Exploit for CVE-2026-29000

CVE-2026-29000 – pac4j JWT Authentication Bypass Python PoC...

Exploit for Path Traversal in Huawei Hg255S-10_Firmware

Huawei HG255 Directory Traversal Exploit CVE-2017-17309 Thi...

📄 dotCMS 25.07.02-1 Security Scanner

dotCMS version 25.07.02-1 python scanning script that looks for remote SQL injection. ============================================================================================================================================= | Title : dotCMS 25.07.02-1 Security Scanner | | Author : indoushka |...

Exploit for CVE-2025-24514

🔥 CVE-2025-24514 원격 취약점 점검 PoC 이 스크립트는 CVE-2025-24514 취약점ing...

Car Rental Project 1.0 - Remote Code Execution

Exploit Title: Car Rental Project 1.0 - Remote Code Execution Date: 1/3/2020 Exploit Author: FULLSHADE, SC Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/car-rental-project-php-mysql-free-download/ Version: 1.0 Tested on: Windows CVE : CVE-2020-5509...

Hestia Control Panel 1.9.3 Remote Code Execution

Hestia Control Panel version 1.9.3 suffers from a remote command execution vulnerability. Exploit Title: Hestia Control Panel Remote Code Execution Google Dork: N/A Date: 05-03-2025 Exploit Author: Buğra Enis Dönmez n3c1 Vendor Homepage: https://hestiacp.com/ Software Link: https://hestiacp.com/...

Exploit for Unrestricted Upload of File with Dangerous Type in Avaya Aura_Device_Services

CVE-2023-3722 Python POC for CVE-2023-3722 Avaya Aura Device S...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

CVE-2024-30088 Questa repository contiene un Proof of Concept...

Exploit for Race Condition in Openbsd Openssh

0.省流 这本质上是一种统计漏洞：需要进行大量尝试才能赢得竞争条件并成功执行任意代码，攻击者需要克服很多障碍，”Schwa...

Exploit for SQL Injection in Wordpress

CVE-2022-21661-PoC A Python PoC of CVE-2022-21661, inspired fr...

Oracle E-Business Suite (EBS) Unauthenticated Arbitrary File Upload

This module exploits an unauthenticated arbitrary file upload vulnerability in Oracle Web Applications Desktop Integrator, as shipped with Oracle EBS versions 12.2.3 through to 12.2.11, in order to gain remote code execution as the oracle user. Module Options msf use...

uDraw < 3.3.3 - Unauthenticated Arbitrary File Access

The plugin does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the response. As a result, unauthenticated users could re...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2021-26084 CVE-2021-26084 Remote Code Execution on Conflu...

iDailyDiary 4.30 - Denial of Service Exploit

Exploit Title: iDailyDiary 4.30 - Denial of Service PoC Exploit Author: Ismael Nava Vendor Homepage: https://www.splinterware.com/index.html Software Link: https://www.splinterware.com/download/iddfree.exe Version: 4.30 Tested on: Windows 10 Home x64 STEPS Open the program iDailyDiary Create a Ne...

Exploit for SQL Injection in Librenms

CVE-2020-15873 Proof of Concept of CVE-2020-15873 - Blind SQL...

BugPoC: Reading arbitrary files via running arbitrary python code

Summary: Reading arbitrary files via running arbitrary python code Steps To Reproduce: 1. Go to Python POC and execute arbitrary code to read arbitrary files Recording: F976069 I have stopped testing further. Users can run arbitrary python code. Please do let me know If anything is unclear. Impac...

Park Ticketing Management System 1.0 - Authentication Bypass

Exploit Title: Park Ticketing Management System 1.0 - Authentication Bypass Date: 2020-07-13 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/ Software...

Realtek Managed Switch Controller (RTL83xx) Stack Overflow

!/usr/bin/python2.7 """ Subject Realtek Managed Switch Controller RTL83xx PoC 2019 bashis https://www.realtek.com/en/products/communications-network-ics/category/managed-switch-controller Brief description 1.Boa/Hydra suffer of exploitable stack overflow with a 'one byte read-write loop' w/o...

CVE-2019-14347

Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users editor or developer to create an administrator account via admin/user/add, as demonstrated by a Python PoC script...

Design/Logic Flaw

Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users editor or developer to create an administrator account via admin/user/add, as demonstrated by a Python PoC script...