Exploits | Core Security

This module uses an OS Command Injection vulnerability to gain arbitrary code execution on the affected system.

RESTful Web Services Module does not properly sanitize data from non-form sources. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution.

The 'recentVersion' parameter from the snserv endpoint is vulnerable to OS Command Injection when check and execute update operations are performed. This module exploits this vulneravility to install an agent

This module exploits a buffer overflow vulnerability in PCMan FTP Server. This vulnerability can be exploited remotely by sending a specially crafted USER command to port TCP/21.

This module also know as EternalRomance exploits the ms17-010 vulnerability by taking advantage of a remote pool overflow in the smb transaction handling code of the windows smb driver. You will need to provide windows credentials in order to exploit the remote host. This module should never crash a target, so if the exploit does not work probably its because the credentials were wrong.

HP Intelligent Management Center is prone to a remote vulnerability that allows attackers to execute commands under the context of system.

Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp

A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated remote attacker, to execute arbitrary commands with SYSTEM user privileges. This module will access the specified remote target using SMB, and install an agent with SYSTEM user privileges.

AVEVA InduSoft Web Studio is prone to a remote vulnerability that allows attackers to execute commands under the context of de program user.

Subscribe to Exploits

Privacy Policy

Cookie Policy

Terms of Service

Accessibility

Impressum