| 1 |
Signed |
Linux |
Code Signing Bypass, Certificate Abuse |
Forge code signature to deploy malicious update, escalate via trusted binary execution |
0xdf |
| 2 |
Voleur |
Linux |
Data Exfiltration, Custom Service Exploitation |
Exploit custom data service for initial access, abuse misconfigured backup for root |
0xdf |
| 3 |
TombWatcher |
Linux |
Custom Service Exploitation, Process Injection |
Attack custom monitoring daemon, pivot via writable service config to root |
0xdf |
| 4 |
Snapped |
Linux |
Nginx UI RCE, Static Site Exploitation |
Exploit Nginx UI admin panel for RCE, abuse static site generator config for root |
0xdf |
| 5 |
Browsed |
Linux |
Browser Extension Exploitation, Headless Chrome |
Exploit vulnerable browser extension in headless Chrome instance, escalate via debug port |
0xdf |
| 6 |
Previous |
Linux |
Next.js Exploitation, Framework Abuse |
Exploit Next.js middleware auth bypass (CVE-2025-29927), abuse server actions for root |
0xdf |
| 7 |
Cicada |
Windows |
Active Directory, SMB Enumeration, Password Spraying |
Enumerate SMB shares for creds, password spray AD users, abuse SeBackupPrivilege for DA |
0xdf |
| 8 |
Sightless |
Linux |
SQLPad RCE, Froxlor Exploitation |
Exploit SQLPad template injection for container escape, pivot to Froxlor admin for root |
0xdf |
| 9 |
Alert |
Linux |
XSS, LFI, Markdown Renderer Exploitation |
Stored XSS in markdown app to steal admin cookie, LFI to read sensitive config, group privesc |
0xdf |
| 10 |
Instant |
Linux |
APK Reversing, API Token Extraction, SSH Key Recovery |
Reverse Android APK for API token, access admin API for SSH key, login as root |
0xdf |
| 11 |
Sea |
Linux |
WonderCMS XSS-to-RCE, System Monitor Exploitation |
Chain XSS to install malicious WonderCMS theme for RCE, command injection in system monitor as root |
0xdf |
| 12 |
PermX |
Linux |
Chamilo LMS RCE, ACL Abuse |
Exploit Chamilo LMS unauthenticated file upload for RCE, abuse sudoers ACL script for root |
0xdf, Medium |
| 13 |
GreenHorn |
Linux |
Pluck CMS RCE, Depixelization |
Crack Pluck CMS password hash, upload webshell via module, depixelize blurred password image for root |
0xdf |
| 14 |
IClean |
Linux |
XSS, SSTI, qpdf Exploitation |
XSS to steal admin session, SSTI in invoice generator for RCE, abuse qpdf sudo for root |
0xdf |
| 15 |
Headless |
Linux |
Blind XSS, Command Injection |
Blind XSS in user-agent to steal admin cookie, command injection in admin dashboard, syscheck script abuse |
0xdf, IppSec |
| 16 |
Mailing |
Windows |
LFI, CVE-2024-21413 (Outlook MonikerLink), LibreOffice Macro |
LFI to get password hash, MonikerLink exploit to steal NTLM, LibreOffice macro for admin |
0xdf |
| 17 |
Perfection |
Linux |
SSTI (ERB), Password Cracking with Custom Mask |
Server-Side Template Injection via newline bypass in ERB, crack sqlite hash with name-based mask |
0xdf, IppSec, Medium |
| 18 |
Crafty |
Windows |
Minecraft Log4Shell, RunasCs |
Exploit Minecraft server via Log4Shell (CVE-2021-44228), find admin creds, RunasCs for admin |
0xdf |
| 19 |
Boardlight |
Linux |
Dolibarr CMS RCE, SUID Enlightenment Exploit |
Default creds on Dolibarr, PHP RCE via injected code, SUID enlightenment_sys CVE for root |
0xdf |
| 20 |
Editorial |
Linux |
SSRF, Git Repository Secrets |
SSRF in image URL preview to discover internal API, enumerate git commits for credentials, sudo abuse |
0xdf, Medium |
| 21 |
Clicker |
Linux |
NFS, SQL Injection (CRLF), Perl Privilege Escalation |
Mount NFS share, CRLF injection to set admin role, Perl environment variable injection for root |
0xdf |
| 22 |
Drive |
Linux |
IDOR, SQLite Database Cracking, Gitea RCE |
IDOR to access reserved files, crack SQLite password hashes, exploit Gitea instance for root |
0xdf |
| 23 |
Jupiter |
Linux |
Grafana SQLi (PostgreSQL), Jupyter Notebook RCE, Shadow Simulation |
SQL injection in Grafana API for RCE via PostgreSQL COPY, Jupyter notebook for lateral, binary sattrack with network config |
0xdf, IppSec, erichogue, threatninja |
| 24 |
Sandworm |
Linux |
PGP Signature Verification SSTI, Rust Sandbox Escape, Firejail CVE |
SSTI in PGP signature verification (SSG), escape Rust sandbox, Firejail CVE-2022-31214 for root |
0xdf, IppSec, erichogue, threatninja |
| 25 |
RedPanda |
Linux |
SSTI (Java/Spring Boot), XXE via Image Metadata, Path Traversal |
SSTI in Spring Boot search, craft image with XXE metadata, path traversal to read root SSH key |
0xdf, IppSec |
| 26 |
Photobomb |
Linux |
Auth Bypass, Command Injection, PATH Hijack |
Basic auth credential in JS source, command injection in image conversion, PATH hijack in cleanup script for root |
0xdf, IppSec |
| 27 |
Bagel |
Linux |
.NET DLL Reversing, LFI, JSON Deserialization |
LFI via WebSocket, reverse .NET DLL for deserialization gadget, exploit JSON handler for RCE, sudo dotnet |
0xdf |
| 28 |
Nunchucks |
Linux |
SSTI (Nunjucks), AppArmor Bypass via Shebang |
SSTI in Nunjucks template engine, bypass AppArmor with Perl shebang trick for root capabilities |
0xdf |
| 29 |
Backdoor |
Linux |
WordPress Plugin Directory Traversal, /proc Enumeration, Screen Session |
LFI via WordPress eBook plugin to read /proc, discover gdbserver, hijack root screen session |
0xdf, IppSec |
| 30 |
Shibboleth |
Linux |
IPMI Hash Dump, Zabbix RCE, MariaDB CVE |
Dump IPMI hashes via UDP, use creds on Zabbix for RCE, MariaDB CVE-2021-27928 for root |
0xdf |
| 31 |
Timing |
Linux |
LFI with PHP Filters, Mass Assignment, Git Repository |
LFI via PHP filter chains, mass assignment to elevate role, find git repo for creds, wget sudo abuse |
0xdf |
| 32 |
Paper |
Linux |
WordPress Secret Draft Leak, Rocket.Chat Bot RCE |
Access secret draft via ?static=1, exploit Rocket.Chat bot with directory traversal, Polkit CVE for root |
0xdf, IppSec |
| 33 |
Pandora |
Linux |
SNMP Enumeration, Pandora FMS SQLi, SUID Path Hijack |
SNMP credential leak, SQL injection in Pandora FMS for admin, SUID binary PATH injection for root |
0xdf, HackingArticles, IppSec |
| 34 |
Forge |
Linux |
SSRF, FTP via SSRF, PDB Exploitation |
SSRF bypass with uppercase URL to reach internal admin, FTP credential retrieval, Python PDB sudo for root |
0xdf |
| 35 |
Horizontall |
Linux |
Strapi RCE, Laravel Debug Mode RCE via Port Forward |
Exploit Strapi CMS CVE-2019-18818/19609, port forward to internal Laravel, CVE-2021-3129 for root |
0xdf |
| 36 |
Seal |
Linux |
GitBucket Source Review, Tomcat Symlink Bypass, Ansible Playbook |
Discover Tomcat creds in GitBucket, symlink path traversal for WAR deploy, Ansible playbook run as root |
0xdf |
| 37 |
Previse |
Linux |
Exec-After-Redirect (EAR), OS Command Injection, PATH Hijack |
Bypass redirect to create account, command injection in log parsing, PATH hijack for root |
0xdf, IppSec |
| 38 |
Cap |
Linux |
IDOR on PCAP Files, FTP Credential Sniffing, Linux Capabilities |
IDOR to download PCAP with cleartext FTP creds, cap_setuid capability on Python for root |
0xdf, HackingArticles, IppSec, Medium |
| 39 |
Dynstr |
Linux |
DNS Update API Command Injection, nsupdate, SSH Key Plant |
Command injection in no-ip DNS API, nsupdate to add DNS record, writable authorized_keys as bindmgr |
0xdf |
| 40 |
Pit |
Linux |
SNMP Walk, SeedDMS Exploitation, SELinux Context |
SNMP reveals CentOS config with SeedDMS path, exploit SeedDMS for RCE, SNMP exec script for root |
0xdf |
| 41 |
Love |
Windows |
SSRF, Voting System File Upload RCE |
SSRF to access internal site with admin creds, file upload RCE in Voting System, AlwaysInstallElevated |
0xdf, HackingArticles, IppSec, Medium |
| 42 |
Spectra |
Linux (ChromeOS) |
WordPress, Autologin Config, initctl Exploit |
WordPress creds from config backup, autologin password reuse, writable init job for root |
|
| 43 |
Armageddon |
Linux |
Drupal 7 RCE (Drupalgeddon2), snap install Exploit |
Drupalgeddon2 CVE-2018-7600 for shell, crack MySQL hash, sudo snap install with crafted snap for root |
0xdf |
| 44 |
ScriptKiddie |
Linux |
Msfvenom APK Template CVE, Cron/Input Injection |
Exploit CVE-2020-7384 via APK template upload, inject commands into cron-processed log, sudo abuse |
0xdf, IppSec |
| 45 |
Delivery |
Linux |
MatterMost, Email Verification Bypass, Hashcat Rules |
Use osTicket to receive verification email, access MatterMost for creds, hashcat rule-based attack for root |
0xdf |
| 46 |
Time |
Linux |
Java Deserialization (Jackson), systemd Timer Abuse |
Jackson deserialization CVE-2019-12384 via SSRF-to-RCE chain, writable systemd timer script for root |
0xdf |
| 47 |
Academy |
Linux |
HTB Academy Clone, Laravel .env Leak, Audit Log Deserialization |
Register with admin role parameter, access admin panel, Laravel log viewer for RCE, composer sudo |
0xdf |
| 48 |
Worker |
Windows |
SVN Repository, Azure DevOps, Azure Pipeline RCE |
Checkout SVN for creds, access Azure DevOps, create pipeline with reverse shell, abuse Azure service |
0xdf |
| 49 |
Buff |
Windows |
Gym Management System RCE, CloudMe Buffer Overflow |
Unauthenticated file upload in Gym CMS, port forward to CloudMe, exploit stack buffer overflow |
0xdf |
| 50 |
Tabby |
Linux |
LFI, Tomcat Manager WAR Deploy, LXD Group Escalation |
LFI to read Tomcat users config, deploy WAR shell via host-manager, LXD container mount for root |
0xdf, HackingArticles, rana-khalil, snowscan |
| 51 |
Blunder |
Linux |
Bludit CMS Brute Force Bypass, CVE-2019-16113, sudo < 1.8.28 |
Bypass anti-brute-force via X-Forwarded-For, Bludit directory traversal RCE, sudo CVE-2019-14287 for root |
0xdf, snowscan, Medium |
| 52 |
Cache |
Linux |
OpenEMR SQLi and Auth Bypass, Memcached, Docker Group |
Exploit OpenEMR for creds, dump Memcached for SSH creds, Docker group for root |
0xdf |
| 53 |
Magic |
Linux |
SQLi Login Bypass, Image Upload Webshell, SUID mysqldump |
SQL injection to bypass login, embed PHP in image upload, SUID mysqldump path to root password |
0xdf |
| 54 |
Admirer |
Linux |
Adminer CVE-2021-21311, Python Library Hijack |
Discover Adminer via robots.txt, exploit MySQL local file read, Python shutil module hijack via sudo |
0xdf |
| 55 |
OpenAdmin |
Linux |
OpenNetAdmin RCE, Internal Apache, nano sudo |
Exploit OpenNetAdmin CVE-2019-25065, pivot to internal Apache config for SSH key, nano sudo for root |
0xdf, HackingArticles, snowscan, Medium, chr0x6eos, ivanitlearning |
| 56 |
Traverxec |
Linux |
nostromo RCE, .htpasswd Cracking, journalctl sudo |
Exploit nostromo nhttpd CVE-2019-16278, crack htpasswd for SSH key, journalctl pager escape for root |
0xdf, HackingArticles, snowscan |
| 57 |
Postman |
Linux |
Redis Unauthenticated, SSH Key Write, Webmin RCE |
Write SSH key via Redis, crack encrypted key for user, Webmin CVE-2019-12840 authenticated RCE for root |
0xdf, HackingArticles, snowscan, Medium, ivanitlearning |
| 58 |
Mango |
Linux |
NoSQL Injection, SSH Credential Reuse, jjs SUID |
NoSQL regex injection to dump creds, SSH lateral movement, Java jjs SUID for root |
0xdf |
| 59 |
Json |
Windows |
.NET JSON Deserialization, JuicyPotato |
Deserialize JSON bearer token for RCE, JuicyPotato SeImpersonatePrivilege for SYSTEM |
0xdf |
| 60 |
Ellingson |
Linux |
Werkzeug Debug Console, Hashcat Binary, ROP Binary Exploit |
Access Werkzeug debug console, dump shadow hashes from custom binary, ROP exploit SUID binary for root |
0xdf |
| 61 |
Haystack |
Linux |
ELK Stack, Elasticsearch Credential Dump, Kibana LFI/RCE |
Search Elasticsearch for base64 creds, exploit Kibana CVE-2018-17246 for shell, Logstash pipeline for root |
0xdf |
| 62 |
Jarvis |
Linux |
SQLi (PHPMyAdmin), Systemctl SUID |
SQLi in hotel booking for PHPMyAdmin access, OS shell via PHPMyAdmin, systemctl SUID for root |
0xdf |
| 63 |
Networked |
Linux |
PHP Upload Bypass, Command Injection in Filename, Network Script Abuse |
Bypass upload filter with double extension, command injection via filename, writable network-scripts for root |
0xdf, HackingArticles, rana-khalil, 0xRick, snowscan |
| 64 |
SwagShop |
Linux |
Magento Exploit Chain, vi sudo |
Magento CVE-2015-1397 SQLi for admin, Magento Froghopper RCE, sudo vi escape for root |
0xdf, HackingArticles, rana-khalil, 0xRick, snowscan |
| 65 |
FriendZone |
Linux |
DNS Zone Transfer, SMB Share Upload, Python Library Hijack |
DNS zone transfer for subdomains, upload webshell via SMB, writable os.py for root cron |
0xdf, HackingArticles, rana-khalil, 0xRick, snowscan |
| 66 |
Irked |
Linux |
UnrealIRCd Backdoor, Steganography, Custom SUID Binary |
Exploit UnrealIRCd 3.2.8.1 backdoor, extract steghide password, analyze SUID binary for root |
0xdf, HackingArticles, rana-khalil, IppSec, 0xRick, snowscan |
| 67 |
SecNotes |
Windows |
CSRF to Change Password, SMB Write, WSL |
CSRF in contact form to change admin password, SMB share write for webshell, WSL bash.exe for root |
0xdf |
| 68 |
Access |
Windows |
MDB File, Encrypted ZIP, Stored Credentials (runas) |
FTP to get MDB/ZIP, extract PST for creds, runas /savecred for Administrator |
0xdf |
| 69 |
Jerry |
Windows |
Apache Tomcat Default Credentials, WAR Deploy |
Default Tomcat manager credentials, deploy WAR reverse shell, already SYSTEM |
0xdf, HackingArticles, rana-khalil, IppSec, 0xRick, Medium |
| 70 |
TartarSauce |
Linux |
WordPress Plugin RFI, tar Wildcard Injection, systemd Timer |
RFI via WordPress Gwolle plugin, pivot via tar checkpoint injection, abuse systemd timer for root |
0xdf |
| 71 |
Sunday |
Solaris |
Finger Enumeration, SHA256 Hash Cracking, wget sudo |
Enumerate users via finger, brute-force SSH, crack shadow hash, sudo wget to overwrite shadow |
0xdf |
| 72 |
Hawk |
Linux |
FTP Anon with Encrypted File, OpenSSL Decrypt, Drupal RCE, H2 Database |
Decrypt FTP file for Drupal creds, Drupal PHP execution, H2 database console for root |
0xdf |
| 73 |
Poison |
FreeBSD |
LFI, Log Poisoning, VNC Credential Decrypt, SSH Tunnel |
LFI to read phpinfo/logs, log poisoning for shell, decrypt VNC secret, tunnel VNC for root desktop |
0xdf |
| 74 |
Chatterbox |
Windows |
AChat Buffer Overflow, Acl.exe Credential Reuse, PowerShell |
Exploit AChat 0.150 BOF for shell, enumerate admin password reuse, icacls/PowerShell for root.txt |
0xdf |
| 75 |
Node |
Linux |
API User Enumeration, MongoDB Backup Download, Kernel Exploit |
API leaks user hashes, download encrypted backup, crack and SSH, kernel exploit (CVE-2017-16995) for root |
0xdf |
| 76 |
SolidState |
Linux |
Apache James 2.3.2 RCE, Cron Script Abuse |
Exploit Apache James admin with default creds, read user email for SSH creds, writable cron script for root |
0xdf |
| 77 |
Nineveh |
Linux |
Brute Force Login, PHPLiteAdmin, LFI + Chkrootkit |
Hydra brute force, PHPLiteAdmin create PHP DB, LFI to include DB for shell, Chkrootkit CVE for root |
0xdf |
| 78 |
Cronos |
Linux |
DNS Zone Transfer, SQL Injection, Cron Job Abuse |
Zone transfer reveals subdomain, SQLi bypasses login, command injection, cron runs Laravel artisan as root |
0xdf, HackingArticles, IppSec |
| 79 |
Delivery |
Linux |
osTicket + MatterMost, Email Verification Bypass, Hashcat Rules |
Create ticket for email, verify MatterMost account, get internal creds, hashcat rule-based crack for root |
0xdf |
| 80 |
Monteverde |
Windows |
Azure AD Enum, Password Spraying, Azure AD Connect |
Enumerate AD users, spray found credentials, exploit Azure AD Connect for admin password |
0xdf, IppSec |
| 81 |
Resolute |
Windows |
Anonymous LDAP, Password Spraying, DnsAdmins DLL Injection |
LDAP anonymous reveals password in description, spray users, DnsAdmins group DLL injection for SYSTEM |
0xdf, IppSec, Medium, HackingArticles, chr0x6eos, zweilosec |
| 82 |
Cascade |
Windows |
LDAP Base64 Encoded Creds, .NET Reversing, TempAdmin AD Object |
LDAP attribute leaks encoded password, reverse .NET binary for crypto key, recover TempAdmin creds via AD tombstone |
0xdf, IppSec, Medium, HackingArticles, chr0x6eos, ivanitlearning |
| 83 |
Book |
Linux |
SQL Truncation Attack, XSS-to-PDF SSRF, Logrotate Race Condition |
SQL truncation to clone admin email, XSS in PDF generation to read files, logrotate CVE for root |
0xdf |
| 84 |
Traceback |
Linux |
Webshell Discovery, Lua sudo, SSH motd Abuse |
Discover planted webshell from OSINT, sudo Lua for user pivot, writable SSH motd script for root |
0xdf, HackingArticles, snowscan |
| 85 |
Unbalanced |
Linux |
Squid Proxy, XPath Injection, Pi-hole RCE |
Enumerate via Squid proxy, XPath injection to extract creds, Pi-hole authenticated RCE for root |
0xdf |
| 86 |
OpenKeys |
OpenBSD |
OpenBSD Auth Bypass (CVE-2019-19521), Xlock skey |
CVE-2019-19521 auth bypass via username trick, CVE-2019-19520 xlock S/Key, CVE-2019-19522 for root |
0xdf |
| 87 |
Doctor |
Linux |
SSTI (Jinja2), Splunk Universal Forwarder RCE |
SSTI via message posting, reverse shell, abuse Splunk Universal Forwarder for root RCE |
0xdf, HackingArticles, IppSec, Medium, chr0x6eos |
| 88 |
Laser |
Linux |
Solr RCE, gRPC Exploitation, Feed Printer |
Exploit Apache Solr, interact with gRPC service, abuse printer feed for root |
0xdf |
| 89 |
Jewel |
Linux |
Gitweb, Ruby Deserialization (CVE-2020-8165), google-authenticator |
Ruby on Rails deserialization via Gitweb source, bypass 2FA with recovered TOTP seed, gem sudo for root |
0xdf |
| 90 |
Passage |
Linux |
CuteNews RCE, USBCreator D-Bus Exploit |
Exploit CuteNews avatar upload for RCE, SSH key reuse for lateral, USBCreator D-Bus arbitrary read for root |
0xdf |
| 91 |
Compromised |
Linux |
Backdoor Discovery, LiteCart RCE, PAM Backdoor Analysis |
Discover existing backdoor in LiteCart, MySQL UDF for shell, analyze PAM backdoor for root creds |
0xdf |
| 92 |
Ophiuchi |
Linux |
Java YAML Deserialization (SnakeYAML), wasm Reverse |
SnakeYAML deserialization RCE, reverse WASM binary to understand sudo script, craft correct WASM for root |
0xdf |
| 93 |
Tenet |
Linux |
PHP Deserialization, Race Condition in SSH Key Write |
PHP object injection for RCE, race condition to inject SSH key during cron-based reset for root |
0xdf |
| 94 |
Knife |
Linux |
PHP 8.1 Backdoor (CVE-2021-41773), knife sudo |
Exploit PHP backdoor via User-Agentt header, sudo knife exec for root |
0xdf, HackingArticles, IppSec, Medium |
| 95 |
BountyHunter |
Linux |
XXE Injection, Python eval Exploitation |
XXE in bounty submission to read files, discover Python script, exploit eval() via sudo for root |
0xdf |
| 96 |
Trick |
Linux |
DNS Zone Transfer, SQLi, LFI, Fail2Ban Abuse |
Zone transfer for subdomains, SQLi for creds, LFI to discover services, Fail2Ban action injection for root |
0xdf, IppSec |
| 97 |
Noter |
Linux |
Flask Cookie Forgery, MySQL UDF RCE |
Forge Flask session cookie, access note with MySQL creds, MySQL raptor UDF for root |
0xdf |
| 98 |
Faculty |
Linux |
SQLi, mPDF LFI, meta-git RCE |
SQLi to bypass login, mPDF attachment:// to read passwd, meta-git command injection, gdb cap for root |
0xdf |
| 99 |
Shared |
Linux |
SQL Injection via Cookie, Redis/CVE-2022-0543, ipython Startup |
SQLi in checkout cookie, exploit Redis Lua sandbox escape, writable ipython startup dir for root |
0xdf |
| 100 |
Shoppy |
Linux |
NoSQL Auth Bypass, Mattermost Cred Disclosure, Docker Group |
NoSQL injection for admin, Mattermost creds, SSH, Docker group for root |
0xdf, IppSec |
| 101 |
Health |
Linux |
SSRF, Gogs Exploitation, Cron Abuse |
SSRF via health check webhook redirect, access internal Gogs, forge admin token, cron DB query for root |
0xdf |
| 102 |
Ambassador |
Linux |
Grafana LFI (CVE-2021-43798), Consul RCE |
Grafana directory traversal for SQLite DB with creds, Consul service registration for RCE as root |
0xdf |
| 103 |
MetaTwo |
Linux |
WordPress CVE-2022-0739, XXE via Media Upload, Passpie GPG Crack |
BookingPress SQLi, WordPress XXE via iDOCX upload for creds, crack Passpie GPG key for root |
0xdf |
| 104 |
Precious |
Linux |
pdfkit Command Injection, Ruby Bundler sudo |
pdfkit CVE-2022-25765 for shell, discover yaml creds, sudo bundle exec with crafted Gemfile for root |
0xdf, IppSec |
| 105 |
Busqueda |
Linux |
Python eval Injection, Gitea Secrets, Docker Inspect |
Searchor eval injection for RCE, discover Gitea from git config, Docker inspect reveals root creds |
0xdf, IppSec, Medium |
| 106 |
Pilgrimage |
Linux |
ImageMagick CVE-2022-44268 (Arbitrary File Read), Binwalk RCE |
ImageMagick info leak to read SQLite DB for creds, Binwalk CVE-2022-4510 crafted PFS for root |
0xdf, IppSec, Medium |
| 107 |
Topology |
Linux |
LaTeX Injection, gnuplot Exploitation |
LaTeX injection to read files via equation generator, writable gnuplot config for root via cron |
0xdf, IppSec, Medium |
| 108 |
Keeper |
Linux |
Request Tracker Default Creds, KeePass CVE-2023-32784 |
RT default creds, discover KeePass dump, extract master password from memory dump, get PuTTY key for root |
0xdf, IppSec, Medium, erichogue |
| 109 |
CozyHosting |
Linux |
Spring Boot Actuator Session Leak, Command Injection, PostgreSQL |
Steal session via Actuator endpoint, command injection in SSH hostname, PostgreSQL hash crack, sudo ssh for root |
0xdf, IppSec, Medium |
| 110 |
Devvortex |
Linux |
Joomla CVE-2023-23752 Info Leak, MySQL Credential Dump, Apport-CLI |
Joomla API info disclosure for admin creds, MySQL for bcrypt hash, Apport CLI pager escape for root |
0xdf, IppSec, Medium |
| 111 |
Surveillance |
Linux |
Craft CMS CVE-2023-41892 RCE, ZoneMinder SQLi/RCE |
Craft CMS unauthenticated RCE, discover internal ZoneMinder, SQLi for creds, ZoneMinder RCE for root |
0xdf |
| 112 |
Skyfall |
Linux |
MinIO CVE-2023-28432 Info Leak, Vault OTP, Vault SSH-CA |
MinIO info disclosure for Vault creds, Vault OTP for SSH, Vault SSH-CA abuse for root |
0xdf |