2126 matches found
CVE-2024-44373
A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.0606 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/savefile.php...
CVE-2024-44373
A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.0606 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/savefile.php...
CVE-2024-44373
A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.0606 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/savefile.php...
CVE-2024-44373
AllSky is affected (versions 2023.05.01 through 2024.12.06_06). A path traversal flaw in /includes/save_file.php, triggered by manipulating the path and content parameters, allows an unauthenticated attacker to write arbitrary files and achieve remote code execution. Root cause: improper sanitiza...
CVE-2024-44373
A Path Traversal vulnerability in AllSky v2023.05.01 through v2024.12.0606 allows an unauthenticated attacker to create a webshell and remote code execution via the path, content parameter to /includes/savefile.php...
Allsky Camera 安全漏洞
Allsky Camera is an Allsky open source camera system for photographing and monitoring the entire sky. A security vulnerability exists in Allsky Camera version v2023.05.0104, which stems from a path traversal that allows an unauthenticated attacker to create a webshell and execute remote code via...
CVE-2025-24775
Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through = 2.9.0...
WordPress plugin Forms 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
CVE-2025-55010 Kanboard Authenticated Admin Remote Code Execution via Unsafe Deserialization of Events
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, an unsafe deserialization vulnerability in the ProjectEventActvityFormatter allows admin users the ability to instantiate arbitrary php objects by modifying the event"data" field in the...
Exploit for CVE-2025-5394
🚨 CVE-2025-5394 - Unauthenticated Arbitrary Plugin Upload in A...
Exploit for Code Injection in Ispconfig
CVE-2023-46818 PoC This is a python implemntation of the PoC p...
Exploit for Deserialization of Untrusted Data in Microsoft
ToolShell → CVE‑2025‑53770 Exploit PoC This package allows: 1...
WordPress plugin Groundhogg 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
Exploit for SQL Injection in Fortinet Fortiweb
🚨 CVE-2025-25257 – FortiWeb SQLi to RCE Critical SQL Injection →...
Exploit for Unrestricted Upload of File with Dangerous Type in Hasthemes Download_Contact_Form_7_Widget_For_Elementor_Page_Builder_\&_Gutenberg_Blocks
🚨 HT Contact Form Widget to execute system commands. ✅ Exam...
Exploit for SQL Injection in Fortinet Fortiweb
CVE-2025-25257 - FortiWeb Vulnerability Checker & Exploit A P...
Exploit for SQL Injection in Fortinet Fortiweb
CVE-2025-25257 Exploit Tool Credits Based on watchTowr La...
SharPyShell
SharPyShell SharPyShell is a tiny and obfuscated ASP.NET webshell that executes commands received by an encrypted channel compiling them in memory at runtime. SharPyShell supports only C web applications that runs on .NET Framework = 2.0VB is not supported atm. Usage python3 SharPyShell.py genera...
WordPress plugin LogisticsHub 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
CVE-2025-30131
An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam...