Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the checkConnectivity function in the Network Request Handler component when processing the targetIp or targetPort arguments. An attacker can access internal resources or perform unauthorized network...

CVE-2025-14518

A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to...

CVE-2025-14518

PowerJob

CVE-2025-14518 PowerJob Network Request PingPongUtils.java checkConnectivity server-side request forgery

A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to...

PowerJob 安全漏洞

PowerJob is an open source distributed computing and job scheduling framework from PowerJob Open Source that allows developers to easily schedule tasks in their applications. A security vulnerability exists in PowerJob 5.1.2 and earlier versions, which originates in the function in the file...

Ivanti Connect Secure 22.7R2.5 - Remote Code Execution (RCE)

Exploit Title: Ivanti Connect Secure 22.7R2.5 - Remote Code Execution RCE Date: 2025-01-11 Exploit Author: @absholi7ly CVE: CVE-2025-0282 import requests import sys import struct import socket import ssl import urllib3 import time Disable SSL warnings...

📄 RemotePC Remote Code Execution

RemotePC suffers from an unauthenticated remote code execution vulnerability. The release for this on github offers no version information. Exploit Title: RemotePC - Unauthenticated RCE Date: 2025-04-14 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/akoc95/RemotePC Version: latest...

Vehicle Service Management System 1.0 Code Injection

============================================================================================================================================= | Title : Vehicle Service Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...

CMSsite 1.0 Shell Upload

============================================================================================================================================= | Title : CMSsite 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits ...

Alphaware E-Commerce System 1.0 Code Injection

============================================================================================================================================= | Title : Alphaware E-CommerceSystem 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

Exploit for Heap-based Buffer Overflow in Microsoft

CVE-2024-38077-EXP 基于伪代码https://sites.google.com/site/zhin...

Exploit for Improper Access Control in Apache Hugegraph

CVE-2024-27348 For Ethical Usages only, Any harmful or malic...

Viessmann Vitogate 300 2.1.3.0 - Remote Code Execution (RCE)

Exploit Title: Viessmann Vitogate 300 = 2.1.3.0 - Remote Code Execution RCE - Shodan Dork: http.title:'Vitogate 300' - Exploit Author: ByteHunter - Email: [email protected] - Version: versions up to 2.1.3.0 - Tested on: 2.1.1.0 - CVE : CVE-2023-5702 & CVE-2023-5222 import argparse import...

Exploit for Path Traversal in Jenkins

CVE-2024-23897 | Jenkins -p -f or bash python CVE-...

Exploit for Forced Browsing in Fortra Goanywhere_Managed_File_Transfer

CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Dee...

ConQuest Dicom Server 1.5.0d Remote Command Execution Exploit

!/usr/bin/env python3 --------------------------------------------------------- preauth rce poc for ConQuest Dicom Server 1.5.0d --------------------------------------------------------- 04.08.2023 @ 22:07 code610 blogspot com import socket target = '192.168.56.106' rport = 5678 pkt1 =...

Wp2Fac - OS Command Injection

Exploit Title: Wp2Fac v1.0 - OS Command Injection Date: 2023-08-27 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/metinyesil/wp2fac Tested on: Kali Linux & Windows 11 CVE: N/A import requests def sendpostrequesthost, revshell: url = f'http://host/send.php' headers = 'User-Agent':...

Exploit for Off-by-one Error in F5 Nginx

CVE-2021-23017...

Exploit for Incorrect Authorization in Cacti

CVE-2022-46169 This repository contains a Proof of Concept P...

PhotoShow 3.0 Remote Code Execution

Exploit Title: PhotoShow 3.0 - Remote Code Execution Date: January 11, 2023 Exploit Author: LSCP Responsible Disclosure Lab Detailed Bug Description: https://lscp.llc/index.php/2021/07/19/how-white-box-hacking-works-remote-code-execution-and-stored-xss-in-photoshow-3-0/ Vendor Homepage:...