Gila CMS 2.0.0 – Remote Code Execution (Unauthenticated)
January 13th, 2021 📆 | 7074 Views ⚑
# Exploit Title: Gila CMS 2.0.0 - Remote Code Execution (Unauthenticated) # Date: 1.12.2021 # Exploit Author: Enesdex # Vendor
Browsing the "unauthenticated" Tag
Tagged with: cms • code • execution • Gila • php • remote • unauthenticated • webapps
Klog Server 2.4.1 – Command Injection (Unauthenticated)
January 10th, 2021 📆 | 6291 Views ⚑
*] *]# Exploit Title: Klog Server 2.4.1 - Command Injection (Unauthenticated) # Date: 22.12.2020 # Exploit Author: b3kc4t (Mustafa GUNDOGDU)
Tagged with: command • CVE-2020-35729 • injection • Klog • php • server • unauthenticated • webapps
Resumes Management and Job Application Website 1.0 – RCE (Unauthenticated)
January 9th, 2021 📆 | 4809 Views ⚑
# Exploit Title: Resumes Management and Job Application Website 1.0 - RCE (Unauthenticated) # Date: 3/1/2021 # Exploit Author: Arnav
Tagged with: application • Job • management • php • RCE • resumes • unauthenticated • webapps • website
WordPress Plugin wpDiscuz 7.0.4 – Unauthenticated Arbitrary File Upload (Metasploit)
January 9th, 2021 📆 | 6360 Views ⚑
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include
Tagged with: arbitrary • File • metasploit • php • plugin • unauthenticated • upload • webapps • wordpress • wpdiscuz
Apache Flink 1.11.0 – Unauthenticated Arbitrary File Read (Metasploit)
January 8th, 2021 📆 | 7983 Views ⚑
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient include Msf::Auxiliary::Scanner
Tagged with: apache • arbitrary • CVE-2020-17519 • File • flink • Java • metasploit • read • unauthenticated • webapps
Cockpit Version 234 – Server-Side Request Forgery (Unauthenticated)
January 8th, 2021 📆 | 1829 Views ⚑
# Exploit Title: Cockpit Version 234 - Server-Side Request Forgery (Unauthenticated) # Date: 08.01.2021 # Exploit Author: Metin Yunus Kandemir
Tagged with: cockpit • forgery • multiple • request • server • ServerSide • unauthenticated • version • webapps
TerraMaster TOS 4.2.06 – RCE (Unauthenticated)
December 25th, 2020 📆 | 7417 Views ⚑
# Exploit Title: TerraMaster TOS 4.2.06 - RCE (Unauthenticated) # Date: 12/12/2020 # Exploit Author: IHTeam # Full Write-up: https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/
Tagged with: linux • RCE • terramaster • TOS • unauthenticated • webapps
WordPress Epsilon Framework Multiple Themes – Unauthenticated Function Injection
December 24th, 2020 📆 | 6294 Views ⚑
# Exploit Title: WordPress Epsilon Framework Multiple Themes - Unauthenticated Function Injection # Date: 22/12/2020 # Exploit Authors: gx1 lotar
Tagged with: epsilon • framework • function • injection • multiple • php • themes • unauthenticated • webapps • wordpress
TerraMaster TOS 4.2.06 – Unauthenticated Remote Code Execution (Metasploit)
December 23rd, 2020 📆 | 5087 Views ⚑
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include
Tagged with: code • execution • linux • metasploit • remote • terramaster • TOS • unauthenticated • webapps
WordPress Plugin W3 Total Cache – Unauthenticated Arbitrary File Read (Metasploit)
December 22nd, 2020 📆 | 8248 Views ⚑
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework # ## class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include
Tagged with: arbitrary • cache • File • metasploit • php • plugin • read • total • unauthenticated • webapps • wordpress
Linksys RE6500 1.0.11.001 – Unauthenticated RCE
December 20th, 2020 📆 | 7365 Views ⚑
# Exploit Title: Linksys RE6500 1.0.11.001 - Unauthenticated RCE # Date: 31/07/2020 # Exploit Author: RE-Solver # Public disclosure: https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html#4
Tagged with: hardware • linksys • RCE • re6500 • unauthenticated • webapps
WordPress Plugin Duplicator 1.3.26 – Unauthenticated Arbitrary File Read (Metasploit)
December 19th, 2020 📆 | 7335 Views ⚑
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Auxiliary include Msf::Auxiliary::Report include Msf::Exploit::Remote::HTTP::Wordpress
Tagged with: arbitrary • duplicator • File • metasploit • php • plugin • read • unauthenticated • webapps • wordpress
Sony BRAVIA Digital Signage 1.7.8 – Unauthenticated Remote File Inclusion
December 5th, 2020 📆 | 5963 Views ⚑
# Exploit Title: Sony BRAVIA Digital Signage 1.7.8 - Unauthenticated Remote File Inclusion # Date: 20.09.2020 # Exploit Author: LiquidWorm
Tagged with: bravia • digital • File • hardware • inclusion • remote • signage • Sony • unauthenticated • webapps
WordPress Plugin Canto 1.3.0 – Blind SSRF (Unauthenticated)
December 4th, 2020 📆 | 6963 Views ⚑
# Exploit Title: WordPress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated) # Date: 03/12/2020 # Exploit Author: Pankaj Verma (_p4nk4j)
Tagged with: blind • canto • CVE-2020-28976CVE-2020-28977CVE-2020-28978 • multiple • plugin • SSRF • unauthenticated • webapps • wordpress
Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion ≈ Packet Storm
December 3rd, 2020 📆 | 6869 Views ⚑
Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion Vendor: Sony Electronics Inc.Product web page: https://pro-bravia.sony.nethttps://pro-bravia.sony.net/resources/software/bravia-signage/https://pro.sony/ue_US/products/display-softwareAffected version: < =1.7.8 Summary:
Tagged with: advisory • bravia • CSRF • digital • exploit • File • inclusion • overflow • packet • remote • scanner • security • signage • Sony • storm • unauthenticated • vulnerability • whitepaper • XSS
Joomla! Component GMapFP 3.5 – Unauthenticated Arbitrary File Upload
December 1st, 2020 📆 | 6813 Views ⚑
# Exploit Title: Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File Upload # Google Dork: inurl:''com_gmapfp'' # Date: 2020-03-27 #
Tagged with: arbitrary • component • CVE-2020-23972 • File • gmapfp • joomla • php • unauthenticated • upload • webapps
Acronis Cyber Backup 12.5 Build 16341 – Unauthenticated SSRF
November 27th, 2020 📆 | 7807 Views ⚑
# Exploit Title: Acronis Cyber Backup 12.5 Build 16341 - Unauthenticated SSRF # Date: 2020-07-30 # Author: Julien Ahrens #
Tagged with: 16341 • acronis • backup • build • CVE-2020-16171 • cyber • multiple • SSRF • unauthenticated • webapps
WordPress Simple File List Unauthenticated Remote Code Execution ≈ Packet Storm
November 26th, 2020 📆 | 7955 Views ⚑
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework## class MetasploitModule < Msf::Exploit::RemoteRank = GoodRanking include Msf::Exploit::Remote::HTTP::Wordpressprepend Msf::Exploit::Remote::AutoCheckinclude Msf::Exploit::FileDropper def
Tagged with: advisory • code • CSRF • execution • exploit • File • list • overflow • packet • remote • scanner • security • simple • storm • unauthenticated • vulnerability • whitepaper • wordpress • XSS
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution ≈ Packet Storm
November 20th, 2020 📆 | 2666 Views ⚑
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework## class MetasploitModule < Msf::Exploit::RemoteRank = ExcellentRanking include Msf::Exploit::Powershellinclude Msf::Exploit::Remote::HttpServerinclude Msf::Exploit::Remote::HttpClient def
Tagged with: advisory • code • CSRF • execution • exploit • factorytalk • overflow • packet • remote • rockwell • scada • scanner • security • storm • unauthenticated • View • vulnerability • whitepaper • XSS
Fortinet FortiOS 6.0.4 – Unauthenticated SSL VPN User Password Modification
November 19th, 2020 📆 | 2860 Views ⚑
# Exploit Title: Fortinet FortiOS 6.0.4 - Unauthenticated SSL VPN User Password Modification # Google Dork: intitle:"Please Login" "Use FTM
Tagged with: CVE-2018-13382 • fortinet • fortios • hardware • modification • password • SSL • unauthenticated • user • VPN • webapps
Popular
The best security conferences of 2021 December 21, 2020 The COVID-19 pandemic certainly threw a monkey wrench into the…
Windows 10 bug corrupts your hard drive on seeing… January 15, 2021 An unpatched zero-day in Microsoft Windows 10 allows attackers to…
WordPress Contact Form 7 5.3.1 Shell Upload ≈ Packet Storm December 22, 2020 # Exploit Title: Wordpress Plugin Contact Form 7 5.3.1 -…
A second hacking group has targeted SolarWinds systems December 21, 2020 As forensic evidence is slowly being unearthed in the aftermath…
Rioters Open Capitol’s Doors to Potential Cyberthreats January 7, 2021 Business Continuity Management / Disaster Recovery , Critical Infrastructure Security…![[webapps] Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)](https://www.digitalmunition.me/wp-content/uploads/spider-orange.png "[webapps] Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)")
[webapps] Sony Playstation 4 (PS4) < 7.02 -… December 26, 2020 Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit…
Samsung Galaxy Buds Pro: Review and Buying Guide January 16, 2021 Samsung is clearly aiming for the accessories markets too, with…
Members
Comments