chebuya

13 exploits Active since Apr 2024
CVE-2024-41570 NOMISEC CRITICAL WORKING POC
Havoc 0.7 - Unauthenticated Server-Side Request Forgery via Demon Callback
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
74 stars
CVSS 9.8
CVE-2024-30850 NOMISEC HIGH WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-33434. Reason: This record is a duplicate of CVE-2024-33434. Notes: All CVE users should reference CVE-2024-33434 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
30 stars
CVSS 8.8
CVE-2024-30851 NOMISEC MEDIUM WORKING POC
Jasmin Ransomware Web Server Unauthenticated SQL Injection
Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component.
21 stars
CVSS 6.5
CVE-2024-28741 NOMISEC HIGH WORKING POC
NorthStar C2 XSS to Agent RCE
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.
5 stars
CVSS 8.8
CVE-2024-41570 NOMISEC CRITICAL WORKING POC
Havoc 0.7 - Unauthenticated Server-Side Request Forgery via Demon Callback
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
3 stars
CVSS 9.8
CVE-2024-41570 NOMISEC CRITICAL WORKING POC
Havoc 0.7 - Unauthenticated Server-Side Request Forgery via Demon Callback
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
3 stars
CVSS 9.8
CVE-2024-30850 METASPLOIT HIGH ruby WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-33434. Reason: This record is a duplicate of CVE-2024-33434. Notes: All CVE users should reference CVE-2024-33434 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
CVSS 8.8
CVE-2024-48766 METASPLOIT HIGH ruby WORKING POC
NetAlertX 24.7.18-24.10.12 - Unauthenticated Path Traversal and Arbitrary File Read via logs.php
NetAlertX 24.7.18 before 24.10.12 allows unauthenticated file reading because an HTTP client can ignore a redirect, and because of factors related to strpos and directory traversal, as exploited in the wild in May 2025. This is related to components/logs.php.
CVSS 8.6
CVE-2024-30851 METASPLOIT MEDIUM ruby WORKING POC
Jasmin Ransomware Web Server Unauthenticated SQL Injection
Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component.
CVSS 6.5
CVE-2024-45256 METASPLOIT CRITICAL ruby WORKING POC
BYOB Unauthenticated RCE via Arbitrary File Write and Command Injection (CVE-2024-45256, CVE-2024-45257)
An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in file_add in api/files/routes.py.
CVSS 9.8
CVE-2024-30851 METASPLOIT MEDIUM ruby WORKING POC
Jasmin Ransomware Web Server Unauthenticated SQL Injection
Directory Traversal vulnerability in codesiddhant Jasmin Ransomware v.1.0.1 allows an attacker to obtain sensitive information via the download_file.php component.
CVSS 6.5
CVE-2024-28741 METASPLOIT HIGH ruby WORKING POC
NorthStar C2 XSS to Agent RCE
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.
CVSS 8.8
CVE-2024-31839 METASPLOIT MEDIUM ruby WORKING POC
tiagorlampert CHAOS 5.0.1 - Cross-Site Scripting via sendCommandHandler
Cross Site Scripting vulnerability in tiagorlampert CHAOS v.5.0.1 allows a remote attacker to escalate privileges via the sendCommandHandler function in the handler.go component.
CVSS 4.8