WEB-EXPLOITATION-ARSENAL-v1.0

Web Exploitation Arsenal v1.0 A comprehensive, modular web ap...

Exploit for Deserialization of Untrusted Data in Facebook React

react2shell-exploit React2Shell: CVE-2025-55182 POST / HT...

cyber-ai-agent

╔══════════════════════════════════════╗ ║ CYBER-OMNI...

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 ⚠ This tool is created solely for education...

DotNetNuke 9.2 - 9.2.2 - Weak Encryption & Cookie Deserialization

DNN DotNetNuke versions 9.2 through 9.2.2 use a weak encryption algorithm to protect input parameters because of an incomplete fix for CVE-2018-15811. This cryptographic weakness enables attackers to craft malicious DNNPersonalization cookies that can be deserialized, leading to remote code...

WordPress WPQA <5.4 - Cross-Site Scripting

WordPress WPQA plugin prior to 5.4 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter on its reset password form. id: CVE-2022-1597 info: name: WordPress WPQA 5.4 - Cross-Site Scripting author: veshraj severity: medium description: | WordPress WPQ...

WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access

WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file access. The plugin does not validate user input before using it to output the content of a file, which can allow an attacker to read arbitrary files on the server, obtain sensitive information, modify data, and/or...

BigAnt Server v5.6.06 - Local File Inclusion

BigAnt Server v5.6.06 is vulnerable to local file inclusion. id: CVE-2022-23347 info: name: BigAnt Server v5.6.06 - Local File Inclusion author: 0xAkoko severity: high description: BigAnt Server v5.6.06 is vulnerable to local file inclusion. impact: | Successful exploitation of this vulnerability...

DVDFab 12 Player/PlayerFab - Local File Inclusion

DVDFab 12 Player/PlayerFab is susceptible to local file inclusion which allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player recently renamed PlayerFab has read-access. id: CVE-2022-25216 info: name: DVDFab 12 Player/PlayerFa...

Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion

Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /...." substring. id: CVE-2022-26233 info: name: Barco Control Room Management Suite =2.9...

Cuppa CMS v1.0 - SQL injection

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menufilter parameter at /administrator/templates/default/html/windows/right.php. id: CVE-2022-27984 info: name: Cuppa CMS v1.0 - SQL injection author: theamanrawat severity: critical description: | CuppaCMS v1.0 was...

Grafana v8.x - Arbitrary File Read

Grafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing access to local files. The vulnerable URL path is /public/plugins/NAME/, where NAME is the plugin ID for any installed plugin. id: CVE-2021-43798 info: name: Grafana v8.x - Arbitrary File Read autho...

IND780 - Local File Inclusion

IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 SS Label 'IND7808.0.07', Version 7.2.10 June 18, 2012 SS Label 'IND7807.2.10' is vulnerable to unauthenticated local file inclusion. It is possible to traverse the folders of the affected host by providing a relative path to the...

MODx manager - Local File Inclusion

A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. dot dot in the classkey parameter when magicquotesgpc is disabled. id: CVE-2010-5278 info: name: MODx manag...

Microsoft SharePoint - Remote Code Execution

Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application package. id: CVE-2020-16952 info: name: Microsoft SharePoint - Remote Code Execution author: dwisiswant0 severity: high description: Microsoft SharePoint is vulnerabl...

Suprema BioStar <2.8.2 - Local File Inclusion

Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion. id: CVE-2020-15050 info: name: Suprema BioStar 2.8.2 - Local File Inclusion author: gy741 severity: high description: Suprema BioStar before 2.8.2 Video Extensio...

Academy LMS 6.2 - Cross-Site Scripting

A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument...

Apache OFBiz < 18.12.07 - Local File Inclusion

Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07. id: CVE-2022-47501 info: name: Apache OFBiz 18.12.07 - Local File Inclusion author: your3cho severity:...

Yearning - Directory Traversal

Yearning has a directory traversal vulnerability that can be exploited by attackers to obtain sensitive information. The vulnerability is present in multiple versions of Yearning. id: CVE-2022-27043 info: name: Yearning - Directory Traversal author: Co5mos severity: high description: | Yearning h...

Linx Sphere - Directory Traversal

A directory traversal vulnerability in the component SCS.Web.Server.SPI/1.0 of Linx Sphere LINX 7.35.ST15 allows attackers to read arbitrary files. id: CVE-2022-45269 info: name: Linx Sphere - Directory Traversal author: robotshell severity: high description: | A directory traversal vulnerability...