Defending Exchange servers under attack

Securing Exchange servers is one of the most important things defenders can do to limit organizational exposure to attacks. Any threat or vulnerability impacting Exchange servers should be treated with the highest priority because these servers contain critical business data, as well as highly...

Artica Pandora FMS Code Issue Vulnerability (CNVD-2020-32917)

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A code issue vulnerability exists in the File Repository Manager feature in Artica Pandora FMS version 7.44. The...

Artica Pandora FMS Code Issue Vulnerability (CNVD-2020-32914)

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A code issue vulnerability exists in the File Manager feature in Artica Pandora FMS version 7.44. An attacker can exploit...

NSA, ASD Release Guidance for Mitigating Web Shell Malware

The U.S. National Security Agency NSA and the Australian Signals Directorate ASD have jointly released a Cybersecurity Information Sheet CSI on mitigating web shell malware. Malicious cyber actors are increasingly deploying web shell malware on victim web servers to execute arbitrary system...

CVE-2020-10557

An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions. Recen...

U.S. Dept Of Defense: Unrestricted File Upload to ███████SubmitRequest/Index.cfm?fwa=wizardform

Summary: An attacker is able to upload files of any type to ███SubmitRequest/Index.cfm?fwa=wizardform as long as they are less than 5 MB. Description: The █████ ████ Request System allows a user to submit requests to the ██████████ ███ for event support. An attacker can exploit this request form ...

qdPM < 9.1 - Remote Code Execution Exploit

Exploit for multiple platform in category web applications !/usr/bin/python ------------------------------------------------------------------------------------- Title: qdPM Webshell Upload + RCE Exploit qdPMv9.1 and below CVE-2020-7246 Author: Tobin Shields @TobinShields Description: This is an...

qdPM Remote Code Execution

!/usr/bin/python ------------------------------------------------------------------------------------- Title: qdPM Webshell Upload + RCE Exploit qdPMv9.1 and below CVE-2020-7246 Author: Tobin Shields @TobinShields Description: This is an exploit to automatically upload a PHP web shell to the qdPM...

qdPM 9.1 - Remote Code Execution

qdPM 9.1 - Remote Code Execution !/usr/bin/python ------------------------------------------------------------------------------------- Title: qdPM Webshell Upload + RCE Exploit qdPMv9.1 and below CVE-2020-7246 Author: Tobin Shields @TobinShields Description: This is an exploit to automatically...

SOPlanning 1.45 - &#039;users&#039; SQL Injection

Exploit Title: SOPlanning 1.45 - 'users' SQL Injection Date: 2020-02-14 Exploit Author: J3rryBl4nks, Homebrewer Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/files/soplanning/ Version 1.45 Tested on Windows 10/Kali Rolling The SOPlannin...

SOPlanning 1.45 - users SQL Injection

SOPlanning 1.45 - users SQL Injection Exploit Title: SOPlanning 1.45 - 'users' SQL Injection Date: 2020-02-14 Exploit Author: J3rryBl4nks, Homebrewer Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/files/soplanning/ Version 1.45 Tested on...

SOPlanning 1.45 - (users) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SOPlanning 1.45 - 'users' SQL Injection Exploit Author: J3rryBl4nks, Homebrewer Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/files/soplanning/ Version 1.45 Tested on...

SOPlanning 1.45 SQL Injection

Exploit Title: SOPlanning 1.45 - 'users' SQL Injection Date: 2020-02-14 Exploit Author: J3rryBl4nks, Homebrewer Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/files/soplanning/ Version 1.45 Tested on Windows 10/Kali Rolling The SOPlannin...

Ghost in the shell: Investigating web shell attacks

Recently, an organization in the public sector discovered that one of their internet-facing servers was misconfigured and allowed attackers to upload a web shell, which let the adversaries gain a foothold for further compromise. The organization enlisted the services of Microsoft’s Detection and...

CVE-2020-7246

A remote code execution RCE vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users‘photoppreview’ delete photo feature, allowing bypass of .htaccess protection...

Job Portal 1.0 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Job Portal 1.0 - Remote Code Execution Exploit Author: Tib3rius Vendor Homepage: https://phpgurukul.com/job-portal-project/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7855 Version: 1.0 Tested on: Ubun...

Online Book Store 1.0 Remote Code Execution

Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2020-01-07 Exploit Author: Tib3rius Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/ Software Link:...

Online Book Store 1.0 - Unauthenticated Remote Code Execution

Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2020-01-07 Exploit Author: Tib3rius Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/ Software Link:...

Online Book Store 1.0 - Unauthenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution Exploit Author: Tib3rius Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/ Software Link:...

Online Book Store 1.0 - Unauthenticated Remote Code Execution

Online Book Store 1.0 - Unauthenticated Remote Code Execution Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2020-01-07 Exploit Author: Tib3rius Vendor Homepage:...