47904 matches found
Cisco ISE 3.0 - Remote Code Execution (RCE)
Exploit Title: Cisco ISE 3.0 - Remote Code Execution RCE Exploit Author: @ibrahimsql ibrahimsql.com Exploit Author's github: https://github.com/ibrahmsql Description: Cisco ISE API Java Deserialization RCE CVE: CVE-2025-20124 Vendor Homepage: https://www.cisco.com/ Requirements: requests=2.25.0,...
Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
Exploit Title: Microsoft Excel 2024 Use after free - Remote Code Execution RCE Author: nu11secur1ty Date: 06/24/2025 Vendor: Microsoft Software: https://www.microsoft.com/en/microsoft-365/excel?market=af Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47165 CVE:...
WP-UserOnline 2.88.0 - Stored Cross Site Scripting (XSS) (Authenticated)
Exploit Title: WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Authenticated Google Dork: inurl:/wp-content/plugins/wp-useronline/ Date: 2024-06-12 Exploit Author: Onur Göğebakan Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...
Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload
Exploit Title: Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload Date: 2024-04-01 Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import sys import os.path import requests import re import urllib3 from requests.exceptions import SSLError from...
Microsoft Windows Defender - Detections Bypass
Exploit Title: Microsoft Internet Explorer / ActiveX Control - Security Bypass Exploit Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERDETECTIONBYPASS.txt twitter.com/hyp3rlinx ISR: ApparitionSec Vendor...
MTPutty 1.0.1.21 - SSH Password Disclosure
Exploit Title: MTPutty 1.0.1.21 - SSH Password Disclosure Exploit Author: Sedat Ozdemir Version: 1.0.1.21 Date: 06/12/2021 Vendor Homepage: https://ttyplus.com/multi-tabbed-putty/ Tested on: Windows 10 Proof of Concept ================ Step 1: Open MTPutty and add a new SSH connection. Step 2:...
Dolibarr ERP-CRM 12.0.3 - Remote Code Execution (Authenticated)
Exploit Title: Dolibarr ERP-CRM 12.0.3 - Remote Code Execution Authenticated Date: 2020.12.17 Exploit Author: Yilmaz Degirmenci Vendor Homepage: https://github.com/Dolibarr/dolibarr Software Link: https://sourceforge.net/projects/dolibarr/ Version: 12.0.3 Tested on: Kali Linux 2020.2 Vulnerabilit...
Ksix Zigbee Devices - Playback Protection Bypass (PoC)
Exploit Title: Ksix Zigbee Devices - Playback Protection Bypass PoC Date: 2020-11-15 Exploit Author: Alejandro Vazquez Vazquez Vendor Homepage: https://www.ksixmobile.com/ Firmware Version: Gateway Zigbee Module - v1.0.3, Gateway Main Module - v1.1.2, Door Sensor - v1.0.7, PIR Motion Sensor -...
Tailor Management System 1.0 - Unrestricted File Upload to Remote Code Execution
Exploit Title: Tailor Management System 1.0 - Unrestricted File Upload to Remote Code Execution Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-09-18 Vendor Homepage: https://www.sourcecodester.com/php/14378/tailor-management-system-php-mysql.html Software Link:...
Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting
Exploit Title: Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting Date: 2020-06-29 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://www.sourcecodester.com/php/14198/online-farm-management-system-phpmysql.html Software Link:...
DiskBoss 7.7.14 - Denial of Service (PoC)
Exploit Title: DiskBoss 7.7.14 - Denial of Service PoC Date: 2020-04-01 Exploit Author: Paras Bhatia Vendor Homepage: https://www.diskboss.com/ Software Link Download: https://github.com/x00x00x00x00/diskboss7.7.14/raw/master/diskbosssetupv7.7.14.exe Vulnerable Software: DiskBoss Version: 7.7.14...
IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow
Exploit Title : IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow ======== ================================================ 0. Overview 1. Detailed Description 2. Proof Of Concept 3. Solution 4. Disclosure Timeline 5. References 6. Credits 7. Legal Notices ========...
Wondercms 4.3.2 - XSS to RCE
Author: prodigiousMind Exploit: Wondercms 4.3.2 XSS to RCE import sys import requests import os import bs4 if lensys.argv4: print"usage: python3 exploit.py loginURL IPAddress Port\nexample: python3 exploit.py http://localhost/wondercms/loginURL 192.168.29.165 5252" else: data = ''' var url =...
Apache CouchDB 3.2.1 - Remote Code Execution (RCE)
Exploit Title: Apache CouchDB 3.2.1 - Remote Code Execution RCE Date: 2022-01-21 Exploit Author: Konstantin Burov, @sadshade Software Link: https://couchdb.apache.org/ Version: 3.2.1 and below Tested on: Kali 2021.2 Based on 1F98D's Erlang Cookie - Remote Code Execution Shodan: port:4369 "name...
ExifTool 12.23 - Arbitrary Code Execution
Exploit Title: ExifTool 12.23 - Arbitrary Code Execution Date: 04/30/2022 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://exiftool.org/ Software Link: https://github.com/exiftool/exiftool/archive/refs/tags/12.23.zip Version: 7.44-12.23 Tested on: ExifTool 12.23 Debian CVE:...
Simple Chatbot Application 1.0 - Remote Code Execution (RCE)
Exploit Title: Simple Chatbot Application 1.0 - Remote Code Execution RCE Date: 18/01/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/14788/simple-chatbot-application-using-php-source-code.html Version: 1.0 Teste...
Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection
Exploit Title: Online Veterinary Appointment System 1.0 - 'Multiple' SQL Injection Date: 05/01/20222 Exploit Author: twseptian Vendor Homepage: https://www.sourcecodester.com/php/15119/online-veterinary-appointment-system-using-phpoop-free-source-code.html Software Link:...
Terramaster TOS 4.2.15 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Terramaster TOS 4.2.15 - Remote Code Execution RCE Unauthenticated Date: 12/24/2021 Exploit Author: n0tme thatsn0tmysite Full Write-Up: https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/ Vendor Homepage: https://www.terra-master.com/ Version: TOS 4.2.X 4.2.15-2107141517 Test...
Pingzapper 2.3.1 - 'PingzapperSvc' Unquoted Service Path
Exploit Title: Pingzapper 2.3.1 - 'PingzapperSvc' Unquoted Service Path Discovery by: Brian Rodriguez Date: 07-03-2021 Vendor Homepage: https://pingzapper.com Software Links: https://pingzapper.com/download Tested Version: 2.3.1 Vulnerability Type: Unquoted Service Path Tested on: Windows 8.1 Pro...
Atlassian Confluence Widget Connector Macro - SSTI
Exploit Title: Atlassian Confluence Widget Connector Macro - SSTI Date: 21-Jan-2021 Exploit Author: 46o60 Vendor Homepage: https://www.atlassian.com/software/confluence Software Link: https://product-downloads.atlassian.com/software/confluence/downloads/atlassian-confluence-6.12.1-x64.bin Version...
Content Management System 1.0 - 'id' SQL Injection
Exploit Title: Content Management System 1.0 - 'id' SQL Injection Exploit Author: Zhayi Zeo Date: 2020-12-14 Vendor Homepage: https://www.sourcecodester.com/php/14625/content-management-system-using-phpmysqli-source-code.html Software Link:...
Infor Storefront B2B 1.0 - 'usr_name' SQL Injection
Exploit Title: Infor Storefront B2B 1.0 - 'usrname' SQL Injection Google Dork: inurl:storefrontb2bweb Date: 2020-06-27 Exploit Author: ratboy Vendor Homepage: https://www.insitesoft.com/infor-storefront/ Version: Infor Storefront Tested on: Windows All Versions POC Multiple Vulns python sqlmap.py...
Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path
Exploit Title: Atomic Alarm Clock x86 6.3 - 'AtomicAlarmClock' Unquoted Service Path Exploit Author: boku Date: 2020-04-17 Vendor Homepage: http://www.drive-software.com Software Link: http://www.drive-software.com/download/ataclock.exe Version: 6.3 Tested On: Windows 10 Pro 1909 32-bit...
ManageEngine Desktop Central - Java Deserialization (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ManageEngine Desktop Central Java Deserialization', 'Description' = %q This module exploits a Java deserialization vulnerability in the...
AnchorCMS < 0.12.3a - Information Disclosure
Exploit Title: Information disclosure MySQL password in error log Date: 2/10/2019 Exploit Author: Tijme Gommers https://twitter.com/finnwea/ Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/releases Version: 0.12.3a Tested on: Linux CVE : CVE-2018-725...
Microsoft Windows Text Services Framework MSCTF - Multiple Vulnerabilities
The msctf subsystem is part of the Text Services Framework, The TSF manages things like input methods, keyboard layouts, text processing and so on. There are two main components, the ctfmon server and the msctf client. The ctfmon service creates an ALPC port in a well known location, to which...
ElasticSearch - Remote Code Execution
body padding-top: 50px; .starter-template padding: 40px 15px; text-align: center; function esinject var readfile; var writefile; readfile = functionfilename return "import java.util.;\nimport java.io.;\nnew Scannernew File"" + filename + "".useDelimiter"\\Z".next;"; ; writefile =...
Simple File List WordPress Plugin 4.2.2 - File Upload to RCE
Exploit Title: Simple File List WordPress Plugin 4.2.2 - File Upload to RCE Google Dork: inurl:/wp-content/plugins/simple-file-list/ Date: 2025-07-15 Exploit Author: Md Amanat Ullah xSwads Vendor Homepage: https://wordpress.org/plugins/simple-file-list/ Software Link:...
Discourse 3.2.x - Anonymous Cache Poisoning
!/usr/bin/env python3 """ Exploit Title: Discourse 3.2.x - Anonymous Cache Poisoning Date: 2024-10-15 Exploit Author: ibrahimsql Github: : https://github.com/ibrahmsql Vendor Homepage: https://discourse.org Software Link: https://github.com/discourse/discourse Version: Discourse latest patched...
GLiNet - Router Authentication Bypass
DZONERZY Security Research GLiNet: Router Authentication Bypass ======================================================================== Contents ======================================================================== 1. Overview 2. Detailed Description 3. Exploit 4. Timeline...
Clinic's Patient Management System 1.0 - Unauthenticated RCE
Exploit Title: Clinic's Patient Management System 1.0 - Unauthenticated RCE Date: 07.10.2023 Exploit Author: Oğulcan Hami Gül Vendor Homepage: https://www.sourcecodester.com/php-clinics-patient-management-system-source-code Software Link:...
Tdarr 2.00.15 - Command Injection
Exploit Title: Tdarr 2.00.15 - Command Injection Date: 10/03/2022 Exploit Author: Sam Smith Vendor Homepage: https://tdarr.io Software Link: https://f000.backblazeb2.com/file/tdarrs/versions/2.00.15/linuxarm64/TdarrServer.zip Version: 2.00.15 likely also older versions Tested on: 2.00.15 Exploit:...
Simple Client Management System 1.0 - 'uemail' SQL Injection (Unauthenticated)
Exploit Title: Simple Client Management System 1.0 - 'uemail' SQL Injection Unauthenticated Date: 24-06-2021 Exploit Author: Barış Yıldızoğlu Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/client-details.zip...
Unified Remote 3.9.0.2463 - Remote Code Execution
Exploit Title: Unified Remote 3.9.0.2463 - Remote Code Execution Author: H4rk3nz0 Vendor Homepage: https://www.unifiedremote.com/ Software Link: https://www.unifiedremote.com/download Tested on: Windows 10, 10.0.19042 Build 19042 !/usr/bin/python import socket import sys import os from time impor...
ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)
Exploit Title: ChurchCRM 4.2.1- Persistent Cross Site ScriptingXSS Date: 2020- 10- 29 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://churchcrm.io/ Software Link: https://github.com/ChurchCRM/CRM Version: 4.2.1 Tested on: Kali Linux 2020.3 Proof Of Concept: ChurchCRM application allo...
Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality
Exploit Title: Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality Date: 2020-11-11 Exploit Author: Mufaddal Masalawala Vendor Homepage: https://www.anuko.com/ Software Link: https://www.anuko.com/time-tracker/index.htm Version: 1.19.23.5311 Tested on: Kali Linux 2020....
Frigate 3.36.0.9 - 'Command Line' Local Buffer Overflow (SEH) (PoC)
Exploit Title: Frigate 3.36.0.9 - 'Command Line' Local Buffer Overflow SEH PoC Vendor Homepage: http://www.frigate3.com/ Software Link Download: http://www.frigate3.com/download/frigate3pro.exe Exploit Author: Paras Bhatia Discovery Date: 2020-06-07 Vulnerable Software: Frigate Version: "Command...
DiskBoss 7.7.14 - 'Input Directory' Local Buffer Overflow (PoC)
Exploit Title: DiskBoss 7.7.14 - 'Input Directory' Local Buffer Overflow PoC Vendor Homepage: https://www.diskboss.com/ Software Link Download: https://github.com/x00x00x00x00/diskboss7.7.14/raw/master/diskbosssetupv7.7.14.exe Exploit Author: Paras Bhatia Discovery Date: 2020-04-01 Vulnerable...
AVCON6 systems management platform - OGNL Remote Command Execution
Exploit Title: AVCON6 systems management platform - OGNL - Remote root command execution Date: 10/09/2018 Exploit Author: Nassim Asrir Contact: [email protected] | https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: N\A Tested On: Windows 1064bit / 61.0b12 64-bit Thanks to: Otmane Aarab...
TortoiseSVN 1.12.1 - Remote Code Execution
Document Title: =============== TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2188 Product:...
Linux Kernel 2.4/2.6 (RedHat Linux 9 / Fedora Core 4 < 11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5)
/ 0x82-CVE-2009-2692 Linux kernel 2.4/2.6 32bit socksendpage local ring0 root exploit simple ver Tested RedHat Linux 9.0, Fedora core 411, Whitebox 4, CentOS 4.x. -- Discovered by Tavis Ormandy and Julien Tinnes of the Google Security Team. spender and venglin's code is very excellent. Thankful t...
AJ Auction Pro Platinum Skin - 'item_id' SQL Injection
AJ Auction Pro Platinum Skin 2 detail.php itemid Remote SQL Injection Vulnerability POC : /detail.php?itemid=-1+UNION+SELECT+1,2,3,4,concatusername,0x3a,password, 6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35...
Sitecore 10.4 - Remote Code Execution (RCE)
Exploit Title: Sitecore 10.4 - Remote Code Execution RCE Exploit Author: Yesith Alvarez Vendor Homepage: https://developers.sitecore.com/downloads Version: Sitecore 10.3 - 10.4 CVE : CVE-2025-27218 Link: https://github.com/yealvarez/CVE/blob/main/CVE-2025-27218/exploit.py from requests import...
(shellcode) Linux-x64 - create a shell with execve() sending argument using XOR (/bin//sh) [55 bytes]
Exploit Title: Linux-x64 - create a shell with execve sending argument using XOR /bin//sh 55 bytes Shellcode Author: Alexys 0x177git Tested on: Linux x8664 Shellcode Description: creating a new process using execve syscall sending bin//sh as argument | encrypted using XOR operation was QWORD size...
PHPJabbers Vacation Rental Script 4.0 - CSRF
Exploit Title: PHPJabbers Vacation Rental Script 4.0 - CSRF Date: 05/08/2023 Exploit Author: Hasan Ali YILDIR Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/vacation-rental-script/ Version: 4.0 Tested on: Windows 10 Pro Description The attacker can send to...
JLex GuestBook 1.6.4 - Reflected XSS
Exploit Title: JLex GuestBook 1.6.4 - Reflected XSS Exploit Author: CraCkEr Date: 01/08/2023 Vendor: JLexArt Vendor Homepage: https://jlexart.com/ Software Link: https://extensions.joomla.org/extension/contacts-and-feedback/guest-book/jlex-guestbook/ Demo: https://jlexguestbook.jlexart.com/...
Codiad 2.8.4 - Remote Code Execution (Authenticated) (4)
Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 4 Author: P4p4M4n3 Vendor Homepage: http://codiad.com/ Software Links : https://github.com/Codiad/Codiad/releases Type: WebApp ------------------------------------- Proof of Concept: 1- login on codiad 2- go to...
WordPress Plugin Ninja Tables 4.1.7 - Stored Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Ninja Tables 4.1.7 - Stored Cross-Site Scripting XSS Date: 25-10-2021 Exploit Author: Akash Rajendra Patil Vendor Homepage: https://wordpress.org/plugins/ninja-tables/ Software Link: https://wpmanageninja.com/downloads/ninja-tables-pro-add-on/ Version: 4.1.7 Tested...
SCO Openserver 5.0.7 - 'section' Reflected XSS
Exploit Title: SCO Openserver 5.0.7 - 'section' Reflected XSS Google Dork: inurl:/cgi-bin/manlist?section Discovered Date: 14/06/2020 Author: Ramikan Vendor Homepage: https://www.xinuos.com/products Software Link: https://www.sco.com/products/openserver507/-overview Affected Version: Tested on...
CS-Cart 1.3.3 - 'classes_dir' LFI
Exploit Title: CS-Cart unauthenticated LFI Date: 2020-09-22 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html Tested at: ver. 1.3.4 Vulnerability Type: unauthenticated LFI...