Metasploitable3-pentest-lab

🛡️ Metasploitable3 — Home Lab Penetration Test Report Aut...

Amazon EFS CSI Driver has mount option injection via unsanitized volumeHandle and mounttargetip fields

Summary The Amazon EFS CSI Driver is a Container Storage Interface driver that allows Kubernetes clusters to use Amazon Elastic File System. An issue exists where, under certain circumstances, unsanitized values in the volumeHandle and mounttargetip fields are passed directly to the mount command...

METATRON AI Penetration Testing

Metatron is a CLI-based AI penetration testing assistant that runs entirely on your local machine - no cloud, no API keys, no subscriptions. You give it a target IP or domain. It runs real recon tools nmap, whois, whatweb, curl, dig, nikto, feeds all results to a locally running AI model, and the...

Server-Side Request Forgery (SSRF)

PowerJob is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of the targetIp and targetPort parameters in the checkConnectivity function of PingPongUtils, allowing attackers to trigger server-side network requests to arbitrary destinations...

PowerJob has a server-side request forgery vulnerability in PingPongUtils.java

A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the checkConnectivity function in the Network Request Handler component when processing the targetIp or targetPort arguments. An attacker can access internal resources or perform unauthorized network...

CVE-2025-14518

A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to...

CVE-2025-14518

PowerJob

CVE-2025-14518 PowerJob Network Request PingPongUtils.java checkConnectivity server-side request forgery

A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to...

PowerJob 安全漏洞

PowerJob is an open source distributed computing and job scheduling framework from PowerJob Open Source that allows developers to easily schedule tasks in their applications. A security vulnerability exists in PowerJob 5.1.2 and earlier versions, which originates in the function in the file...

EUVD-2019-13726

Malware in sbrugna...

Ivanti Connect Secure 22.7R2.5 - Remote Code Execution (RCE)

Exploit Title: Ivanti Connect Secure 22.7R2.5 - Remote Code Execution RCE Date: 2025-01-11 Exploit Author: @absholi7ly CVE: CVE-2025-0282 import requests import sys import struct import socket import ssl import urllib3 import time Disable SSL warnings...

📄 RemotePC Remote Code Execution

RemotePC suffers from an unauthenticated remote code execution vulnerability. The release for this on github offers no version information. Exploit Title: RemotePC - Unauthenticated RCE Date: 2025-04-14 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/akoc95/RemotePC Version: latest...

Webmin 2.202 Remote Code Execution

Webmin version 2.202 suffers from a remote code execution vulnerability. Exploit Title: Webmin RCE Leading to Privilege Escalation Google Dork: N/A Date: 05-03-2025 Exploit Author: Buğra Enis Dönmez Vendor Homepage: https://webmin.com/ Software Link: https://webmin.com/ Version: 2.202 Tested on:...

Exploit for CVE-2024-47176

CVE-2024-47176 Vulnerability Scanner for CUPS A simple tool t...

Vehicle Service Management System 1.0 Code Injection

============================================================================================================================================= | Title : Vehicle Service Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...

CMSsite 1.0 Shell Upload

============================================================================================================================================= | Title : CMSsite 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits ...

Alphaware E-Commerce System 1.0 Code Injection

============================================================================================================================================= | Title : Alphaware E-CommerceSystem 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

Exploit for Heap-based Buffer Overflow in Microsoft

CVE-2024-38077-EXP 基于伪代码https://sites.google.com/site/zhin...

Exploit for Path Traversal in Hsclabs Mailinspector

CVE-2024-34470 PoC and Bulk Scanner Overview This is a pr...