CVE-2024-28397
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
Github link:
https://github.com/waleed-hassan569/CVE-2024-28397-command-execution-poc
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
Github link:
https://github.com/waleed-hassan569/CVE-2024-28397-command-execution-poc
GitHub
GitHub - waleed-hassan569/CVE-2024-28397-command-execution-poc: This vulnerability arises from incomplete sandboxing in js2py,…
This vulnerability arises from incomplete sandboxing in js2py, where crafted JavaScript can traverse Python’s internal object model and access dangerous classes like subprocess.Popen, leading to ar...
CVE-2019-12185
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
Github link:
https://github.com/Drew-Alleman/CVE-2019-12185
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
Github link:
https://github.com/Drew-Alleman/CVE-2019-12185
GitHub
GitHub - Drew-Alleman/CVE-2019-12185: CVE-2019-12185 - eLabFTW 1.8.5 Python3 Exploit POC
CVE-2019-12185 - eLabFTW 1.8.5 Python3 Exploit POC - Drew-Alleman/CVE-2019-12185
CVE-2015-10141
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker can send a crafted eval command over this interface to execute arbitrary PHP code, which may invoke system-level functions such as system() or passthru(). This results in full compromise of the host under the privileges of the web server user.
Github link:
https://github.com/n0m4d22/PoC-CVE-2015-10141-Xdebug
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker can send a crafted eval command over this interface to execute arbitrary PHP code, which may invoke system-level functions such as system() or passthru(). This results in full compromise of the host under the privileges of the web server user.
Github link:
https://github.com/n0m4d22/PoC-CVE-2015-10141-Xdebug
GitHub
GitHub - n0m4d22/PoC-CVE-2015-10141-Xdebug: Proof-of-Concept exploit script for Xdebug 2.5.5 and earlier versions (CVE-2015-10141).
Proof-of-Concept exploit script for Xdebug 2.5.5 and earlier versions (CVE-2015-10141). - n0m4d22/PoC-CVE-2015-10141-Xdebug
CVE-2024-28397
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
Github link:
https://github.com/0timeday/exploit-js2py
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
Github link:
https://github.com/0timeday/exploit-js2py
GitHub
GitHub - 0timeday/exploit-js2py: The CVE-2024-28397 vulnerability affects versions of js2py up to v0.74, a Python library that…
The CVE-2024-28397 vulnerability affects versions of js2py up to v0.74, a Python library that allows JavaScript code to be executed within the Python interpreter. - GitHub - 0timeday/exploit-js2py...
CVE-2025-49132
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
Github link:
https://github.com/GRodolphe/CVE-2025-49132_poc
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
Github link:
https://github.com/GRodolphe/CVE-2025-49132_poc
GitHub
GitHub - GRodolphe/CVE-2025-49132_poc: This is an improved version of the CVE-2025-49132 proof of concept exploit.
This is an improved version of the CVE-2025-49132 proof of concept exploit. - GRodolphe/CVE-2025-49132_poc
CVE-2025-4334
The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated attackers to register as an administrator.
Github link:
https://github.com/0xgh057r3c0n/CVE-2025-4334
The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated attackers to register as an administrator.
Github link:
https://github.com/0xgh057r3c0n/CVE-2025-4334
GitHub
GitHub - 0xgh057r3c0n/CVE-2025-4334: Proof-of-concept exploit for CVE-2025-4334, a privilege escalation vulnerability in the Simple…
Proof-of-concept exploit for CVE-2025-4334, a privilege escalation vulnerability in the Simple User Registration WordPress plugin (<= 6.3), allowing unauthenticated attackers to create admin...
CVE-2013-3900
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."
Github link:
https://github.com/PREN0MEN/CVE-2013-3900-PowerShell-PoC
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."
Github link:
https://github.com/PREN0MEN/CVE-2013-3900-PowerShell-PoC
GitHub
GitHub - PREN0MEN/CVE-2013-3900-PowerShell-PoC: CVE PoC
CVE PoC . Contribute to PREN0MEN/CVE-2013-3900-PowerShell-PoC development by creating an account on GitHub.
CVE-2015-6967
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.
Github link:
https://github.com/innocentx0/CVE-2015-6967-EXPLOIT
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.
Github link:
https://github.com/innocentx0/CVE-2015-6967-EXPLOIT
GitHub
GitHub - innocentx0/CVE-2015-6967-EXPLOIT: CVE-2015-6967 PoC Exploit
CVE-2015-6967 PoC Exploit. Contribute to innocentx0/CVE-2015-6967-EXPLOIT development by creating an account on GitHub.
CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/SteamPunk424/CVE-2025-49113-Roundcube-RCE-PHP
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/SteamPunk424/CVE-2025-49113-Roundcube-RCE-PHP
GitHub
GitHub - SteamPunk424/CVE-2025-49113-Roundcube-RCE-PHP: This is a rewritten exploit to work with php
This is a rewritten exploit to work with php. Contribute to SteamPunk424/CVE-2025-49113-Roundcube-RCE-PHP development by creating an account on GitHub.
tmpbz07x7ay.zip
3.1 KB
CVE: CVE-2025-49113
Author: SteamPunk424
NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
GitHub: https://github.com/SteamPunk424/CVE-2025-49113-Roundcube-RCE-PHP
Author: SteamPunk424
NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
GitHub: https://github.com/SteamPunk424/CVE-2025-49113-Roundcube-RCE-PHP
tmpqck88co3.zip
1.5 KB
CVE: CVE-2020-36708
Author: b1g-b33f
NIST: https://nvd.nist.gov/vuln/detail/CVE-2020-36708
The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution.
GitHub: https://github.com/b1g-b33f/CVE-2020-36708
Author: b1g-b33f
NIST: https://nvd.nist.gov/vuln/detail/CVE-2020-36708
The following themes for WordPress are vulnerable to Function Injections in versions up to and including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activello <= 1.4.0, Illdy <= 2.1.4, Allegiant <= 1.2.2, Newspaper X <= 1.3.1, Pixova Lite <= 2.0.5, Brilliance <= 1.2.7, MedZone Lite <= 1.2.4, Regina Lite <= 2.0.4, Transcend <= 1.1.8, Affluent <= 1.1.0, Bonkers <= 1.0.4, Antreas <= 1.0.2, Sparkling <= 2.4.8, and NatureMag Lite <= 1.0.4. This is due to epsilon_framework_ajax_action. This makes it possible for unauthenticated attackers to call functions and achieve remote code execution.
GitHub: https://github.com/b1g-b33f/CVE-2020-36708
tmp2e09ptqy.zip
8.6 KB
CVE: CVE-2025-8671
Author: moften
NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-8671
None
GitHub: https://github.com/moften/CVE-2025-8671-MadeYouReset-HTTP-2-DDoS
Author: moften
NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-8671
None
GitHub: https://github.com/moften/CVE-2025-8671-MadeYouReset-HTTP-2-DDoS
tmpat5g8ccg.zip
3 KB
CVE: CVE-2015-6967
Author: innocentx0
NIST: https://nvd.nist.gov/vuln/detail/CVE-2015-6967
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.
GitHub: https://github.com/innocentx0/CVE-2015-6967-EXPLOIT
Author: innocentx0
NIST: https://nvd.nist.gov/vuln/detail/CVE-2015-6967
Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/my_image/image.php.
GitHub: https://github.com/innocentx0/CVE-2015-6967-EXPLOIT