CVE-2026-8328

The connected documents identify CVE-2026-8328 as a Python Lib/ftplib.py issue: ftpcp() was not updated when CVE-2021-4189 was fixed. While makepasv() now replaces server-supplied PASV host addresses with the actual peer address (getpeername()[0]), ftpcp() still calls parse227() directly and forw...

PT-2026-39648

Name of the Vulnerable Software and Affected Versions dnsmasq affected versions not specified Description The extract name function can be abused to cause a heap buffer overflow, a condition where data exceeds the allocated memory buffer on the heap. This allows an attacker to inject false DNS...

CVE-2018-18365

Norton Password Manager may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic...

EUVD-2002-2401

Malware in sbrugna...

EUVD-2022-39077

Malicious code in bioql PyPI...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2025-24071 This Python script is designed to demonstrate...

Microsoft Windows - NTLM Hash Leak Malicious Windows Theme

Exploit Title: CVE-2024-21320 - NTLM Hash Leak via Malicious Windows Theme Date: 02/03/2025 Exploit Author: Abinesh Kamal K U CVE : CVE-2024-21320 Ref: https://www.cve.org/CVERecord?id=CVE-2024-21320 Step 1: Install Responder Responder is a tool to capture NTLM hashes over SMB. git clone...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 WinRAR Exploit Generator Created by: tech...

Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo_Lms

CVE-2023-4220 Chamilio exploit PoC Shamelessly Copied from...

Exploit for OS Command Injection in Php

Incident Response Walkthrough: Mitigating a Zero-Day Attack...

Gibbon 26.0.00 Server-Side Template Injection / Remote Code Execution

Exploit Title: Gibbon LMS has an SSTI vulnerability on the v26.0.00 version Date: 21.01.2024 Exploit Author: SecondX.io Research TeamIslam Rzayev,Fikrat Guliev, Ali Maharramli Vendor Homepage: https://gibbonedu.org/ Software Link: https://github.com/GibbonEdu/core Version: v26.0.00 Tested on:...

Exploit for Code Injection in Apache Airflow

Apache Airflow official report description says: A vulnerab...

Exploit for Code Injection in Vmware Spring_Cloud_Function

CVE-2022-22963 Remote Code Execution exploiting CVE-2022-2296...

Exploit for Incorrect Authorization in Cacti

CVE-2022-46169 This repository contains a Proof of Concept P...

Exploit for Injection in Strapi

CVE-2023-22621-POC CVE-2023-22621: SSTI to RCE by Exploiting E...

PhotoShow 3.0 Remote Code Execution

Exploit Title: PhotoShow 3.0 - Remote Code Execution Date: January 11, 2023 Exploit Author: LSCP Responsible Disclosure Lab Detailed Bug Description: https://lscp.llc/index.php/2021/07/19/how-white-box-hacking-works-remote-code-execution-and-stored-xss-in-photoshow-3-0/ Vendor Homepage:...

Notionterm - Embed Reverse Shell In Notion Pages

Embedreverse shell in Notion pages. Hack while taking notes FOR: Hiding attacker IP in reverse shell No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell Demo/Quick proof insertion within report High available and shareable reverse shell...

crossfire-server 1.9.0 - SetUp() Remote Buffer Overflow Exploit

Exploit Title: crossfire-server 1.9.0 - 'SetUp' Remote Buffer Overflow Exploit Author: Khaled Salem @Khaled0x07 Software Link: https://www.exploit-db.com/apps/43240af83a4414d2dcc19fff3af31a63-crossfire-1.9.0.tar.gz Version: 1.9.0 Tested on: Kali Linux 2020.4 CVE : CVE-2006-1236 !/bin/python impor...

Hotel Management System 1.0 - Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE)

Exploit Title: Hotel Management System 1.0 - Cross-Site Scripting XSS Arbitrary File Upload Remote Code Execution RCE Date: 2021-08-01 Exploit Author: Merbin Russel Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7204 Version: V1.0...

Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution Exploit

Exploit Title: Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution File Upload + SQL injection Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/11676/alphaware-simple-e-commerce-system.html...