Table of Contents
Loading contents...
README.md
Rhino CVE Proof-of-Concept Exploits
A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.
CVE-2024-55965: Denial of Service via Broken Access Control allowing “App Viewer” access to ‘Restart’ API request
CVE-2024-55963: Unauthenticated Remote Code Execution as postgres user
CVE-2024-46507: YETI platform SSTI
CVE-2024-2449: Cross-Site Requets Forgery in Progress Kemp LoadMaster
CVE-2024-2448: Authenticated Command Injection in Progress Kemp LoadMaster
CVE-2024-2389: Progress Software Flowmon Unauthenticated Command Injection
CVE-2024-23724: Ghost CMS Stored XSS Leading to Owner Takeover
CVE-2024-1212: Unauthenticated Command Injection in Progress Kemp LoadMaster
CVE-2023-47327: Silverpeas Core Space Create Function is vulnerable to Broken Access Control
CVE-2023-47326: Silverpeas Core Domain Creation is vulnerable to CSRF
CVE-2023-47325: Silverpeas Core Broken Access Control on the “Bin” Allows Modification of Deleted Spaces
CVE-2023-47324: Silverpeas Core Stored XSS in Messages
CVE-2023-47323: Silverpeas Core Broken Access Control Allows Reading All Messages
CVE-2023-47322: Silverpeas Core CSRF Leading to Privilege Escalation
CVE-2023-47321: Silverpeas Core Portlet Deployer Access via Broken Access Control
CVE-2023-47320: Silverpeas Core Denial of Service via Broken Access Control
CVE-2023-43121: Extreme Networks EXOS Unauthenticated File Read
CVE-2023-43120: Extreme Networks EXOS Privilege Escalation from read-only User to Admin
CVE-2023-43119: Extreme Networks EXOS Arbitrary File Write as Root
CVE-2023-43118: Extreme Networks EXOS CSRF to RCE
CVE-2022-25372: Local Privilege Escalation In Pritunl VPN Client
CVE-2022-25237: Authorization Bypass Leading to RCE in Bonitasoft Web
CVE-2022-25166: AWS VPN Client Arbitrary File Write as SYSTEM
CVE-2022-25165: AWS VPN Client Information Disclosure Via UNC Path
CVE-2021-38112: AWS WorkSpaces Remote Code Execution
CVE-2020-5377 and CVE-2021-21514: Dell OpenManage Server Administrator Arbitrary File Read
CVE-2020-13405: MicroWeber Unauthenticated User Database Disclosure
CVE-2019-9926: LabKey Server CSRF
CVE-2019-9758: LabKey Server Stored XSS
CVE-2019-9757: LabKey Server XXE
CVE‑2019‑5678: Command Injection in Nvidia GeForce Experience Web Helper
CVE‑2019‑5674: NVIDIA GeForce Experience Arbitrary File Overwrites
CVE-2019-3722: Dell EMC OpenManage Server Administrator (OMSA) XXE
CVE‑2019‑16864: CompleteFTP Server Authenticated Remote Command Execution
CVE‑2019‑16116: CompleteFTP Server Local Privilege Escalation
CVE-2019-0227: Apache Axis 1.4 Remote Code Execution
CVE-2018-8024: Apache Spark XSS vulnerability in UI
CVE-2018-5758: XXE in Jive-n
CVE-2018-5757: RCE In AudioCodes 450HD Phone
CVE-2018-20621: MEmu Android Emulator Local Privilege Escalation
CVE-2018-1335: Command Injection in Apache Tika-server
CVE-2018-1000110: User and Node Enumeration Through Jenkins Git Plugin <v3.7
CVE-2017-7284: Unitrends Force Password Change Without Current Password
CVE-2017-7283: Unitrends Enterprise Backup Solution RCE via Retore File
CVE-2017-7282: Unitrends Enterprise Backup Solution LFI
CVE-2017-7281: Unitrends Enterprise Backup Solution RCE Via File Upload
CVE-2017-7280: Unitrends Enterprise Backup Solution Command Execution
CVE-2017-7279: Unitrends Enterprise Backup Server Privilege Escalation.
CVE-2017-12861: Epson EasyMP Projector Bruteforce PIN
CVE-2017-12860: Epson EasyMP Projector Hardcoded PIN
CVE-2016-8972: IBM AIX Bellmail Local Root Exploit
CVE-2016-6079: AIX lquerylv 5.3, 6.1, 7.1, 7.2 Local Root Exploit
* CVE-2016-3053: AIX lsmcode Local Root Exploit
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)
Tool Information
Author
RhinoSecurityLabs
Project Added On
May 27, 2025
License
Open Source
Tags
Related Tools
CVE-2017-0199
Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.
Stable
CVE-2017-8759
Exploit toolkit CVE-2017-8759 - v1.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft .NET Framework RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.
Stable