Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

Projects in Awesome Lists by RandomRobbieBF

A curated list of projects in awesome lists by RandomRobbieBF .

https://github.com/randomrobbiebf/grafana-ssrf

Authenticated SSRF in Grafana

Last synced: 20 Nov 2024

https://github.com/RandomRobbieBF/grafana-ssrf

Authenticated SSRF in Grafana

Last synced: 03 Nov 2024

https://github.com/randomrobbiebf/marshalsec-jar

marshalsec-0.0.3-SNAPSHOT-all compiled on X64

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2023-2982

WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) <= 7.6.4 - Authentication Bypass

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/phpunit-brute

Tool to try multiple paths for PHPunit RCE CVE-2017-9841

bugbounty cve-2017-9841 phpunit

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/wordpress-plugin-list

Wordpress Plugins List for Bruteforcing.

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/service-now

Service-Now Article Bruteforcer

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/wp-file-manager

wp-file-manager RCE

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/nuclei-drupal-sa

Nuclei templates for drupal vulns... far from perfect

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/coldfusion-amf

Coldfusion AMF PWN

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/kong-pwn

Use Exposed KongAPI to act like a proxy and get metadata urls or internal urls

cve-2020-11710 kong kong-api

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/simple-file-list-rce

Simple File List < 4.2.3 - Unauthenticated Arbitrary File Upload RCE

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/woo

Exploit woocommerce SQLI and grab user and password hash

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/sap-brute

SAP Netweaver Login Bruteforcer.

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/wordpress-exploits

Random Wordpres Exploits May or May Not Work.

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-22145

InstaWP Connect <= 0.1.0.8 - Missing Authorization to Arbitrary Options Update (Subscriber+)

cve-2024-22145 exploit instawp-connect wordpress

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-0679

ColorMag <= 3.1.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation

cve-2024-0679 exploit wordpress

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-6624

JSON API User <= 3.9.3 - Unauthenticated Privilege Escalation

json-api-user wordpress

Last synced: 01 Dec 2024

https://github.com/randomrobbiebf/s3-from-csp

Extracts all S3 Buckets from CSP report headers and then tests for file upload vulns

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/binary-edge-render-extract

Create a datatable output from a binaryedge render scan

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/log4j-exploits

Log4J Exploits for Different Systems

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/juicy-php

Juicy-php - finds PHP info files with juicy information

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/wordpress-plugins-scraper

Will open the first page of wordpress website and extract all js and css links with wp-content/plugins/

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2023-6700

Cookie Information | Free GDPR Consent Solution <= 2.0.22 - Authenticated (Subscriber+) Arbitrary Options Update

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/wordpress-php-object-helper

Know a plugin has a php object exploit but need to find which lib to use?

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/django-bruteforce

Django Admin Url Bruteforce tool.

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/dnn-cookie

DNN-Cookie Tester

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/dom-brute

Domain TLD prefix finder / 3rd party hosted.

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2023-6985

10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation/Activation Description

ai-assistant-by-10web cve-2023-6985 wordpress

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2022-0952

Sitemap by click5 < 1.0.36 - Unauthenticated Arbitrary Options Update

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/postgres-bruteforcer

This tool takes a list of default creds and tests it against a postgresql server and logs any that work and the databases it has access to.

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/super-secret-finder

Burp Plugin for Secret Matching

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-9234

GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/csp-log4j

Finds CSP report urls and tests to see if they are vulnerable to log4j

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2020-12077

MapPress Maps Pro < 2.53.9 - Remote Code Execution (RCE) due to Incorrect Access Control in AJAX Actions

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2023-5412

Image horizontal reel scroll slideshow <= 13.2 - Authenticated (Subscriber+) SQL Injection via Shortcode

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2023-5070

Social Media Share Buttons & Social Sharing Icons <= 2.8.5 - Information Exposure

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-25092

NextMove Lite < 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2020-36730

CMP - Coming Soon & Maintenance < 3.8.2 - Improper Access Controls on AJAX Calls (Subscriber+)

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/static-file-checker

Checks Djangos /static/staticfiles.json for exposed creds using nuclei

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/health-check

Health Check & Troubleshooting <= 1.2.3 - Authenticated Path Traversal

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2023-47529

Cloud Templates & Patterns collection <= 1.2.2 - Sensitive Information Exposure via Log File

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2023-47668

Restrict Content <= 3.2.7 - Information Exposure via legacy log file

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2023-46197

Popup by Supsystic <= 1.10.19 - Missing Authorization to Sensitive Information Exposure

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2022-45808

LearnPress Plugin < 4.2.0 - Unauthenticated SQLi

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2023-45828

RumbleTalk Live Group Chat <= 6.1.9 - Missing Authorization via handleRequest

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2022-47615

LearnPress Plugin < 4.2.0 - Unauthenticated LFI Description

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2019-15896

LifterLMS <= 3.34.5 - Unauthenticated Options Import

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2021-34621

ProfilePress 3.0 - 3.1.3 - Unauthenticated Privilege Escalation

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2021-25032

PublishPress Capabilities < 2.3.1 - Unauthenticated Arbitrary Options Update to Blog Compromise

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2022-1442

WordPress Plugin Metform <= 2.1.3 - Improper Access Control Allowing Unauthenticated Sensitive Information Disclosure

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2021-24356

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Subscriber + Arbitrary Plugin Installation

cve-2021-24356 wordpress-exploit wordpress-plugin

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2022-3904

CVE-2022-3904 MonsterInsights < 8.9.1 - Stored Cross-Site Scripting via Google Analytics

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2023-2877

Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-10586

Debug Tool <= 2.2 - Unauthenticated Arbitrary File Creation

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2023-0630

CVE-2023-0630 - Slimstat Analytics < 4.9.3.3 - Subscriber+ SQL Injection

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2022-45354

Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/what-wordpress

Tool to extract all themes and plugins that are shown on the front page of a wordpress site.

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/learning-management-system

Masteriyo - LMS for WordPress <= 1.6.7 - Sensitive Information Exposure

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/js-jobs

JS Job Manager < 1.1.9 - Unauthenticated Arbitrary Plugin Installation/Activation

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/e-signature-poc

e-signature < 1.5.6.8 - Unauthenticated Remote Code Execution

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2023-36531

LiquidPoll – Advanced Polls for Creators and Brands <= 3.3.68 - Missing Authorization via activate_addon

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/chart-down

Extracts all the chart lists from ChartMuseum

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2022-0439

CVE-2022-0439 - Email Subscribers & Newsletters < 5.3.2 - Subscriber+ Blind SQL injection

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2023-2732

MStore API <= 3.9.2 - Authentication Bypass

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/struts-splunk

Vuln Apache Struts with splunk

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/whatismyip-serverless

PHP - serverless IP grabber for testing SSRF

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/wordpress-bf

Brute Force Wordpress Blogs.

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/redis-checker

Checks for exposed Redis servers

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2021-24507

Astra Pro Addon < 3.5.2 - Unauthenticated SQL Injection - CVE-2021-24507

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/bucket-brute

Aws S3 Tko Tool

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/be-targets-gen

Reads a Binaryedge.io JSON blob and outputs the IP:PORT to a text file for parsing.

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2022-1203

Content Mask < 1.8.4 - Subscriber+ Arbitrary Options Update

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-10728

PostX <= 4.1.16 - Missing Authorization to Arbitrary Plugin Installation/Activation

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-10629

GPX Viewer <= 2.2.8 - Authenticated (Subscriber+) Arbitrary File Creation

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-9935

PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-50473

Ajar in5 Embed <= 3.1.3 - Unauthenticated Arbitrary File Upload

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-10924

Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 – 9.1.1.1 – Authentication Bypass

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-2242

Contact Form 7 <= 5.9 - Reflected Cross-Site Scripting

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-50427

SurveyJS: Drag & Drop WordPress Form Builder <= 1.9.136 - Authenticated (Subscriber+) Arbitrary File Upload

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-49681

WP Sessions Time Monitoring Full Automatic <= 1.0.9 - Unauthenticated SQL Injection

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-10470

WPLMS Learning Management System for WordPress <= 4.962 – Unauthenticated Arbitrary File Read and Deletion

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2023-41652

RSVPMarker <= 10.6.6 - Unauthenticated SQL Injection

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-50477

Stacks Mobile App Builder <= 5.2.3 - Authentication Bypass via Account Takeover

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-51665

Magical Addons For Elementor <= 1.2.1 - Authenticated (Subscriber+) Server-Side Request Forgery

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-50488

Token Login <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-50482

Woocommerce Product Design <= 1.0.0 - Unauthenticated Arbitrary File Upload

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-9932

Wux Blog Editor <= 3.0.0 - Unauthenticated Arbitrary File Upload

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-50493

Automatic Translation <= 1.0.4 - Unauthenticated Arbitrary File Upload

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-50476

GRÜN spendino Spendenformular <= 1.0.1 - Unauthenticated Arbitrary Options Update

Last synced: 20 Nov 2024

https://github.com/randomrobbiebf/cve-2024-50450

WordPress Meta Data and Taxonomies Filter (MDTF) <= 1.3.3.4 - Unauthenticated Arbitrary Shortcode Execution

Last synced: 20 Nov 2024