htmlLawed versions 1.2.5 and below proof of concept remote command execution exploit.
f7c13b91b7562803551ff2c81af4d91f8007cf734173bc191c1002abafa0fa8f
This archive contains all of the 132 exploits added to Packet Storm in April, 2024.
1cc0043aef39f0e6a8dc458f9a6338f05cc6e2563d003810dff7bc61cb8fa7b7
Online Tours and Travels Management System version 1.0 suffers from a remote SQL injection vulnerability.
60e4ec4738d6f6a64d63d565ba22b2f196e6175494953c8782b5d9edc6f07301
Proof of concept code that demonstrates how the Windows kernel suffers from a privilege escalation vulnerability due to a double-fetch in PspBuildCreateProcessContext that leads to a stack buffer overflow.
0d419f34140c82908299252d3794e80651aedada14ee132d75462cbcf8700e96
Proof of concept code that demonstrates how the Windows kernel suffers from a privilege escalation vulnerability due to a double-fetch in NtQueryInformationThread that leads to an arbitrary write.
17303e9dc06042a7d7b761657e3f97ac797834b1b9703bc726107b814b22b014
This is the full Windows privilege escalation exploit produced from the blog Exploiting the NT Kernel in 24H2: New Bugs in Old Code and Side Channels Against KASLR.
359dac8448d7ce433fa3541cbb436c20ba5d34c9e0efb99cd95d1c887c779304
osCommerce version 4 suffers from a cross site scripting vulnerability. This finding is another vector of attack for this issue already discovered by the same researcher in November of 2023.
f8285fdf1bc0d4437ae633d7dde7f4f607db4b9ab45579773b774ad89e950ca2
This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Kemp LoadMaster in the authorization header after version 7.2.48.1. The following versions are patched: 7.2.59.2 (GA), 7.2.54.8 (LTSF), and 7.2.48.10 (LTS).
3a721b9eae3cbcc73dbb679d3903115192bf095161310b9403ab283b1ed814f6
Doctor Appointment Management System version 1.0 suffers from a cross site scripting vulnerability.
0c3515ce2c317170c7225f17f3a5d2fc73aa45477ced43b63dff0c9c028c968d
ESET NOD32 Antivirus version 17.1.11.0 suffers from an unquoted service path vulnerability.
c89869f15a61fbd6e4a27d4969ac6487945ff8bbb640fcd901475febf642a0e2
PowerVR has a security issue where a writability check in PMRMMapPMR() does not clear VM_MAYWRITE.
3c6be466dbc5e6f19541750720a0f82bfbd11613fafa5557f44c1df26aa893b2
Apache Solr versions 6.0.0 through 8.11.2 and versions 9.0.0 up to 9.4.1 are affected by an unrestricted file upload vulnerability which can result in remote code execution in the context of the user running Apache Solr. When Apache Solr creates a Collection, it will use a specific directory as the classpath and load some classes from it. The backup function of the Collection can export malicious class files uploaded by attackers to the directory, allowing Solr to load custom classes and create arbitrary Java code. Execution can further bypass the Java sandbox configured by Solr, ultimately causing arbitrary command execution.
982c87ed2032bff9e2a889f42db78ed065aa2707c068813f76b1c3875193d49d
Relate Learning and Teaching System versions prior to 2024.1 suffers from a server-side template injection vulnerability that leads to remote code execution. This particular finding targets the Batch-Issue Exam Tickets function.
fbbdfe373b7e6dd2a583a85798dfb1937651c42dbb791999bca4e6961e2b78e0
Nginx versions 1.25.5 and below appear to have a host header filtering validation bug that could possibly be used for malice.
827499ce948db348650ea46da73de3be64bef78d4325b8fb47b1f8a618d514f3
A remote SQL injection vulnerability exists in FortiNet FortiClient EMS (Endpoint Management Server) versions 7.2.0 through 7.2.2 and 7.0.1 through 7.0.10. FortiClient EMS serves as an endpoint management solution tailored for enterprises, offering a centralized platform for overseeing enrolled endpoints. The SQL injection vulnerability is due to user controller strings which can be sent directly into database queries. FcmDaemon.exe is the main service responsible for communicating with enrolled clients. By default it listens on port 8013 and communicates with FCTDas.exe which is responsible for translating requests and sending them to the database. In the message header of a specific request sent between the two services, the FCTUID parameter is vulnerable to SQL injection. It can be used to enable the xp_cmdshell which can then be used to obtain unauthenticated remote code execution in the context of NT AUTHORITY\SYSTEM. Upgrading to either 7.2.3, 7.0.11 or above is recommended by FortiNet. It should be noted that in order to be vulnerable, at least one endpoint needs to be enrolled / managed by FortiClient EMS for the necessary vulnerable services to be available.
5dc08a7c993a962915dd2867b371b86d2696d585975c16dd1ce9c50691286b53
GitKraken GitLens versions prior to 14.0.0 allow an untrusted workspace to execute git commands. A repo may include its own .git folder including a malicious config file to execute arbitrary code. Tested against VSCode 1.87.2 with GitLens 13.6.0 on Ubuntu 22.04 and Windows 10.
b8273beeca3962657f6a9b1d3bfeafcc468090839b20a36ae8bb674024aa42ce
This Metasploit module creates a vsix file which can be installed in Visual Studio Code as an extension. At activation/install, the extension will execute a shell or two. Tested against VSCode 1.87.2 on Ubuntu 22.04.
e6880eb05602e6f92b535b42014f6031b0323eada13388a7f9aab0f3804a2789
A remote code execution vulnerability in Gambio online webshop versions 4.9.2.0 and below allows remote attackers to run arbitrary commands via an unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization flaw, which ultimately allows an attacker to execute remote code on affected systems. The insecure deserialization vulnerability in Gambio poses a significant risk to affected systems. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.
b039dd6352f7639972110e6885da153c2438aa56b1f4c40dc395f737607363b4
This Metasploit module exploits two vulnerabilities in Palo Alto Networks PAN-OS that allow an unauthenticated attacker to create arbitrarily named files and execute shell commands. Configuration requirements are PAN-OS with GlobalProtect Gateway or GlobalProtect Portal enabled and telemetry collection on (default). Multiple versions are affected. Payloads may take up to one hour to execute, depending on how often the telemetry service is set to run.
9c69f9786e45a27c7e5254838feb1083b7180cc983336792158dcfa2db1cdf80
Palo Alto PAN-OS versions prior to 11.1.2-h3 command injection and arbitrary file creation exploit.
594b68c209a4adfbc7ba9577a8a4aeb75c0f92fd1d23ee6c6e97dbda9ba864a9
LRMS PHP version 1.0 suffers from remote shell upload and multiple remote SQL injection vulnerabilities.
cd29b75f4fc26669967838b2cacc350651afd70ebc41fa183a818a2044008a19
Dreamehome versions 2.1.5 and below suffer from multiple broken authorization vulnerabilities.
f291cbc3f68d107ef35eadc6c79ee93bf58cbd9ccdc054011afb7d62bc9754e1
SofaWiki version 3.9.2 suffers from a remote shell upload vulnerability.
0f96734c2d9102385c242ff25bcaeda5c50413756e19e450e1bcbfe8ae166734
Laravel Framework version 11 suffers from a credential disclosure vulnerability.
0f46b7fe0d34dd07e9a8db63a2302513bdef1017e3780ffff315cee267f96243
FlatPress version 1.3 suffers from a remote shell upload vulnerability.
95b37bcd0ee004b10ed07d1d5449e20f0b6c896143d3d34e105388324e4c71e6