chebuya

12 exploits Active since Apr 2024
CVE-2024-41570 NOMISEC CRITICAL WORKING POC
Havoc - SSRF
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
74 stars
CVSS 9.8
CVE-2024-30850 NOMISEC HIGH WORKING POC
Chaos RAT XSS to RCE
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-33434. Reason: This record is a duplicate of CVE-2024-33434. Notes: All CVE users should reference CVE-2024-33434 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
30 stars
CVSS 8.8
CVE-2024-30851 NOMISEC MEDIUM WORKING POC
Jasmin Ransomware Web Server Unauthenticated SQL Injection
Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component.
21 stars
CVSS 6.5
CVE-2024-28741 NOMISEC HIGH WORKING POC
NorthStar C2 XSS to Agent RCE
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.
5 stars
CVSS 8.8
CVE-2024-41570 NOMISEC CRITICAL WORKING POC
Havoc - SSRF
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
3 stars
CVSS 9.8
CVE-2024-30850 METASPLOIT HIGH ruby WORKING POC
Chaos RAT XSS to RCE
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-33434. Reason: This record is a duplicate of CVE-2024-33434. Notes: All CVE users should reference CVE-2024-33434 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
CVSS 8.8
CVE-2024-48766 METASPLOIT HIGH ruby WORKING POC
Netalertx < 24.10.12 - Path Traversal
NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php.
CVSS 8.6
CVE-2024-45256 METASPLOIT CRITICAL ruby WORKING POC
BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)
An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in file_add in api/files/routes.py.
CVSS 9.8
CVE-2024-30851 METASPLOIT MEDIUM ruby WORKING POC
Jasmin Ransomware Web Server Unauthenticated SQL Injection
Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component.
CVSS 6.5
CVE-2024-30851 METASPLOIT MEDIUM ruby WORKING POC
Jasmin Ransomware Web Server Unauthenticated SQL Injection
Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component.
CVSS 6.5
CVE-2024-28741 METASPLOIT HIGH ruby WORKING POC
NorthStar C2 XSS to Agent RCE
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.
CVSS 8.8
CVE-2024-31839 METASPLOIT MEDIUM ruby WORKING POC
CHAOS 5.0.1 - XSS
Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component.
CVSS 4.8