274570 matches found
📄 Textpattern 4.9.0 Cross Site Scripting
Textpattern CMS version 4.9.0 contains a persistent cross site scripting vulnerability in the administrative interface. The vulnerability allows authenticated attackers with administrative privileges to inject malicious JavaScript payloads into site preferences under the Site URL field, which is...
📄 PKP-WAL 3.5.0-1 SQL Injection
PKP-WAL versions 3.5.0-1 and below suffer from a remote SQL injection vulnerability in the Institution Collector. ---------------------------------------------------------------------- PKP-WAL = 3.5.0-1 Institution Collector SQL Injection Vulnerability...
📄 Apache mod_ssl TLS 1.3 Client Certificate Authentication Bypass
Apache modssl TLS 1.3 client certificate authentication bypass proof of concept exploit. ============================================================================================================================================= | Title : Apache modssl TLS 1.3 Client Certificate Authentication...
Exploit for Improper Control of Dynamically-Managed Code Resources in N8N
🚨 CVE-2025-68613: Critical RCE Vulnerability in n8n...
Exploit for CVE-2025-68613
CVE-2025-68613 n8n is an open source workflow automation pla...
📄 Backdoor.Win32.ControlTotal.t MVID-2025-0702 Insecure Credential Storage
Backdoor.Win32.ControlTotal.t malware listens on TCP port 2032 and requires authentication. The password "jdf4df4vdf" is stored in cleartext within the PE file. Discovery / credits: Malvuln John Page aka hyp3rlinx c 2025 Original source:...
📄 Assistive Technologies Persistence
This Metasploit module achieves persistence by registering a custom Assistive Technology AT in the Windows registry. Then it configures the system to launch the AT executable during user logon or desktop switch such as with an admin privileged program. Requires Windows 8 or higher and...
📄 Adobe DNG SDK 1.5 Integer Overflow / Local Crash
This proof of concept exploit demonstrates a local crash condition caused by an integer overflow vulnerability in the Adobe DNG SDK versions 1.5 through 1.7.0. The provided Bash script dynamically generates a malformed DNG image file containing a crafted opcode list that abuses the ScalePerColumn...
📄 HPE OneView Unauthenticated Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability against Hewlett Packard Enterprise HPE OneView. All versions below 11.00 are vulnerable so long as the vendor supplied hotfix has not been applied, however some VM product versions do not enable the vulnerable...
📄 Adobe DNG SDK 1.5 Web Upload Integer Overflow
Adobe DNG SDK versions 1.5 through 1.7.0 can have an integer overflow triggered via a web upload. If the backend processes the uploaded file with a vulnerable version of the DNG SDK, the malformed opcode data may result in an application crash or unexpected behavior...
📄 Adobe DNG SDK Image Processing Logic
Proof of concept exploit that demonstrates a heap out-of-bounds read / write leading to memory corruption and potential code execution in the Image Processing Logic of Adobe DNG SDK versions prior to 1.7.1.2410...
📄 Headlamp 0.38.0 Unauthenticated Cached Credentials Access
Proof of concept exploit for a flaw in Headlamp Kubernetes dashboard versions 0.38.0 and below that allows unauthenticated users to access sensitive Helm release data, including secrets, tokens, and passwords, due to improper server-side caching...
📄 Adobe DNG SDK RefBaselineABCDtoRGB Out-Of-Bounds Read / Information Disclosure
This work presents a technical, research‑grade proof of concept demonstrating CVE‑2025‑64893, an out of bounds read vulnerability in Adobe DNG SDK versions prior to 1.7.1.2410. The vulnerability is caused by a logic flaw in the rendering pipeline where a crafted but specification‑compliant DNG fi...
📄 Adobe DNG SDK Linearize Out-Of-Bounds Read
A memory safety vulnerability exists in Adobe DNG SDK versions prior to 1.7.1.2410 that affects the Linearize image processing routine. When handling trimmed source images, the function erroneously performs operations using full image dimensions, resulting in an out‑of‑bounds read condition. This...
📄 IGEL OS Workspace Edition 11.10.430 Privilege Escalation
IGEL OS Workspace Edition version 11.10.430 suffers from a privilege escalation vulnerability. This vulnerability demonstrates how architectural trust in custom configuration frameworks can be abused to establish long-term persistence, even on systems designed to be non-persistent and hardened by...
📄 FortiWeb Fabric Connector 7.6.x SQL Injection / Remote Code Execution
This proof of concept exploit demonstrates a pre-authentication remote SQL injection vulnerability in Fortinet FortiWeb Fabric Connector versions 7.0 through 7.6.x. The flaw allows unauthenticated attackers to achieve remote code execution through malicious SQL queries in the Authorization header...
📄 Adobe DNG SDK 1.5 Remote Delivery Integer Overflow
This exploit demonstrates practical real-world exploitation scenarios of the Adobe DNG SDK integer overflow vulnerability CVE-2025-64783 through third-party applications and network-based delivery mechanisms. Version 1.5 is affected...
📄 HEUR.Backdoor.Win32.Poison.gen MVID-2025-0701 DLL Hijacking
HEUR.Backdoor.Win32.Poison.gen malware looks for and executes a x32-bit "WININET.dll" PE file in its current directory. Therefore, we can hijack the DLL and execute our own c ode to intercept and terminate the malware. It is suggested that RansomLordNG be leveraged for this purpose. Discovery /...
📄 Adobe DNG SDK Missing Validation Out-Of-Bounds Read
An out of bounds read vulnerability exists in Adobe DNG SDK versions prior to 1.7.1.2410 due to improper handling of raw images containing exactly two color planes fSrcPlanes = 2. The flaw occurs during image rendering when the SDK assumes a four-plane layout and reads memory beyond the allocated...
📄 Adobe DNG SDK RefBaselineABCDtoRGB Out-Of-Bounds Read
This report details the creation of a specification-compliant, engineering-grade proof of concept file that reliably triggers the out-of-bounds read vulnerability documented as CVE-2025-64893 in Adobe DNG SDK versions 1.7.1 and below...