📄 Mutiny 5.0-1.07 Directory Traversal

Mutiny version 5.0-1.07 directory traversal proof of concept exploit that demonstrates an issue originally discovered in 2013. ============================================================================================================================================= | Title : Mutiny 5.0-1.07...

📄 ZITADEL 4.7.0 Server-Side Request Forgery

This is a ZITADEL version 4.7.0 server-side request forgery proof of concept exploit written in PHP. ============================================================================================================================================= | Title : ZITADEL 4.7.0 SSRF Exploit - PHP Version | |...

EUVD-2018-10891

Malware in sbrugna...

EUVD-2017-2606

Malware in sbrugna...

EUVD-2008-3386

Malware in sbrugna...

EUVD-2006-0694

Malware in sbrugna...

EUVD-2018-11209

Malware in sbrugna...

EUVD-2022-2615

Malicious code in bioql PyPI...

Exploit for Out-of-bounds Write in Php

Task Management APP CVE-2019-11043 Lab Minimal PHP app with...

CVE-2025-54139

CVE-2025-54139 affects HAX CMS NodeJS and PHP backends. Versions haxcms-nodejs ≤ 11.0.12 and haxcms-php ≤ 11.0.7 expose pages without anti-iframe headers, enabling unauthenticated attackers to load sensitive pages (including login) in an iframe and perform a UI redress (clickjacking). Impact is U...

WordPress GiftXtore plugin file inclusion vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress GiftXtore plugin that stems from not doing effective filtering of local file resource calls, which can be exploited by an...

Exploit for CVE-2024-32830

CVE-2024-32830-poc PoC code to download files with CVE-2024-32...

Advantech WebAccess 7.1 SQL Injection

Advantech WebAccess version 7.1 proof of concept exploit that demonstrates a SQL injection vulnerability original discovered in 2014. ============================================================================================================================================= | Title : Advantech...

Ghostscript 9.21 Arbitrary Command Execution

Ghostscript version 9.21 exploit that leverages a flaw from 2017 to execute arbitrary commands and provides a reverse shell. ============================================================================================================================================= | Title : Ghostscript versions...

Linux Distros Unpatched Vulnerability : CVE-2016-3185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The makehttpsoaprequest function in ext/soap/phphttp.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote...

Linux Distros Unpatched Vulnerability : CVE-2015-6836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SoapClient call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows...

Judge0 1.13.0 Code Execution

Judge0 version 1.13.0 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : Judge0 v 1.13.0 PHP Code Injection Vulnerability | | Author : indoushka | |...

Quick Quiz 2.4 File Upload - Remote Code Execution Vulnerability

Title: Quick-Quiz-2.4 File Upload - RCE Author: nu11secur1ty Vendor: https://mediacity.co.in/mediacity/ Software: https://codecanyon.net/item/quick-quiz-laravel-quiz-and-exam-system/21117633?srank=14 Reference: https://portswigger.net/web-security/file-upload,...

Static Code Injection in gibbonedu/core

Description The file export.php accepts a directory in the q parameter. We can upload a txt file in the server with our php exploit on it and pass its location in the q parameter, then the php exploit in the uploaded txt file will be executed Proof of Concept 1. Upload a txt file. Inside the txt...

Event Registration System with QR Code 1.0 - Authentication Bypass / Remote Code Execution Exploit

Exploit Title: Event Registration System with QR Code 1.0 - Authentication Bypass & RCE Exploit Author: Javier Olmedo Vendor: Sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/event0.zip Affected Version: 1.0 Category: WebApps Platform: PHP Tested...