pussycat0x

7 exploits Active since Mar 2021
CVE-2021-26855 NOMISEC CRITICAL WORKING POC
Microsoft Exchange ProxyLogon RCE
Microsoft Exchange Server Remote Code Execution Vulnerability
22 stars
CVSS 9.1
CVE-2025-6934 NOMISEC CRITICAL WORKING POC
Opal Estate Pro - Property Management and Submission <=1.7.5 - Privilege Escalation
The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering.
4 stars
CVSS 9.8
CVE-2021-40859 NOMISEC CRITICAL WORKING POC
Auerswald COMpact 5500R <8.0B - RCE
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device.
3 stars
CVSS 9.8
CVE-2025-6934 NOMISEC CRITICAL WORKING POC
Opal Estate Pro - Property Management and Submission <=1.7.5 - Privilege Escalation
The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering.
2 stars
CVSS 9.8
CVE-2024-2053 NOMISEC HIGH WORKING POC
Artica Proxy - Unauthenticated Arbitrary File Read via Local File Inclusion Bypass
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.
CVSS 7.5
CVE-2025-34044 WRITEUP CRITICAL WORKING POC
WIFISKY 7-layer Flow Control Router - Command Injection
A remote command injection vulnerability exists in the confirm.php interface of the WIFISKY 7-layer Flow Control Router via a specially-crafted HTTP GET request to the t parameter. Insufficient input validation allows unauthenticated attackers to execute arbitrary OS commands. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-25 UTC.
CVE-2021-47735 EXPLOITDB HIGH python WORKING POC
CMSimple 5.4 - Authenticated Remote Code Execution via Template Editing
CMSimple 5.4 contains an authenticated remote code execution vulnerability that allows logged-in attackers to inject malicious PHP code into template files. Attackers can exploit the template editing functionality by crafting a reverse shell payload and saving it through the template editing endpoint with a valid CSRF token.
CVSS 8.8