gotr00t0day / CVE-2024-4040
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
☆10Updated 9 months ago
Alternatives and similar repositories for CVE-2024-4040:
Users that are interested in CVE-2024-4040 are comparing it to the libraries listed below
- ☆13Updated last year
- Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs☆12Updated 2 years ago
- Strumenti per Domini - Whois - IP - Data Breach - Email☆14Updated 3 months ago
- xdebug 2.5.5 RCE exploit☆30Updated last month
- Python script that generates Visual Basic Script (VBS) stagers for executing PowerShell scripts directly from specified URLs. It provides…☆12Updated 8 months ago
- PoC for Exploiting CVE-2024-31848/49/50/51 - File Path Traversal☆14Updated 9 months ago
- Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.0.7 - Authenticated (Contributor+) Remote Code Execution☆11Updated 2 months ago
- XSS payloads for exploiting Markdown syntax☆9Updated 4 years ago
- NetFuzzer is a comprehensive network security assessment tool for internal and external network components, including Host Machines, Fire…☆13Updated 2 weeks ago
- F5 BIG-IP Scanner scans for servers on shodan and checks to see if they are vulnerable.☆17Updated 2 years ago
- Automatic Mass Tool for check and exploiting vulnerability in CVE-2023-3076 - MStore API < 3.9.9 - Unauthenticated Privilege Escalation (…☆17Updated last year
- Automate Blind SQL Injection with Python.☆20Updated 2 years ago
- ☆22Updated last year
- Bxss Sniper: A web application penetration testing tool for Blind XSS detection☆18Updated last year
- This tool is designed to detect and identify Server-Side Template Injection (SSTI) vulnerabilities in web applications☆9Updated last year
- An efficient tool To Find click jacking vulnerabilities in easiest way with poc☆20Updated 3 years ago
- hacking tools☆14Updated 2 years ago
- VLAN attacks toolkit☆13Updated 2 years ago
- Continuous Reconnaissance and Vulnerability Scanning for Bug Bounties☆17Updated 8 months ago
- crawl a website for links and expose all the vulnerable parameters.☆13Updated 2 years ago
- Apache HugeGraph Server Unauthenticated RCE - CVE-2024-27348 Proof of concept Exploit☆17Updated 8 months ago
- An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.☆14Updated 8 months ago
- A PHP script demonstrating cookie stealing by capturing and logging request information, including the victim's cookie, IP address, HTTP …☆34Updated last year
- Exploit for the unauthenticated file upload vulnerability in WordPress's Royal Elementor Addons and Templates plugin (< 1.3.79). CVE-ID: …☆10Updated last year
- CVE-2024-29895 PoC - Exploiting remote command execution in Cacti servers using the 1.3.X DEV branch builds☆21Updated 9 months ago
- This tool will resolve a list of Domains, IPs, Hosts, URLs and save the results for valid/invalid fast!☆15Updated 2 years ago
- CVE-2023-28121 - WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation [ Mass Add Admin User ]☆11Updated last year
- Mass Exploit - CVE-2023-1698 < Unauthenticated Remote Command Execution☆12Updated last year
- "🔍 Subtron: Bash-driven subdomain seeker. Utilizes Subfinder, Amass, Assetfinder, and HTTPX to swiftly uncover live domains. Results sto…☆22Updated last year
- Nuclei template for CVE-2024-23897 (Jenkins LFI Vulnerability)☆18Updated last year