exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 52,705 RSS Feed

Exploit Files

Sharepoint Dynamic Proxy Generator Remote Command Execution
Posted Mar 27, 2024
Authored by Jang, jheysel-r7 | Site metasploit.com

This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers to impersonate the Sharepoint Admin user. This vulnerability stems from the signature validation check used to verify JSON Web Tokens (JWTs) used for OAuth authentication. If the signing algorithm of the user-provided JWT is set to none, SharePoint skips the signature validation step due to a logic flaw in the ReadTokenCore() method. After impersonating the administrator user, the attacker has access to the Sharepoint API and is able to exploit CVE-2023-24955. This authenticated remote command execution vulnerability leverages the impersonated privileged account to replace the /BusinessDataMetadataCatalog/BDCMetadata.bdcm file in the webroot directory with a payload. The payload is then compiled and executed by Sharepoint allowing attackers to remotely execute commands via the API.

tags | exploit, remote, web, vulnerability
advisories | CVE-2023-24955, CVE-2023-29357
SHA-256 | 3b1724367c87a328eb0a2106c305037f2a413ec6310fe39613f91e443e4e1a9c
WordPress Bricks Builder Theme 1.9.6 Remote Code Execution
Posted Mar 27, 2024
Authored by Valentin Lobstein, Calvin Alkan | Site metasploit.com

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit the eval() function usage within the theme. Successful exploitation allows for full control of the affected WordPress site. It is recommended to upgrade to version 1.9.6.1 or higher.

tags | exploit, remote, arbitrary, php, code execution
advisories | CVE-2024-25600
SHA-256 | 5a32fb78bdb52593a7f339d7321ec50570d8dc8998da3f4da0c0eaf663f73ac5
Artica Proxy Unauthenticated PHP Deserialization
Posted Mar 27, 2024
Authored by h00die-gr3y, Jaggar Henry | Site metasploit.com

A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user.

tags | exploit, remote, web, arbitrary, php, code execution
advisories | CVE-2024-2054
SHA-256 | 769d2d7e8f18e8bd0ce142472f159825e87239bfc4426229f241a00de99425a0
Bludit 3.13.0 Cross Site Scripting
Posted Mar 26, 2024
Authored by Gokhan Sensukur

Bludit version 3.13.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e30c7734bfb11521c11bd57e218e971d8a00d093a2268443b78f2c2f295a3316
Insurance Management System PHP And MySQL 1.0 Cross Site Scripting
Posted Mar 26, 2024
Authored by Hakki Toklu

Insurance Management System PHP and MySQL version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
SHA-256 | 57a616cd0cf4b87402d807007a9cc4baf3849c77c283470d324acd935adbc001
Craft CMS 4.4.14 Remote Code Execution
Posted Mar 26, 2024
Authored by Olivier Lasne

Craft CMS version 4.4.14 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2023-41892
SHA-256 | 6dada91b5125e5cbc3f8d9cb9d59a5f937052241fe1e5481dab19199fced220c
LimeSurvey Community 5.3.32 Cross Site Scripting
Posted Mar 26, 2024
Authored by Subhankar Singh

LimeSurvey Community version 5.3.32 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2024-24506
SHA-256 | a0fc1c6d55d96c794b571df26d967b5cf55a3845f9c967220231741cb99ae87c
Orange Station 1.0 Shell Upload
Posted Mar 26, 2024
Authored by nu11secur1ty

Orange Station version 1.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 5a9f8a0ab40cab9d931909357ed512b4a4e0910b05218556dc4ed1977fa5b4d8
Nagios XI 2024R1.01 SQL Injection
Posted Mar 26, 2024
Authored by Jarod Jaslow

Nagios XI versions 2024R1.01 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2024-24401
SHA-256 | 68cad0f6ebae36d741e3c09fbbc2013acb66e4c861404dd3fb579aa2eaef4245
MobileShop Master 1.0 SQL Injection
Posted Mar 26, 2024
Authored by Hazim Arbas

MobileShop Master version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 5382f069d5f87ca82e7aaa55d06e27880b17bfe303bf5c846c032003643ba5ec
LBT-T300-mini1 Buffer Overflow
Posted Mar 26, 2024
Authored by Amirhossein Bahramizadeh

LBT-T300-mini1 suffers from a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
SHA-256 | 0d5605d4bf931abe29807024d5f54120a110b26a29b7d0372e0c12e6e2b5b118
Win32.STOP.Ransomware (Smokeloader) MVID-2024-0676 Remote Code Execution
Posted Mar 22, 2024
Authored by malvuln | Site malvuln.com

Win32.STOP.Ransomware (smokeloader) malware suffers from both local and remote code execution vulnerabilities. The remote code execution can be achieved by leveraging a man-in-the-middle attack.

tags | exploit, remote, local, vulnerability, code execution
systems | windows
SHA-256 | 9740a4e0b25da98023aa4b00d3dc186e1ae19f18ff322ffbd1efa8acd634f49a
Task Management System 1.0 SQL Injection
Posted Mar 22, 2024
Authored by Gnanaraj Mauviel

Task Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
advisories | CVE-2024-29301, CVE-2024-29302, CVE-2024-29303
SHA-256 | 19d5f8c5ea06895a1df525a3f2aa900e859bf45ece3512286a979c45e7883470
OpenNMS Horizon 31.0.7 Remote Command Execution
Posted Mar 21, 2024
Authored by Erik Wynter | Site metasploit.com

This Metasploit module exploits built-in functionality in OpenNMS Horizon in order to execute arbitrary commands as the opennms user. For versions 32.0.2 and higher, this module requires valid credentials for a user with ROLE_FILESYSTEM_EDITOR privileges and either ROLE_ADMIN or ROLE_REST. For versions 32.0.1 and lower, credentials are required for a user with ROLE_FILESYSTEM_EDITOR, ROLE_REST, and/or ROLE_ADMIN privileges. In that case, the module will automatically escalate privileges via CVE-2023-40315 or CVE-2023-0872 if necessary. This module has been successfully tested against OpenNMS version 31.0.7.

tags | exploit, arbitrary
advisories | CVE-2023-0872, CVE-2023-40315
SHA-256 | 3f4bb30dfda25dcbdb6102b0fdb461fcf55bdef37e5fb47cb7df1b150d2438a1
Xbox GamingService Arbitrary Folder Move
Posted Mar 21, 2024
Authored by Filip Dragovic

Proof of concept exploit for an arbitrary folder move issue in the GamingService component of Xbox.

tags | exploit, arbitrary, proof of concept
advisories | CVE-2024-2891
SHA-256 | 960b90e5dd57b045b10aa005fae3c30c8da6ba69285fea3ec4273f6b126c64fc
Lektor Static CMS 3.3.10 Arbitrary File Upload / Remote Code Execution
Posted Mar 20, 2024
Authored by kai6u

Lektor Static CMS version 3.3.10 suffers from an arbitrary file upload vulnerability that can be leveraged to achieve remote code execution.

tags | exploit, remote, arbitrary, code execution, file upload
SHA-256 | 12e46eeac4843dfaaf4f61083381648a44692cd6a4aade7ab73a5901f82f2336
Employee Management System 1.0 SQL Injection
Posted Mar 20, 2024
Authored by Shubham Pandey

Employee Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of this finding is attributed to Ozlem Balci in January of 2024.

tags | exploit, remote, sql injection
advisories | CVE-2024-28595
SHA-256 | 29cd0f77cb023005e072aa804706b800801834d76af7a7c5e48d06e82ffa8bc4
Blood Bank 1.0 SQL Injection
Posted Mar 20, 2024
Authored by Ersin Erenler

Blood Bank version 1.0 suffers from suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Nitin Sharma in October of 2021.

tags | exploit, remote, sql injection
advisories | CVE-2023-46022
SHA-256 | d95668292b4799b2459459dabbaf67baf0ecfb0c50e8731e1aa0858d71bc0d09
Simple Task List 1.0 SQL Injection
Posted Mar 20, 2024
Authored by Ersin Erenler

Simple Task List version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2023-46023
SHA-256 | 3d7d08d11026b2dd3229567d42244f4b661bad830d96053161fec984a11d837d
Teacher Subject Allocation Management System 1.0 SQL Injection
Posted Mar 20, 2024
Authored by Ersin Erenler

Teacher Subject Allocation Management System version 1.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2023-46024
SHA-256 | 70201b7921db68f4cd1eabfe9d49fef650e64263d687be24d951e0f1d2287e83
Hitachi NAS SMU 14.8.7825 Information Disclosure
Posted Mar 20, 2024
Authored by Arslan Masood

Hitachi NAS (HNAS) System Management Unit (SMU) version 14.8.7825 suffers from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2023-6538
SHA-256 | 8d25a278138bff753e2597ee9170c5ebd18db0735e2a7f5680239d1ccf4eabf5
Tramyardg Autoexpress 1.3.0 Cross Site Scripting
Posted Mar 19, 2024
Authored by Scott White

Tramyardg Autoexpress version 1.3.0 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2023-48903
SHA-256 | e5d38e6f27165a96b83eb9ff1357086d82ad45bbc6a91a8b4f1d9aa5f2e996a5
Tramyardg Autoexpress 1.3.0 Authentication Bypass
Posted Mar 19, 2024
Authored by Scott White

Tramyardg Autoexpress version 1.3.0 allows for authentication bypass via unauthenticated API access to admin functionality. This could allow a remote anonymous attacker to delete or update vehicles as well as upload images for vehicles.

tags | exploit, remote, bypass
advisories | CVE-2023-48902
SHA-256 | a6b19ec46406ffd95a91f57125dc469d0979113c3d6a82b162a1b682d2ed2eca
Tramyardg Autoexpress 1.3.0 SQL Injection
Posted Mar 19, 2024
Authored by Scott White

Tramyardg Autoexpress version 1.3.0 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2023-48901
SHA-256 | b6a01bb6956141a3ae4c607cc789894c67a647629befb99a934046f4a4a462f1
SurveyJS Survey Creator 1.9.132 Cross Site Scripting
Posted Mar 19, 2024
Authored by Jettapol Pumwattanakul

SurveyJS Survey Creator versions 1.9.132 and below suffer from both reflective and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2024-28635
SHA-256 | 2c4b91b7d1d00b6f2ac89af364e77b2b0d2b76306c60a890dee33e814441c2dc
Page 1 of 2,109
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close