EUVD-2022-33003

Malicious code in bioql PyPI...

CVE-2025-37127 Authenticated Replay Attack contains Cryptographic Vulnerability

A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system, potentially...

AutoRDPwn

This is a post-exploitation framework called AutoRDPwn, written in PowerShell. It is designed to automate the Shadow attack on Microsoft Windows computers, which allows a remote attacker to view and control the victim's desktop without their consent. The framework has a user-friendly interface an...

Exploit for CVE-2007-2447

Internship Project 2 — Penetration Testing on Metasploitable2...

CVE-2025-9996

CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session...

CVE-2025-52548

E3 Site Supervisor Control firmware version 2.31F01 contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the...

CVE-2013-10069 D-Link Devices Unauthenticated RCE

The web interface of multiple D-Link routers, including DIR-600 rev B ≤2.14b01 and DIR-300 rev B ≤2.13, contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to...

CVE-2013-10050

An OS command injection vulnerability exists in multiple D-Link routers confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13 via the authenticated toolsvct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid...

PT-2025-29911 · Maxkb · Maxkb

Name of the Vulnerable Software and Affected Versions: MaxKB versions prior to 2.0.0 Description: MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because the software only restricts the execution permissions of files in a...

📄 TinyWebGallery 2.7 Shell Upload

TinyWebGallery version 2.7 suffers from an authenticated remote shell upload vulnerability. Exploit Title: TinyWebGallery 2.7 - Authenticated Shell Upload Date: 2025-27-06 Exploit Author: tmrswrr Vendor Homepage: https://www.tinywebgallery.com Version: 2.7 Tested on:...

CVE-2025-26412

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands...

Exploit for Stack-based Buffer Overflow in Ivanti Connect_Secure

PoC for CVE-2025-22457 A remote unauthenticated stack based b...

CVE-2024-38278

A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.9.0, RUGGEDCOM RMC8388NC V5.X All versions V5.9.0, RUGGEDCOM RS416NCv2 V5.X All versions V5.9.0, RUGGEDCOM RS416PNCv2 V5.X All versions V5.9.0, RUGGEDCOM RS416Pv2 V5.X All versions V5.9.0, RUGGEDCOM RS416v2 V5.X All...

CVE-2024-6913

Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a remote shell on the windows system.This issue affects ProcessPlus: through 1.11.6507.0...

CVE-2023-24508

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods...

CVE-2022-44544

Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript...

CVE-2021-26809

PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php...

CVE-2021-36582

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...

CVE-2019-1010151

zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php...

WordPress PDF 2 Post 2.4.0 Shell Upload

WordPress PDF 2 Post plugin versions 2.4.0 and below suffers from a remote shell upload vulnerability via a zip file...