Exploit for CVE-2026-29923

CVE-2026-29923 — pstrip64.sys Local Privilege Escalation A mi...

CVE-2025-27852

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a reflected cross site scripting XSS attack. This allows an attacker on the local network segment to execute arbitrary JavaScript code within the context of the WDU webpage. Full administrator level access to the device is...

Exploit for CVE-2025-55182

CVE-2025-55182 - Dockerized Proof of Concept This repository...

Exploit for CVE-2025-13390

WP Directory Kit /dev/null echo "+ Auto-login successful"...

Exploit for Improper Access Control in Microsoft

CVE-2025-24076 Microsoft Windows Cross Device Service Eleva...

Ghost CMS 5.59.1 Arbitrary File Read

Ghost CMS version 5.59.1 proof of concept arbitrary file reading exploit. ============================================================================================================================================= | Title : Ghost CMS v 5.59.1 PHP Code Injection Vulnerability | | Author :...

acp2sev 7.2.2 Cross Site Scripting Vulnerability

Exploit Title: Self Stored XSS - acp2sev7.2.2 Date: 02/2025 Exploit Author: Andrey Stoykov Version: 7.2.2 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2025/02/friday-fun-pentest-series-19-self.html Self Stored XSS 1: Steps to Reproduce: 1. Visit...

GHSA-FH4V-V779-4G2W SSRF in sliver teamserver

Summary The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so Reproduction steps Run server wget...

ATutor 2.2.4 Host Header Injection

ATutor version 2.2.4 suffers from a host header injection vulnerability. Exploit Title: Host Header Injection - atutorv2.2.4 Date: 01/2025 Exploit Author: Andrey Stoykov Version: 2.2.4 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2025/01/friday-fun-pentest-series-18-host.html...

Exploit for Path Traversal in Iptanus Wordpress_File_Upload

CVE-2024-9047: Exploit for WordPress File Upload Plugin De...

Exploit for CVE-2021-41349

CVE-2021-41349 Exploit! Microsoft Exchange Server Spoofing...

User can call liquidate() and steal all collateral due to arbitrary router call

Lines of code Vulnerability details Impact A malicious user is able to steal all collateral of an unhealthy position in PARMinerV2.sol. The code for the liquidate function is written so that the following steps are followed: User calls PARMinerV2.liquidate PARMinerV2 performs the liquidation with...

Exploit for SQL Injection in Online_Event_Booking_And_Reservation_System_Project Online_Event_Booking_And_Reservation_System

CVE-2021-42667 CVE-2021-42667 - SQL Injection vulnerability in...

BasicNote 1.1.9 - Denial of Service Exploit

Exploit Title: BasicNote 1.1.9 - Denial of Service PoC Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=notizen.basic.notes.notas.note.notepad&hl=esMX Version: 1.1.9 Category: DoS Android Vulnerability BasicNote - Notas, Bloc de notas is vulnerable to a DoS...

Exploit for CVE-2020-1472

CVE-2020-1472 - Zero-Logon POC !alt texthttps://github.com...

WordPress Plugin Tagregator 0.6 - Cross-Site Scripting

Exploit Title: WordPress Plugin Tagregator 0.6 - Cross-Site Scripting Date: 2018-05-05 Exploit Author: ManhNho Vendor Homepage: https://wordpress.org/plugins/tagregator/ Software Link: https://downloads.wordpress.org/plugin/tagregator.0.6.zip Ref: https://pastebin.com/ZGr5tyP2 Version: 0.6 Tested...

My Video Converter 1.5.24 Buffer Overflow

!/usr/bin/env python Exploit Title : My Video Converter 1.5.24 - Remote Buffer Overflow Discovery by : Shubham Singh Known As : Spirited Wolf Twitter: @Pwsecspirit Email : [email protected] Youtube Channel : www.youtube.com/c/Pentestingwithspirit Discovey Date : 29/07/2018 Software Link...

Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Author Information Author : Ahmed Elhady Mohamed twitter : @AhmedELhady Date : 01/07/2018 Software Information Affected Software : SeoChecker Umbraco CMS Plug-in Version: version 1.9.2 Software website : https://soetemansoftware.nl/seo-checker...

SysGauge 4.5.18 - Local Denial of Service

!/usr/bin/python Exploit Title : SysGauge v4.5.18 - Local Denial of Service Exploit Author : Hashim Jawad Twitter : @ihack4falafel Author Website : ihack4falafel.com Vendor Homepage : http://www.sysgauge.com/ Vulnerable Software : http://www.sysgauge.com/setups/sysgaugesetupv4.5.18.exe Note :...

sNews CMS 1.7 Shell Upload

Exploit Title : Snews CMS upload sheller Author : Ashiyane Digital Security Team Google Dork : "This site is powered by sNews" Date : 04/11/2016 Type : webapps Platform : PHP Vendor Homepage : http://snewscms.com/ Software link : http://snewscms.com/download/snews1.7.1.zip Version : 1.7latest 3...