CVE-2026-28279

osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...

📄 Metasploit Web Delivery PHP Proof of Concept

This project presents an advanced proof of concept that emulates the behavior of Metasploit's multi/script/webdelivery module using PHP. The goal is to demonstrate how script-based payload delivery works in a modular and extensible way, without relying directly on Metasploit. The script launches ...

EUVD-2025-22142

Malicious code in bioql PyPI...

Malicious code in test-mlw2-liner-seamy (npm)

The package test-mlw2-liner-seamy was found to contain malicious code...

MAL-2025-35692 Malicious code in test-mlw2-liner-seamy (npm)

The package test-mlw2-liner-seamy was found to contain malicious code...

awesome-oneliner-bugbounty

This repository is an offensive tool for bug bounty hunting. It contains a collection of one-liner scripts for identifying vulnerabilities, particularly for bug bounty tips. The primary CVE ID present in the context is not explicitly mentioned, but the repository includes scripts for Local File...

CVE-2025-51869

Insecure Direct Object Reference IDOR vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted spaceid, threadid, and messageid parameters to the v1/space/spaceid/thread/threadid/message/messageid endpoint...

CVE-2025-51869

Insecure Direct Object Reference IDOR vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted spaceid, threadid, and messageid parameters to the v1/space/spaceid/thread/threadid/message/messageid endpoint...

PT-2025-30335 · Liner · Liner

Name of the Vulnerable Software and Affected Versions: Liner versions through 2025-06-03 Description: An Insecure Direct Object Reference IDOR vulnerability exists that allows attackers to gain sensitive information. The vulnerability is exploitable through crafted space id, thread id, and messag...

CVE-2025-51869

Insecure Direct Object Reference IDOR vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted spaceid, threadid, and messageid parameters to the v1/space/spaceid/thread/threadid/message/messageid endpoint...

CVE-2025-51869

Insecure Direct Object Reference IDOR vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted spaceid, threadid, and messageid parameters to the v1/space/spaceid/thread/threadid/message/messageid endpoint...

Liner 安全漏洞

Liner is an AI large language modeling platform from Liner. A security vulnerability exists in Liner version 2025-06-03 and earlier, which stems from improper access control of the spaceid, threadid, and messageid parameters, which could lead to the disclosure of sensitive information...

CVE-2025-51869

CVE-2025-51869 describes an Insecure Direct Object Reference (IDOR) in Liner up to 2025-06-03. The vulnerability affects the /v1/space/{space_id}/thread/{thread_id}/message/{message_id} endpoint and can disclose sensitive information via crafted space_id, thread_id, and message_id parameters. Aff...

SDomDiscover - A Easy-To-Use Python Tool To Perform DNS Recon

/ // \ / \ \ / / / / / / / / / / / / \ | / / / / / / // / // / / / / / / // / // // / |/ / / / ///// // ///////|/// A easy-to-use python tool to perform dns recon with multiple options Installation: It can be installed in any OS with python3 Manual installation git clone...

Exploit for Incomplete Cleanup in Linux Linux_Kernel

CVE-2021-4032-NoGCC Test in: Ubuntu 20...

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2020-9496 - RCE Because the 2 xmlrpc related requets in we...

Exploit for Deserialization of Untrusted Data in Apache Ofbiz

CVE-2020-9496 - RCE Because the 2 xmlrpc related requets in we...

One-Lin3r v2.1 - Gives You One-Liners That Aids In Penetration Testing Operations, Privilege Escalation And More

One-Lin3r is simple modular and light-weight framework gives you all the one-liners that you will need while penetration testing Windows, Linux, macOS or even BSD systems or hacking generally with a lot of new features to make all of this fully automated ex: you won't even need to copy the...

How to: Kerberoast like a boss

Kerberoasting: by default, all standard domain users can request a copy of all service accounts along with their correlating password hashes. Crack these and you could have administrative privileges. But that’s so 2014. Why write a blog post about this in 2019 then? It still works well, yet there...

Armor - Tool Designed To Create Encrypted macOS Payloads Capable Of Evading Antivirus Scanners

Armor is a simple Bash script designed to create encrypted macOS payloads capable of evading antivirus scanners. Below is an example gif of Armor being used with a simple Netcat payload. A Netcat listener is started on port 4444. The "payload.txt" file is read and shown to contain a simple Bash...