EUVD-2025-35735

A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine...

Exploit for Code Injection in Langflow

CVE-2025-3248-POC POC of CVE-2025-...

PT-2024-37416 · Citrix · Citrix Provisioning

Name of the Vulnerable Software and Affected Versions: Citrix Provisioning affected versions not specified Description: A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning. Recommendations: At the moment, there is no information about a newer version...

CVE-2023-33873

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine...

CVE-2023-33873 AVEVA Operations Control Logger Execution with Unnecessary Privileges

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine...

osCommerce Remote Code Execution

A remote code execution vulnerability exists in osCommerce. Successful exploitation would allow an attacker to execute arbitrary code on the target machine...

CVE-2022-23719

PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A...

Notionterm - Embed Reverse Shell In Notion Pages

Embedreverse shell in Notion pages. Hack while taking notes FOR: Hiding attacker IP in reverse shell No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell Demo/Quick proof insertion within report High available and shareable reverse shell...

CVE-2019-3462

Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine...

Linux / Unix su Privilege Escalation Exploit

This Metasploit module attempts to create a new login session by invoking the su command of a valid username and password. If the login is successful, a new session is created via the specified payload. Because su forces passwords to be passed over stdin, this module attempts to invoke a...

Microsoft Windows Uninitialized Variable Local Privilege Elevation

This module exploits CVE-2019-1458, an arbitrary pointer dereference vulnerability within win32k which occurs due to an uninitalized variable, which allows user mode attackers to write a limited amount of controlled data to an attacker controlled address in kernel memory. By utilizing this...

Citrix WEM Agents not Synchronizing Error “No Connection Could be Made Because The Target Machine Actively Refused it”

Citrix Virtual Delivery Agents running Workspace Environment Management WEM Agents are not synchronizing with two or more WEM Broker servers load balanced via Citrix Gateway. Policies delivered through WEM are not applying to agents Event Viewer shows the following error:“No connection could be...

Electronic Arts Origin Client Remote Code Injection (CVE-2019-11354)

A template injection vulnerability exists in the Electronic Arts Origin Client. The vulnerability is due to improper validation of data in the title parameter. Successful exploitation could result in command execution on the target machine in the context of the application...

mIRC URI Handler Remote Code Execution (CVE-2019-6453)

A remote code execution vulnerability exists in mIRC. The vulnerability is due to improper sanitization of user-supplied data which may be passed to the application as an option. Successful exploitation could result in code execution on the target machine in the context of the application...

CVE-2019-16001 Cisco Webex Teams for Windows DLL Hijacking Vulnerability

A vulnerability in the loading mechanism of specific dynamic link libraries in Cisco Webex Teams for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The...

Cisco Webex Teams code Injection (CVE-2019-1636)

A remote code execution vulnerability exists in Cisco Webex Teams. The vulnerability is due to improper sanitation of user-supplied data which may be passed to the application as an option regarding the DLL loading path. Successful exploitation could result in code execution on the target machine...

Apache UNO Remote Code Execution

A remote code execution vulnerability exists in Apache UNO server. Successful exploitation of this vulnerability could lead to arbitrary code execution on the target machine...

Jenkins NodeJS Plugin Remote Code Execution

A remote code execution vulnerability exists in Jenkins NodeJS plugin. Successful exploitation could allow an attacker to execute arbitrary code in the target machine...

Remote Code Execution (RCE)

github.com/src-d/go-git is vulnerable to remote code execution RCE attacks. A malicious user can pass a .gitmodules file to the application to cause arbitrary code to be executed on a target machine that runs the git clone --recurse-submodules command. This is related to CVE-2018-11235...

Remote Code Execution Via Unrestricted File Upload

hawtio-system is vulnerable to remote code execution. A lack of validation on uploaded files allow a remote attacker to upload a specially crafted file and execute arbitrary commands on the target machine...