Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)

Exploit Title: Anchor CMS 0.12.7 - Stored Cross Site Scripting XSS Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/archive/refs/tags/0.12.7.zip Version: latest Tested on: MacOS Log in to Anchor CMS...

📄 jQuery 3.3.1 Cross Site Scripting

jQuery version 3.3.1 proof of concept exploit that demonstrates cross site scripting via improper script handling and prototype pollution. Exploit Title: jQuery Prototype Pollution & XSS Exploit CVE-2019-11358 & CVE-2020-7656 Google Dork: N/A Date: 2025-02-13 Exploit Author: xOryus Vendor Homepag...

📄 WBCE CMS 1.6.3 Remote Code Execution

WBCE CMS version 1.6.3 suffers from an authenticated remote code execution vulnerability. Exploit Title: WBCE CMS " exit 1 fi if -z "$which nc" ; then echo "! Netcat is not installed." exit 1 fi ip=$1 port=$2 rm -rf shellModule.zip rm -rf shellModule mkdir shellModule echo Crafting Payload cat...

Exploit for Unrestricted Upload of File with Dangerous Type in Etoilewebdesign Front_End_Users

CVE-2025-2005 - Pwn en WordPress Front-End Users Plugin B...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2025-24071 This Python script is designed to demonstrate...

Teachers Record Management System 2.1 Cross Site Scripting Vulnerability

Exploit Title: Teachers Record Management System v2.1 | Unauthenticated Cross-Site Scripting XSS Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/ Demo Site:...

Wazuh 4.9.1 Remote Code Execution

Wazuh version 4.9.1 proof of concept remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : Wazuh v 4.9.1 PHP Code Injection Vulnerability | | Autho...

Teachers Record Management System 2.1 SQL Injection Vulnerability

Exploit Title: Teachers Record Management System v2.1 | Authenticated Time-Based SQLi Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/ Demo Site: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=10739...

Firefox 135.0.1 Download Stresser

Firefox version 135.0.1 appears to suffer from a download looping issue that allows a malicious site to constantly download files to a user's browser. Exploit Title: Firefox 135.0.1 bypass Download protections PoC Date: 2025-02-28 Exploit Author: Emiliano Febbi Vendor Homepage:...

About Remote Code Execution – Windows OLE (CVE-2025-21298) vulnerability

About Remote Code Execution - Windows OLE CVE-2025-21298 vulnerability. The vulnerability is from the January Microsoft Patch Tuesday. OLE Object Linking and Embedding is a technology for linking and embedding objects into other documents and objects, developed by Microsoft. A common use of this...

Ivanti Buffer Overflow Proof of Concept

Proof of concept exploit for CVE-2025-0282, a remote unauthenticated stack based buffer overflow affecting Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways. PoC for CVE-2025-0282, a remote unauthenticated stack based buffer overflow affecting Ivanti Connect Secure,...

Exploit for Out-of-bounds Read in Microsoft

PoC exploit for CVE-2024-49113, a Windows Server vulnerability...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Apache Tomcat

Tomcat-CVE-2024-50379-Poc !Languagehttps://img.shields.io/...

Exploit for CVE-2024-35176

CVE-20...

Exploit for Link Following in Rarlab Unrar

A proof of concept for CVE-2022-30333 - a path traversal vulnera...

Owners Collection Management System v1.0 SQL - Injection Vulnerability

Title: Owners Collection Management System v1.0 SQL - Injections Author: nu11secur1ty Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/15162/home-owners-collection-management-system-phpoop-free-source-code.html Reference:...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This repository is an open-source collection of vulnerable systems and applications for educational purposes, known as Vulhub. It is a defensive blue-team research and threat mitigation tool, used to improve detection, response, and patch prioritization. The repository contains a variety of...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

sample-ldap-exploit A short demo of CVE-2021-44228 Build...

Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation Vulnerability

Exploit Title: Simple Online College Entrance Exam System 1.0 - Unauthenticated Admin Creation Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...

Exploit for Use After Free in Microsoft

CVE-2019-0708-PoC-Hitting-Path Really Really Bad, don't judg...