274567 matches found
📄 LINQPad 5.48.00 Insecure Deserialization
LINQPad versions up to 5.48.00 contain an insecure deserialization vulnerability in the paid version of the software that allows attackers to achieve persistent remote code execution by manipulating cache files containing serialized .NET objects. The vulnerability exists in the AutoRefCache...
📄 HP ProCurve SNAC Domain Controller Shell Upload
This proof of concept exploits a PHP code injection vulnerability in the HP ProCurve SNAC Domain Controller. ============================================================================================================================================= | Title : HP ProCurve SNAC Domain Controller P...
📄 Varnish / Styx HTTP Request Smuggling
Proof of concept exploit that demonstrates an HTTP request smuggling vulnerability between Varnish and Styx / Nginx. ============================================================================================================================================= | Title : HTTP Request Smuggling TE.CL...
📄 MagnusBilling 6 Server-Side Request Forgery / Path Traversal
Proof of concept exploit for MagnusBilling 6 vulnerabilities including server-side request forgery, path traversal, and cryptographic weaknesses. ============================================================================================================================================= | Title :...
📄 Litespeed Cache 6.4.0.1 Privilege Escalation
WordPress Litespeed Cache plugin version 6.4.0.1 allows attackers to brute-force authentication hashes and create administrative users without any initial credentials...
Exploit for Code Injection in Laravel Livewire
Livepyre A tool designed to exploit CVE-2025-54068 an...
cve
...
📄 HP ProCurve 4.00 Credential Disclosure
Proof of concept code that performs a credential dumping attack against vulnerable HP ProCurve SNAC systems. ============================================================================================================================================= | Title : HP ProCurve 4.00 Credential Dumping...
📄 GALAYOU G2 IP Camera Authentication Bypass
A critical authentication bypass vulnerability exists in the RTSP service of the GALAYOU G2 IP camera. The device exposes multiple RTSP stream endpoints that can be accessed without valid credentials, even when authentication is enabled...
📄 PKP-WAL 3.5.0-1 baseColour LESS Code Injection
PKP-WAL versions 3.5.0-1 and below suffer from a LESS baseColour related code injection vulnerability. ----------------------------------------------------------------- PKP-WAL = 3.5.0-1 baseColour LESS Code Injection Vulnerability -----------------------------------------------------------------...
📄 Institute Admission Software 2.5 SQL Injection
Institute Admission Software version 2.5 suffers from a remote SQL injection vulnerability. ============================================================================================================================================= | Title : Institute Admission Software 2.5 SQL INjection...
📄 Crafty Controller 4.6.1 Remote Code Execution / Server-Side Template Injection
Crafty Controller version 4.6.1 allows authenticated remote attackers to execute arbitrary system commands on the target server through server-side template injection the webhook configuration feature...
📄 PKP-WAL 3.5.0-1 Cross Site Request Forgery
PKP-WAL versions 3.5.0-1 and below suffer from a cross site request forgery vulnerability. ----------------------------------------------------------------- PKP-WAL = 3.5.0-1 Login Cross-Site Request Forgery Vulnerability ----------------------------------------------------------------- - Softwar...
📄 PKP-WAL 3.5.0-3 X-Forwarded-Host LESS Code Injection
PKP-WAL versions 3.5.0-3 and below suffer from a LESS X-Forwarded-Host related code injection vulnerability. ----------------------------------------------------------------------- PKP-WAL getBaseUrl method, can be manipulated by unauthenticated attackers through the X-Forwarded-Host HTTP header,...
📄 Open Journal Systems 3.5.0-1 Path Traversal
Open Journal Systems versions 3.5.0-1 and below suffer from a path traversal vulnerability in NativeXmlIssueGalleyFilter.php. --------------------------------------------------------------------------------------------- Open Journal Systems issuegalleys - issuegalley - issuefile - filename tag of...
📄 Backdoor.Win32.Poison.jh MVID-2025-0704 Insecure Permissions
Backdoor.Win32.Poison.jh malware creates the directory 28463 under C:\Windows\SysWOW64, granting Full F permissions to the Everyone user group. This allows any local user to modify or replace any dropped files, enabling trivial malware disruption or execution hijacking. This reflects poor...
📄 Backdoor.Win32.Netbus.170 MVID-2025-0703 Insecure Credential Storage
Backdoor.Win32.Netbus.170 malware listens on TCP ports 12632 and 12631. The backdoor server password "ecoli" is stored in cleartext in an .INI textfile, stored under "C:\Windows" having the same name as the malware. Third party attackers who have knowledge of the password can login and issue...
📄 Textpattern 4.9.0 Cross Site Scripting
Textpattern CMS version 4.9.0 contains a persistent cross site scripting vulnerability in the administrative interface. The vulnerability allows authenticated attackers with administrative privileges to inject malicious JavaScript payloads into site preferences under the Site URL field, which is...
📄 PKP-WAL 3.5.0-1 SQL Injection
PKP-WAL versions 3.5.0-1 and below suffer from a remote SQL injection vulnerability in the Institution Collector. ---------------------------------------------------------------------- PKP-WAL = 3.5.0-1 Institution Collector SQL Injection Vulnerability...
📄 Apache mod_ssl TLS 1.3 Client Certificate Authentication Bypass
Apache modssl TLS 1.3 client certificate authentication bypass proof of concept exploit. ============================================================================================================================================= | Title : Apache modssl TLS 1.3 Client Certificate Authentication...