CVE-2023-48031

OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions by manipulating the file’s magic bytes to masquerade a .bat as an allowed type, enabling arbitrary code execution or a reverse shell and lea...

New PoC Exploit for Apache ActiveMQ Flaw Could Let Attackers Fly Under the Radar

Cybersecurity researchers have demonstrated a new technique that exploits a critical security flaw in Apache ActiveMQ to achieve arbitrary code execution in memory. Tracked as CVE-2023-46604 CVSS score: 10.0, the vulnerability is a remote code execution bug that could permit a threat actor to run...

Exploit for CVE-2023-38646

Metabase Pre-Auth RCE POC - CVE-2023-38646 Metabase open sourc...

Exploit for SQL Injection in Spiceworks Help_Desk_Server

Spiceworks Sort SQLi There's a SQLi in a sort parameter of...

Exploit for CVE-2023-3452

CVE-2023-3452-PoC - Wordpress Plugin Canto 3.0.5 - Remote...

Exploit for OS Command Injection in Vm2_Project Vm2

CVE-2023-37903 Expl...

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ This exploit...

Exploit for Code Injection in Gitlab

gitlab-cve-2021-22205 A simple bash script that exploits CVE-2...

Exploit for CVE-2023-38646

CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabas...

Exploit for CVE-2023-38646

CVE-2023-38646 A python RCE exploit for CVE-2023-38646 Us...

Exploit for Incorrect Authorization in Vmware Aria_Operations_For_Logs

CVE-2023-34051 CVE-2023-34051 is an authentication bypass tha...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

This is a PoC exploit for CVE-2023-27163, a remote code executio...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

This is a PoC exploit for CVE-2023-27163, a remote code executio...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

PoC for the ThemeBleed CVE-2023-38146 exploit Windows 11 Them...

Exploit for CVE-2023-38646

CVE-2023-38646-exploit "This vulnerability, designated as CVE-...

Exploit for CVE-2023-38646

CVE-2023-38646-exploit "This vulnerability, designated as CVE-...

Exploit for CVE-2023-38646

Metabase Pre-Auth RCE CVE-2023-38646 POC This is a script w...

Exploit for CVE-2023-38646

CVE-2023-38646 The original script originates from securezer...

Free Download Manager Site Compromised to Distribute Linux Malware to Users for 3+ Years

A download manager site served Linux users malware that stealthily stole passwords and other sensitive information for more than three years as part of a supply chain attack. The modus operandi entailed establishing a reverse shell to an actor-controlled server and installing a Bash stealer on th...

Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)

import ctypes, struct import argparse from keystone import Exploit Title: Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode 476 Bytes Exploit Author: Senzee Date: 08/29/2023 Platform: Windows X64 Tested on: Windows 11 Home/Windows Server 2022 Standard/Windows Server 2019 Datacenter OS Versi...