AEGIS: White-Box Attack Path Generation Using LLMs and Training Effectiveness Evaluation for Large-Scale Cyber Defence Exercises

Creating attack paths for cyber defence exercises requires substantial expert effort. Existing automation requires vulnerability graphs or exploit sets curated in advance, limiting where it can be applied. We present AEGIS, a system that generates attack paths using LLMs, white-box access, and...

CVE-2024-33060

creationtimestamp| type| source ---|---|--- 2024-09-02 15:33:12+00:00| seen| https://t.me/cvedetector/4628 2024-12-16 05:11:23+00:00| seen| https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html 2024-12-16 16:32:27+00:00| seen|...

PHPJabbers Event Booking Calendar 4.0 Cross Site Scripting / HTML Injection

Exploit Title: PHPJabbers Event Booking Calendar v4.0 - Multiple Stored XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/event-booking-calendar/sectionDemo Version: v4.0 Tested o...

Tftpd32_SE 4.60 Unquoted Service Path

Exploit Title: Tftpd32SE 4.60 - 'Tftpd32svc' Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 10-13-2022 Vendor Homepage: https://pjo2.github.io/tftpd64/ Software Links : https://bitbucket.org/phjounin/tftpd64/downloads/Tftpd32SE-4.60-setup.exe Tested Version: 4.60 Vulnerability...

Blockchain AltExchanger 1.2.1 SQL Injection Vulnerability

Information Vulnerability Name : Multiple Remote SQL Injections in Inout Blockchain AltExchanger Product : Inout Blockchain AltExchanger version : 1.2.1 Vendor Site : https://www.inoutscripts.com/products/inout-blockchain-altexchanger/ Exploit Detail :...

WordPress WP User Frontend 3.5.25 SQL Injection

Exploit Title: WordPress Plugin WP User Frontend 3.5.25 - SQLi Authenticated Date 20.02.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://wedevs.com/ Software Link: https://downloads.wordpress.org/plugin/wp-user-frontend.3.5.25.zip Version: 3.5.25 Tested on: Ubuntu 20.04 CVE:...

Exploit for Code Injection in Cisco Adaptive_Security_Device_Manager

staystaystay staystaystay is a proof of concept exploit for...

Exploit for Cross-site Scripting in House_Rental_And_Property_Listing_Php_Project House_Rental_And_Property_Listing_Php

CVE-2021-25790-Multiple-Stored-XSS: Multiple Stored XSS in Ho...

Advanced Custom Field Pro < 5.9.1 - Reflected Cross-Site Scripting (XSS)

The plugin did not properly escape the generated update URL when outputting it in an attribute, leading to a reflected Cross-Site Scripting issue in the update settings page. The PoC will be displayed on April 16, 2021, to give users the time to update...

WordPress Plugin litespeed cache 3.6 - &#039;server_ip&#039; Cross-Site Scripting

Exploit Title: WordPress Plugin litespeed-cache 3.6 - 'serverip' Cross-Site Scripting Date: 20-12-2020 Software Link: https://downloads.wordpress.org/plugin/litespeed-cache.3.6.zip Version: litespeed-cache Tested on: Windows 10 x64 Description: A Stored Cross-site scripting XSS was discovered in...

Alps HID Monitor Service 8.1.0.10 - &#039;ApHidMonitorService&#039; Unquote Service Path

Exploit Title: Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path Date: 2019-11-07 Exploit Author: Héctor Gabriel Chimecatl Hernández Vendor Homepage: https://www.alps.com/e/ Software Link: https://www.alps.com/e/ Version: 8.1.0.10 Tested on: Windows 10 Home Single...

Zoho ManageEngine ServiceDesk Plus 9.3 - SiteLookup.do Cross-Site Scripting

Zoho ManageEngine ServiceDesk Plus 9.3 - SiteLookup.do Cross-Site Scripting Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SiteLookup.do Date: 2019-06-04 Exploit Author: Tarantula Team - VinCSS a member of Vingroup Vendor Homepage:...

PHPRunner 10.1 - Denial of Service Exploit

Exploit Title: PHPRunner 10.1 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://xlinesoft.com/ Software Link: https://xlinesoft.com/phprunner/download.htm Tested Version: 10.1 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the crash: 1.- Run python code:...

Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)

Simple Online Hotel Reservation System - Cross-Site Request Forgery Delete Admin Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 25, 2019 Vendor Homepage:...

Siyah Beyaz Bilisim Web Design 1.0 SQL Injection

Exploit Title : Siyah Beyaz BiliAim Web Design 1.0 SQL Injection Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 02/12/2018 Vendor Homepage : siyahbeyazbilisim.com Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version Information :...

Tenable WAS-Scanner 7.4.1708 - Remote Command Execution

Tenable WAS-Scanner 7.4.1708 - Remote Command Execution Exploit Title: Tenable WAS-Scanner 7.4.1708 - Remote Command Execution Discovery by: Sameer Goyal Discovery Date: 2018-05-30 Vendor Homepage: https://www.tenable.com/ Software Link:...

Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications input type="hidden" name="pw...

WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion

WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion...

CloudMe Sync 1.11.0 - Local Buffer Overflow

Exploit Title: Local Buffer Overflow on CloudMe Sync v1.11.0 Date: 08.03.2018 Vendor Homepage: https://www.cloudme.com/en Software Link: https://www.cloudme.com/downloads/CloudMe1110.exe Category: Local Exploit Discovery: Prasenjit Kanti Paul Web: http://hack2rule.wordpress.com/ Version: 1.11.0...

CloudMe Sync 1.11.0 Local Buffer Overflow

Exploit Title: Local Buffer Overflow on CloudMe Sync v1.11.0 Date: 08.03.2018 Vendor Homepage: https://www.cloudme.com/en Software Link: https://www.cloudme.com/downloads/CloudMe1110.exe Category: Local Exploit Discovery: Prasenjit Kanti Paul Web: http://hack2rule.wordpress.com/ Version: 1.11.0...