902 matches found
WordPress WPMasterToolKit 1.13.1 Shell Upload
WordPress WPMasterToolKit plugin versions 1.13.1 and below remote shell upload exploit...
Pexels Free Stock Photos 1.2.2 Shell Upload
Pexels Free Stock Photos versions 1.2.2 and below suffer from a remote shell upload vulnerability...
WordPress ThemeEgg ToolKit 1.2.9 Shell Upload
WordPress ThemeEgg ToolKit plugin versions 1.2.9 and below suffer from a remote shell upload vulnerability...
WordPress ACF City Selector 1.14.0 Shell Upload
WordPress ACF City Selector plugin version 1.14.0 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : WordPress ACF City Selector plugin versions...
WP Load Gallery 2.1.6 Shell Upload
WordPress WP Load Gallery plugin version 2.1.6 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : WP Load Gallery plugin v2.1.6 Code Injection...
Exploit for Command Injection in Materialsvirtuallab Pymatgen
A Rust exploitation script for CVE-2024-23346. As shown below t...
WordPress WP Load Gallery 2.1.6 Shell Upload
NgocCode WP Load Gallery plugin version 2.1.6 suffers from a remote shell upload vulnerability...
WordPress ACF City Selector 1.14.0 Shell Upload
WordPress ACF City Selector plugin versions 1.14.0 and below suffer from a remote shell upload vulnerability...
USN-7268-1 activemq vulnerabilities
It was discovered that Apache ActiveMQ incorrectly handled authentication. A remote attacker could possibly use this issue to run arbitrary code. CVE-2022-41678 It was discovered that Apache ActiveMQ incorrectly handled deserialization. A remote attacker could possibly use this issue to run...
CVE-2019-5162
An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...
MAL-2025-619 Malicious code in secure-toolbots (npm)
This package contains a multi-functional infostealer malware which establishes C2 via Discord, exfiltrating sensitive user data and files and providing remote shell access to an attacker. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...
MAL-2025-71 Malicious code in secure-toolkits (npm)
This package contains a multi-functional infostealer malware which establishes C2 via Discord, exfiltrating sensitive user data and files and providing remote shell access to an attacker. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...
Malicious code in secure-toolkits (npm)
This package contains a multi-functional infostealer malware which establishes C2 via Discord, exfiltrating sensitive user data and files and providing remote shell access to an attacker. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...
PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps
Cybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution. The backdoor, according to Google's Mandiant Managed Defense team,...
USN-7108-1 python-asyncssh vulnerabilities
Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. CVE-2023-46445 Fabian Bäumer, Marcus...
Malicious code in innostage (PyPI)
The package contains code to download and execute a reverse shell script. --- -= Per source details. Do not edit below this line.=- Source: kam193 ec433c9a241ed7127dc5d6f55b002e94a2407ddd47000e50355f118536e9021e When imported, the package download and runs a remote stage - a reverse shell. To mas...
Malicious code in cobo-python (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2f1c1c4efd134e130c04178382ff3ea318301fb18b5eb6eed696c49cf64e9ad6 It appears to be a forgotten pentest checking typosquatting against cobo-custody package, but may also have malicious purposes. During installation, if a machi...
Malicious code in cobo-custdoy (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1bb6da528665b6d869e583cb594f1f0cc7e7ccaf8cc5a7a859c0db9e7fa80c19 It appears to be a forgotten pentest checking typosquatting against cobo-custody package, but may also have malicious purposes. During installation, if a machi...
IntelliNet 2.0 Remote Root Exploit
Zero day remote root exploit for IntelliNet version 2.0. It affects multiple devices of AES Corp and Siemens. The exploit provides a remote shell and escalates your permissions to full root permissions by abusing execsuid. No authentication needed at all, neither any interaction from the victim...
HP Data Protector 6.1 EXEC_CMD Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP Data Protector 6.1 EXECCMD Command Execution', 'Description' = %q This module exploits HP Data Protector's omniinet process, specifically...