CVE-2025-68686

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions may allow a remote unauthenticated attacker to bypas...

EUVD-2022-55931

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains a conditional command injection vulnerability that allows local authenticated users to create malicious files in the /tmp directory. Unauthenticated attackers can execute commands by making a single HTTP POST request to the traceroute.php script, which...

EUVD-2017-3704

Malware in sbrugna...

EUVD-2022-32047

Malicious code in bioql PyPI...

CVE-2025-6143 TOTOLINK EX1200T HTTP POST Request formNtp buffer overflow

A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to...

PT-2025-26494 · Totolink · Totolink N300Rt

Name of the Vulnerable Software and Affected Versions: TOTOLINK N300RH version 6.1c.1390 B20191101 Description: A critical issue was found in the HTTP POST Message Handler of the TOTOLINK N300RH, affecting some unknown functionality of the file /boafrm/formPortFw. The manipulation of the service...

CVE-2017-8220

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data...

Simple Ajax Chat < 20240223 - Unauthenticated Stored XSS

Description The plugin does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. await fetch"http://vulnerable-site.tld/wp-content/plugins/simple-ajax-chat/simple-ajax-chat-core.php?sacSendChat=yes", "credentials": "include",...

New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode

Cybersecurity researchers have documented a novel post-exploit persistence technique on iOS 16 that could be abused to fly under the radar and maintain access to an Apple device even when the victim believes it is offline. The method "tricks the victim into thinking their device's Airplane Mode...

PEzor-Docker - With The Help Of This Docker Image, You Can Easily Access PEzor On Your System!

With the help of this kali linux image, you can easily access PEzor on your system! Basically, this image is built from the kalilinux/kali-rolling image and then the PEzor shellcode and PE packer is installed on top of it. Sometimes, it's vital to have access to PEzor, specially in a post exploit...

Advanced Menu Manager <= 3.0 - Unauthorised Menu Creation/Deletion

The plugin is lacking any capability and CSRF checks in its myactiondeletemenu and myactioncreatemenuajax AJAX actions, allowing any authenticated users such as subscriber to call them. Such attack could also be performed via a CSRF vector against any logged in user. - To delete a menu: POST...

CVE-2020-29303

A cross-site scripting XSS vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with drtsformbuildid parameter containing the XSS payload and t paramet...

Apfell - A macOS, Post-Exploit, Red Teaming Framework

A macOS, post-exploit, red teaming framework built with python3 and JavaScript. It's designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout mac and linux based red teaming. Details Check out thre blog post on the initial release of the...

CVE-2025-34096

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/easyfilesharingpost.rb 2025-10-23 21:13:04+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

Recent Python Meterpreter Improvements

The Python Meterpreter has received quite a few improvements this year. In order to generate consistent results, we now use the same technique to determine the Windows version in both the Windows and Python instances of Meterpreter. Additionally, the native system language is now populated in the...

mimipenguin - A Tool To Dump The Login Password From The Current Linux User

A tool to dump the login password from the current linux desktop user. Adapted from the idea behind the popular Windows tool mimikatz. Details Takes advantage of cleartext credentials in memory by dumping the process and extracting lines that have a high probability of containing cleartext...

Stealthy PHP Web Shell Backdoor: Weevely

Stealthy PHP Web Shell Backdoor Weevely is a command line web shell dinamically extended over the network at runtime used for administration and pen testing of remote web accesses. It provides a weaponized telnet-like console through a PHP script running on the target, even in restricted...

Mini HTTPD 1.21 - Stack Buffer Overflow POST Exploit

No description provided by source. !/usr/bin/python Title: Mini HTTPD stack buffer overflow POST exploit Author: TheColonial Date: 20 Feb 2013 Software Link: http://www.vector.co.jp/soft/winnt/net/se275154.html Vendor Homepage: http://www.picolix.jp/ Version: 1.21 Tested on: Windows XP Profession...

MyBulletinBoard 1.0 - Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14762/info MyBulletinBoard is prone to multiple SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in an SQL query. Successful exploitation could...

Job Site 1.0 - Multiple Vulnerabilities

Jobsite logo - Multiple Vulnerabilties =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://sourceforge.net/projects/jobfinder/...