1794 matches found
Ghostscript 9.21 Arbitrary Command Execution
Ghostscript version 9.21 exploit that leverages a flaw from 2017 to execute arbitrary commands and provides a reverse shell. ============================================================================================================================================= | Title : Ghostscript versions...
Wazuh 4.4.0 Remote Code Execution
Wazuh version 4.4.0 proof of concept remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : Wazuh v4.4.0 PHP Code Injection Vulnerability | | Author...
Exploit for CVE-2024-2961
PHP file-read to RCE CVE-2024-2961 TODO Parse LIBC to kn...
LimeSurvey 5.2.4 Shell Upload
LimeSurvey version 5.2.4 proof of concept exploit that upload a malicious PHP plugin to obtain a reverse shell...
Exploit for Deserialization of Untrusted Data in Themekraft Buddyforms
usage: python exploit.py "/wp-admin/admin-ajax.php" 'bash -c "ba...
Exploit for Relative Path Traversal in Fortinet Fortimanager
Fortimanager insufficient authorization checks CVE-2024-23666...
Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
Cybersecurity researchers have uncovered two malicious machine learning ML models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning...
CVE-2022-29216
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's savedmodelcli tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had...
Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers
Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic. According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a "magic packet" sent by the...
Exploit for Unrestricted Upload of File with Dangerous Type in Limesurvey
CVE-2021-44967 Exploit Title: LimeSurvey 5.2.4 - Authen...
Exploit for CVE-2024-42327
Zabbix-CVE-2024-42327 RCE PoC...
Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering
The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, whic...
Malicious code in genz-translator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 983b5b328e433d81113b3e170f313aba83ae5eff0ecd515fc9865ca3a5be1ee9 Installing the package installs a reverse shell. As the mentioned domain doesn't seem to exist, it may be a test designed for an internal usage --- Category:...
MAL-2024-12275 Malicious code in genz-translator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 983b5b328e433d81113b3e170f313aba83ae5eff0ecd515fc9865ca3a5be1ee9 Installing the package installs a reverse shell. As the mentioned domain doesn't seem to exist, it may be a test designed for an internal usage --- Category:...
Exploit for Improper Restriction of XML External Entity Reference in Wordpress
POC CVE-2021029447 - XXE in WordPress WordPress 5.6-5.7 - Au...
Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar
CVE-2023-38831 Exploit Proof-of-Concept Overview This rep...
MAL-2024-12314 Malicious code in nirohf-reverse-shell (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c2b0a9ce248bca096b5109a73b943559cabbd6f77433d4a64cd1c804f7ec88df Installing starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in nirohf-reverse-shell (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c2b0a9ce248bca096b5109a73b943559cabbd6f77433d4a64cd1c804f7ec88df Installing starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Exploit for Cross-site Scripting in Wondercms
CVE-2023-41425-WonderCMS-Authenticated-RCE Description Won...
UBUNTU-CVE-2024-50636
PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...