Metasploit-Simulation-lab

🛡️ Metasploit Simulation Lab — Ethical Hacking Training !alt...

📄 WebRemoteControl Unauthenticated Remote Filesystem Access

Proof of concept tool that demonstrates how WebRemoteControl suffers from unauthenticated remote filesystem access and potential remote code execution. ================================================================================================================================== | Title :...

📄 Drupal core 10.5.5 SQL Injection

This proof of concept demonstrates an error-based remote SQL injection vulnerability in Drupal core version 10.5.5 PostgreSQL. User-controlled JSON:API filter array keys influence SQL query construction, allowing database information disclosure through SQL error messages. Exploit Title: Drupal Co...

📄 dcontrol 1.0.9 Screen Capture

The script is a fully featured remote screen-capture client targeting an exposed WebSocket service /ws associated with a dcontrol deployment. It includes capabilities that move beyond diagnostic or administrative testing into active surveillance and unauthorized access workflows. Version 1.0.9 is...

📄 Samba SMB Printer Queue Command Injection / Remote Task Delivery

This Python script is a structured exploitation framework targeting Samba print services exposed over SMB port 445. It focuses on printer-share interaction, payload delivery testing, and command execution workflows through manipulated print job submissions. It's written to target versions 4.22.10...

📄 Samba Print Command Injection

This Python proof of concept framework analyzes Samba printing configurations for unsafe print command usage involving the %J variable and demonstrates how command injection conditions could arise in vulnerable setups. It's written to target versions 4.22.10, 4.23.8 and 4.24.3...

📄 WordPress OrderConvo 13.5 Path Traversal

Proof of concept exploit that demonstrates a path traversal vulnerability in WordPress OrderConvo plugin version 13.5. Exploit Title: WordPress OrderConvo 14 - Path Traversal Date: 05-31-2026 Exploit Author: Diamorphine Vendor Homepage: https://www.najeebmedia.com/ Software Link:...

htb-myexpense-writeup

htb-myexpense...

cve-arsenal

cve-arse...

Exploit for CVE-2026-8206

No d...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

No d...

signal-echo-radar

Signal Echo Radar Signal Echo Radar is a static cybersecurity...

CVE-2026-ThreemaWeb-PrototypePollution

CVE-2026-XXXXX: Threema Web Prototype Pollution via URI Query...

CVE-2026-BetterSQLCipher-RCE

CVE-2026-XXXXX: better-sqlcipher loadExtension Remote Code E...

portswigger-labs

PortSwigger Web Security Academy — Lab Notes Notes from compl...

Exploit for CVE-2026-20980

Part 1: Arbitrary AT command execution CVE-2026-20980 Appl...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Strapi

CVE-2026-27886 Strapi PoC For authorized security testing o...

snyk-agentic-appsec-poc

Snyk Agentic AppSec POC Proof of concept demonstrating autono...

web-app-pentest-altoromutual

Web Application Penetration Test — AltoroMutual demo.testfire...

Exploit for Reliance on Cookies without Validation and Integrity Checking in Paloaltonetworks Pan-Os

CVE-2026-0257 - Palo Alto Networks GlobalProtect Authenticatio...