eCPPT-Penetration-Testing-Reports

eCPPT Penetration Testing Reports Penetration testing lab rep...

AXE: An Agentic EXploit Engine for Confirming Zero-Day Vulnerability Reports

Vulnerability detection tools are widely adopted in software projects, yet they often overwhelm maintainers with false positives and non-actionable reports. Automated exploitation systems can help validate these reports; however, existing approaches typically operate in isolation from detection...

CVE-2022-35228

SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successfu...

EUVD-2020-29028

Malware in sbrugna...

EUVD-2019-11941

Malware in sbrugna...

EUVD-2016-4827

Malware in sbrugna...

EUVD-2016-3502

Malware in sbrugna...

EUVD-2014-3605

Malware in sbrugna...

EUVD-2003-0854

Malware in sbrugna...

EUVD-2023-45178

Malicious code in bioql PyPI...

EUVD-2021-30669

Malicious code in bioql PyPI...

Exploit for CVE-2012-0053

This repository is an offensive tool for web application exploitation, specifically for cross-site scripting XSS attacks. It contains a collection of payloads and scripts that can be used to exploit vulnerabilities in web applications. The payloads are designed to be injected into a vulnerable we...

K8tools

It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and evasion. The primary focus is...

CVE-2019-13200

The web application of several Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions...

CVE-2019-8740

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 13.1 and iPadOS 13.1, watchOS 6, tvOS 13. An application may be able to execute arbitrary code with kernel privileges...

PT-2025-20215 · Unknown · Bistromatic N360 | Splash Screen

Name of the Vulnerable Software and Affected Versions: bistromatic N360 | Splash Screen versions 1.0.0 through 1.0.6 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. Specifically, it is a Stored XSS...

CVE-2025-1970

The Export and Import Users and Customers plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.2 via the validatefile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web request...

CVE-2024-42004

A library injection vulnerability exists in Microsoft Teams work or school 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this...

CVE-2024-4343

A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...

Dell OpenManage Server Administrator Input Validation Error Vulnerability

Dell OpenManage Server Administrator Dell OMSA is a software agent from Dell Dell USA. Provides a comprehensive one-to-one systems management solution in two ways. An input validation error vulnerability exists in Dell OpenManage Server Administrator version 11.0.1.0 and prior versions, which...