📄 dwol 1.0.0 Command Injection

This Python script is a security auditing tool designed to assess a potential unauthenticated command injection vulnerability in dwol. It interacts with the target application's API to register test machines and inject controlled payloads into the host parameter to determine whether arbitrary...

PT-2026-36035

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.0 through 18.9.6 GitLab CE/EE versions 18.10 through 18.10.5 GitLab CE/EE versions 18.11 through 18.11.2 Description Insufficient input validation allows an unauthenticated user to cause a denial of service by sending...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2023-46747 - Big-IP RCE Unauthenticated This is a Pyth...

Laravel Framework Detection (Linux/Unix SSH Login)

SSH login-based detection of Laravel Framework. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-20085 · Unknown · Meow Gallery

Name of the Vulnerable Software and Affected Versions: Meow Gallery versions through 5.2.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject maliciou...

KRB5 Authorization

This script allows users to enter the information required to authorize and login via KRB5. These data are used by tests that require authentication. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respectiv...

Exploit for Code Injection in Get-Simple Getsimple_Cms

CVE-2022-41544 Exploit Script This repository contains a scri...

PT-2023-15174 · WordPress · Wp Cerber Security

Name of the Vulnerable Software and Affected Versions: WP Cerber Security plugin for WordPress versions up to, and including, 9.1 Description: The issue allows unauthenticated attackers to inject arbitrary web scripts in pages via the log parameter when logging in to the site. This makes it...

Bypass-403 - A Simple Script Just Made For Self Use For Bypassing 403

A simple script just made for self use for bypassing 403 It can also be used to compare responses on verious conditions as shown in the below snap Usage ./bypass-403.sh https://example.com admin ./bypass-403.sh website-here path-here Features Use 24 known Bypasses for 403 with the help of curl...

Azorult Botnet - SQL Injection Exploit

Azorult Botnet - SQL Injection import requests import argparse import base64 Azorult 3.3.1 C2 SQLi by prsecurity For research purposes only. Don't pwn what you don't own. change GUID and XOR key to specific beacon, can be extracted from a sample guid =...

Davolink DVW 3200 Router - Password Disclosure

Exploit Title: Davolink DVW 3200 Router - Password Disclosure Google Dork: N/A Zoomeye dork : https://www.zoomeye.org/searchResult?q=%22var%20userpasswd%22%20%2Bapp%3A%22DAVOLINK%20GAPD-7000%20WAP%20httpd%22 Date: 2018-07-13 Exploit Author: Ankit Anubhav Vendor Homepage: www.davolink.co.kr Softwa...

ZendServer Detection

The script sends a HTTP request to the server and attempts to extract the version from the reply. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Fedora Update for mod_wsgi FEDORA-2014-6944

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key Vulnerability

The Loadbalancer.org Virtual Appliance is a revolution in software load balancing. The software is simple to install on Windows, Mac & Linux and does not have any adverse effects on the host operating system. Details: ---------- 0x01 - SSH Private Key Loadbalancer.org Enterprise VA 7.5.2 contains...

Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key

----------- Author: ----------- xistence ------------------------- Affected products: ------------------------- Loadbalancer.org Enterprise VA 7.5.2 and below ------------------------- Affected vendors: ------------------------- Loadbalancer.org http://www.loadbalancer.org/...

[DNSRecon v0.8.6] DNS Enumeration Script

Just updated DNSRecon to check if it can pull the Bind Version by doing a query for the TXT Record version.bind and it will now check if the RA Flag is set in responses from each of the NS servers it detects. If the server has recursion enabled it could be used for DDoS attacks and for performing...

Find Misconfigurations: unix-privesc-check

Unix-privesc-check is a script that runs on Unix systems tested on Solaris 9, HPUX 11, Various Linuxes, FreeBSD 6.2. It tries to find misconfigurations that could allow local unprivilged users to escalate privileges to other users or to access local apps e.g. databases. It is written as a single...

DISA Security Readiness Review Scripts Detection

The remote host has a copy of the DISA Security Readiness Review SRR Scripts present. TRUSTED...

cassandra-brute NSE Script

Performs brute force password auditing against the Cassandra database. For more information about Cassandra, see: Script Arguments passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library. creds.service, creds.global See the documentation f...

Calendar Script 1.1 - Insecure Cookie Handling

Calendar Script 1.1 - Insecure Cookie Handling START 0x01 Informations: Script : Calendar Script v1.1 Download : http://www.hotscripts.com/jump.php?listingid=71365&jumptype=1 Vulnerability : Insecure Cookie Handling Author : Osirys Contact : osirysatlivedotit Website : http://osirys.org Notes :...