header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

dizqueTV 1.5.3 – Remote Code Execution (RCE)

dizqueTV version 1.5.3 is susceptible to a remote code execution vulnerability that allows attackers to execute unauthorized commands remotely. By manipulating the FFMPEG Executable Path in the settings to include a malicious command like "; cat /etc/passwd && echo 'poc'", an attacker can view the content of /etc/passwd.

reNgine 2.2.0 – Command Injection (Authenticated)

The reNgine version 2.2.0 is vulnerable to authenticated command injection. By modifying the nmap_cmd parameters in the yml configuration, an attacker can inject malicious commands. This can lead to unauthorized remote code execution with the privileges of the application. This exploit allows an authenticated user to execute arbitrary commands on the underlying system.

Backdrop CMS 1.27.1 – Authenticated Remote Command Execution (RCE)

The Backdrop CMS version 1.27.1 is vulnerable to authenticated remote command execution. An attacker can exploit this vulnerability to execute arbitrary commands on the target system. This could lead to unauthorized access, data theft, and further compromise of the system. This exploit was authored by Ahmet Ümit BAYRAM.

CMSimple 5.15 – Remote Command Execution

The vulnerability allows an attacker to execute arbitrary commands on the target system by uploading a malicious PHP file. By appending ",php" to the end of the Extensions_userfiles field in the CMS Settings, an attacker can upload a shell.php file via the Media section and access it remotely.

FreePBX 16 – Authenticated Remote Code Execution (RCE)

The FreePBX versions 14, 15, and 16 are vulnerable to an Authenticated Remote Code Execution (RCE) exploit. By exploiting this vulnerability, an attacker can execute arbitrary code on the target system. This exploit allows an attacker to execute commands on the target system, potentially leading to a full compromise.

Palo Alto PAN-OS Command Injection and Arbitrary File Creation

The Palo Alto PAN-OS versions prior to 11.1.2-h3 are vulnerable to command injection and arbitrary file creation. An attacker can exploit this vulnerability to execute arbitrary commands and create files on the target system. This vulnerability has been assigned the CVE ID CVE-2024-3400.

SofaWiki 3.9.2 – Remote Command Execution (RCE) (Authenticated)

The exploit allows an authenticated attacker to execute arbitrary commands on the target system. By uploading a PHP shell through the 'uploadedfile' parameter in the 'index.php' script, the attacker can run system commands via the 'cmd' parameter in the uploaded PHP shell.

Recent Exploits: