gotr00t0day / CVE-2024-4040
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server.
☆11Updated 6 months ago
Related projects ⓘ
Alternatives and complementary repositories for CVE-2024-4040
- ☆13Updated last year
- Automatic Mass Tool for check and exploiting vulnerability in CVE-2023-3076 - MStore API < 3.9.9 - Unauthenticated Privilege Escalation (…☆19Updated last year
- NetFuzzer is a comprehensive network security assessment tool for internal and external networks, including Firewalls, Routers, Switches,…☆13Updated 3 months ago
- Python script that generates Visual Basic Script (VBS) stagers for executing PowerShell scripts directly from specified URLs. It provides…☆12Updated 5 months ago
- Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs☆11Updated last year
- Bxss Sniper: A web application penetration testing tool for Blind XSS detection☆13Updated 11 months ago
- Automate Blind SQL Injection with Python.☆20Updated 2 years ago
- xdebug 2.5.5 RCE exploit☆29Updated 2 years ago
- CVE-2023-28121 - WooCommerce Payments < 5.6.2 - Unauthenticated Privilege Escalation [ Mass Add Admin User ]☆12Updated last year
- F5 BIG-IP Scanner scans for servers on shodan and checks to see if they are vulnerable.☆17Updated last year
- Strumenti per Domini - Whois - IP - Data Breach - Email☆12Updated last week
- CVE-2024-29895 PoC - Exploiting remote command execution in Cacti servers using the 1.3.X DEV branch builds☆21Updated 5 months ago
- This is a working variant of the Mirai IOT botnet☆13Updated last year
- Another vulnerability scanner☆17Updated last year
- ☆15Updated 10 months ago
- Continuous Reconnaissance and Vulnerability Scanning for Bug Bounties☆17Updated 5 months ago
- A PHP script demonstrating cookie stealing by capturing and logging request information, including the victim's cookie, IP address, HTTP …☆32Updated last year
- crawl a website for links and expose all the vulnerable parameters.☆12Updated 2 years ago
- XSSMaze is a web service designed to test and improve the performance of security testing tools by providing various cases of XSS vulnera…☆24Updated 6 months ago
- XSS payloads for exploiting Markdown syntax☆9Updated 3 years ago
- Exploit for the unauthenticated file upload vulnerability in WordPress's Royal Elementor Addons and Templates plugin (< 1.3.79). CVE-ID: …☆9Updated last year
- Nuclei template for CVE-2024-23897 (Jenkins LFI Vulnerability)☆20Updated 9 months ago
- PoC for Exploiting CVE-2024-31848/49/50/51 - File Path Traversal☆15Updated 6 months ago
- ☆18Updated last year
- This tool is designed to detect and identify Server-Side Template Injection (SSTI) vulnerabilities in web applications☆9Updated 10 months ago
- Find CVEs that don't have a Detectify modules.☆21Updated last year
- ☆12Updated 4 months ago
- CVE-2023-38389 < Wordpress < JupiterX Core < Unauthenticated Account Takeover☆27Updated 3 months ago
- VLAN attacks toolkit☆13Updated 2 years ago
- A complete security assessment tool that supports common web security issues scanning and custom POC | Be sure to read the document befor…☆19Updated last month