TextPad 9.3.0 Command Injection

TextPad version 9.3.0 suffers from a remote command injection vulnerability when it opens a batch file. Exploit Title: TextPad v9.3.0 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 17.09.2023 Vendor Homepage: https://www.textpad.com Software Link:...

XMedia Recode 3.5.8.4 Command Injection

XMedia Recode version 3.5.8.4 suffers from a command injection vulnerability. Exploit Title: XMedia Recode v3.5.8.4 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 16.09.2023 Vendor Homepage: https://www.xmedia-recode.de Software Link: https://www.xmedia-recode.de/downloa...

Webmin 2.202 Remote Command Execution

Webmin version 2.202 remote command execution exploit that provides a reverse shell. ============================================================================================================================================= | Title : Webmin 2.202 Reverse Shell attack | | Author : indoushka | |...

Ghostscript 9.21 Arbitrary Command Execution

Ghostscript version 9.21 exploit that leverages a flaw from 2017 to execute arbitrary commands and provides a reverse shell. ============================================================================================================================================= | Title : Ghostscript versions...

Wazuh 4.4.0 Remote Code Execution

Wazuh version 4.4.0 proof of concept remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : Wazuh v4.4.0 PHP Code Injection Vulnerability | | Author...

Exploit for CVE-2024-2961

PHP file-read to RCE CVE-2024-2961 TODO Parse LIBC to kn...

LimeSurvey 5.2.4 Shell Upload

LimeSurvey version 5.2.4 proof of concept exploit that upload a malicious PHP plugin to obtain a reverse shell...

Exploit for Deserialization of Untrusted Data in Themekraft Buddyforms

usage: python exploit.py "/wp-admin/admin-ajax.php" 'bash -c "ba...

Exploit for Relative Path Traversal in Fortinet Fortimanager

Fortimanager insufficient authorization checks CVE-2024-23666...

Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection

Cybersecurity researchers have uncovered two malicious machine learning ML models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning...

CVE-2022-29216

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's savedmodelcli tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had...

Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers

Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic. According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a "magic packet" sent by the...

Exploit for Unrestricted Upload of File with Dangerous Type in Limesurvey

CVE-2021-44967 Exploit Title: LimeSurvey 5.2.4 - Authen...

Exploit for CVE-2024-42327

Zabbix-CVE-2024-42327 RCE PoC...

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, whic...

Malicious code in genz-translator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 983b5b328e433d81113b3e170f313aba83ae5eff0ecd515fc9865ca3a5be1ee9 Installing the package installs a reverse shell. As the mentioned domain doesn't seem to exist, it may be a test designed for an internal usage --- Category:...

MAL-2024-12275 Malicious code in genz-translator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 983b5b328e433d81113b3e170f313aba83ae5eff0ecd515fc9865ca3a5be1ee9 Installing the package installs a reverse shell. As the mentioned domain doesn't seem to exist, it may be a test designed for an internal usage --- Category:...

Exploit for Improper Restriction of XML External Entity Reference in Wordpress

POC CVE-2021029447 - XXE in WordPress WordPress 5.6-5.7 - Au...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 Exploit Proof-of-Concept Overview This rep...

MAL-2024-12314 Malicious code in nirohf-reverse-shell (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2b0a9ce248bca096b5109a73b943559cabbd6f77433d4a64cd1c804f7ec88df Installing starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...