Exploit for CVE-2025-60865

CVE Disclosures | Findings...

Exploit for Improper Input Validation in Unrealircd

UnrealIRCD 3.2.8.1 Backdoor Exploit A clean, flexible exploit...

CVE_choco_3

DESCRIPTION - During the security assessment of "STUDENT WEB...

CVE_choco_2

DESCRIPTION - During the security assessment of "STUDENT WEB...

Portswigger-Lab-SQLI-4

PortSwigger Web Security Academy Lab Report: SQL Injection Att...

xss-lab

No d...

Exploit for CVE-2017-7184

No d...

Exploit for Argument Injection in Gnu Inetutils

CVE-2026-24061 Telnet Root Exploit & Scanner A robust, multit...

spec-driven-workflow-poc

Steps for AI setup 1. Create .github folder in the root of th...

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

No d...

ASPXsploit

No d...

📄 Aggie 2.6.1 Host Header Injection

This is a detailed analysis and proof of concept exploit for CVE-2025-22381, a host header injection vulnerability discovered in Aggie version 2.6.1. CVE-2025-22381: Host Header Injection in Aggie Detailed analysis and Proof-of-Concept for CVE-2025-22381, a Host Header Injection vulnerability...

📄 MiniCMS 1.11 Exploitation Toolkit

This toolkit focuses on validating and demonstrating the impact of a known and documented design flaw in MiniCMS 1.11 related to its build process CVE-2018-1000638. MiniCMS relies on an insecure build.php script that blindly packages filesystem contents into install.php without enforcing integrit...

📄 Gakido CRLF Injection

A vulnerability was discovered in Gakido that allowed HTTP header injection through CRLF sequences in user-supplied header values and names. Versions prior to 0.1.1 are affected. Gakido - CRLF Injection Advisory ID: RO-26-005 CVE ID: CVE-2026-24489 Severity: Medium Vendor: HappyHackingSpace...

📄 Clicky by Yoast 1.4.3 Cross Site Scripting

Multiple persistent cross site scripting vulnerabilities exist in Clicky by Yoast WordPress Plugin version 1.4.3. This issue is older research added to the archive. Clicky by Yoast 1.4.3 - Multiple Stored Cross-site Scripting Advisory ID: RO-16-006 Severity: Medium Vendor: Yoast Product: Clicky b...

📄 Cockpit CMS 0.13.0 Remote Code Execution

Multiple remote code execution vulnerabilities exist in Cockpit CMS version 0.13.0. The vulnerabilities allow remote attackers to execute arbitrary PHP code on the server. This issue is older research added to the archive. Cockpit CMS 0.13.0 - Remote Code Execution Advisory ID: RO-16-004 Severity...

📄 MaNGOSWeb 4.0.6 Multi-Exploit Framework

A comprehensive penetration testing tool designed to identify and exploit multiple critical vulnerabilities in MangosWeb 4 version 4.0.6, a World of Warcraft emulator web interface. These include SQL injection, XML injection, file write vulnerabilities, and more...

📄 Serendipity 1.6.2 Cross Site Scripting

Multiple cross site scripting vulnerabilities exist in Serendipity version 1.6.2. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive. Serendipity 1.6.2 - Cross-site Scripting Advisory ID: RO-13-002 Severity: Mediu...

📄 glFusion 1.3.0 Blind SQL Injection

A critical blind SQL Injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This is older research...

📄 NetScaler 14.1 Vulnerability Scanner

This Metasploit module scans for vulnerable Citrix NetScaler ADC instances affected by the memory overflow noted in CVE-2025-6543. It identifies vulnerable versions through SNMP and SSH banner grabbing...