274405 matches found
Exploit for Path Traversal in Repetier-Server
Repetier-Server |HTTP request with ..%5c traversal| BRepetier...
Exploit for OS Command Injection in Beyondtrust Privileged_Remote_Access
CVE-2026-1731 Blind RCE PoC Effected Versions: - Privi...
Proof-of-Concept
P...
DrakonixReverseShellPlayground
No d...
Exploit for OS Command Injection in Std42 Elfinder
CVE-2019-9194 — elFinder Command Injection PoC Command in...
Exploit for OS Command Injection in Std42 Elfinder
CVE-2019-9194 — elFinder Command Injection PoC Command in...
📄 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner
This C++ scanner analyzes DNG Digital Negative files for the CVE-2025-58478 type confusion vulnerability in the libimagecodec.quram.so library used on Samsung devices...
📄 Samsung Malformed DNG ColorMatrix2 Out-Of-Bounds Read
A memory safety vulnerability was identified in Samsung’s image decoding library libimagecodec.quram.so, affecting the handling of DNG Digital Negative image files. The issue stems from improper bounds validation when parsing the ColorMatrix2 0xC622 tag within DNG metadata. By supplying a crafted...
📄 Samsung QuramDNG Heap Corruption
A vulnerability exists in Samsung's image decoding library libimagecodec.quram.so responsible for parsing Digital Negatives DNG. A malformed DNG containing oversized IFD entries can cause heap corruption. With precise heap grooming, this condition may lead to remote code execution when the...
📄 Redash 25.8.0 Password Hash Extraction
This PHP script is a security exploitation tool that targets Redash, an open-source data visualization platform. The tool leverages a configuration vulnerability in Redash's default PostgreSQL setup to perform two critical attacks. It can execute arbitrary system commands on the database server...
📄 motionEye 0.43.1b4 Remote Command Injection
A remote command injection vulnerability exists in motionEye versions up to and including 0.43.1b4. The issue arises from improper validation and sanitization of user‑supplied input within camera configuration parameters. Under certain conditions, authenticated users can inject crafted input that...
📄 RustFly 2.0.0 Event Manipulation
The remote UI control mechanism of RustFly accepts raw hex-encoded instructions over UDP. Some sequences trigger execution of remote system-level operations. Improper sanitization allows command-level injection. Version 2.0.0 is affected...
📄 RuoYi 4.7.9 Advanced SQL Injection Exploitation Toolkit
This Python script is a sophisticated SQL injection exploitation tool that targets Java web applications specifically RuoYi framework, with additional remote code execution capabilities. The tool performs blind SQL injection attacks and includes multiple methods for escalating from SQL injection ...
📄 Ruckus Unleashed 200.13.6.1.319 XSS Scanner
This is a testing script to validate whether or not a Ruckus Unleashed system is vulnerable to the cross site scripting vulnerability in version 200.13.6.1.319...
📄 Remote for Mac 2025.6 Unauthenticated UDP Keyboard Remote Code Execution
A remote code execution vulnerability exists in Remote for Mac version 2025.6. When the "Allow unknown devices" option is enabled, the application accepts unauthenticated key input over UDP on port 1947. By sending a crafted sequence of UDP packets that simulate keyboard events, an attacker can...
📄 Samsung QuramDng Malformed DNG TrimBounds Opcode Out‑Of‑Bounds Read
A vulnerability exists in the image decoding logic of Quram DNG parser within libimagecodec.quram.so. The flawed bounds validation in handling TrimBounds opcode triggers out-of-bounds reads on heap-allocated image buffers. This issue allows remote attackers to craft a malicious DNG payload, embed...
📄 ChurchCRM 6.8.0 Information Disclosure Tester
ChurchCRM versions 6.8.0 and earlier expose the installation setup endpoint without proper access restrictions. If the setup process remains accessible after deployment, it may allow unauthorized users to interact with configuration parameters. This misconfiguration increases the risk of...
📄 Rejetto HTTP File Server 2.3m Unauthenticated Remote Code Execution
Proof of concept exploit for an unauthenticated remote code execution vulnerability in Rejetto HTTP File Server version 2.3m that leverages template injection...
📄 Saturn Remote Mouse Server 1 Command Injection
A service component of Saturn Remote Mouse Server listens for unauthenticated UDP JSON-like frames on UDP port 27000. Improper input handling allows specially crafted frames to cause execution of arbitrary commands within the context of the service process, resulting in remote code execution on t...
📄 Ray 2.8.0 Path Traversal
A path traversal vulnerability was identified in versions prior to 2.8.1 of Ray affecting the Ray Dashboard service default port 8265. The issue stems from improper validation and sanitization of user-supplied file paths within the static file handling mechanism. By manipulating path traversal...