274574 matches found
📄 HEUR.Backdoor.Win32.Poison.gen MVID-2025-0701 DLL Hijacking
HEUR.Backdoor.Win32.Poison.gen malware looks for and executes a x32-bit "WININET.dll" PE file in its current directory. Therefore, we can hijack the DLL and execute our own c ode to intercept and terminate the malware. It is suggested that RansomLordNG be leveraged for this purpose. Discovery /...
📄 Adobe DNG SDK Missing Validation Out-Of-Bounds Read
An out of bounds read vulnerability exists in Adobe DNG SDK versions prior to 1.7.1.2410 due to improper handling of raw images containing exactly two color planes fSrcPlanes = 2. The flaw occurs during image rendering when the SDK assumes a four-plane layout and reads memory beyond the allocated...
📄 Adobe DNG SDK RefBaselineABCDtoRGB Out-Of-Bounds Read
This report details the creation of a specification-compliant, engineering-grade proof of concept file that reliably triggers the out-of-bounds read vulnerability documented as CVE-2025-64893 in Adobe DNG SDK versions 1.7.1 and below...
📄 Adobe DNG SDK Image Processing Logic
Proof of concept exploit that demonstrates a heap out-of-bounds read / write leading to memory corruption and potential code execution in the Image Processing Logic of Adobe DNG SDK versions prior to 1.7.1.2410...
📄 Adobe DNG SDK Missing Validation Heap Buffer Overflow
A heap buffer overflow vulnerability exists in Adobe's DNG SDK versions 1.7.1 and below due to improper handling of raw images with two color planes fSrcPlanes = 2...
📄 Headlamp 0.38.0 Unauthenticated Cached Credentials Access
Proof of concept exploit for a flaw in Headlamp Kubernetes dashboard versions 0.38.0 and below that allows unauthenticated users to access sensitive Helm release data, including secrets, tokens, and passwords, due to improper server-side caching...
📄 Adobe DNG SDK 1.5 DNG File Integer Overflow
A critical integer overflow vulnerability exists in Adobe DNG SDK version 1.5 during the parsing of crafted DNG files. The flaw occurs in the handling of OpcodeList processing, specifically within the ScalePerColumn opcode, where insufficient validation of signed and unsigned integer values leads...
📄 Adobe DNG SDK RefBaselineABCDtoRGB Out-Of-Bounds Read / Information Disclosure
This work presents a technical, research‑grade proof of concept demonstrating CVE‑2025‑64893, an out of bounds read vulnerability in Adobe DNG SDK versions prior to 1.7.1.2410. The vulnerability is caused by a logic flaw in the rendering pipeline where a crafted but specification‑compliant DNG fi...
Exploit for CVE-2025-65790
CVE-2025-65790 - FuguHub 8.1 Reflected SVG XSS Reflecte...
cve
My C...
Exploit for CVE-2025-67435
CVE-2025-67436 Authenticated Remote Code Execution RCE in...
Assistive Technologies Persistence
This module achieves persistence by registering a custom Assistive Technology AT in the Windows registry. Then it configures the system to launch the AT executable during user logon or desktop switch such as with an admin prived program. Requires Windows 8 or higher and administrative privileges...
HPE OneView unauthenticated RCE
This module exploits an unauthenticated RCE vulnerability, CVE-2025-37164, against Hewlett Packard Enterprise HPE OneView. All versions below 11.00 are vulnerable so long as the vendor supplied hotfix has not been applied, however some VM product versions do not enable the vulnerable "ID Pools"...
Exploit for CVE-2025-14558
CVE-2025-14558 FreeBSD rtsold DNSSL Command Injection RCE...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell PoC CVE-2025-55182 A Proof-of-Concept PoC scr...
dvwa-sqli-lab
DVWA-Style SQL Injection Lab Custom vulnerable web applica...
Exploit for Deserialization of Untrusted Data in Facebook React
Node.js RCE Mitigation: DevOps as the Last Line of Defense Th...
Exploit for CVE-2025-37164
CVE-2025-37164 - HPE OneView Unauthenticated RCE PoC Proof-of...
WordPress ACF Extended Unauthenticated RCE via prepare_form()
This module exploits an unauthenticated Remote Code Execution vulnerability in the Advanced Custom Fields: Extended ACF Extended WordPress plugin versions 0.9.0.5 through 0.9.1.1. The vulnerability exists in the prepareform function of the acfemoduleformfrontrender class, which accepts...
Exploit for Uncontrolled Search Path Element in Needrestart_Project Needrestart
needrestart Privilege Escalation CVE-2024-48990 This reposi...