280 matches found
modoboa 2.0.4 - Admin TakeOver
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...
Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting
Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarfajax.php. id: CVE-2011-4336 info: name: Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting author: pikpikcu severity: medium description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site...
Mongo-Express - Remote Code Execution
Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...
Hitachi Pentaho Business Analytics Server - Remote Code Execution
Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby...
Rejetto HTTP File Server - Template injection
This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. id: CVE-2024-23692 info: name: Rejetto HTTP File Server - Template injection author: johnk3r severity: critical description: | This...
sshprank 1.7.0
sshprank is a fast SSH mass-scanner, login cracker, and banner grabber tool using the python-masscan and shodan modules...
pentestfr
Pentest Framework — Kali Linux / VirtualBox Framework Python...
Exploit for OS Command Injection in Php
PHP CGI Argument Injection CVE-2024-4577 RCE 📜 Descripti...
Exploit for Path Traversal in Solarwinds Serv-U
CVE-2024-28995-SolarWinds-Serv-U SolarWinds Serv-U File Serv...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware
CVE-2024-24919-POC Read about it - https://nvd.nist.gov/v...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware
CVE-2024-24919 An Vulnerability detection and Exploitation too...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware
Intro Simple POC Python script that check & leverage Check Poi...
Exploit for CVE-2024-29895
CVE-2024-29895 - RCE ON CACTI !WARNING This is an edu...
Exploit for CVE-2024-29895
PoC exploit for CVE-2024-29895 is not present in the provided co...
Exploit for Improper Input Validation in Paloaltonetworks Pan-Os
CVE-2024-3400 CVE-2024-3400 Palo Alto File Write Exploit...
Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access
Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices. The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in Novemb...
Dorkish - Chrome Extension Tool For OSINT & Recon
During reconaissance phase or when doing OSINT , we often use google dorking and shodan and thus the idea of Dorkish. Dorkish is a Chrome extension tool that facilitates custom dork creation for Google and Shodan using the builder and it offers prebuilt dorks for efficient reconnaissance and OSIN...
SolarView Compact 6.00 Command Injection
Exploit Title: SolarView Compact 6.00 - Command Injection - Shodan Dork: http.html:"solarview compact" - Exploit Author: ByteHunter - Email: [email protected] - Version: 6.00 - Tested on: 6.00 - CVE : CVE-2023-23333 import argparse import requests def vulncheckipaddress, port: url =...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity
Cyberspace Mapping Dork Fofa app="JETBRAINS-TeamCity...
Exploit for PHP External Variable Modification in Juniper Junos
CVE-2023-36845 Description CVE-2023-36845 represen...