MAL-2026-4349 Malicious code in clob.api (npm)

A campaign of npm packages sharing a common dropper clob.js that downloads and persistently installs a Windows executable from IPFS on postinstall. The dropper fetches the binary from IPFS CID bafybeif3zkapj364ofnrvbty7oj5h5ufpxlp4s62usk3ulxrru35e3gssa via multiple public gateways Pinata,...

Wallos < 1.11.2 - File Upload RCE

Exploit Title: Wallos - File Upload RCE Authenticated Date: 2024-03-04 Exploit Author: [email protected] Vendor Homepage: https://github.com/ellite/Wallos Software Link: https://github.com/ellite/Wallos Version: 1.11.2 Tested on: Debian 12 Wallos allows you to upload an image/logo when you create...

Citrix Devices Under Attack: NetScaler Flaw Exploited to Capture User Credentials

A recently disclosed critical flaw in Citrix NetScaler ADC and Gateway devices is being exploited by threat actors to conduct a credential harvesting campaign. IBM X-Force, which uncovered the activity last month, said adversaries exploited "CVE-2023-3519 to attack unpatched NetScaler Gateways to...

Fog Project 1.5.9 Shell Upload

Exploit Title: Fog Project - File Upload RCE Authenticated Date: 2021-04-28 Exploit Author: [email protected] Vendor Homepage: https://fogproject.org Software Link: https://github.com/FOGProject/fogproject/archive/1.5.9.zip Tested on: Debian 10 On the Attacker Machine: 1 Create an empty 10Mb file...

HackerOne: Blind Stored XSS in HackerOne's Sal 4.1.4.2149 (sal.████.com)

The page located at https://sal.██████.com/list/Activity/hour/all/0/ suffers from a Cross-site Scripting XSS vulnerability when a user has set their hostname on their machine to an XSS payload. Vulnerable Page https://sal.██████.com/list/Activity/hour/all/0/ Victim IP Address ███████ Referer...

Argus Surveillance DVR 4.0.0.0 - Directory Traversal

Exploit: Argus Surveillance DVR 4.0.0.0 - Directory Traversal Author: John Page aka hyp3rlinx Date: 2018-08-28 Vendor: www.argussurveillance.com Software Link: http://www.argussurveillance.com/download/DVRstp.exe CVE: N/A Description: Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated...

FreeSSHd Remote Denial of Service

No description provided by source. import sys, socket, binascii print "\n" print "----------------------------------------------------------------" print "| FreeSSHd, Remote Denial of Service |" print "| Level, Smash the Stack |" print...

CS Cart 1.3.3 Cross Site Scripting

Exploit Title: CS CART 1.3.3 INSTALL.PHP XSS Date: 2010-09-08 Author: LogicGate Software Link: http://cs-cart.smartcode.com/ Version: 1.3.3 Tested on: N/A CVE : N/A If "install.php" was not removed after installation simply make an html file with the following code and replace by the PATH to...

TCP SYN Denial of Service Exploit (bang.c)

Exploit for bsd platform in category dos / poc ========================================== TCP SYN Denial of Service Exploit bang.c ========================================== / BANG.C Coded by Sorcerer of DALnet FUCKZ to: etech, blazin, udp, hybrid and kdl PROPZ : skrilla, thanks for all your help...