exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 1,825 RSS Feed

Bypass Files

Financials By Coda Authorization Bypass
Posted Mar 15, 2024
Authored by Leo Draghi

Financials by Coda versions prior to 2023Q4 suffer from an incorrect access control authorization bypass vulnerability. The Change Password feature can be abused in order to modify the password of any user of the application.

tags | exploit, bypass
advisories | CVE-2024-28735
SHA-256 | b902e8c8533e18988a3d9cf1a301f95fdca312dbda532a060668f36b710b0b68
JetBrains TeamCity Unauthenticated Remote Code Execution
Posted Mar 14, 2024
Authored by sfewer-r7 | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability in JetBrains TeamCity. An unauthenticated attacker can leverage this to access the REST API and create a new administrator access token. This token can be used to upload a plugin which contains a Metasploit payload, allowing the attacker to achieve unauthenticated remote code execution on the target TeamCity server. On older versions of TeamCity, access tokens do not exist so the exploit will instead create a new administrator account before uploading a plugin. Older versions of TeamCity have a debug endpoint (/app/rest/debug/process) that allows for arbitrary commands to be executed, however recent version of TeamCity no longer ship this endpoint, hence why a plugin is leveraged for code execution instead, as this is supported on all versions tested.

tags | exploit, remote, arbitrary, code execution, bypass
advisories | CVE-2024-27198
SHA-256 | 68370990799fd1605fae05ac9ac3f36fd6659508fbfeef67d22e3cf720e8fa87
Apple Security Advisory 03-05-2024-2
Posted Mar 14, 2024
Authored by Apple | Site apple.com

Apple Security Advisory 03-05-2024-2 - iOS 16.7.6 and iPadOS 16.7.6 addresses a bypass vulnerability.

tags | advisory, bypass
systems | apple, ios
advisories | CVE-2024-23225
SHA-256 | 086c73f43097088a476746994b15510d9e0632f3a5bfbec897e3075dab494336
VMware Cloud Director 10.5 Authentication Bypass
Posted Mar 13, 2024
Authored by Abdualhadi Khalifa

VMware Cloud Director version 10.5 suffers from an authentication bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2023-34060
SHA-256 | aa2016d4a29081d33539e9bdd7cc84da6d05dd8194b6a641aca62c33d9daf9e5
GliNet 4.x Authentication Bypass
Posted Mar 7, 2024
Authored by Daniele Linguaglossa

GliNet with firmware version 4.x suffers from an authentication bypass vulnerability. Other firmware versions may also be affected.

tags | exploit, bypass
advisories | CVE-2023-46453
SHA-256 | 9e410e03b3bd4618426fd89f2dff470200407bdec2f93eaee59126f9738230f6
Artica Proxy 4.40 / 4.50 Local File Inclusion / Traversal
Posted Mar 6, 2024
Authored by Jaggar Henry | Site korelogic.com

Artica Proxy versions 4.40 and 4.50 suffer from a local file inclusion protection bypass vulnerability that allows for path traversal.

tags | exploit, local, bypass, file inclusion
advisories | CVE-2024-2053
SHA-256 | ee5d3d2cce629647f1cc48769c74910aca7883ad99b79b7b1c766a0e28a65ddf
F5 BIG-IP Authorization Bypass / User Creation
Posted Mar 6, 2024
Authored by W01fh4cker | Site github.com

F5 BIG-IP remote user addition exploit that leverages the authorization bypass vulnerability as called out in CVE-2023-46747.

tags | exploit, remote, bypass
advisories | CVE-2023-46747
SHA-256 | 8e2ae8616e3f49ce4b6b8d7d60b60b5b38f7d2f1025eb35aadd47b408f83606c
Multilaser RE160 Cookie Manipulation Access Bypass
Posted Mar 4, 2024
Authored by Vinicius Moraes | Site tempest.com.br

Multilaser RE160 versions 5.07.51_pt_MTL01 and 5.07.52_pt_MTL01 suffer from an access control bypass vulnerability through cookie manipulation.

tags | exploit, bypass
advisories | CVE-2023-38946
SHA-256 | ba0ed12285ef51b34ae0d6988481e8d4fc6959295d9775d1e956a211d68153e0
Multilaser RE160V / RE160 URL Manipulation Access Bypass
Posted Mar 4, 2024
Authored by Vinicius Moraes | Site tempest.com.br

Multilaser RE160V web management interface versions 12.03.01.08_pt and 12.03.01.09_pt along with RE160 versions 5.07.51_pt_MTL01 and 5.07.52_pt_MTL01 suffer from an access control bypass vulnerability through URL manipulation.

tags | exploit, web, bypass
advisories | CVE-2023-38945
SHA-256 | e1156731f7c82aa391ee5895789afc5a989d3554ac5a410747604791d0f5fdcc
Multilaser RE160V Header Manipulation Access Bypass
Posted Mar 4, 2024
Authored by Vinicius Moraes | Site tempest.com.br

Multilaser RE160V web management interface versions 12.03.01.09_pt and 12.03.01.10_pt suffer from an access control bypass vulnerability through header manipulation.

tags | exploit, web, bypass
advisories | CVE-2023-38944
SHA-256 | c6cf3a65cbce62dca49ea866ac9a7ace5aa59a5dad1fb6abba12d3e96e453625
ConnectWise ScreenConnect 23.9.7 Unauthenticated Remote Code Execution
Posted Feb 24, 2024
Authored by sfewer-r7, WatchTowr | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability that allows an unauthenticated attacker to create a new administrator user account on a vulnerable ConnectWise ScreenConnect server. The attacker can leverage this to achieve remote code execution by uploading a malicious extension module. All versions of ScreenConnect version 23.9.7 and below are affected.

tags | exploit, remote, code execution, bypass
advisories | CVE-2024-1708, CVE-2024-1709
SHA-256 | 5465f1cab9f564966ac69e4c23f983ee109116e8a263d414680ea78f05ecbd2a
Red Hat Security Advisory 2024-0934-03
Posted Feb 22, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0934-03 - An update is now available for Red Hat Virtualization 4 Tools for Red Hat Enterprise Linux 8, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, and Red Hat Virtualization Engine 4.4. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2024-0822
SHA-256 | 82f813d2c5260af55329640b24210beacb0a418fd53acfeabcd781b5a646c380
Red Hat Security Advisory 2024-0903-03
Posted Feb 20, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0903-03 - Red Hat AMQ Broker 7.10.6 is now available from the Red Hat Customer Portal. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-44981
SHA-256 | dd420bf69e5d471a1c9a71d726fa2114d18977f15d4ce47c39c7fe25d9c68ff7
SureMDM On-Premise CAPTCHA Bypass / User Enumeration
Posted Feb 19, 2024
Authored by Jonas Benjamin Friedli

SureMDM On-Premise versions prior to 6.31 suffer from CAPTCHA bypass and user enumeration vulnerabilities.

tags | exploit, vulnerability, bypass
advisories | CVE-2023-3897
SHA-256 | ee08755ff2c77c77422dc3e6137cfea65ccefc051f98543715278a5b354c366c
Red Hat Security Advisory 2024-0705-03
Posted Feb 7, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0705-03 - Red Hat AMQ Broker 7.11.6 is now available from the Red Hat Customer Portal. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-44981
SHA-256 | acaa8a723e422ed10eac444e7266d380b6b727322d2b82114b0ed40d9f5c6a24
Red Hat Security Advisory 2024-0468-03
Posted Jan 26, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0468-03 - An update for grub2 is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-4001
SHA-256 | d7688836975def7a7a904a8dff1818935b2df13cd5fb4f7e3796a60864ca37d5
Red Hat Security Advisory 2024-0456-03
Posted Jan 26, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0456-03 - An update for grub2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-4001
SHA-256 | 8df03a50153d348b7a9523920f9931588088a0776e29e514ee69cf925bb4f6d7
Red Hat Security Advisory 2024-0437-03
Posted Jan 26, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0437-03 - An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-4001
SHA-256 | 2c7d4f88bc3ae2f7327d664bf227c12bc82d26a9316c79c18d8c8b96577d5e01
Red Hat Security Advisory 2024-0407-03
Posted Jan 26, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-0407-03 - An update for git is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2022-24765
SHA-256 | 23b4891abed874759d963fa79966779673c8b9041935c19ad2b78eca7ec99bf4
Ivanti Connect Secure Unauthenticated Remote Code Execution
Posted Jan 22, 2024
Authored by sfewer-r7 | Site metasploit.com

This Metasploit module chains an authentication bypass vulnerability and a command injection vulnerability to exploit vulnerable instances of either Ivanti Connect Secure or Ivanti Policy Secure, to achieve unauthenticated remote code execution. All currently supported versions 9.x and 22.x prior to the vendor mitigation are vulnerable. It is unknown if unsupported versions 8.x and below are also vulnerable.

tags | exploit, remote, code execution, bypass
advisories | CVE-2023-46805, CVE-2024-21887
SHA-256 | 235751e74f9357d3f5aa7ff467bad9f4d651f9abdd57e2b7b20c332ee6e579fa
WordPress POST SMTP Mailer 2.8.7 Authorization Bypass / Cross Site Scripting
Posted Jan 11, 2024
Authored by Ulyses Saicha, Sean Murphy | Site wordfence.com

WordPress POST SMTP Mailer plugin versions 2.8.7 and below suffer from authorization bypass and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, bypass
advisories | CVE-2023-6875, CVE-2023-7027
SHA-256 | 1bdd84a69d04f6ca05b840e49215c74a3095a9b4cd20f08c7cd6c500f98bc02f
Red Hat Security Advisory 2023-7876-03
Posted Dec 20, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7876-03 - An update for opensc is now available for Red Hat Enterprise Linux 8. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-40660
SHA-256 | e166f025c98c78bc231527d657dc8d681065b9f4b2220116fa85d72d3953db7f
WordPress UserPro 5.1.x Password Reset / Authentication Bypass / Escalation
Posted Nov 22, 2023
Authored by Istvan Marton | Site wordfence.com

WordPress UserPro plugin versions 5.1.1 and below suffer from an insecure password reset mechanism, information disclosure, and authentication bypass vulnerabilities. Versions 5.1.4 and below suffer from privilege escalation and shortcode execution vulnerabilities.

tags | exploit, vulnerability, code execution, bypass, info disclosure
advisories | CVE-2023-2437, CVE-2023-2446, CVE-2023-2448, CVE-2023-2449, CVE-2023-6009
SHA-256 | bfb7306b803b1acac19078db2972f3aa4724b44e3c44892d41946574771b0eda
Red Hat Security Advisory 2023-7279-01
Posted Nov 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7279-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 7. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-34058
SHA-256 | da34b392f21ddc5c3a2fbcb5980323d33087e5049057a3875f73b5b39ae4c94e
Red Hat Security Advisory 2023-7277-01
Posted Nov 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-7277-01 - An update for open-vm-tools is now available for Red Hat Enterprise Linux 9. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2023-34058
SHA-256 | b0595cfceeea9f89f3ffb587e306325885a9e84a54f9b4cf23bbc1eee654a984
Page 1 of 73
Back12345Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close