193 matches found
CVE-2026-25865 Punto Switcher 4.5.0.583 Unquoted Search Path via WinExec
Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll ControlRunDLL input.dll. Attacker...
CVE-2026-25866
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable...
CVE-2026-25866 MobaXterm < 26.1 Notepad++ Unquoted Service Path
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable...
CVE-2026-25866 MobaXterm < 26.1 Notepad++ Unquoted Service Path
MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable...
CVE-2026-25866
MobaXterm versions prior to 26.1 are affected by an Unquoted Search Path vulnerability. The app uses WinExec to launch Notepad++ without a fully qualified executable path when opening remote files. An attacker can place a malicious executable earlier in the search order, leading to arbitrary code...
Backdoor.Win32.JustJoke.21 (BackDoor Pro - v2.0b4) MVID-2024-0689 Code Execution
Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/4dc39c05bcc93e600dd8de16f2f7c599.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.JustJoke.21 BackDoor Pro - v2.0b4 Vulnerability: Unauthenticated Remote Command...
Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution Exploit
Exploit Title: Inbit Messenger v4.9.0 - Unauthenticated Remote Command Execution RCE Exploit Author: a-rey Vendor Homepage: http://www.inbit.com/support.html Software Link: http://www.softsea.com/review/Inbit-Messenger-Basic-Edition.html Version: v4.6.0 - v4.9.0 Tested on: Windows XP SP3, Windows...
BitRAT Now Sharing Sensitive Bank Data as a Lure
Introduction In June of 2022 Qualys Threat Research Unit TRU wrote an in-depth report on Redline, a commercial off the shelf infostealer that spreads via fake cracked software hosted on Discord’s content delivery network. Since then, we have continued to track similar threats to identify their...
Windows/x86 Download File / Execute Shellcode (458 bytes)
; Exploit Title: Windows/x86 - Download File and Execute / Dynamic PEB & EDT method Shellcode 458 bytes ; Exploit Author: Techryptic @Tech ; Date: 2022-01-31 ; Tested on: WIN7X86 ; Shoutout to 848 Advanced Software Exploitation and DSU. ; Description: ; The shellcode works in three parts. The fir...
Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode 178 bytes
; Windows/x86 - WinExec PopCalc PEB & Export Directory Table NullFree Dynamic Shellcode 178 bytes ; Description: ; This is a shellcode that pop a calc.exe. The shellcode iuses ; the PEB method to locate the baseAddress of the required module and the Export Directory Table ; to locate symbols. Als...
Exploit for Out-of-bounds Write in Microsoft
PoC exploit for CVE-2019-1221 Lost the orig...
ezEmu - Simple Execution Of Commands For Defensive Tuning/Research
ezEmu enables users to test adversary behaviors via various execution techniques. Sort of like an "offensive framework for blue teamers ", ezEmu does not have any networking/C2 capabilities and rather focuses on creating local test telemetry. Windows See /Linux for ELF ezEmu is compiled as...
Tobesoft MiPlatform Operating System Command Injection Vulnerability
Tobesoft MiPlatform is a user graphical interface development tool from the Korean company Tobesoft. An operating system command injection vulnerability exists in the ExtCommandApi.dll file in versions of Tobesoft MiPlatform prior to 2019.05.16 for Windows-based platforms, which can be exploited ...
CVE-2020-7825
A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending parameters to WinExec function in ExtCommandApi.dll module of MiPlatform...
CVE-2020-7825
A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. An attacker could execute arbitrary remote command by sending parameters to WinExec function in ExtCommandApi.dll module of MiPlatform...
10-Strike Bandwidth Monitor 3.9 - Buffer Overflow (SEH) (ASLR + DEP Bypass)
Exploit Title: 10-Strike Bandwidth Monitor 3.9 - Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: 2020-07-07 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pro 1909 x86 Version:...
Bandwidth Monitor 3.9 Full ROP Buffer Overflow
Exploit Title: Bandwidth Monitor 3.9 - Full ROP Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: June 7th, 2020 Vendor Site: https://www.10-strike.com/ Software Download: https://www.10-strike.com/bandwidth-monitor/bandwidth-monitor.exe Tested On: Windows 10 - Pro 1909 x86 Version:...
Windows/x64 - WinExec Add-Admin Dynamic Null-Free Shellcode (210 Bytes)
210 bytes small WinExec add-admin dynamic null-free shellcode. // Shellcode Title: WinExec Add-Admin Dynamic Null-Free Shellcode 210 Bytes // Shellcode Author: Bobby Cooke // Date: March 21st, 2020 // Tested on: Windows 10 Home - 1909 x8664, Windows 10 Pro - 1909 x86 // Description: Windows...
Windows/x86 - Null-Free WinExec Calc.exe Shellcode (195 bytes)
Title: Windows\x86 - Null-Free WinExec Calc.exe Shellcode 195 bytes Shellcode Author: Bobby Cooke Technique: PEB & Export Directory Table Tested On: Windows 10 Pro x86 10.0.18363 Build 18363 start: ; Create a new stack frame mov ebp, esp ; Set base stack pointer for new stack-frame sub esp, 0x20 ...
DeviceViewer 3.12.0.1 Local Buffer Overflow
Exploit Title: Sricam DeviceViewer 3.12.0.1 - 'add user' Local Buffer Overflow DEP Bypass Date: 08/10/2019 Exploit Author: Alessandro Magnosi Vendor Homepage: http://www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Exploit type: Local Tested on:...