WordPress GPX Viewer 2.2.8 Arbitrary File Creation Exploit

import argparse import requests from requests.sessions import Session import time banner = """ ██████╗██╗ ██╗███████╗ ██████╗ ██████╗ ██████╗ ██╗ ██╗ ██╗ ██████╗ ██████╗ ██████╗ █████╗ ██╔════╝██║ ██║██╔════╝ ╚════██╗██╔═████╗╚════██╗██║ ██║ ███║██╔═████╗██╔════╝ ╚════██╗██╔══██╗ ██║ ██║...

Cisco IOS XR Software Hybrid Access Control List Bypass Vulnerability

A vulnerability in the hybrid access control list ACL processing of IPv4 packets in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incorrect handling of packets when a specific configuration of the hybrid ACL exists. ...

CVE-2025-2191

A vulnerability, which was classified as problematic, has been found in Claro A7600-A1 RNR4-A72T-2x16v2110403CLA32160817. Affected by this issue is some unknown functionality of the file /form2pingv6.cgi of the component Ping6 Diagnóstico. The manipulation of the argument ip6addr with the input...

Wp2Fac 1.0 Code Injection

Wp2Fac version 1.0 proof of concept code injection exploit that takes advantage of a flaw originally discovered by Ahmet Ümit Bayram in 2023. ============================================================================================================================================= | Title :...

Apache NiFi 1.17.0 Remote Code Execution

Apache NiFi version 1.17.0 proof of concept remote code execution exploit that takes advantage of a flaw discovered in 2023. ============================================================================================================================================= | Title : Apache NiFi 1.17.0 R...

ABB AC500v3 3.7.0.569 Symlink Attack

ABB AC500v3 version 3.7.0.569 proof of concept symlink attack exploit that leverages vulnerabilities previously discovered in 2024 by CyberDanube. ============================================================================================================================================= | Title ...

CVE-2025-2032

A vulnerability classified as problematic was found in ChestnutCMS 1.5.2. This vulnerability affects the function renameFile of the file /cms/file/rename. The manipulation of the argument rename leads to path traversal. The exploit has been disclosed to the public and may be used...

Jasmin Ransomware SQL Injection / Authenticaton Bypass Vulnerability

Exploit Title: Jasmin Ransomware SQL Injection Login Bypass Exploit Author: Buğra Enis Dönmez n3c1 Vendor Homepage: https://github.com/codesiddhant/Jasmin-Ransomware Software Link: https://github.com/codesiddhant/Jasmin-Ransomware Version: N/A Tested on: Windows How to exploit : -- Open Admin Pan...

HP Intelligent Management Center 5.1 E0202 Shell Upload

HP Intelligent Management Center version 5.1 E0202 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : HP Intelligent Management Center 5.1 E0202...

Linux Distros Unpatched Vulnerability : CVE-2024-6998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to...

Linux Distros Unpatched Vulnerability : CVE-2023-25585

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Binutils. The use of an uninitialized field in the struct module module may lead to application crash and local denial of service...

Linux Distros Unpatched Vulnerability : CVE-2024-43360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder is affected by a time-based SQL Injection vulnerability. This...

Linux Distros Unpatched Vulnerability : CVE-2023-31613

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the nssdatabaselookup component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

Control iD iDSecure 4.7.43.0 Add Administrator / Authentication Bypass

Control iD iDSecure version 4.7.43.0 exploit that adds an administrator. ============================================================================================================================================= | Title : Control iD iDSecure v4.7.43.0 PHP Code Injection Vulnerability | | Autho...

Linux Distros Unpatched Vulnerability : CVE-2018-1000079

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier,...

Linux Distros Unpatched Vulnerability : CVE-2018-15908

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files...

CVE-2025-1832

A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is the function getUserList of the file src/main/java/com/futvan/z/system/zrole/ZroleAction.java. The manipulation of the argument roleid leads to sql injection. The attack can be launched...

CVE-2025-1675

CVE-2025-1675 stems from a bounds-check failure in the function dns_copy_qname within dns_pack.c, where a memcpy uses an untrusted source and the code does not verify that the source buffer is large enough to contain the copied data. Multiple sources (NVD, Red Hat, CVE lists, and Zephyr-related d...

GHSA-FH4V-V779-4G2W SSRF in sliver teamserver

Summary The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so Reproduction steps Run server wget...

Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os

This tool tests whether a target PAN-OS device is vulnerable to...