CVE-2023-31446

In Cassia Gateway firmware XC10002.1.1.2303082218 and XC20002.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup...

CVE-2023-31446

Cassia Gateway firmware versions XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947 expose a vulnerability where the queueUrl parameter in /bypass/config is not sanitized, enabling injection of Bash code that executes with root privileges at device startup. This affects the Cassia Gateway firmwa...

cpio 2.13 Privilege Escalation Vulnerability

cpio version 2.13 suffers from a privilege escalation vulnerability via setuid files in a cpio archive. cpio privilege escalation vulnerability via setuid files in cpio archive Happy New Year, let in 2024 happiness be with you! : When extracting archives cpio at least version 2.13 preserves the...

cpio 2.13 Privilege Escalation

cpio privilege escalation vulnerability via setuid files in cpio archive Happy New Year, let in 2024 happiness be with you! : When extracting archives cpio at least version 2.13 preserves the setuid flag, which might lead to privilege escalation. One example is r00t extracts to /tmp/ and scidiot...

PT-2024-1049 · Cassia · Cassia Gateway Firmware Xc2000 +1

Name of the Vulnerable Software and Affected Versions: Cassia Gateway firmware XC1000 2.1.1.2303082218 Cassia Gateway firmware XC2000 2.1.1.2303090947 Description: The issue is related to the queueUrl parameter in the "/bypass/config" API endpoint, which is not properly sanitized. This allows for...

CVE-2023-52137

The tj-actions/verify-changed-files action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The verify-changed-files workflow returns the list of files changed within a workflow execution. This could potentially allow...

SUSE CVE-2023-50254

Deepin Linux's default document reader deepin-reader software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution RCE can be achieved by...

Exploit for Improper Access Control in Joomla Joomla\!

CVE-2023-23752 Description This repository contains Pytho...

BlueBunny - BLE Based C2 For Hak5's Bash Bunny

C2 solution that communicates directly over Bluetooth-Low-Energy with your Bash Bunny Mark II. Send your Bash Bunny all the instructions it needs just over the air. Overview Structure Installation & Start 1. Install required dependencies pip install pygatt "pygattGATTTOOL" Make sure BlueZ is...

Exploit for Improper Access Control in Joomla Joomla\!

Usage...

Exploit for Improper Access Control in Joomla Joomla\!

Joomla! v4.2.8 - Unauthenticated Information Disclosure Ex...

Hades-C2 - Hades Basic Command And Control Server

Hades is a basic Command & Control server built using Python. It is currently extremely bare bones, but I plan to add more features soon. Features are a work in progress currently. This is a project made mostly for me to learn Malware Development, Sockets, and C2 infrastructure setups. Currently,...

SUSE SLES15 Security Update : salt (SUSE-SU-2023:4390-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4390-1 advisory. - allows an attacker to force Salt-SSH to run their script fedora-all CVE-2023-34049 Note that Nessus has not tested for this issue but has...

Exploit for Incorrect Authorization in Canonical Ubuntu_Linux

CVE-2023-32629 & CVE-2023-2640 : Privilege escalation Ubuntu P...

SUSE-SU-2023:4372-1 Security update for util-linux

This update for util-linux fixes the following issues: - CVE-2018-7738: Fixed shell code injection in umount bash-completions bsc1213865...

Rocky Linux 9 : bash (RLSA-2023:0340)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0340 advisory. - A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parametertransform. This issue may lead to memory problems. CVE-2022-3715...

Exploit for Code Injection in Gitlab

gitlab-cve-2021-22205 A simple bash script that exploits CVE-2...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2023-46747-POC F5 BIG-IP unauthenticated remote code execu...

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963-Poc-Bearcules This is a POC for CVE-2022-229...

Arsenal - Just A Quick Inventory And Launcher For Hacking Programs

Arsenal is just a quick inventory, reminder and launcher for pentest commands. This project written by pentesters for pentesters simplify the use of all the hard-to-remember commands In arsenal you can search for a command, select one and it's prefilled directly in your terminal. This functionali...