274464 matches found
100-days-challenge-day-30-XSS-attacks
100-days-challenge-day-30-XSS-attacks XSS attacks demonstrate...
📄 macOS Sierra 10.12 Build 16A323 Double-Free / Privilege Escalation
macOS Sierra version 10.12 Build 16.A323 local privilege escalation proof of concept exploit. A flaw in the MIG ownership model within the ioserviceaddnotificationool routine of IOKit allows a malicious user to leak Mach port send-right references. By repeatedly invoking notifications with...
📄 Magento 2 / Adobe Commerce 2.4.x SessionReaper
This PHP script is a proof of concept exploit targeting Magento for CVE‑2025‑54236, commonly referred to as SessionReaper. It is a PHP port of an original Metasploit module and is designed for security testing...
📄 ManageEngine DeviceExpert 5.6 Traversal / Code Execution
Proof of concept exploit for ManageEngine DeviceExpert version 5.6 that injects PHP code into a user agent and uses a path traversal vulnerability to execute code...
📄 Juniper JunOS 23.4 Module Scanner / Exploitation Framework
This PHP script is a modular scanner and exploitation framework targeting Juniper JunOS CVE‑2023‑36846, an arbitrary file upload vulnerability due to missing authentication.. It is designed with a clear separation of responsibilities and supports single‑target testing, interactive exploitation, a...
📄 AVideo 14.3.1 notify.ffmpeg.json.php Remote Code Execution
AVideo version 14.3.1 unauthenticated remote code execution exploit that leverages notify.ffmpeg.json.php. ============================================================================================================================================= | Title : AVideo 14.3.1 via notify.ffmpeg.json.p...
telnetd argument injection vulnerability
Added: 01/26/2026 Background The Telnet service allows remote users to authenticate to a system and use an interactive command shell. The Telnet service is implemented by the Telnet daemon, telnetd. Problem The telnetd program included in GNU Inetutils allows authentication to be bypassed with a ...
📄 Magento Adobe Commerce 2.4.6-p5 Arbitrary File Read
Magento Adobe Commerce version 2.4.6-p5 arbitrary file read proof of concept exploit. ============================================================================================================================================= | Title : Magento Adobe Commerce 2.4.6-p5 arbitrary file read...
📄 WordPress SureForms 2.2.0 Cross Site Scripting
WordPress SureForms plugin versions 2.2.0 and below suffer from a persistent cross site scripting vulnerability. CVE-2025-14855: SureForms WordPress Plugin Stored XSS Proof of Concept - Target: WordPress Plugin "SureForms" - Plugin Wordpress: https://wordpress.org/plugins/sureforms/ - Vulnerabili...
📄 GNU Inetutils 2.7 telnet Privilege Escalation
Although Packet Storm has multiple exploits relating to this issue, this advisory keeps the details on the GNU Inetutils 2.7 telnetd privilege escalation vulnerability quite simple. Titles: Telnet Argument Injection Privilege Escalation - RCE Author: nu11secur1ty Date: 1/24/2026 Vendor:...
📄 Ivanti 11.10 MobileIron Vulnerability Scanner
This PHP-based scanner detects unauthenticated access vulnerabilities in Ivanti EPMM / MobileIron products. The issue allows attackers to retrieve sensitive user information via exposed API endpoints. Version 11.10 is affected...
📄 macOS 10.13.6 Reference Leak
This is a proof of concept for an older flaw that targets macOS 10.13.6. A flaw in the MIG ownership model within the ioserviceaddnotificationool routine of IOKit allows a malicious user to leak Mach port send-right references. By repeatedly invoking notifications with malformed matching data, MI...
telnetd argument injection vulnerability
Added: 01/26/2026 Background The Telnet service allows remote users to authenticate to a system and use an interactive command shell. The Telnet service is implemented by the Telnet daemon, telnetd. Problem The telnetd program included in GNU Inetutils allows authentication to be bypassed with a ...
Cisco Unified Communications Manager command injection
Added: 01/26/2026 Background Cisco Unified Communications Manager is a product suite for managing voice and video communication and messaging. Problem A command injection vulnerability in multiple Cisco communications products could allow a remote attacker to execute arbitrary commands. Resolutio...
Cisco Unified Communications Manager command injection
Added: 01/26/2026 Background Cisco Unified Communications Manager is a product suite for managing voice and video communication and messaging. Problem A command injection vulnerability in multiple Cisco communications products could allow a remote attacker to execute arbitrary commands. Resolutio...
Exploit for Code Injection in Rejetto Http_File_Server
No d...
Exploit for SQL Injection in Internet-Formation Wp-Advanced-Search
CVE-20...
PS5-Host
No d...
Exploit for CVE-2025-36911
WhisperPair-PoC-Tool and Research A deep dive into CVE-2025-3...
Exploit for Cross-site Scripting in Warfareplugins Social_Warfare
CVE-2...