CVE-2023-48031

OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file's magic bytes to masquerade as an allowed type. This can enable the attacker to execute...

CVE-2023-24676

An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the downloadzipurl parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a...

CVE-2023-29944

Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench...

CVE-2022-36667

Garage Management System 1.0 is vulnerable to the Remote Code Execution RCE due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE...

CVE-2021-43283

An issue was discovered on Victure WR1200 devices through 1.0.3. A command injection vulnerability was found within the web interface of the device, allowing an attacker with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges. This occurs in the...

CVE-2021-33256

A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The jusername parameter seems to be vulnerable and a reverse shell could be obtained if a privileged user exports "User Attempts Audit Repor...

CVE-2021-36582

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...

CVE-2021-31762

Webmin 1.973 is affected by Cross Site Request Forgery CSRF to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature...

CVE-2021-23895

Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote authenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...

CVE-2021-23894

Deserialization of untrusted data vulnerability in McAfee Database Security DBSec prior to 4.8.2 allows a remote unauthenticated attacker to create a reverse shell with administrator privileges on the DBSec server via carefully constructed Java serialized object sent to the DBSec server...

Exploit for Out-of-bounds Write in Fortinet Fortiproxy

CVE-2024-21762FortiNetPoC Proof-of-concept scanner targeting...

CVE-2019-13386

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege...

CVE-2018-16217

The network diagnostic function ping in the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware 66.83.0.35 allows a remote authenticated attacker to trigger OS commands or open a reverse shell via command injection...

CVE-2019-16398

On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskjscriptrun.sh that executes a reverse shell...

Exploit for Incorrect Authorization in Cacti

SHELL-POC-CVE-2022-46169 A bash proof of concept of t...

RDPGuard 9.9.9 - Privilege Escalation

Exploit Title: RDPGuard 9.9.9 - Privilege Escalation Discovered by: Ahmet Ümit BAYRAM Discovered Date: 09.05.2025 Vendor Homepage: https://rdpguard.com Software Link: https://rdpguard.com/download.aspx Tested Version: 9.9.9 latest Tested on: Windows 10 32bit Steps to Reproduce 1. Prepare a .bat...

📄 RDPGuard 9.9.9 Privilege Escalation

RDPGuard version 9.9.9 suffers from a privilege escalation vulnerability. Exploit Title: RDPGuard 9.9.9 - Privilege Escalation SYSTEM Discovered by: Ahmet Ümit BAYRAM Discovered Date: 09.05.2025 Vendor Homepage: https://rdpguard.com Software Link: https://rdpguard.com/download.aspx Tested Version...

MAL-2025-191785 Malicious code in matlab-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ff0a277d45885a5c1a26f027495e73b5e0aa8b49c7ee3eeafd06cc14e6e8f754 Importing the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-05-matlab-cl...

Malicious code in matlab-cli (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ff0a277d45885a5c1a26f027495e73b5e0aa8b49c7ee3eeafd06cc14e6e8f754 Importing the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-05-matlab-cl...

Exploit for CVE-2025-46271

CVE-2025-46271-Reverse-Shell-PoC Disclaimer This repository i...