header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

CA Unified Infrastructure Management Nimsoft 7.80 – Remote Buffer Overflow

Unauthenticated Nimbus nimcontroller RCE, tested against build 7.80.3132 although multiple versions are affected. The exploit won't crash the service. You may have to run the exploit code multiple times on Windows Server 2012. If you exploit Windows Server 2019 it should work as well just didn't get a chance to test it (reversing other things), I put faith in my ROP chain being universal (worked first try on 2012).

WordPress Plugin Tutor LMS 1.5.3 – Cross-Site Request Forgery (Add User)

An attacker can use CSRF to register themselves as an instructor or block other legit instructors. Consequently, if the option to create courses without admin approval is enabled on the plugin’s settings page, the attacker will be able to create courses directly as well. All WordPress websites using Tutor LMS version 1.5.2 and below are affected.

Cyberoam Authentication Client 2.1.2.7 – Buffer Overflow (SEH)

This exploit targets a buffer overflow vulnerability in the Cyberoam Authentication Client version 2.1.2.7. By copying the contents of 'sploit.txt' into the 'Cyberoam Server Address' field and clicking 'Check', a TCP shell will spawn on port 1337. The exploit uses msfvenom to generate a payload with bad characters to be avoided. It is tested on Windows Vista SP2 x86.

Bitweaver R2 CMS

Bitweaver is an open source content management system. Its speed and power are ideal for large-scale community websites and corporate applications, but it is simple enough for non-technical small site users to set up and administrate. The vulnerabilities in Bitweaver R2 CMS include arbitrary file upload and source code disclosure. The arbitrary file upload vulnerability can be exploited through the /fisheye/upload.php file, where an attacker can upload arbitrary files with image/gif content-type. Additionally, the attacker can bypass the '/storage/.htaccess' restriction by uploading their own .htaccess file. The source code disclosure vulnerability can be exploited through the /wiki/edit.php file, where an attacker can suck another page and append it to the end of the current page.

Magento WooCommerce CardGate Payment Gateway 2.0.30 – Payment Process Bypass

Lack of origin authentication (CWE-346) at IPN callback processing function allow (even unauthorized) attacker to remotely replace critical plugin settings (merchant id, secret key etc) with known to him and therefore bypass payment process (eg. spoof order status by manually sending IPN callback request with a valid signature but without real payment) and/or receive all subsequent payments (on behalf of the store).

WordPress Plugin WooCommerce CardGate Payment Gateway 3.1.15 – Payment Process Bypass

Lack of origin authentication (CWE-346) at IPN callback processing function allow (even unauthorized) attacker to remotely replace critical plugin settings (merchant id, secret key etc) with known to him and therefore bypass payment process (eg. spoof order status by manually sending IPN callback request with a valid signature but without real payment) and/or receive all subsequent payments (on behalf of the store).

Recent Exploits: