Exploit for CVE-2025-63406

CVE-2025-63406 PoC Installation bash Install depende...

PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)

Exploit Title: PX4 Military UAV Autopilot 1.12.3 - Denial of Service DoS Author: Mohammed Idrees Banyamer @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-21 Tested on: Ubuntu 20.04 LTS + PX4 SITL jMAVSim CVE: CVE-2025-5640 Type: Denial of Service DoS via Buffer Overflow...

Apache ActiveMQ 6.1.6 - Denial of Service (DOS)

Exploit Title: Apache ActiveMQ 6.1.6 - Denial of Service DOS Date: 2025-05-9 Exploit Author: Abdualhadi khalifa https://x.com/absholi7ly/ Github: https://github.com/absholi7ly/CVE-2025-27533-Exploit-for-Apache-ActiveMQ CVE: CVE-2025-27533 import socket import struct import time import datetime...

Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)

Exploit Title: Casdoor 1.901.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: 1.901.0 Date: 03/07/2024 Exploit Author: Van Lam Nguyen Vendor Homepage: https://casdoor.org/ Software Link: https://github.com/casdoor/casdoor/archive/refs/tags/v1.901.0.zip Tested on: Windows CVE : N/...

📄 Smart Manager 8.27.0 SQL Injection

Smart Manager version 8.27.0 suffers from a remote SQL injection vulnerability. Exploit Title: Smart Manager 8.27.0 - Post-Authenticated SQL Injection Date: 2024-01-18 Exploit Author: Ivan Spiridonov - xbz0n Vendor Homepage: https://www.storeapps.org/ Software Link:...

Exploit for CVE-2024-52550

CVE-2024...

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

Cisco-IOS-XE-CVE-2023-20198 Exploit PoC for CVE-2023-20198 Vul...

Gitea 1.24.0 Cross Site Scripting

Gitea version 1.24.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: Gitea 1.24.0 - HTML Injection Date: 2025-03-09 Exploit Author: Mikail KOCADAĞ Vendor Homepage: https://gitea.com Software Link: https://dl.gitea.io/gitea/1.24.0/ Version: 1.24.0 Tested on: Windows 10...

Exploit for Stack-based Buffer Overflow in Dlink Dap-1620_Firmware

CVE-2025-2620 Proof-of-Concept Exploit Overview This repos...

About Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112)

About Remote Code Execution - Windows Lightweight Directory Access Protocol LDAP CVE-2024-49112. The vulnerability is from the December Microsoft Patch Tuesday. Three weeks later, on January 1, researchers from SafeBreach released a write-up on this vulnerability, labeled as LDAPNightmare , and a...

CVE-2023-27479 Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-ui

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper...

Lansweeper lansweeper HelpdeskSetupActions SQL injection vulnerability

Summary A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions Lansweeper...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

Apache Tomcat Deserialization Vulnerability CVE-2020-9484...

Reolink RLC-410W web server misconfiguration information disclosure vulnerability

Summary An information disclosure vulnerability exists due to a web server misconfiguration in the reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. Tested...

D-LINK DIR-3040 Libcli 命令注入漏洞(CVE-2021-21819)

The DIR-3040 is an AC3000-based wireless internet router. As discussed in TALOS-2021-1285, a hidden telnet service can be started without authentication by visiting https:///starttelnet This service presents the user with a login prompt for their “libcli test environment”: $ telnet 192.168.0.1...

Client Management System 1.1 - 'Search' SQL Injection

Exploit Title: Client Management System 1.1 - 'Search' SQL Injection Date: 14 June 2021 Exploit Author: BHAVESH KAUL Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/client-management-system-using-php-mysql/ Version: 1.1 Tested on: Server: XAMPP Description Client...

Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover

Exploit Title: Anuko Time Tracker 1.19.23.5311 - Password Reset Vulnerability leading to Account Takeover Date: 2020-11-11 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.anuko.com/ Software Link: https://www.anuko.com/time-tracker/index.htm Version: 1.19.23.5311 Tested on: Kali...

RemShutdown 2.9.0.0 - (Name) Denial of Service Exploit

Exploit Title: RemShutdown 2.9.0.0 - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/remshutdownsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC: =====================...

XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service

Exploit Title: XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service Exploit Author : ZwX Exploit Date: 2019-11-18 Vendor Homepage : https://www.xmedia-recode.de/ Link Software : https://www.xmedia-recode.de/download.php Tested on OS: Windows 7 Social: twitter.com/ZwX2a contact: [email protected] ''' Proof...

Schneider Electric Modicon M580 UMAS memory block write denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the UMAS memory block write functionality of the Schneider Electric Modicon M580 Programmable Automation Controller, firmware version SV2.70. A specially crafted UMAS command can cause the device to enter a non-recoverable fault...