evilsocket

7 exploits Active since Sep 2024
CVE-2024-47177 GITHUB python WORKING POC
Rejected
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47076, CVE-2024-47175, CVE-2024-47176. Reason: This candidate is a duplicate of CVE-2024-47076, CVE-2024-47175, and CVE-2024-47176. Notes: All CVE users should reference CVE-2024-47076, CVE-2024-47175, and/or CVE-2024-47176 instead of this candidate. This CVE was issued to a vulnerability that is dependent on CVE-2024-47076, CVE-2024-47175, and CVE-2024-47176. According to rule 4.2.15 of the CVE CNA rules, \"CNAs MUST NOT assign a different CVE ID to a Vulnerability that is fully interdependent with another Vulnerability. The Vulnerabilities are effectively the same single Vulnerability and MUST use one CVE ID.
CVE-2026-8275 WRITEUP LOW WRITEUP
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippReadChunkedBody integer coercion
A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file modules/zerogod/zerogod_ipp_primitives.go of the component zerogod IPP Service. Performing a manipulation results in integer coercion error. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation appears to be difficult. The exploit is now public and may be used. The patch is named 3731d5576cffae9eefe3721cd46a40933304129f. To fix this issue, it is recommended to deploy a patch.
CVSS 3.7
CVE-2026-8276 WRITEUP LOW WRITEUP
bettercap MySQL Server mysql_server.go integer coercion
A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysql_server/mysql_server.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit has been published and may be used. This patch is called 0eaa375c5e5446bfba94a290eff92967a5deac9e. It is advisable to implement a patch to correct this issue.
CVSS 3.7
CVE-2024-47176 METASPLOIT MEDIUM ruby SCANNER
OpenPrinting cups-browsed - Attacker-Controlled IPP Request Server-Side Request Forgery
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
CVSS 5.3
EIP-2026-114029 EXPLOITDB text WRITEUP
WordPress Plugin SendIt 1.5.9 - Blind SQL Injection
EIP-2026-113954 EXPLOITDB text WORKING POC
WordPress Plugin Photoracer 1.0 - SQL Injection
EIP-2026-108793 EXPLOITDB text WRITEUP
Joomla! Component mod_simpleFileLister 1.0 - Directory Traversal