CVE-2019-11680

CVE-2019-11680 affects KonaKart 8.9.0.0. The vulnerability allows remote code execution by uploading a web shell as a product category image, indicating the attacker can run arbitrary code on the server. Multiple connected sources (NVD, Red Hat advisory, CNVD, PRION, CVE lists) corroborate that K...

FIN7 Linked to Escalating Active Exploits for Microsoft SharePoint Bug

A recently patched, high-severity vulnerability in Microsoft SharePoint CVE-2019-0604 that allows remote code-execution is being increasingly exploited in the wild, according to researchers – possibly by the FIN7 group, among others. According to the Microsoft’s advisory, the vulnerability which...

Joomla Jmail Breaker PHP Web Shell Backdoor

An attacker might upload a web shell backdoor to a Joomla Jmail service. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

Joomla Jmail Breaker Arbitrary File Upload

An attacker might use a web shell backdoor to upload arbitrary files using Joomla Jmail service. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

JSP Web Shell Generic Backdoor

An attacker might upload a web shell backdoor to a JSP server. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

U.S. Dept Of Defense: RCE on https://█████/ Using CVE-2017-9248

Summary: https://█████████/ is hosting an unpatched version of the Telerik DialogHandler Telerik.Web.UI.DialogHandler.aspx allowing for the machine key to be brute forced. The machine key can be used to access the DNN file manager to upload arbitrary files including ASPX giving a web shell and RC...

W3Brute - Automatic Web Application Brute Force Attack Tool

w3brute is an open source penetration testing tool that automates attacks directly to the website's login page. w3brute is also supported for carrying out brute force attacks on all websites. Features 1. Scanner: w3brute has a scanner feature that serves to support the bruteforce attack process...

ZIP Shotgun - Utility Script To Test Zip File Upload Functionality (And Possible Extraction Of Zip Files) For Vulnerabilities

Utility script to test zip file upload functionality and possible extraction of zip files for vulnerabilities. Idea for this script comes from this post on Silent Signal Techblog - Compressed File Upload And Command Execution and from OWASP - Test Upload of Malicious Files This script will create...

Exploit for Improper Authentication in Comodo Unified_Threat_Management_Firewall

CVE-2018-17431-PoC Proof of consept for CVE-2018-17431 E...

ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload) Vulnerability

Exploit for php platform in category web applications Exploit Title: ClipperCMS 1.3.3 File Upload CSRF Vulnerability Exploit Author: Ameer Pornillos Website: http://ethicalhackers.club Vendor Homepage: http://www.clippercms.com/ Software Link:...

ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)

ClipperCMS 1.3.3 - Cross-Site Request Forgery File Upload Exploit Title: ClipperCMS 1.3.3 File Upload CSRF Vulnerability Date: 2018-11-11 Exploit Author: Ameer Pornillos Website: http://ethicalhackers.club Vendor Homepage: http://www.clippercms.com/ Software Link:...

Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)

Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Watchguard AP Backdoor Shell', 'Description' = 'Watchguard AP's have a...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape Vulnerability

Exploit for hardware platform in category local exploits Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 buil...

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak

Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...

The Trickster Hackers – Backdoor Obfuscation and Evasion Techniques

A backdoor is a method for bypassing the normal authentication or encryption of a system. Sometimes developers construct backdoors to their own programs for various reasons. For example, to provide easy maintenance, developers introduce a backdoor that enables them to restore the manufacturer’s...

Node.js third-party modules: Unrestricted file upload (RCE)

I would like to report an unrestricted file upload in express-cart. It allows a user with administrative privileges to upload a file to any path. Module module name: express-cart version: 1.1.5 npm page: https://www.npmjs.com/package/express-cart Module Description expressCart is a fully function...

File Upload Vulnerability in DedeCMS v5.7 SP2

Dream Content Management System DedeCMS is a PHP open source website management system. A file upload vulnerability exists in the uploads/include/uploadsafe.inc.php file in DedeCMS V5.7 SP2, which can be exploited by an attacker to upload script files and obtain a webshell...

Drupal 7.58 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution

Drupal 7.58 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution !/usr/bin/env ruby CVE-2018-7600 Drupal &1' ; " bashcmd = "echo " + Base64.strictencode64bashcmd + " | base64 -d" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Function httprequest type data def...

TestLink Open Source Test Management Code Execution

Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in my.cnf i.e chang...

TestLink Open Source Test Management < 1.9.16 - Remote Code Execution Exploit

Exploit for linux platform in category remote exploits Title: TestLink Open Source Test Management comment out skip-networking as well as bind-add...