Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 Exploit Proof-of-Concept Overview This rep...

Exploit for CVE-2024-42327

cve-2024-42327 usage: cve-2024-42327.py -h -u URL -n USERN...

Exploit for OS Command Injection in Yogeshojha Rengine

reNgine 2.2.0 - Command Injection - CVE-2023-50094 Descri...

GHSA-M26C-FCGH-CP6H cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes

Summary utils.getsharedsecret always returns -1 - allows anyone to connect to cobbler XML-RPC as user '' password -1 and make any changes. Details utils.py getsharedsecret: def getsharedsecret - Unionstr, int: """ The 'web.ss' file is regenerated each time cobblerd restarts and is used to agree o...

UBUNTU-CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

PT-2024-34371 · Schrödinger · Pymol

Name of the Vulnerable Software and Affected Versions: PyMOL version 2.5.0 Description: The issue arises from the "Run Script" function in PyMOL, which allows the execution of arbitrary Python code embedded within .PYM files. This enables attackers to craft malicious .PYM files containing Python...

CyberPanel upgrademysqlstatus Arbitrary Command Execution

import httpx import sys def getCSRFtokenclient: resp = client.get"/" return resp.cookies'csrftoken' def pwnclient, CSRFtoken, cmd: headers = "X-CSRFToken": CSRFtoken, "Content-Type":"application/json", "Referer": strclient.baseurl payload = '"statusfile":"/dev/null; %s; ","csrftoken":"%s"' % cmd,...

SmartAgent 1.1.0 Remote Code Execution Vulnerability

Exploit Title: SmartAgent v1.1.0 - Unauthenticated Remote Code Execution Exploit Author: Alter Prime Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com Version: Build v1.1.0 Tested on: Kali Linux An unauthenticated user can access a php script called...

Exploit for Code Injection in Vmware Spring_Framework

Expoitation-de-la-vuln-rabilit-CVE-2022-22965 La vulnérabilité...

SmartAgent 1.1.0 Server-Side Request Forgery

Exploit Title: SmartAgent v1.1.0 - Server-Side Request Forgery SSRF Date: 01-10-2024 Exploit Author: Alter Prime Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com Version: Build v1.1.0 Tested on: Kali Linux An unauthenticated user can trigger the web server to perform web reques...

Exploit for Cross-site Scripting in Wondercms

CVE-2023-41425 Writing one b...

Exploit for Command Injection in Netgate Pfsense

pfSense 2.7.0 Command Injection Exploit CVE-2023-42326 This...

Exploit for Code Injection in Grafana

CVE-2024-9264-RCE-Exploit in Grafana via SQL Expressions D...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

EN GenTeamCityExploit is a PoC tool that targets a vulnera...

Exploit for Code Injection in Cacti

CVE-2024-43363 CVE-2024-43363 Exploit Script This Python scr...

Kedro Detection

A Kedro Python library is installed on the remote host. Note that Nessus has relied upon on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid208137; scriptversion"1.6";...

DrayTek Multiple Vigor Routers OS Command Injection Vulnerability

DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 WinRAR Exploit Generator Created by: tech...

Exploit for Unrestricted Upload of File with Dangerous Type in Mayurik Best_House_Rental_Management_System

CVE-2024-46377 PoC for Arbitrary File Upload Vulnerability...

Exploit for Path Traversal in Tuzitio Camaleon_Cms

CVE-2024-46986 Camaleon CMS Exploit - Arbitrary File Upload...