Rce

The application is vulnerable to JWT token forgery, remote code execution (RCE), and privilege escalation via slo-generator.

Application has exposed credentials vulnerability, Function Injection leading to RCE, improper use of eval() in Python, and privilege escalation via verify.py script.

The application has vulnerabilities of Local File Inclusion (LFI), Remote Code Execution (RCE) via Jenkins, and privilege escalation using a SUID binary.

The application has remote code execution (RCE) vulnerabilities in the ReportLab library and privilege escalation via "Shared Library Hijacking".

The Poisoning machine has an LFI vulnerability exploited with Log Poisoning for RCE execution, followed by privilege escalation using Python with cap_setuid+ep capability for root.

The Lion machine is vulnerable to SQL injection, allowing RCE through the upload of a webshell, and has privilege escalation via cron jobs.

Exploring an SSTI vulnerability in a live rendering application, it is possible to gain RCE on the server. The privilege escalation involves sudo permissions on logstash.