PT-2026-32983

Name of the Vulnerable Software and Affected Versions Giskard versions prior to 1.0.2b1 Description The RegexMatching check in the giskard-checks package passes a user-supplied regular expression pattern directly to the Python re.search function without a timeout, complexity guard, or pattern...

📄 WeGIA 3.5.0 SQL Injection

Proof of concept remote SQL injection exploit for WeGIA versions 3.5.0 and below. Exploit Title: WeGIA 3.5.0 - SQL Injection Date: 2025-10-14 Exploit Author: Onur Demir OnurDemir-Dev Vendor Homepage: https://www.wegia.org Software Link: https://github.com/LabRedesCefetRJ/WeGIA/ Version: " echo...

WeGIA 3.5.0 - SQL Injection

Exploit Title: WeGIA 3.5.0 - SQL Injection Date: 2025-10-14 Exploit Author: Onur Demir OnurDemir-Dev Vendor Homepage: https://www.wegia.org Software Link: https://github.com/LabRedesCefetRJ/WeGIA/ Version: " echo "Example: $0 http://127.0.0.1/WeGIA/ "admin" "wegia" "version"" exit 1 fi...

picoCTF_2025_pie_time

PIE Exploit Challenge Exploiting a PIE Position Independent...

📄 aiohttp 3.9.1 Directory Traversal

Proof of concept exploit for a directory traversal vulnerability in aiohttp version 3.9.1. Exploit Title: Python aiohttp directory traversal PoC CVE-2024-23334 Google Dork: N/A Date: 2025-10-06 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.aiohttp.org / https://www.python.or...

aiohttp 3.9.1 - directory traversal PoC

Exploit Title: Python aiohttp directory traversal PoC CVE-2024-23334 Google Dork: N/A Date: 2025-10-06 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.aiohttp.org / https://www.python.org Software Link: https://github.com/aio-libs/aiohttp vulnerable tag: 3.9.1 Version: aiohttp...

Exploit for CVE-2025-68613

CVE-2025-68613 Local n8n Lab This repository provides a simpl...

Exploit for CVE-2025-8671

CVE-2025-8671 - PoC DoS lighttpd HTTP/2 Auteur : @abiyeenzo...

MySchool 1.0 SQL Injection / Code Injection / XSS / CSRF Vulnerabilities

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title MySchool System - Multiple Vulnerabilities .:. Google Dorks .:. inurl:web/teacherapp .:. Date:Jan 20, 2025 .:. Exploit Author: bRpsd .:. Contact: cyatlive.no .:. Vendor - https://myschool-system.com/ .:. Vendor...

PT-2024-25801

Name of the Vulnerable Software and Affected Versions Nuxt affected versions not specified Description The issue arises from insufficient validation of the path parameter in the NuxtTestComponentWrapper, allowing an attacker to execute arbitrary JavaScript on the server side. This enables the...

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Apache Streampipes

CVE-2024-29868: Use of Cryptographically Weak PRNG in Recovery...

PT-2024-18762 · Samsung · Smartthings

Name of the Vulnerable Software and Affected Versions: SmartThings versions prior to 1.8.13.22 Description: The issue is related to improper verification of intent by a broadcast receiver, allowing local attackers to access testing configuration. Recommendations: For versions prior to 1.8.13.22,...

Exploit for Deserialization of Untrusted Data in Xstream

Xstream-1.4.17 The above Xstream demo environment was set up...

Procrustes - A Bash Script That Automates The Exfiltration Of Data Over Dns In Case We Have A Blind Command Execution On A Server Where All Outbound Connections Except DNS Are Blocked

A bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked. The script currently supports sh, bash and powershell and is compatible with exec style command execution e.g...

thinksaas最新版存储xss

简要描述： 过滤不当 详细说明： 最新版下载地址http://www.thinksaas.cn/service/down/ 跟前面thinksaas最新版xss2 WooYun: thinksaas最新版xss2 thinksaas最新版xss WooYun: thinksaas最新版xss 原理都一样 吐槽下 官网不让注册帐号 就在本地测试了 前人的我测试一个现在还可以 当然 漏洞文件肯定是不一样的 漏洞文件 在app/article/action/add.php 25行中没有过滤 48行插入数据库 isLogin; switch $ts case "" : if...

ThinkSNS再来一枚sql注入漏洞

简要描述： 还是为了答谢你们送的水杯。 严重的sql注入 可爆任意密码 你懂的！ xss那就不用说了 详细说明： wap模块的搜索没有对关键字过滤 知道表名即可估计 好在我不知道官网的表名。只有本地测试了 漏洞证明： http://========/index.php?app=wap&mod=Index&act=doSearch 关键字输入 1' and 1=2 union select 1,2,3,password,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 from cqquser where uid=1 and 1='1...

Discover MaosinCMS website system vulnerability testing-vulnerability warning-the black bar safety net

The recent move easy CMS vulnerability can be said to really was a fire, this article written by CMS although there is no move-powerful, but also the presence of injection vulnerabilities. This vulnerability with the tool is swept less than, can be said that the injection has been made by explici...

PhotoStand 1.2.0 - Remote Command Execution

PhotoStand 1.2.0 - Remote Command Execution !/usr/bin/perl App : PhotoStand 1.2.0 Site : http://www.photostand.org Remote Command Execution Exploit Credits to : Giovanni Buzzin, "Osirys" osirysatautisticidotorg Greets: drosophila, emgent, Fireshot PhotoStand is a used Image Gallery CMS. PhotoStan...

WinZip - MIME Parsing Overflow

/ Author: snooq Date: 14 April 2004 This is a PoC exploit for WinZip32 MIME Parsing Overflow bug reported by iDefense on 27 February 2004. The original advisory is found here: http://www.idefense.com/application/poi/display?id=76 This version is SP dependent becoz my idiotic shellcode uses...