This is a whitepaper tutorial that describes steps taken to identify post-authentication remote command execution vulnerabilities in NagiosXI version 5.6.11.
c13f3213213baa28e248e4dc73e332bc336b5d187686a95ad2ef8b57a7b36938
This is a whitepaper tutorial that walks through creating a proof of concept exploit for a pre-authentication remote command execution vulnerability in Symantec Web Gateway version 5.0.2.8.
9876efa02a9403b13e3814ee5a4409950bf50bd73e0e3c6f43ee673c60841a3e
This is a whitepaper tutorial that walks through creating a proof of concept exploit for a remote command execution vulnerability in NagiosXI version 5.6.
8cd9a562fc422fbab693c7375a6d77afbff17c5e7e25cd997d8290beae82bbe2
This whitepaper documents a walk through that describes the steps taken to identify a remote code execution vulnerability in multiOTP version 5.0.4.4.
4732ae6117764a5cac9dd84f3d79ef6065f0a8c5a22085a25d924acb3a87756e
Zen Load Balancer version 3.10.1 suffers from a remote code execution vulnerability.
29c20561040a95db93c50db27ac160b719fa168e3166212b7e43c1092858f647
This whitepaper is a quick tutorial on pentesting the Zen load balancer.
8ebf09c3635ca8278455d6f94536ff8b1c047cc31e15ee939200ecc06d560253
VA MAX version 8.3.4 suffers from a post-authentication remote code execution vulnerability.
83895e02490abd5dff21baf3e6cb7ef84abf36fa23f4bc7a4401f14daf917e92
Zoho ManageEngine Applications Manager version 13 suffers from multiple post-authentication remote SQL injection vulnerabilities.
e79e67b62c5a3db8d9973fd1eb18a3c66ece70790cdf160b8cd6d21bd4354906
This Metasploit module exploits a command injection vulnerability in the Trend Micro IMSVA product. An authenticated user can execute a terminal command under the context of the web server user which is root. Besides, default installation of IMSVA comes with a default administrator credentials. WizardSetting_sys.imss endpoint takes several user inputs and performs LAN settings. After that it use them as argument of predefined operating system command without proper sanitation. It's possible to inject arbitrary commands into it. InterScan Messaging Security prior to 9.1.-1600 affected by this issue.
50f31837beea28b6c9830ae6763884d12cce54426a4afac257f09c46574b30b4
This proof of concept code shows how manager functionality can be abused in ModX CMS to upload a shell.
716aad67ffbd1e03ee636500fb005acbd2d5d6ac6569cc879ee02aa5114964b1
RealPlayer version 18.1.7.344 suffers from memory corruption vulnerabilities.
34735884e57bf041f2ef2d6a51aff4eac035924e94a271abafaa53b0e7f52ed3
This proof of concept code shows how administrator functionality can be abused in Joomla to upload a shell.
87a728b87ac587ae5b8e6ee3b500ceb0624fe986b8ed1bfd032bd116ff3c79a3
This proof of concept code shows how administrative functionality can be abused in DokuWiki to upload a shell.
898865a317bcc77f576b4558759df3d84a4cbe466095de9d767b2e148a4909db
This proof of concept code shows how functionality can be abused in Concrete5 to upload a shell.
d3561f919f95a84828625cf5bd9e0f2bdfc5da586f3e00580cf1cd43a8d35f83
Irfan View version 4.42 suffers from multiple crash vulnerabilities.
d8b34f2ac98cb14fe582e633c1a7fd986c688540153b7c02ef5cf5d86bfdb7fa
Microsoft Outlook 2010 WriteAV proof of concept crash exploit.
f6751c5e9616b27ce38fd40c1a3c8f84b8face9869f05783abe3be237cbaaa9e
Microsoft Internet Explorer 8 user mode write AV proof of concept code.
add8845ff9694555ffb68dbb14ce822122e3cf8e5c41c12d6dd8149806a65b9e
Publisher in Microsoft Office 2010 suffers from three denial of service vulnerabilities that can result in a crash.
92d4806502ddbfb861c44b73ab19354dd02252559e04a185f6e8ea97c63c7f33
Microsoft Internet Explorer divide by zero proof of concept denial of service exploit.
0e70e4c082f946f359c63b9b6a4e594dc50965980351a81ff1b82297a5f7c2e7