CVE-2024-5407 Code Injection vulnerability in RhinOS from SaltOS

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure...

Fedora: Security Advisory for rust-rustcat (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RhinOS 代码注入漏洞

RhinOS is a web development framework. A code injection vulnerability exists in RhinOS version 3.0-1190, which stems from the ease of injecting PHP code via the search parameter in /portal/search.htm, which could lead to an attacker executing a reverse shell and compromising the entire...

Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm

CVE-2023-30253 Description Dolibarr before 17.0.1 al...

[SECURITY] Fedora 40 Update: rust-rustcat-1.3.0-11.fc40

Rustcat - The Modern Port Listener & Reverse Shell...

Exploit for Code Injection in Reportlab

CVE-2023-33733-POC Disclamer I did not, nor do I take credi...

Exploit for Code Injection in Reportlab

CVE-2023-33733-POC Disclamer I did not, nor do I take credi...

JA4+ - Suite Of Network Fingerprinting Standards

JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session...

Poc

This repository contains a collection of proof-of-concept PoC exploits and tools for various vulnerabilities. The primary focus is on Java-based exploits, with some Python scripts also present. The Java exploits target vulnerabilities in Java applications, including a deserialization vulnerabilit...

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002-Reverse-Shell Este script demuestra cómo explot...

Exploit for SQL Injection in Valvepress Automatic

WordPress Admin Account Creation and Reverse Shell cve-2024-...

Openmediavault Remote Code Execution / Local Privilege Escalation Exploit

Openmediavault versions prior to 7.0.32 have a vulnerability that occurs when users in the web-admin group enter commands on the crontab by selecting the root shell. As a result of exploiting the vulnerability, authenticated web-admin users can run commands with root privileges and receive revers...

Openmediavault Remote Code Execution / Local Privilege Escalation

Exploit Title: Openmediavault 7.0.32 Authenticated RCE & Local Privilege Escalation Date: 08.05.2024 Exploit Author: Mert BENADAM Vendor Homepage: https://www.openmediavault.org/ Software Link: https://sourceforge.net/projects/openmediavault/ Version: 7.0.32 Tested on: OMV 7.0.32 & 6.5 @Virtual...

CVE-2024-32651 Server Side Template Injection in Jinja2 allows Remote Command Execution

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection SSTI in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction...

Exploit for Missing Authentication for Critical Function in Jetbrains Teamcity

CVE-2023-42793 - TeamCity Admin Account Creation lead to RCE...

Exploit for Deserialization of Untrusted Data in Apache Activemq

Apache ActiveMQ CVE-2023-46604 CVE-2023-46604 is a widely exp...

CVE-2024-1602

parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting XSS that leads to Remote Code Execution RCE. The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within t...

CVE-2024-1602

CVE-2024-1602 affects parisneo/lollms-webui, with a stored XSS that leads to Remote Code Execution. Attacker can exploit inadequate sanitization/validation of model output data to inject JavaScript that runs in the user’s browser and can trigger a request to /execute_code to establish a reverse s...

CVE-2024-1602 Stored XSS leading to RCE in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting XSS that leads to Remote Code Execution RCE. The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within t...

PT-2024-18163 · Unknown · Parisneo/Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: The issue arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within...