PT-2026-3050

YouTube Video Grabber, now referred to as YouTube Downloader, 1.9.9.1 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious payload of 712 bytes with SEH manipulation to trigger a...

PT-2026-3049

Kingdia CD Extractor 3.0.2 contains a buffer overflow vulnerability in the registration name field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload exceeding 256 bytes to overwrite Structured Exception Handler and gain remote code execution through a bind...

PT-2026-3157

Name of the Vulnerable Software and Affected Versions Ether MP3 CD Burner version 1.3.8 Description The software contains a buffer overflow issue in the registration name field. This allows for remote code execution. An attacker can create a malicious payload to overwrite SEH handlers and execute...

Metasploit Wrap-Up 01/09/2026

RISC-V Payloads This week brings more RISC-V payloads from community member bcoles. One provides a new adapter which allows RISC-V payloads to be converted to commands and delivered as a Metasploit fetch-payload. The second is a classic bind shell, offering the user interactive connectivity to th...

Linux Command Shell, Bind TCP Inline

Listen for a connection and spawn a command shell Module Options msf use payload/linux/riscv32le/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show and set options... msf payloadshellbindtcp run This modu...

CVE-2025-13911

The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issu...

CVE-2025-13911

The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issu...

CVE-2025-13911

CVE-2025-13911 affects Inductive Automation Ignition SCADA, where Python scripting is used for automation. The root cause is insufficient controls on which Python libraries can be imported/executed within the scripting environment, paired with an Ignition service account that has system-level Win...

CVE-2025-13911 Inductive Automation Ignition Execution with Unnecessary Privileges

The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issu...

General Device Manager 2.5.2.2 Buffer Overflow

Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow SEH Date: 30.07.2023 Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ= Software Link 2: https://www.maxiguvenlik.com/uploads/importfiles/GeneralDeviceManager.zip Exploit Author: Ahmet Ümit BAYRAM Tested Version: 2.5.2.2 Tested...

General Device Manager 2.5.2.2 - Buffer Overflow (SEH) Exploit

Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow SEH Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ= Software Link 2: https://www.maxiguvenlik.com/uploads/importfiles/GeneralDeviceManager.zip Exploit Author: Ahmet Ümit BAYRAM Tested Version: 2.5.2.2 Tested on: Windows 10...

MP3 Convert Lord V1.0 Local Seh Exploit

Exploit Title: MP3 Convert Lord V1.0 Local Seh Exploit Date: 06.01.2023 Vendor Homepage: http://www.avlord.com/ Software Link: https://www.softpedia.com/dyn-postdownload.php/baa965c6b5d22d62987a4638f33d5ec1/63b86eb2/3ecb/4/2 Exploit Author: Achilles Tested Version: 1.0 Tested on: Windows 7 x64 1....

Exploit for Code Injection in Samba

CVE-2017-7494 SambaCry Exploit Exploit SambaCry CVE-2017-749...

ALLPlayer ALLMediaServer V1.6 SEH Exploit

Exploit Title: ALLPlayer ALLMediaServer V1.6 SEH Exploit Version:ALLMediaServer V1.6 Exploit Author: Achilles Vendor Homepage: http://www.allmediaserver.org/ Downlod Link:http://www.allmediaserver.org/LiveUpdate/ALLMediaServer.exe Tested on: Windows 7 Sp1 x86 Original Dos Author: Yehia Elghaly...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

PwnKit-go-LPE CVE-2021-4034 A golang based exp for CVE-2021...

Exploit for CVE-2017-17562

GoAhead Web Server 2.5 use multi/handler msf6 exploitmulti/h...

Exploit for CVE-2017-17562

GoAhead Web Server 2.5 use multi/handler msf6 exploitmulti/h...

YouTube Video Grabber 1.9.9.1 Buffer Overflow

Exploit Title: YouTube Video Grabber 1.9.9.1 - Buffer Overflow SEH Date: 01.11.2021 Software Link: https://www.litexmedia.com/ytgrabber.exe Exploit Author: Achilles Tested Version: 1.9.9.1 Tested on: Windows 7 64bit 1.- Run python code : YouTube.py 2.- Open EVIL.txt and copy All content to...

Linux/x86 - bind shell on port 13377 Shellcode (65 bytes)

Exploit Title: Linux/x86 - bind shell on port 13377 Shellcode 65 bytes Date: Jan 12, 2021 Exploit Author: ac3 Version: Linux x86 Tested on: Linux x86 linux x86 nc -lvve/bin/sh -p13377 shellcode This shellcode will listen on port 13377 using netcat and give /bin/sh to connecting attacker 31 c0 xor...

Boxoft Convert Master 1.3.0 - (wav) SEH Local Exploit

Exploit Title: Boxoft Convert Master 1.3.0 - 'wav' SEH Local Exploit Vendor Homepage: http://www.boxoft.com/ Software Link: http://www.boxoft.com/convert-master/setupboxoft-conver=t-master.exe Exploit Author: Achilles Tested Version: 1.3.0 Tested on: Windows 7 x64 1.- Run python code...