Exploit for CVE-2025-63406

CVE-2025-63406 PoC Installation bash Install depende...

Apache ActiveMQ 6.1.6 - Denial of Service (DOS)

Exploit Title: Apache ActiveMQ 6.1.6 - Denial of Service DOS Date: 2025-05-9 Exploit Author: Abdualhadi khalifa https://x.com/absholi7ly/ Github: https://github.com/absholi7ly/CVE-2025-27533-Exploit-for-Apache-ActiveMQ CVE: CVE-2025-27533 import socket import struct import time import datetime...

Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)

Exploit Title: Casdoor 1.901.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: 1.901.0 Date: 03/07/2024 Exploit Author: Van Lam Nguyen Vendor Homepage: https://casdoor.org/ Software Link: https://github.com/casdoor/casdoor/archive/refs/tags/v1.901.0.zip Tested on: Windows CVE : N/...

📄 Smart Manager 8.27.0 SQL Injection

Smart Manager version 8.27.0 suffers from a remote SQL injection vulnerability. Exploit Title: Smart Manager 8.27.0 - Post-Authenticated SQL Injection Date: 2024-01-18 Exploit Author: Ivan Spiridonov - xbz0n Vendor Homepage: https://www.storeapps.org/ Software Link:...

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

Cisco-IOS-XE-CVE-2023-20198 Exploit PoC for CVE-2023-20198 Vul...

About Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112)

About Remote Code Execution - Windows Lightweight Directory Access Protocol LDAP CVE-2024-49112. The vulnerability is from the December Microsoft Patch Tuesday. Three weeks later, on January 1, researchers from SafeBreach released a write-up on this vulnerability, labeled as LDAPNightmare , and a...

CVE-2023-27479 Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-ui

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper...

Lansweeper lansweeper HelpdeskSetupActions SQL injection vulnerability

Summary A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions Lansweeper...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

Apache Tomcat Deserialization Vulnerability CVE-2020-9484...

Reolink RLC-410W web server misconfiguration information disclosure vulnerability

Summary An information disclosure vulnerability exists due to a web server misconfiguration in the reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. Tested...

D-LINK DIR-3040 Libcli 命令注入漏洞(CVE-2021-21819)

The DIR-3040 is an AC3000-based wireless internet router. As discussed in TALOS-2021-1285, a hidden telnet service can be started without authentication by visiting https:///starttelnet This service presents the user with a login prompt for their “libcli test environment”: $ telnet 192.168.0.1...

Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover

Exploit Title: Anuko Time Tracker 1.19.23.5311 - Password Reset Vulnerability leading to Account Takeover Date: 2020-11-11 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.anuko.com/ Software Link: https://www.anuko.com/time-tracker/index.htm Version: 1.19.23.5311 Tested on: Kali...

XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service

Exploit Title: XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service Exploit Author : ZwX Exploit Date: 2019-11-18 Vendor Homepage : https://www.xmedia-recode.de/ Link Software : https://www.xmedia-recode.de/download.php Tested on OS: Windows 7 Social: twitter.com/ZwX2a contact: [email protected] ''' Proof...

Schneider Electric Modicon M580 UMAS set breakpoint denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS set breakpoint functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault state,...

Schneider Electric Modicon M580 UMAS memory block write denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS memory block write functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault...

Schneider Electric Modicon M580 UMAS read system blocks and bits information disclosure vulnerability

Summary An exploitable information disclosure vulnerability exists in the UMAS Read System Blocks and Bits functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to return blocks of...

Lyric Video Creator 2.1 - (.mp3) Denial of Service Exploit

-- coding: utf-8 -- Exploit Title: Lyric Video Creator 2.1 - '.mp3' Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://lyricvideocreator.com/ Software Link: https://lyricvideocreator.com/dwl/LyricVideoCreator.exe Version: 2.1 Tested on: Windows 10 Proof of Concept: 1.- Run t...

gif2apng 1.9 - .gif Stack Buffer Overflow

gif2apng 1.9 - .gif Stack Buffer Overflow Exploit Title: gif2apng 1.9 '.gif' Stack-Buffer Overflow Date: 20 April 2018 Exploit Author: Hamm3r.py Vendor Homepage: http://gif2apng.sourceforge.net/ Version: 1.9 Tested on: Ubuntu 16.04 CVE : gif2apng is vulnerable to a stack based buffer overflow whe...

Frog CMS 0.9.5 Cross Site Request Forgery

Exploit Title:aa Cross Site Request Forgery- Frog CMS Date: 31-03-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://github.com/philippe/FrogCMS Version: 0.9.5 CVE : CVE-2018-8908 Category: Webapp CMS 1...

Advanced Real Estate Script 4.0.7 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Advanced Real Estate Script 4.0.7 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/advanced-real-estate-script/ Demo:...