274405 matches found
Exploit for CVE-2025-4517
CVE-2025-4517 — Python tarfile filter="data" Bypass PoC P...
Exploit for CVE-2026-24514
!Authorhttps://img.shields.io/badge/Author-Mohammed%20Idrees%...
Exploit for Improper Handling of Exceptional Conditions in Apache Struts
Apache Struts2 S2-045 RCE CVE-2017-5638 📌 Overview This...
potato_checker
potatocheck Checks the current process con...
📄 GLPI Accessible Documents Insecure Direct Object Reference
This Metasploit auxiliary module scans a GLPI installation for improperly exposed documents linked to KnowbaseItem objects via the document.send.php endpoint. The module performs an automated enumeration of docid values within a defined range and attempts to access documents without authenticatio...
📄 Splunk Enterprise 8.2.9 / 9.0.2 Authenticated Remote Code Execution
Proof of concept exploit for CVE-2022-43571, a critical authenticated remote code execution vulnerability affecting Splunk Enterprise versions 8.2.9 and 9.0.2. The flaw resides in the SimpleXML dashboard PDF generation process, where insufficient input sanitization allows a privileged authenticat...
📄 Sophos Web Virtual Appliance 3.7.0 Directory Traversal
Proof of concept exploit for an older vulnerability from 2013 where Sophos Web Virtual Appliance version 3.7.0 suffered from a directory traversal vulnerability...
📄 Solar FTP Server 2.1.1 PASV Denial of Service
Solar FTP Server version 2.1.1 PASV command denial of service proof of concept exploit written in PHP. ============================================================================================================================================= | Title : Solar FTP Server 2.1.1 PASV Command - Deni...
📄 wlc SSL Certification Validation Bypass
This proof of concept demonstrates a security issue in wlc versions earlier than 1.17.0, where SSL/TLS certificate validation can be bypassed. By attempting connections to endpoints with invalid certificates such as self‑signed or expired certificates, the proof of concept verifies whether wlc...
📄 Apache Traffic Server 9.2.5 Denial of Service
Proof of concept remote denial of service exploit for Apache Traffic Server versions 9.2.0 through 9.2.5 that leverages the host header. ============================================================================================================================================= | Title : Apache...
📄 SmarterMail 100.0.9413 GUID File Remote Code Execution
This PHP code implements a fully automated remote exploitation framework targeting SmarterMail version 100.0.9413. It is designed to identify the service, determine the underlying operating system, abuse a file upload mechanism with path traversal, and achieve arbitrary file write leading to remo...
📄 Selenium Server (Grid) 4.27.0 Code Injection
Proof of concept exploit for Selenium Server Grid versions 4.27.0 and below that exploits firefoxprofile to force the browser to run bash commands. ============================================================================================================================================= | Title...
📄 GnuTLS X.509 Name Constraints Denial of Service
This program is a multi-threaded test application created to analyze the impact of excessive X.509 Name Constraints processing in vulnerable versions of GnuTLS CVE-2025-14831. It generates a configurable certificate chain and attaches a very large number of Name Constraints and Subject Alternativ...
📄 Soosyze CMS 2.0 Rate Limit Scanner
Soosyze CMS 2.0 suffers from a missing authentication rate‑limiting vulnerability CWE‑307 on the /user/login endpoint. The application allows unlimited failed login attempts without triggering protections such as rate limiting, account lockout, or CAPTCHA. The provided automatic detection script...
📄 Dell RecoverPoint for Virtual Machines Shell Upload
This proof of concept leverage Tomcat manager credentials to upload and execute a malicious WAR file containing a JSP web shell on Dell RecoverPoint appliances...
Exploit for Use After Free in Google Chrome
CVE-2026-2441-PoC CVE-2026-2441 PoC Chrome CSS Use-After-Free...
ViGEmBus-Driver-Exploitation
Summary ViGEmBus.sys is a kernel-mode driver used for virtu...
Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server
CVE-2025-47812 — Wing FTP Server Unauthenticated remote code...
Exploit for Code Injection in Ivanti Endpoint_Manager_Mobile
Ivanti EPMM pre-auth RCE Dummy Target A simple demo applicati...
Exploit for CVE-2026-25890
CVE-2026-25890 - FileBrowser Access Control Bypass !Authorh...