ShellExploit

This project is no longer supported PowerSploit is a col...

Malicious code in securedrop-workstation-dom0-config (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a496fb67ea100acce3d945e16e2d50d6d3181a322017f80cdf8c01006a49aade Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2025-63220

The CVE-2025-63220 entry concerns Sound4 FIRST's web-based management interface. The vulnerability is Remote Code Execution (RCE) via a malicious firmware update package, caused by the update mechanism failing to validate the integrity of the manual.sh script. An attacker could modify this script...

CVE-2025-63215

The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...

EUVD-2020-20433

Malware in sbrugna...

EUVD-2006-5648

Malware in sbrugna...

EUVD-2011-4145

Malware in sbrugna...

EUVD-2017-0374

Malware in sbrugna...

EUVD-2008-0896

Malware in sbrugna...

EUVD-2022-44768

Malicious code in bioql PyPI...

EUVD-2025-30799

Malicious code in bioql PyPI...

CVE-2021-32464

An incorrect permission assignment privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security Services could allow an attacker to modify a specific script before it is executed. Please note: an attacker must first obtain the ability to execu...

CVE-2011-4202

The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions www write access for unspecified scripts, which allows local users to gain privileges by modifying a script file...

CVE-2024-9950 Abuse of Unauthenticated Compliance Recheck in SecureConnector

A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows unauthenticated user to modify compliance scripts due to insecure temporary directory...

Malicious code in rtxt-dep2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3a0cd03149005afa6cc505bea16d80c21f5bbbd226c16c659ed6abb41cf730a2 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2024-0674 Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines

Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process...

VMware Workspace ONE Access Privilege Escalation Exploit

This Metasploit module exploits CVE-2022-22960 which allows the user to overwrite the permissions of the certproxyService.sh script so that it can be modified by the horizon user. This allows a local attacker with the uid 1001 to escalate their privileges to root access. This module requires...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from the US-based company Mattermost. Mattermost suffers from a security vulnerability that stems from a lack of permission checking, which can be exploited by an attacker to modify the script...

CVE-2022-41576

The rphone module has a script that can be maliciously modified.Successful exploitation of this vulnerability may cause irreversible programs to be implanted on user devices...

CVE-2020-27940

This issue was addressed with improved file handling. This issue is fixed in Apple TV app for Fire OS 6.1.0.6A142:7.1.0. An attacker with file system access may modify scripts used by the app...