Kai-Tools

Kai Tools 🚀 Kai Tools adalah suite keamanan dan intelijen...

Exploit for CVE-2024-12029

Alternative-Approach-Reverse-Shell-Callback-Test-InvokeAI-RCE...

📄 Supermicro Onboard IPMI X9SCL / X9SCM SMT_X9_214 PHP Buffer Overflow

Supermicro Onboard IPMI X9SCL and X9SCM with firmware SMTX9214 PHP proof of concept buffer overflow exploit that spawns a reverse shell. It exploits an older vulnerability from 2013...

Exploit for CVE-2026-27574

CVE-2026-27574-OneUptime-RCE !Authorhttps://img.shields.io/...

CVE-2020-37002

CVE-2020-37002 — Ajenti 2.1.36 : An authentication bypass vulnerability exists in the web admin panel that allows remote attackers, after successful login, to execute arbitrary commands via the "/api/terminal/create" endpoint. The impact is described as command execution with potential reverse sh...

CVE-2023-53959 FileZilla Client 3.63.1 DLL Hijacking via Missing TextShaping.dll

FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code...

CVE-2023-53959 FileZilla Client 3.63.1 DLL Hijacking via Missing TextShaping.dll

FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code...

Exploit for Deserialization of Untrusted Data in Microsoft

WSUS-CVE-2025-59287-RCE CVE-2025-59287 is a critical CVSS...

Exploit for CVE-2024-28397

CVE-2024-28397 RCE Script Default reverse shell payload and o...

ZesleCP 3.1.20 Privilege Escalation

ZesleCP version 3.1.20 remote privilege escalation exploit that leverages cron to achieve root level privileges. Exploit Title: ZesleCP v3.1.20 - Privilege Escalation Exploit Author: Ahmet Ümit BAYRAM Date: 09.11.2024 Vendor Homepage: https://zeslecp.com Tested on: Ubuntu 20.04 Privilege Escalati...

Exploit for Cross-site Scripting in Wondercms

CVE-2023-41425-WonderCMS-Authenticated-RCE Description Won...

CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

4images 1.9 Remote Command Execution Vulnerability

Exploit Title: 4images 1.9 - Remote Command Execution Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.9 Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" - " Edit Templates" - "Select...

Exploit for OS Command Injection in Gerapy

CVE-2021-43857 Gerapy prior to version 0.9.8 is vulnerable to...

Exploit for CVE-2017-0143

MS17-010 🖥️ -h3x0v3rl0rd- ️⃣ CVE-2017-0143 Docker Usin...

Exploit for Link Following in Docker Desktop

CVE-2020-10665 Docker Desktop Local Privilege Escalation POC...

ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution

Exploit Title: Arbitrary Code Execution Google Dork: N/A Date: 03-07-2018 Exploit Author: Clutchisback1 Vendor Homepage: https://www.acl.com Software Link: https://www.acl.com/products/acl-analytics/ Version: 11.x - 13.0.0.579 Tested on: Windows 7 pro SP1 x86 Clutchisback1 ///\ I'll get OSCP one...

HP Client 9.19.08.17.9 - Command Injection

HP Client 9.19.08.17.9 - Command Injection Exploit Title: HP Client - Automation Command Injection Date: 10/10/2016 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vendor Homepage: Previosuly HP, now http://www.persistentsys.com/ Version: Tested on version 7.9 but should work on 8.1, 9.0, 9.1...

Websense (Triton 7.6) Remote Command Execution

======= Summary ======= Name: Websense Triton 7.6 Unauthenticated remote command execution as SYSTEM Release Date: 30 April 2012 Reference: NGS00140 Discoverer: Ben Williams Vendor: Websense Vendor Reference: Systems Affected: Risk: Critical Status: Published ======== TimeLine ======== Discovered...

NGS00140 Technical Advisory: Websense Triton 7.6 - unauthenticated remote command execution as SYSTEM

======= Summary ======= Name: Websense Triton 7.6 Unauthenticated remote command execution as SYSTEM Release Date: 30 April 2012 Reference: NGS00140 Discoverer: Ben Williams [email protected] Vendor: Websense Vendor Reference: Systems Affected: Risk: Critical Status: Published ========...