Exploits & CVE's

Authored by Mayank Deshmukh PHP version 8.1.0-dev unauthenticated remote command execution proof of concept exploit that leverages the backdoor. Change Mirror Download #!/usr/bin/env python3# Exploit Title: PHP 8.1.0-dev WebShell RCE (Unauthenticated)# Date:...

Authored by malvuln | Site malvuln.com Backdoor.Win32.WinShell.a malware suffers from a code execution vulnerability. Change Mirror Download Discovery / credits: Malvuln - malvuln.com (c) 2021Original source: https://malvuln.com/advisory/911a97737bd26e2a478f52e74b4fa01d.txtContact: [email protected]: twitter.com/malvulnThreat: Backdoor.Win32.WinShell.aVulnerability: Unauthenticated Remote...

Authored by EgiX | Site karmainsecurity.com IPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPScmsmodulesfrontpages_builder::previewBlock() method allows to pass...

Authored by Jim Becher | Site korelogic.com Hard-coded, system-level credentials exist on the Ruckus IoT Controller OVA image, and are exposed to attackers who mount the filesystem. advisories | CVE-2021-33218 Change Mirror...

Authored by Jim Becher | Site korelogic.com An undocumented, administrative-level, hard-coded web application account exists in the IoT Controller OVA which cannot be changed by the customer. advisories | CVE-2021-33219 Change Mirror...

Authored by Jim Becher | Site korelogic.com A Python script (web.py) for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view...

Authored by Jim Becher | Site korelogic.com The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files...

Authored by Jim Becher | Site korelogic.com An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP). advisories | CVE-2021-33216 Change Mirror...

Authored by Jon Stratton Selenium version 3.141.59 remote code execution exploit. Change Mirror Download # Exploit Title: Selenium 3.141.59 - Remote Code Execution (Firefox/geckodriver)# Date: 2021-05-27# Exploit Author: Jon Stratton# Vendor Homepage:...

Authored by Captain_hook WordPress LifterLMS plugin version 4.21.0 suffers from a persistent cross site scripting vulnerability. advisories | CVE-2021-24308 Change Mirror Download # Exploit Title: WordPress Plugin LifterLMS 4.21.0 - Stored Cross-Site Scripting...