EUVD-2025-16338

Malicious code in bioql PyPI...

CVE-2025-5265 Potential local code execution in “Copy as cURL” command

Due to insufficient escaping of the ampersand character in the “Copy as cURL” feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.. Th...

Exploit for Server-Side Request Forgery in Kubernetes Apiserver

CVE-2022-3172 demo Run poc.sh create...

ChatBot < 4.4.7 - Unauthenticated PHP Object Injection

The plugin unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog To simulate a gadget chain, put the following code in a plugin: class Evil public function...

Trojan-Spy.Win32.Xspyout.a Unauthenticated Open Proxy

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/d1791ca15c5df6f8f5d007518efd65b6.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.Xspyout.a Vulnerability: Unauthenticated Open Proxy Description: The malware listen...

cgit &lt; 1.2.1 - &#039;cgit_clone_objects()&#039; Directory Traversal

There is a directory traversal vulnerability in cgitcloneobjects, reachable when the configuration flag enable-http-clone is set to 1 default: void cgitcloneobjectsvoid if !ctx.qry.path cgitprinterrorpage400, "Bad request", "Bad request"; return; if !strcmpctx.qry.path, "info/packs" printpackinfo...

NfSen 1.3.7 / AlienVault USM/OSSIM 5.3.4 Command Injection

Exploit Title: NfSen/AlienVault remote root exploit IPC query command injection Version: NfSen 1.3.6p1, 1.3.7 and 1.3.7-1bpo80+1all. Previous versions are also likely to be affected. Version: AlienVault 5.3.4 Date: 2017-07-10 Vendor Homepage: http://nfsen.sourceforge.net/ Vendor Homepage:...

Malware exploit: Xanity

Type: File Upload Author: Xiphos Research Ltd. TorCTPwn I was having a look at the C&C panel of the Xanity RAT for a bit of amusement, and noticed that it suffers an absurdly trivial shell upload vulnerability, outlined below. See: upload.php and note we can upload whatever the hell we want to a...

AirOS 6.x - Arbitrary File Upload

AirOS 6.x - Arbitrary File Upload EDB-Note Source: https://hackerone.com/reports/73480 Vulnerability It's possible to overwrite any file and create new ones on AirMax systems, because the "php2" maybe because of a patch don't verify the "filename" value of a POST request. It's possible to a...

Alcatel-Lucent OmniPCX Enterprise <= 7.1 Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25694/info Alcatel-Lucent OmniPCX Enterprise is prone to a remote command-execution vulnerability because it fails to adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary commands...

YVS Image Gallery SQL Injection

No description provided by source. -=+ Application: YVS Image Gallery -=+ Version: 0.0.0.1 -=+ Vendor's URL: http://yvs.vacau.com/gallery.html -=+ Platform: Windows\Linux\Unix -=+ Bug type: Sql INJECTIONS -=+ Exploitation: Remote -=- -=+ Author: Corrado Liotta Aka CorryL corryl80atgmaildotcom -=+...

ZonPHP 2.25 - Remote Code Execution

ZonPHP 2.25 - Remote Code Execution Exploit Title: ZonPHP V2.25 RCE Vulnerability Google Dork: intext:"Made by SLAPER" Date: 21-10-2013 Exploit Author: Halim Cruzito Vendor Homepage: http://www.slaper.be Software Link: http://www.slaper.be/zonPHPv225.zip Version: v2.25 Tested on: Windows 7 PoC: "...

Amazon S3 Uploadify Script - &#039;Uploadify.php&#039; Arbitrary File Upload

source: https://www.securityfocus.com/bid/54170/info Amazon S3 Uploadify Script is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to upload...

PHPCollab 2.5 Unauthenticated Access

Date: 3/5/2012 Author: team ' and 1=1-- Software Link: http://www.phpcollab.com/ Version: 2.5 Vulnerability was found during the AthCon IT Security Conference CTF CTF organizer: echothrust We identified that the PhpCollab application installed under http://192.0.0.2/phpcollab/ allows the...

YVS Image Gallery Sql Injection

Exploit for php platform in category web applications -=+ Application: YVS Image Gallery -=+ Version: 0.0.0.1 -=+ Vendor's URL: http://yvs.vacau.com/gallery.html -=+ Platform: Windows\Linux\Unix -=+ Bug type: Sql INJECTIONS -=+ Exploitation: Remote -=- -=+ Author: Corrado Liotta Aka CorryL...

YVS Image Gallery - SQL Injection

-=+ Application: YVS Image Gallery -=+ Version: 0.0.0.1 -=+ Vendor's URL: http://yvs.vacau.com/gallery.html -=+ Platform: Windows\Linux\Unix -=+ Bug type: Sql INJECTIONS -=+ Exploitation: Remote -=- -=+ Author: Corrado Liotta Aka CorryL corryl80atgmaildotcom -=+ Facebook:...

BOA Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection

BOA Web Server 0.94.x - Terminal Escape Sequence in Logs Command Injection source: https://www.securityfocus.com/bid/37718/info Boa Webserver is prone to a command-injection vulnerability because it fails to adequately sanitize user-supplied input in logfiles. Attackers can exploit this issue to...