclntabtest.go creates a temporary file with predicable name and executes it as shell script...

Design/Logic Flaw

golang/go in 1.0.2 fixes all.bash on shared machines. dotest in src/pkg/debug/gosym/pclntabtest.go creates a temporary file with predicable name and executes it as shell script...

CVE-2012-2666

CVE-2012-2666 concerns the Go project. According to connected sources, the root cause is that dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with a predictable name and then executes it as a shell script. The practical implication is potential arbitrary code execution if...

Google Golang 安全漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

Selenium 3.141.59 Remote Code Execution

Exploit Title: Selenium 3.141.59 - Remote Code Execution Firefox/geckodriver Date: 2021-05-27 Exploit Author: Jon Stratton Vendor Homepage: https://www.selenium.dev/ Software Link: https://selenium-release.storage.googleapis.com/3.141/selenium-server-standalone-3.141.59.jar Version: 3.141.59 Test...

Latest Mirai Variant Targets SonicWall, D-Link and IoT Devices

A new variant of the Mirai botnet has been discovered targeting a slew of vulnerabilities in unpatched D-Link, Netgear and SonicWall devices — as well as never-before-seen flaws in unknown internet-of-things IoT gadgets. Since Feb. 16, the new variant has been targeting six known vulnerabilities ...

New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild

Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection...

New Mirai Variant and ZHtrap Botnet Malware Emerge in the Wild

Cybersecurity researchers on Monday disclosed a new wave of ongoing attacks exploiting multiple vulnerabilities to deploy new Mirai variants on internet connected devices. "Upon successful exploitation, the attackers try to download a malicious shell script, which contains further infection...

Directory traversal

Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory...

CVE-2020-24908

CVE-2020-24908 affects Checkmk before 1.6.0p17. A Trojan horse shell script in %PROGRAMDATA%\checkmk\agent\local allows local users to escalate to SYSTEM privileges. Root cause: manipulation of a local agent script executed with high privileges. Impact: local privilege escalation to SYSTEM. Remed...

Findsploit

It is an offensive tool for searching and exploiting. The primary CVE ID is not explicitly mentioned in the provided context. The tool, Findsploit, is a bash script that searches both local and online exploit databases. It includes three sub-scripts: "compilesploit" to automatically compile and r...

CVE-2020-35476

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

CVE-2020-35476

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

Remote code execution

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. tsd/GraphHandler.java attempted to prevent comma...

Joomla SIGE 3.4.1-FREE / 3.5.3-PRO RFI / Cross Site Scripting

Title: SIGE - Simple Image Gallery Extended joomla extension 3.4.1-FREE / 3.5.3-PRO - Multi Vulnerability Remote File Inclusion RFI & Cross Site Scripting XSS date: 2020-11-11 Vendor Homepage: https://kubik-rubik.de/ Software Link: https://kubik-rubik.de/sige-simple-image-gallery-extended Softwar...

Monitorr 1.7.6m - Remote Code Execution (Unauthenticated)

!/usr/bin/python -- coding: UTF-8 -- Exploit Title: Monitorr 1.7.6m - Remote Code Execution Unauthenticated Date: September 12, 2020 Exploit Author: Lyhin's Lab Detailed Bug Description:...