EUVD-2026-25936

An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code executio...

Security update for c3p0 and mchange-commons

This update for c3p0 and mchange-commons fixes the following issues: c3p0: Security issues fixed: CVE-2026-27830: Fixed unsafe object deserialization bsc1258942 Fix the null pointer exception in the userOverridesAsString method bsc1259313. mchange-commons: Security issues fixed: CVE-2026-27727:...

Exploit for Deserialization of Untrusted Data in Apache Parquet_Java

CVE-2025-30065 This repository illustrates how to exploit CVE...

Arbitrary Command Execution

org.jupiter-rpc:jupiter-serialization-kryo is vulnerable to Arbitrary Command Execution. The vulnerability is due to improper configuration which allows remote class loading. The deserialization vulnerability allows an attacker to execute arbitrary commands via crafted RPC requests...

Medium: java-1.8.0-amazon-corretto

Issue Overview: Improve CORBA communication: CORBA deserialization can result in outbound network connections with data passed in. CVE-2023-21830 Better Banking of Sounds: JARSoundbankReader can load classes from remote URLs. CVE-2023-21843 Affected Packages: java-1.8.0-amazon-corretto Note: This...

h2: Loading of custom classes from remote servers through JNDI

A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script...

VulnCheck KEV: CVE-2014-0114

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute...

Log4Shell HTTP Header Injection

Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will exploit an HTTP end point with the Log4Shell vulnerability by...

Exploit for CVE-2020-2551

WebLogic-CVE-2020-2551-To-Internet CVE-2020-2551: POC fo...

Java deserialization vulnerability of the weblogic local use to achieve article-vulnerability warning-the black bar safety net

weblogic in the domestic scope of application more widely, supporting many of the company's core business, it has not put the weblogic to use the tool to publish it. However, many recent Party a friend asked me if I had a convenient tool to detect their companies deployed in the network of...

Java RMI Server Insecure Default Configuration Java Code Execution

This module takes advantage of the default configuration of the RMI Registry and RMI Activation services, which allow loading classes from any remote HTTP URL. As it invokes a method in the RMI Distributed Garbage Collector which is available via every RMI endpoint, it can be used against both...

WordPress acento theme Arbitrary File Download Vulnerability

Exploit for php platform in category web applications +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : WordPress acento theme Arbitrary File Download Vulnerability Author : alieye vondor : http://www.wpbyexample.com/detail/acentocultural.com Contact : email protected Risk : High...

Java RMI Server Insecure Endpoint Code Execution Scanner

Detect Java RMI endpoints This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/java/serialization' class MetasploitModule 'Java RMI Server Insecure Endpoint Code Execution Scanner', 'Description' = 'Detect Jav...

Java RMI Services Default Configuration Remote Loading

Added: 07/29/2011 Background The Java Remote Method Invocation RMI system allows an object running in one Java virtual machine to invoke methods on an object running in another Java virtual machine. RMI provides for remote communication between programs written in the Java programming language...

Java RMI Server Insecure Default Configuration Java Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Java RMI Server Insecure Default...

KnowledgeBuilder 2.2 - visEdit_Control.Class.php Remote File Inclusion

KnowledgeBuilder 2.2 - visEditControl.Class.php Remote File Inclusion source: https://www.securityfocus.com/bid/20857/info KnowledgeBuilder is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to...

GrapAgenda 0.1 - 'page' Remote File Inclusion

Kurdish Security Advisory Original Advisory : http://kurdishsecurity.blogspot.com/2006/09/kurdish-security-25-grapagenda-remote.html Script : GrapAgenda Site : http://www.graphiks.net Version : 0.1 Risk : High Class : Remote Contact : [email protected] and irc.gigachat.net kurdhack Nice cracker...

faqscript.txt

Kurdish Security FAQ Script v1.0 Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : FAQ Script Site : http://www.knusperleicht.at Code : //if the script is includet you have to set this path else the path...

quickie.txt

Kurdish Security Quickie Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : Kurdish Security FileManager Remote Command Execution Freedom For Ocalan Contact : irc.gigachat.net kurdhack &...

PgMarket 2.2.3 - CFG[libdir] Remote File Inclusion

PgMarket 2.2.3 - CFGlibdir Remote File Inclusion C Y B E R - W A R R i O R T I M PgMarket 2.2.3 CFGlibdir Remote File Inclusion Vulnerabilities Author: xoron Class : Remote cont@ct: x0r0nathotmaildotcom Code: include $CFG"libdir" . "stdlib.inc.php"; Exploit:...