Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability. Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others. In this repository we have made and example...

Exploit for Code Injection in Ispconfig

CVE-2023-46818 - ISPConfig PHP Code Execution | Exploit Hi...

Exploit for CVE-2017-0143

💬 README中文 • Compile/Install/Run • Parameter Description • How to use • Scenario • POC List • Custom Scan • Best Practices Features - Free one id Multi-target web netcat for reverse shell - What is scan4all: integrated vscan, nuclei, ksubdomain, subfinder, etc., fully automated and intelligent。re...

Exploit for Path Traversal in Apache Http_Server

!bannerhttps://img.shields.io/badge/ApachePathTraversal-RCEC...

Exploit for Code Injection in Xwiki

Reverse shell for CVE-2025-24893 bash python3 CVE-2025-...

CVE-2025-58056

Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters LF as a chunk-size line...

CVE-2025-58056 Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters LF as a chunk-size line...

CVE-2025-58056

Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters LF as a chunk-size line...

MAL-2025-191839 Malicious code in python-dev-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e8bbf18a10505977ab19adc6dd13d15e1c7df3c69391e1c930289b953619549 Installing packages exfiltrates data different in different packages and versions or run revshells --- Category: MALICIOUS - The campaign has clearly malicious...

Malicious code in python-dev-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e8bbf18a10505977ab19adc6dd13d15e1c7df3c69391e1c930289b953619549 Installing packages exfiltrates data different in different packages and versions or run revshells --- Category: MALICIOUS - The campaign has clearly malicious...

Linux Distros Unpatched Vulnerability : CVE-2021-33037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstance...

Reverse Tabnabbing

hfs is vulnerable to reverse tabnabbing. The vulnerability is due to missing rel="noopener noreferrer" when opening web links with target="blank", which allows an attacker to manipulate the original HFS tab via the window.opener property...

Exploit for Improper Restriction of XML External Entity Reference in Sysaid

From-EternalBlue-to-CVE-2025-2776-The-Evolution-of-an-SMB-Atta...

Linux Distros Unpatched Vulnerability : CVE-2021-43848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain...

Linux Distros Unpatched Vulnerability : CVE-2024-45403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h...

ROS-20250828-03

The Apache Tomcat application server vulnerability is due to Apache Tomcat not setting the attribute "Secure" attribute for session cookie JSESSIONID when using RemoteIpFilter with requests, received from a reverse proxy server over HTTP and containing an X-Forwarded-Proto header set to on https...

Exploit for CVE-2007-2447

CVE-2007-2447 Samba Exploit A Rust implementation of the CVE-...

Linux Distros Unpatched Vulnerability : CVE-2021-41281

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be...

Linux Distros Unpatched Vulnerability : CVE-2019-15486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - django-js-reverse aka Django JS Reverse before 0.9.1 has XSS via jsreverseinline. CVE-2019-15486 Note that Nessus relies on the presence of the package as...

Exploit for Code Injection in Xwiki

solrsearch-rce-exploit Unauth RCE PoC for XWiki SolrSearch CV...