2126 matches found
Responsive FileManager 9.9.5 - Remote Code Execution Exploit
Exploit Title: Responsive FileManager 9.9.5 - Remote Code Execution RCE Exploit Author: Galoget Latorre @galoget Vendor Homepage: https://responsivefilemanager.com Software Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.9.5/responsivefilemanager.zip Dockerfile:...
CVE-2022-47190
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root...
Textpattern 4.8.8 Remote Code Execution
Exploit Title: Textpattern 4.8.8 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://textpattern.com/ Version : 4.8.8 Tested on: windows 11 xammp | Kali linux Category: WebApp Google Dork: intext:"Published with Textpattern...
Judging Management System v1.0 - Remote Code Execution Exploit
Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.html Version: 1.0...
PT-2023-15230 · Generex · Generex Ups Cs141
Name of the Vulnerable Software and Affected Versions: Generex UPS CS141 versions prior to 2.06 Description: The issue allows a remote attacker to upload a firmware file containing a webshell, which could enable the execution of arbitrary code as root. Recommendations: For versions prior to 2.06,...
Judging Management System v1.0 - Remote Code Execution (RCE)
Exploit Title: Judging Management System v1.0 - Remote Code Execution RCE Date: 12/11/2022 Exploit Author: Angelo Pio Amirante Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15910/judging-management-system-using-php-and-mysql-free-source-code.ht...
Textpattern 4.8.8 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Textpattern 4.8.8 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://textpattern.com/ Version : 4.8.8 Tested on: windows 11 xammp | Kali linux Category: WebApp Google Dork: intext:"Published with Textpattern...
Generex UPS CS141 代码问题漏洞
The Generex UPS CS141 is a microcomputer from the German company Generex. A security vulnerability exists in the Generex UPS CS141 prior to version 2.06, which stems from a vulnerability that allows an attacker to upload a firmware file containing a webshell...
CVE-2022-47190 RCE via file upload vulnerability in Generex CS141
Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root...
BoxBilling 4.22.1.5 Remote Code Execution
Exploit Title: BoxBilling POC Video : https://drive.google.com/file/d/1m2glCeJ9QXc8epuY2QfvbWwjLTJ8Hjx/view?usp=sharing...
BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)
Exploit Title: BoxBilling POC Video : https://drive.google.com/file/d/1m2glCeJ9QXc8epuY2QfvbWwjLTJ8Hjx/view?usp=sharing...
BoxBilling <= 4.22.1.5 - Remote Code Execution Vulnerability
Exploit Title: BoxBilling POC Video : https://drive.google.com/file/d/1m2glCeJ9QXc8epuY2QfvbWwjLTJ8Hjx/view?usp=sharing...
Mimicry - Security Tool For Active Deception In Exploitation And Post-Exploitation
Mimicry is a security tool developed by Chaitin Technology for active deception in exploitation and post-exploitation. Active deception can live migrate the attacker to the honeypot without awareness. We can achieve a higher security level at a lower cost with Active deception. English | 中文文档 Dem...
GHSA-VF7Q-G2PV-JXVX Pimcore vulnerable to improper quoting of filters in Custom Reports
Impact Since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method no CSRF protection, an attacker can inject an arbitrary query by manipulating a user to click on a link. The impact of this path traversal and arbitra...
Pimcore vulnerable to improper quoting of filters in Custom Reports
Impact Since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method no CSRF protection, an attacker can inject an arbitrary query by manipulating a user to click on a link. The impact of this path traversal and arbitra...
PT-2023-21721 · Pimcore · Pimcore
Name of the Vulnerable Software and Affected Versions: Pimcore versions prior to 10.5.19 Description: Pimcore is an open source data and experience management platform. Since a user with 'report' permission can already write arbitrary SQL queries and given the fact that an endpoint is using the G...
Rapid7 Observed Exploitation of Adobe ColdFusion
Rapid7’s Threat Intelligence and Detection Engineering team has identified active exploitation of Adobe ColdFusion in multiple customer environments. The observed activity dates back to January 2023 and has not been tied back to a specific CVE at this time. IOCs are included below. Rapid7 has...
Exploit for CVE-2021-3129
Laravel Debug Mode RCE Vulnerability CVE-2021-3129 POC / EXP...
Remote Code Execution Vulnerability Through Unrestrict File Write
Description In the import setting function, in the file Froxlor\lib\Froxlor\SImExporter.php php fileputcontents$imgfilename, $imgdata; if functionexists'finfoopen' $finfo = finfoopenFILEINFOMIMETYPE; $mimetype = finfofile$finfo, $imgfilename; finfoclose$finfo; else $mimetype =...
Exploit for External Control of File Name or Path in Fortinet Fortinac
FortiNAC CVE-2022-39952 PoC for CVE-2022-39952 affecting F...