Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file which allows an unauthenticated user to execute arbitrary code via directory traversal

Last update: Nov 15, 2022

Overview

CVE-2021-40870 Exploitation

An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.

Modules need to Install

To run this project, you will need to add the following modules in your python

requests urllib3

Uses

To run this project you need to do the followings

  python3 poc.py https://site.com/

must include / at the end of the url

🔗 Links

VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read

vcenter_fileread_exploit VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read Usage python3 vCenter_fileread.py http(s)://ip Referen

4 Sep 23, 2022

This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

CVE-2021-43798 – Grafana Exploit About This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798

12 Nov 18, 2022

Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability

AdminerRead Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability Installation git clone https://github.com/p0dalirius/AdminerRea

58 Dec 5, 2022

An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.

RonnieColemanYARAParser This script is named after Ronnie Coleman, and peforms bulk lifts on arbitary file features using YARA console logging. Requir

20 Dec 13, 2022

This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit

CVE-2021-40444 builders This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit. This repo is just for testing, re

168 Nov 9, 2022

A Telegram Bot to force users to join a specific channel before sending messages in a group.

Promoter A Telegram Bot to force users to join a specific channel before sending messages in a group. Introduction A Telegram Bot to force users to jo

1 Jan 27, 2022

Fat-Stealer is a stealer that allows you to grab the Discord token from a user and open a backdoor in his machine.

21 Jan 1, 2023

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service. This tool can help a digital forensic investigator to know the context, origin of specific files during a digital forensic investigation.

96 Dec 20, 2022

Springboot directory scanning

87 Dec 28, 2022

Releases(Aviatrix)

Aviatrix(Oct 8, 2021)

Source code(tar.gz)
Source code(zip)
poc.py(1.92 KB)

Owner

Ashraful Islam

Bug Bounty Hunting [Beginner] / Python Programmer [Basic] / CTF Player [Noob]

GitHub Repository

Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.

Log4jHorizon Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more. BLOG COMING SOON Code and README.md this time around are

96 Dec 14, 2022

This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired

26 Dec 26, 2022

Exploit-CVE-2021-21086

CVE-2021-21086 Exploit This exploit allows to execute a shellcode in the context of the rendering process of Adobe Acrobat Reader DC 2020.013.20074 an

23 Nov 09, 2022

GitHub Advance Security Compliance Action

advanced-security-compliance This Action was designed to allow users to configure their Risk threshold for security issues reported by GitHub Code Sca

121 Dec 14, 2022

Workshop Material on VM-based Deobfuscation

Analysis of Virtualization-based Obfuscation This repository contains slides, samples and code of the 4h code deobfuscation workshop at r2con2021. We

133 Dec 18, 2022

Um keylogger que se disfarça de um app que tira print da tela.

Keylogger_ Um keylogger que se disfarça de um app que tira print da tela. Este programa captura o print da tela e salva ,normalmente, na pasta Picture

1 Dec 03, 2021

A python module for retrieving and parsing WHOIS data

pythonwhois A WHOIS retrieval and parsing library for Python. Dependencies None! All you need is the Python standard library. Instructions The manual

384 Dec 23, 2022

Fast and customizable vulnerability scanner For JIRA written in Python

Fast and customizable vulnerability scanner For JIRA. 🤔 What is this? Jira-Lens 🔍 is a Python Based vulnerability Scanner for JIRA. Jira is a propri

185 Dec 25, 2022

A python package with tools to read and postprocess the output of the channel DNS-solver (davecats/channel), as well as its associated postprocessing tools.

Python tools for davecats/channel A python package with tools to read and postprocess the output of the channel dns solver, as well as its associated

1 Dec 13, 2021

Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file which allows an unauthenticated user to execute arbitrary code via directory traversal

Related tags

Overview

CVE-2021-40870 Exploitation

An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.

Modules need to Install

Uses

🔗 Links

You might also like...

VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read

This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

Exploit tool for Adminer 1.0 up to 4.6.2 Arbitrary File Read vulnerability

An experimental script to perform bulk parsing of arbitrary file features with YARA and console logging.

This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit

A Telegram Bot to force users to join a specific channel before sending messages in a group.

Fat-Stealer is a stealer that allows you to grab the Discord token from a user and open a backdoor in his machine.

Analyse a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service

Springboot directory scanning

Releases(Aviatrix)

Aviatrix(Oct 8, 2021)

Owner

Ashraful Islam

Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.

This repository detects a system vulnerable to CVE-2022-21907 and protects against this vulnerability if desired

Exploit-CVE-2021-21086

GitHub Advance Security Compliance Action

Workshop Material on VM-based Deobfuscation

Um keylogger que se disfarça de um app que tira print da tela.

A python module for retrieving and parsing WHOIS data

Fast and customizable vulnerability scanner For JIRA written in Python

A python package with tools to read and postprocess the output of the channel DNS-solver (davecats/channel), as well as its associated postprocessing tools.

A python script to bypass 403-forbidden.

SonicWALL SSL-VPN Web Server Vulnerable Exploit

an impacket-dependent script exploiting CVE-2019-1040

A proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228)

INFO 3350/6350, Spring 2022, Cornell

SSH Tool For OSINT and then Cracking.

Apache OFBiz rmi反序列化EXP(CVE-2021-26295)

A collection of write-ups and solutions for Cyber FastTrack Spring 2021.

This is a Cryptographied Password Manager, a tool for storing Passwords in a Secure way

OpenTOTP is yet another time-based, one-time passwords (OTPs) generator/verifier inspired by RFC 6238.

Mass scan for .git repository and .env file exposure