HoangKien1020

CVE-2021-23132

com_media allowed paths that are not intended for image uploads to RCE

CVE-2020-11890

CVE-2020-11890: Improper input validations in the usergroup table class could lead to a broken ACL configuration to RCE

CVE-2020-14321

Course enrolments allowed privilege escalation from teacher role into manager role to RCE

Joomla-SQLinjection

Collection about PoC for sql injection on Joomla

Moodle_RCE

CVE-2021-21389

BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.

WebShells

Webshell with the newest, easiest, and shortest code and technique.

CVE-2020-10238

CVE-2020-10238: Incorrect Access Control in com_templates PoC

CVE-2020-10239

CVE-2020-10239: Incorrect Access Control in com_fields SQL field-RCE- PoC

pentest

CVE-2020-24597

Directory traversal in com_media to RCE

CVE-2021-21014

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a file upload restriction bypass. Successful exploitation could lead to arbitrary code execution by an authenticated attacker.

Drupal_RCE

LTU14-GROUP03

BTL: Hệ thống ATM kết nối trao đổi thông qua RMI

PoC-Collection

PoC-Collection about some CVEs

CVE-2020-25627

Stored XSS via moodlenetprofile parameter in user profile

iOSPentest101

iOS Pentest 101