274045 matches found
picoctf-super-serial
picoCTF β Super Serial Category: Web Exploitation Dif...
Exploit for Improper Authentication in Checkpoint Gaia_Os
CVE-2026-50751 Scanner Multi-target detection scanner for CV...
binary-exploitation-labs
Binary Exploitation & Reverse Engineering Labs Hands-on labs...
Exploit for OS Command Injection in Redhat Openshift_Container_Platform
Usage: For anonymos login: python3 exploit.py --lho...
Exploit for Use After Free in Redis
CVE-2025-49844 - RediShell Use-after-free in Redis Lua scri...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Portainer
CVE-2026-44881 β Portainer Git Symlink β Arbitrary Host File R...
objdump-dlx-calc-poc
objdump dlx calc poc Small repro for an objdump -g crash-to...
Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin
CVE-2026-54420 Mitigation Toolkit !Licensehttps://img.shie...
Exploit for CVE-2026-20262
cve-id β‘ Simple Usage Use this project only in safe and...
Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin
cve-id β‘ Simple Usage Use this project only in safe and...
Exploit for CVE-2026-54686
CVE-2026-54686: Warp Remote SSH Command Injection PoC Desc...
Mr-Robot-CTF-Automation-Scripts
No d...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 β React2Shell Critical pre-authentication Remo...
π Wertheim SafeController Software for VAULT ROOMS Traversal / Bypass / Broken Controls
Wertheim SafeController Software for VAULT ROOMS with AssemblyVersion 6.15.8328.28014 suffer from violation of least privilege, broken websocket authorization, broken access control, IP restriction bypass, path traversal, upload restriction bypass, unauthenticated access, hardcoded secret,...
π Xerte Online Toolkits 3.15 Shell Upload
This Metasploit module bypasses authentication failure, extension blacklist, and path traversal vulnerabilities in the /editor/elfinder/php/connector.php endpoint to upload and execute a shell in Xerte Online Toolkits versions 3.15 commit 4e40f8030a2e3267267db7ce03e0ff57270be6f5 as there are no...
π Google Chrome V8 Type Confusion
This Metasploit module exploits a type confusion vulnerability in Google Chrome's V8 JavaScript engine versions prior to 149.0.7827.103. The vulnerability is triggered by a specific pattern that causes type confusion between internal V8 objects, leading to out-of-bounds memory access. Successful...
π Casdoor 3.54.1 Path Traversal / Arbitrary File Write
This Metasploit module exploits a path traversal vulnerability in the storage provider management component of Casdoor versions prior to 3.54.1. By creating a Local File System provider with a manipulated pathPrefix, an authenticated administrator can bypass the storage sandbox to write, overwrit...
π Casdoor 3.54.1 Arbitrary File Write / Shell Upload
This Python3 script exploits a path traversal flaw in Casdoor version 3.54.1 that allows an authenticated attacker to write files anywhere on the server via a misconfigured storage provider. If written to an executable location, a shell can be minted...
π YAMCS 5.12.6 LdapAuthModule LDAP Injection / Authentication Bypass
This Metasploit module exploits an LDAP injection vulnerability in the YAMCS LdapAuthModule. The username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, allowing an attacker to bypass authentication. By crafting a malicious username containing LDAP special...
π Waves Central 16.6.0 Local Privilege Escalation
Waves Central versions 13.0.8 through 16.6.0 suffer from multiple local privilege escalation vulnerabilities. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Local Privilege Escalation Vulnerabilities product:...