2174 matches found
CVE-2019-11680
KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image...
Remote code execution
KonaKart 8.9.0.0 is vulnerable to Remote Code Execution by uploading a web shell as a product category image...
CVE-2019-11680
CVE-2019-11680 affects KonaKart 8.9.0.0. The vulnerability allows remote code execution by uploading a web shell as a product category image, indicating the attacker can run arbitrary code on the server. Multiple connected sources (NVD, Red Hat advisory, CNVD, PRION, CVE lists) corroborate that K...
FIN7 Linked to Escalating Active Exploits for Microsoft SharePoint Bug
A recently patched, high-severity vulnerability in Microsoft SharePoint CVE-2019-0604 that allows remote code-execution is being increasingly exploited in the wild, according to researchers – possibly by the FIN7 group, among others. According to the Microsoft’s advisory, the vulnerability which...
Joomla Jmail Breaker Arbitrary File Upload
An attacker might use a web shell backdoor to upload arbitrary files using Joomla Jmail service. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...
Joomla Jmail Breaker PHP Web Shell Backdoor
An attacker might upload a web shell backdoor to a Joomla Jmail service. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...
JSP Web Shell Generic Backdoor
An attacker might upload a web shell backdoor to a JSP server. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...
U.S. Dept Of Defense: RCE on https://█████/ Using CVE-2017-9248
Summary: https://█████████/ is hosting an unpatched version of the Telerik DialogHandler Telerik.Web.UI.DialogHandler.aspx allowing for the machine key to be brute forced. The machine key can be used to access the DNN file manager to upload arbitrary files including ASPX giving a web shell and RC...
W3Brute - Automatic Web Application Brute Force Attack Tool
w3brute is an open source penetration testing tool that automates attacks directly to the website's login page. w3brute is also supported for carrying out brute force attacks on all websites. Features 1. Scanner: w3brute has a scanner feature that serves to support the bruteforce attack process...
ZIP Shotgun - Utility Script To Test Zip File Upload Functionality (And Possible Extraction Of Zip Files) For Vulnerabilities
Utility script to test zip file upload functionality and possible extraction of zip files for vulnerabilities. Idea for this script comes from this post on Silent Signal Techblog - Compressed File Upload And Command Execution and from OWASP - Test Upload of Malicious Files This script will create...
Exploit for Improper Authentication in Comodo Unified_Threat_Management_Firewall
CVE-2018-17431-PoC Proof of consept for CVE-2018-17431 E...
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload) Vulnerability
Exploit for php platform in category web applications Exploit Title: ClipperCMS 1.3.3 File Upload CSRF Vulnerability Exploit Author: Ameer Pornillos Website: http://ethicalhackers.club Vendor Homepage: http://www.clippercms.com/ Software Link:...
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)
ClipperCMS 1.3.3 - Cross-Site Request Forgery File Upload Exploit Title: ClipperCMS 1.3.3 File Upload CSRF Vulnerability Date: 2018-11-11 Exploit Author: Ameer Pornillos Website: http://ethicalhackers.club Vendor Homepage: http://www.clippercms.com/ Software Link:...
Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution (Metasploit)
Watchguard AP100 AP102 AP200 1.2.9.15 - Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Watchguard AP Backdoor Shell', 'Description' = 'Watchguard AP's have a...
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape Vulnerability
Exploit for hardware platform in category local exploits Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 buil...
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak
Summary The new IPn4Gb provides a rugged, industrial strength wireless solution using the new and ultra fast 4G LTE cellular network infrastructure. The IPn4Gb features integrated Firewall, IPSec / VPN & GRE Tunneling, IP/MAC Access Control Lists. The IPn4Gb can transport critical data to and fro...
The Trickster Hackers – Backdoor Obfuscation and Evasion Techniques
A backdoor is a method for bypassing the normal authentication or encryption of a system. Sometimes developers construct backdoors to their own programs for various reasons. For example, to provide easy maintenance, developers introduce a backdoor that enables them to restore the manufacturer’s...
Node.js third-party modules: Unrestricted file upload (RCE)
I would like to report an unrestricted file upload in express-cart. It allows a user with administrative privileges to upload a file to any path. Module module name: express-cart version: 1.1.5 npm page: https://www.npmjs.com/package/express-cart Module Description expressCart is a fully function...
File Upload Vulnerability in DedeCMS v5.7 SP2
Dream Content Management System DedeCMS is a PHP open source website management system. A file upload vulnerability exists in the uploads/include/uploadsafe.inc.php file in DedeCMS V5.7 SP2, which can be exploited by an attacker to upload script files and obtain a webshell...
Drupal 7.58 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution
Drupal 7.58 8.3.9 8.4.6 8.5.1 - Drupalgeddon2 Remote Code Execution !/usr/bin/env ruby CVE-2018-7600 Drupal &1' ; " bashcmd = "echo " + Base64.strictencode64bashcmd + " | base64 -d" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Function httprequest type data def...