CVE-2023-53945 BrainyCP 1.0 Remote Code Execution via Authenticated Crontab Manipulation

BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that spawns a reverse shell to a specified IP a...

CVE-2023-53937

Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell: CVE-2025-55182 – Comprehensive Vulnerability Scan...

PT-2025-52516

Name of the Vulnerable Software and Affected Versions BrainyCP version 1.0 Description BrainyCP version 1.0 has an authenticated remote code execution issue. Logged-in users can inject arbitrary commands through the crontab configuration interface. Attackers can exploit the issue by adding a...

CVE-2023-53937

Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application...

CVE-2023-53937

Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application...

CVE-2023-53937 Hubstaff 1.6.14 DLL Search Order Hijacking via wow64log Library

Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application...

CVE-2023-53937 Hubstaff 1.6.14 DLL Search Order Hijacking via wow64log Library

Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application...

CVE-2023-53937

Hubstaff 1.6.14 is affected by a DLL search order hijacking vulnerability that enables replacing the missing system32 wow64log.dll with a malicious library. An attacker could generate a custom DLL (e.g., via Metasploit) and place it in the system32 directory to obtain a reverse shell when the app...

Netsoft Holdings Hubstaff 代码问题漏洞

Netsoft Holdings Hubstaff is a project management platform from US-based Netsoft Holdings. A code issue vulnerability exists in Netsoft Holdings Hubstaff version 1.6.14, which stems from DLL search order hijacking and could lead to obtaining a reverse shell...

PT-2025-52316

Name of the Vulnerable Software and Affected Versions Hubstaff version 1.6.14 Description The software contains a DLL search order hijacking issue. An attacker can replace a missing system32wow64log.dll with a malicious library. By using tools like Metasploit to create a custom DLL and placing it...

Exploit for CVE-2025-14700

CVE-2025-14700 POC Automatic exploit for Authentic...

Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

A new distributed denial-of-service DDoS botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and tablets, and may be associated with another botnet known as AISURU, according to findings from QiAnXin XLab...

CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...

CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...

CVE-2023-53875 GOM Player 2.3.90.5360 Remote Code Execution via Insecure IE Component

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...

CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in the Internet Explorer component. The issue can be triggered via DNS spoofing with a malicious URL shortcut and WebDAV, enabling an attacker to execute arbitrary code and potentially run a reverse shell with SMB server intera...

PT-2025-51293

Name of the Vulnerable Software and Affected Versions GOM Player version 2.3.90.5360 Description GOM Player has a remote code execution issue in its Internet Explorer component. An attacker can execute arbitrary code through DNS spoofing. The attack involves redirecting a victim using a malicious...

Exploit for Improper Neutralization of Line Delimiters in Cacti

Cacti CVE-2025-24367 Authenticated RCE PoC This repository co...

CVE-2024-58305

WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an...