Exploit for CVE-2023-47400

CVE-2023-47400 Proof of Concept for the CVE-2023-47400 Aut...

Axis Communications M1033-W IP Camera Remote Code Execution (CVE-2018-9157)

An issue was discovered on AXIS M1033-W IP camera Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server modinclude...

Axis Communications P1354 IP Camera Remote Code Execution (CVE-2018-9156)

An issue was discovered on AXIS P1354 IP camera Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server modinclude modul...

Exploit for Files or Directories Accessible to External Parties in Apache Struts

CVE-2023-50164 Apache Struts path traversal to RCE vulnerabil...

D3m0n1z3dShell - Demonized Shell Is An Advanced Tool For Persistence In Linux

Demonized Shell is an Advanced Tool for persistence in linux. Install git clone https://github.com/MatheuZSecurity/D3m0n1z3dShell.git cd D3m0n1z3dShell chmod +x demonizedshell.sh sudo ./demonizedshell.sh One-Liner Install Download D3m0n1z3dShell with all files: curl -L...

Craft CMS unauthenticated Remote Code Execution (RCE)

This module exploits Remote Code Execution vulnerability CVE-2023-41892 in Craft CMS which is a popular content management system. Craft CMS versions between 4.0.0-RC1 - 4.4.14 are affected by this vulnerability allowing attackers to execute arbitrary code remotely, potentially compromising the...

Craft CMS 4.4.14 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Craft CMS unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits Remote Code Execution vulnerability CVE-2023-41892 ...

CVE-2022-41678

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

DEBIAN-CVE-2022-41678

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

CVE-2022-41678

CVE-2022-41678 : In Apache ActiveMQ, after authentication, an attacker can trigger remote code execution via Jolokia/JMX vectors (e.g., /api/jolokia) leading to arbitrary code with webshell write via Log4j/JFR paths. The root cause is an unsafe deserialization path that can be reached through Jol...

CVE-2022-41678 Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE

Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...

Exploit for Code Injection in Vmware Spring_Framework

Spring4Shell Vulnerability - CVE-2022-22965 :closedbook:...

OS Command Injection

intelliants/subrion is vulnerable to OS Command Injection. The vulnerability is due to a lack of sanitization in the hooks system module. An attacker is able to exploit this vulnerability by sending a specially crafted webshell to a vulnerable Subrion installation. The request would contain a...

CVE-2023-4591

A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion LFI via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the...

CVE-2023-4591

A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion LFI via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the...

Remote file inclusion

A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion LFI via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the...

CVE-2023-4591 Inclusion of Functionality from Untrusted Control Sphere in WPN-XM Serverstack

A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion LFI via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the...

CVE-2023-4591 Inclusion of Functionality from Untrusted Control Sphere in WPN-XM Serverstack

A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion LFI via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the...

CVE-2023-4591

CVE-2023-4591 affects WPN-XM Serverstack 0.8.6. A local file inclusion flaw in the /tools/webinterface/index.php?page parameter allows an unauthenticated user to load server PHP files, potentially enabling a webshell. The issue is rooted in LFI handling and is described across multiple sources as...

PT-2023-29763 · Unknown · Wpn-Xm Serverstack

Name of the Vulnerable Software and Affected Versions: WPN-XM Serverstack version 0.8.6 Description: A local file inclusion issue has been found, allowing an unauthenticated user to perform a local file inclusion via the "/tools/webinterface/index.php?page" parameter by sending a GET request. Thi...