picoctf-2025-unsafe-eval-writeup

picoCTF 2025 — Unssafe Eval Web Exploitation Challenge:...

Malicious code in leavemealone (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5628eb1d01e8eb7de8a582cd9ea85dff68eafde06f4e1164ae92842354db0bf7 During building the package, it executes encrypted code. The content is unclear as the decryption key bases on the local environment variable. Given leaving a...

MAL-2026-867 Malicious code in pandaai (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 df1ebe5561b29a204a7e66d7c192f0f6e3814311636ca14cdeffe47b8f812810 Package is a typosquatting or dependency confusion attempt with a low-harm local-only action, like leaving a flag file. --- Category: PROBABLYPENTEST - Package...

Exploit for CVE-2025-55182

CVE-2025-55182 Scanner & Exploit Lab This repository contains...

MAL-2025-191805 Malicious code in nspacercesolve (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8a8c6f18d1f22d3d0f0b9902a176d91fdfe33270faea47c835a0078955b85914 During installation, the package looks for a flag file and exfiltrates it. Similar content is in the main file. There is no other purpose of the package ---...

Exploit for OS Command Injection in Php

CVE-2024-4577 CTF Challenge Overview This CTF challenge de...

RHEL 2.1 : fileutils (RHSA-2003:310)

Updated fileutils packages that close a potential denial of service vulnerability are now available. The fileutils package contains several basic system utilities. One of these utilities is the 'ls' program, which is used to list information about files and directories. Georgi Guninski discovered...