CVE-2023-53948 Lilac-Reloaded for Nagios 2.0.8 Remote Code Execution via Autodiscovery

Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmapbinary parameter to execute a reverse shell by sending a crafted POST reques...

CVE-2023-53948 Lilac-Reloaded for Nagios 2.0.8 Remote Code Execution via Autodiscovery

Lilac-Reloaded for Nagios 2.0.8 contains a remote code execution vulnerability in the autodiscovery feature that allows attackers to inject arbitrary commands. Attackers can exploit the lack of input filtering in the nmapbinary parameter to execute a reverse shell by sending a crafted POST reques...

CVE-2023-53945 BrainyCP 1.0 Remote Code Execution via Authenticated Crontab Manipulation

BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that spawns a reverse shell to a specified IP a...

CVE-2023-53945

BrainyCP 1.0 is affected by an authenticated remote code execution vulnerability via the crontab configuration interface. The issue allows logged-in users to inject arbitrary commands, with exploit examples describing a payload that spawns a reverse shell to a specified IP/port. Several connected...

CVE-2023-53937

Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell: CVE-2025-55182 – Comprehensive Vulnerability Scan...

PT-2025-52516

Name of the Vulnerable Software and Affected Versions BrainyCP version 1.0 Description BrainyCP version 1.0 has an authenticated remote code execution issue. Logged-in users can inject arbitrary commands through the crontab configuration interface. Attackers can exploit the issue by adding a...

CVE-2023-53937

Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application...

CVE-2023-53937

Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application...

CVE-2023-53937

Hubstaff 1.6.14 is affected by a DLL search order hijacking vulnerability that enables replacing the missing system32 wow64log.dll with a malicious library. An attacker could generate a custom DLL (e.g., via Metasploit) and place it in the system32 directory to obtain a reverse shell when the app...

CVE-2023-53937 Hubstaff 1.6.14 DLL Search Order Hijacking via wow64log Library

Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application...

CVE-2023-53937 Hubstaff 1.6.14 DLL Search Order Hijacking via wow64log Library

Hubstaff 1.6.14 contains a DLL search order hijacking vulnerability that allows attackers to replace a missing system32 wow64log.dll with a malicious library. Attackers can generate a custom DLL using Metasploit and place it in the system32 directory to obtain a reverse shell during application...

EulerOS Virtualization 2.13.0 : mod_http2 (EulerOS-SA-2025-2588)

According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be...

PT-2025-52316

Name of the Vulnerable Software and Affected Versions Hubstaff version 1.6.14 Description The software contains a DLL search order hijacking issue. An attacker can replace a missing system32wow64log.dll with a malicious library. By using tools like Metasploit to create a custom DLL and placing it...

Netsoft Holdings Hubstaff 代码问题漏洞

Netsoft Holdings Hubstaff is a project management platform from US-based Netsoft Holdings. A code issue vulnerability exists in Netsoft Holdings Hubstaff version 1.6.14, which stems from DLL search order hijacking and could lead to obtaining a reverse shell...

EulerOS Virtualization 2.13.1 : mod_http2 (EulerOS-SA-2025-2553)

According to the versions of the modhttp2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In certain proxy configurations, a denial of service attack againstApache HTTP Server versions 2.4.26 through to 2.4.63 can be...

Exploit for CVE-2025-14700

CVE-2025-14700 POC Automatic exploit for Authentic...

Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

A new distributed denial-of-service DDoS botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and tablets, and may be associated with another botnet known as AISURU, according to findings from QiAnXin XLab...

UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager

Cisco Talos recently discovered a campaign targeting Cisco AsyncOS Software for Cisco Secure Email Gateway, formerly known as Cisco Email Security Appliance ESA, and Cisco Secure Email and Web Manager, formerly known as Cisco Content Security Management Appliance SMA. We assess with moderate...

CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...