exploit the possibilities
Showing 1 - 25 of 46,635 RSS Feed

Exploit Files

Apache NiFi API Remote Code Execution
Posted Nov 28, 2020
Authored by Graeme Robinson | Site metasploit.com

This Metasploit module uses the NiFi API to create an ExecuteProcess processor that will execute OS commands. The API must be unsecured (or credentials provided) and the ExecuteProcess processor must be available. An ExecuteProcessor processor is created then is configured with the payload and started. The processor is then stopped and deleted.

tags | exploit
MD5 | 7f93306aa6b4030f2a6b69fe4206bed0
Heroic Knowledge Base 3.0.1 Cross Site Scripting
Posted Nov 27, 2020
Authored by begininvoke

Heroic Knowledge Base plugin versions 3.0.1 and below suffer from persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | df94306cb7de8bea529118f895637cc8
Ruckus IoT Controller 1.5.1.0.21 Remote Code Execution
Posted Nov 27, 2020
Authored by Emre Suren

Ruckus IoT Controller (Ruckus vRIoT) versions 1.5.1.0.21 and below suffer from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | a76ca35e7a3f8b47cc3cd57b5a659c7c
Best Support System 3.0.4 Cross Site Scripting
Posted Nov 27, 2020
Authored by Ex.Mi

Best Support System version 3.0.4 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | f74037429da1057feb79401fb4469a96
ZTE Blade Vantage Z839 Emode.APK android.uid.system Privilege Escalation
Posted Nov 27, 2020
Authored by Hacker Fantastic

ZTE Blade Vantage Z839 Emode.APK android.uid.system local privilege escalation exploit.

tags | exploit, local
MD5 | 2ad453e5e030521747ac204455b0066d
WonderCMS 3.1.3 Cross Site Scripting
Posted Nov 27, 2020
Authored by SunCSR

WonderCMS version 3.1.3 suffers from a persistent cross site scripting vulnerability. Original finding for persistent cross site scripting in this version of WonderCMS is attributed to Hemant Patidar.

tags | exploit, xss
MD5 | 0a86a07638c2bc4b20e96c08d1fd7f89
WordPress Accesspress Social Icons Theme 1.7.9 SQL Injection
Posted Nov 27, 2020
Authored by SunCSR

WordPress Accesspress Social Icons theme version 1.7.9 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | d3cb5885976c55c92fedea658fd20a13
WordPress Wibar Theme 1.1.8 Cross Site Scripting
Posted Nov 27, 2020
Authored by Ilca Lucian Florin

WordPress Wibar theme version 1.1.8 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | ea95dd17c0f2997fcd504f248aa1a6e2
WordPress Age Gate 2.13.4 Open Redirect
Posted Nov 27, 2020
Authored by Ilca Lucian Florin

WordPress Age Gate plugin versions 2.13.4 and below suffer fro an open redirection vulnerability.

tags | exploit
MD5 | a3548fa0a198ffdbc0c3ef0a20ea963b
Laravel Administrator 4 File Upload
Posted Nov 27, 2020
Authored by Xavi Beltran, Victor Campos

Laravel Administrator version 4 suffers from an unrestricted file upload vulnerability.

tags | exploit, file upload
advisories | CVE-2020-10963
MD5 | b32ad26683689ce39aae3cd95365fc83
Moodle 3.8 Arbitary File Upload
Posted Nov 27, 2020
Authored by Sirwan Veisi

Moodle version 3.8 suffers from an arbitrary file upload vulnerability.

tags | exploit, arbitrary, file upload
MD5 | 4bf530ba008f828cff2639ab14956f02
SAP Lumira 1.31 Cross Site Scripting
Posted Nov 27, 2020
Authored by Ilca Lucian Florin

SAP Lumira version 1.31 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3b83ad62cec70a0ffa3475532ddc5943
ElkarBackup 1.3.3 Cross Site Scripting
Posted Nov 27, 2020
Authored by Vyshnav NK

ElkarBackup version 1.3.3 suffers from persistent cross site scripting vulnerabilities. This notes a variant attack vector for the original vulnerability discovered in this version in August of 2020 by Enes Ozeser.

tags | exploit, vulnerability, xss
MD5 | f37ab9e621badd927ec90136c1c6cc1a
Fujitsu Eternus Storage DX200 S4 Broken Authentication
Posted Nov 26, 2020
Authored by Seccops

Fujitsu Eternus Storage DX200 S4 fails to set cookies for authentication allowing for replay of URLs to achieve root level privileges.

tags | exploit, root
advisories | CVE-2020-29127
MD5 | 5ae6b1f300710953b64144f45eb1ec87
libupnp 1.6.18 Denial Of Service
Posted Nov 26, 2020
Authored by Patrik Lantz

libupnp version 1.6.18 stack-based buffer overflow denial of service exploit.

tags | exploit, denial of service, overflow
advisories | CVE-2012-5958
MD5 | eec0f79236ada16154ef65b5142e8111
BigBlueButton 2.2.29 E-mail Validation Bypass
Posted Nov 26, 2020
Authored by Ismail Saygili

BigBlueButton versions 2.2.29 and below suffer from an e-mail validation bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2020-29043
MD5 | e5cbcb0cd6ca27bcdf0920717ef88a9c
Razer Chroma SDK Server 3.16.02 Race Condition
Posted Nov 26, 2020
Authored by Loke Hui Yi

Razer Chroma SDK Server version 3.16.02 suffers from a race condition vulnerability that allows for remote file execution.

tags | exploit, remote
advisories | CVE-2020-16602
MD5 | 41512f58b08ee3566977672f08d7738a
Pure-FTPd 1.0.48 Remote Denial Of Service
Posted Nov 26, 2020
Authored by xynmaps

Pure-FTPd version 1.0.48 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 4faedb0ebc45caaf698a7e127f51e1be
Foxit Reader 9.0.1.1049 Arbitrary Code Execution
Posted Nov 26, 2020
Authored by CrossWire

Foxit Reader version 9.0.1.1049 suffers from an arbitrary code execution vulnerability. This is a variant exploit of the original finding from 2018.

tags | exploit, arbitrary, code execution
advisories | CVE-2018-9958
MD5 | b950b07ca3d87158ef656845beeaadbc
BigBlueButton 2.2.29 Brute Force
Posted Nov 25, 2020
Authored by Ismail Saygili

BigBlueButton versions 2.2.29 and below suffer from a meeting access code brute forcing vulnerability.

tags | exploit, cracker
advisories | CVE-2020-29042
MD5 | 847d6dd1af2ce5bc8478dd79f1c6b724
House Rental 1.0 SQL Injection
Posted Nov 25, 2020
Authored by Bobby Cooke, hyd3sec

House Rental version 1.0 remote SQL injection exploit that leverages the keywords variable.

tags | exploit, remote, sql injection
MD5 | c74de0bcdcb478a0ebbca36dac706cc0
OpenMediaVault rpc.php Authenticated PHP Code Injection
Posted Nov 25, 2020
Authored by Anastasios Stasinopoulos | Site metasploit.com

This Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "json_encode_safe()" is not used in config/databasebackend.inc. Successful exploitation grants attackers the ability to execute arbitrary commands on the underlying operating system as root.

tags | exploit, arbitrary, root, php
advisories | CVE-2020-26124
MD5 | 5db0392e6b4ca81a678c8e7564a34918
Kong Gateway Admin API Remote Code Execution
Posted Nov 25, 2020
Authored by Graeme Robinson | Site metasploit.com

This Metasploit module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute(). After execution the route is deleted, which also deletes the plugin.

tags | exploit
MD5 | 864501ece471d75b51c2e231c10cf5c4
WordPress Simple File List Unauthenticated Remote Code Execution
Posted Nov 25, 2020
Authored by h00die, coiffeur | Site metasploit.com

This Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename function does not conform to the file extension restrictions, thus allowing arbitrary PHP code to be uploaded first as a png then renamed to php and executed.

tags | exploit, remote, arbitrary, php
MD5 | 53dc99d870452eb23bdf7882ccb0c3e3
SyncBreeze 10.0.28 Remote Buffer Overflow
Posted Nov 25, 2020
Authored by Abdessalam King

SyncBreeze version 10.0.28 suffers from a remote buffer overflow vulnerability.

tags | exploit, remote, overflow
MD5 | bc1a7022ff9c1b9889c27f49798311ef
Page 1 of 1,866
Back12345Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close