2126 matches found
CVE-2024-2599 Unrestricted Upload of File with Dangerous Type vulnerability in AMSS++
File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure...
CVE-2024-2599
CVE-2024-2599 concerns AMSS++ 4.31 with a file upload restriction evasion vulnerability. Affected component: AMSS++ web upload handling; root cause described as bypassing upload restrictions, enabling an authenticated user to potentially obtain remote code execution via a webshell, compromising t...
PT-2024-21265 · Amss++ · Amss++
Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue is related to a file upload restriction evasion vulnerability. This could allow an authenticated user to potentially obtain remote code execution RCE through a webshell, compromising the entire...
CVE-2024-1527
Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell...
CVE-2024-1527
Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity
Cyberspace Mapping Dork Fofa app="JETBRAINS-TeamCity...
Artica Proxy Unauthenticated PHP Deserialization Vulnerability
Vulnerability Details Affected Vendor: Artica Affected Product: Artica Proxy Affected Version: 4.50 Platform: Debian 10 LTS CWE Classification: CWE-502 Deserialization of Untrusted Data CVE ID: CVE-2024-2054 2. Vulnerability Description The Artica Proxy administrative web application will...
Exploit for Injection in Atlassian Confluence_Data_Center
Executing Arbitrary Code In Confluence Memory CVE-2023-22527...
Exploit for CVE-2023-47400
CVE-2023-47400 Proof of Concept for the CVE-2023-47400 Aut...
Axis Communications P1354 IP Camera Remote Code Execution (CVE-2018-9156)
An issue was discovered on AXIS P1354 IP camera Firmware version 5.90.1.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server modinclude modul...
Axis Communications M1033-W IP Camera Remote Code Execution (CVE-2018-9157)
An issue was discovered on AXIS M1033-W IP camera Firmware version 5.40.5.1 devices. The upload web page doesn't verify the file type, and an attacker can upload a webshell by making a fileUpload.shtml request for a custom .shtml file, which is interpreted by the Apache HTTP Server modinclude...
Exploit for Files or Directories Accessible to External Parties in Apache Struts
CVE-2023-50164 Apache Struts path traversal to RCE vulnerabil...
D3m0n1z3dShell - Demonized Shell Is An Advanced Tool For Persistence In Linux
Demonized Shell is an Advanced Tool for persistence in linux. Install git clone https://github.com/MatheuZSecurity/D3m0n1z3dShell.git cd D3m0n1z3dShell chmod +x demonizedshell.sh sudo ./demonizedshell.sh One-Liner Install Download D3m0n1z3dShell with all files: curl -L...
Craft CMS unauthenticated Remote Code Execution (RCE)
This module exploits Remote Code Execution vulnerability CVE-2023-41892 in Craft CMS which is a popular content management system. Craft CMS versions between 4.0.0-RC1 - 4.4.14 are affected by this vulnerability allowing attackers to execute arbitrary code remotely, potentially compromising the...
Craft CMS 4.4.14 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Craft CMS unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits Remote Code Execution vulnerability CVE-2023-41892 ...
CVE-2022-41678
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...
DEBIAN-CVE-2022-41678
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...
CVE-2022-41678
CVE-2022-41678 : In Apache ActiveMQ, after authentication, an attacker can trigger remote code execution via Jolokia/JMX vectors (e.g., /api/jolokia) leading to arbitrary code with webshell write via Log4j/JFR paths. The root cause is an unsafe deserialization path that can be reached through Jol...
CVE-2022-41678 Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandlerhandlePostRequest is able to create JmxRequest...
Exploit for Code Injection in Vmware Spring_Framework
Spring4Shell Vulnerability - CVE-2022-22965 :closedbook:...