Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows NtUserSetWindowFNID Win32k User Callback', 'Description' = %q An elevation of privilege vulnerability exists in Windows when the Win32k...

GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)

Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution RCE Date: 19-MAR-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.2.0 or less Tested on:...

ABB Cylon Aspect 3.08.02 - Cross-Site Request Forgery (CSRF)

!-- ABB Cylon Aspect 3.08.02 userManagement.php Cross-Site Request Forgery Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energy...

Pimcore customer-data-framework 4.2.0 - SQL injection

Exploit Title: Pimcore customer-data-framework 4.2.0 - SQL injection Date: 01/28/2025 Exploit Author: maeitsec Vendor Homepage: https://pimcore.com/ Software Link: https://github.com/pimcore/pimcore Version: Pimcore versions prior to 10.5.21 Tested on: Ubuntu 20.04 with Pimcore 10.5.20 CVE:...

ABB Cylon Aspect 3.08.01 - Arbitrary File Delete

Exploit Title : ABB Cylon Aspect 3.08.01 - Arbitrary File Delete Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management a...

Hospital Management System v1.0 - Stored Cross Site Scripting (XSS)

Exploit Title: Hospital Management System v1.0 - Stored Cross Site Scripting XSS Google Dork: NA Date: 28-03-2024 Exploit Author: Sandeep Vishwakarma Vendor Homepage: https://code-projects.org Software Link:...

Daily Habit Tracker 1.0 - SQL Injection

Exploit Title: Daily Habit Tracker 1.0 - SQL Injection Date: 2 Feb 2024 Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0 Tested on: Debian...

Craft CMS 4.4.14 - Unauthenticated Remote Code Execution

!/usr/bin/env python3 coding: utf-8 Exploit Title: Craft CMS unauthenticated Remote Code Execution RCE Date: 2023-12-26 Version: 4.0.0-RC1 - 4.4.14 Vendor Homepage: https://craftcms.com/ Software Link: https://github.com/craftcms/cms/releases/tag/4.4.14 Tested on: Ubuntu 22.04.3 LTS Tested on:...

Global - Multi School Management System Express v1.0- SQL Injection

Exploit Title: Global - Multi School Management System Express v1.0- SQL Injection Date: 2023-08-12 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/global-multi-school-management-system-express/21975378 Tested on: Kali Linux & MacOS CVE: N/A Request POST /report/balance...

Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE)

// Exploit Title: Goanywhere Encryption helper 7.1.1 - Remote Code Execution RCE // Google Dork: title:"GoAnywhere" // Date: 3/26/2023 // Exploit Author: Youssef Muhammad // Vendor Homepage: https://www.goanywhere.com/ // Software Link:...

Nettmp NNT 5.1 - SQLi Authentication Bypass

Exploit Title: Nettmp NNT 5.1 - SQLi Authentication Bypass Date: 23/12/2021 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://wiki.nettemp.tk Software Link: https://wiki.nettemp.tk Version: nettmp NNT Tested on: Linux Ubuntu 20.04 Payload: username: 1' or 1=1;-- password: \ Proo...

phpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: phpKF CMS 3.00 Beta y6 - Remote Code Execution RCE Unauthenticated Date: 18/12/2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.phpkf.com/ Software Link: https://www.phpkf.com/indirme.php Version: 3.00 Category: Webapps Tested on: Linux/Windows phpKF-CMS; It...

Online Pre-owned/Used Car Showroom Management System 1.0 - SQLi Authentication Bypass

Exploit Title: Online Pre-owned/Used Car Showroom Management System 1.0 - SQLi Authentication Bypass Date: 01-12-2021 Exploit Author: Mohamed habib Smidi Craniums Vendor Homepage: https://www.sourcecodester.com/php/15067/online-pre-ownedused-car-showroom-management-system-php-free-source-code.htm...

FastStone Image Viewer 7.5 - .cur BITMAPINFOHEADER 'BitCount' Stack Based Buffer Overflow (ASLR & DEP Bypass)

Exploit title: FastStone Image Viewer 7.5 - .cur BITMAPINFOHEADER 'BitCount' Stack Based Buffer Overflow ASLR & DEP Bypass Exploit Author: Paolo Stagno Date: 15/03/2020 Vendor Homepage: https://www.faststone.org/ Download: https://www.faststonesoft.net/DN/FSViewerSetup75.exe...

WordPress Plugin Supsystic Ultimate Maps 1.1.12 - 'sidx' SQL injection

Exploit Title: WordPress Plugin Supsystic Ultimate Maps 1.1.12 - 'sidx' SQL injection Date: 24/07/2020 Exploit Author: Erik David Martin Vendor Homepage: https://supsystic.com/ Software Link: https://downloads.wordpress.org/plugin/ultimate-maps-by-supsystic.1.1.12.zip Category: Web Application...

Employee Management System 1.0 - Authentication Bypass

Exploit Title: Employee Management System 1.0 - Authentication Bypass Date: 2020-10-16 Exploit Author: Ankita Pal Vendor Homepage: https://www.sourcecodester.com/php/14432/employee-management-system-using-php.html Software Link:...

Online-Exam-System 2015 - 'fid' SQL Injection

Exploit Title: Online-Exam-System 2015 - 'fid' SQL Injection Exploit Author: Berk Dusunur Google Dork: N/A Type: Web App Date: 2020-05-28 Vendor Homepage: https://github.com/sunnygkp10/ Software Link: https://github.com/sunnygkp10/Online-Exam-System-.git Affected Version: 2015 Tested on: MacosX C...

logrotten 3.15.1 - Privilege Escalation

Exploit Title: logrotten 3.15.1 - Privilege Escalation Date: 2019-10-04 Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://github.com/logrotate/logrotate Software Link: https://github.com/logrotate/logrotate/releases/tag/3.15.1 Version: all versions through 3.15.1 Tested on: Debian...

Thunderbird ESR < 60.7.XXX - 'icalrecur_add_bydayrules' Stack-Based Buffer Overflow

X41 D-Sec GmbH Security Advisory: X41-2019-003 Stack-based buffer overflow in Thunderbird ========================================== Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed Patched Versions: Thunderbird ESR 60.7.XXX Vendor: Thunderbird Vendor URL:...

Nikto 2.1.6 - CSV Injection

Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linux 4.14 x64 CVE :...

SAP NetWeaver - 7.53 - HTTP Request Smuggling

Exploit Title: SAPGateBreaker Exploit - CVE-2022-22536 - HTTP Request Smuggling Through SAP's Front Door Google Dork: https://github.com/BecodoExploit-mrCAT/SAPGateBreaker-Exploit/blob/main/dorks Date: Tuesday, April 2, 2025 Exploit Author: @C41Tx90 - Victor de Queiroz - Beco do Exploit - Elytron...

Poultry Farm Management System v1.0 - Remote Code Execution (RCE)

Exploit Title: Poultry Farm Management System v1.0 - Remote Code Execution RCE Date: 24-06-2024 CVE: N/A Awaiting ID to be assigned Exploit Author: Jerry Thomas w3bn00b3r Vendor Homepage: https://www.sourcecodester.com/php/15230/poultry-farm-management-system-free-download.html Software Link:...

Winter CMS 1.2.3 - Server-Side Template Injection (SSTI) (Authenticated)

Exploit Title: Winter CMS 1.2.2 - Server-Side Template Injection SSTI Authenticated Exploit Author: tmrswrr Date: 12/05/2023 Vendor: https://wintercms.com/ Software Link: https://github.com/wintercms/winter/releases/v1.2.2 Vulnerable Versions: 1.2.2 Tested :...

Microsoft Windows Defender - VBScript Detection Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERVBSCRIPTTROJANMITIGATIONBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender Vulnerability Type...

Gila CMS 1.10.9 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Gila CMS 1.10.9 - Remote Code Execution RCE Authenticated Date: 05-07-2023 Exploit Author: Omer Shaik unknownexploit Vendor Homepage: https://gilacms.com/ Software Link: https://github.com/GilaCMS/gila/ Version: Gila 1.10.9 Tested on: Linux import requests from termcolor import...

WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting (XSS)

Exploit Title: WordPress Plugin WP Customize Login 1.1 - 'Change Logo Title' Stored Cross-Site Scripting XSS Date: 2021-08-03 Exploit Author: Aryan Chehreghani Software Link: https://wordpress.org/plugins/customize-login/ Version: 1.1 Tested on: Windows 10 How to Reproduce this Vulnerability: 1...

DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)

Exploit Title: DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting XSS Author: @nu11secur1ty Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r Date: 04/23/2021 Vendor: http://www.dzzoffice.com/ Link: https://github.com/zyx0814/dzzoffice CVE: CVE-2021-3318 + Exploit Source: !/usr/bin/python3 Author...

Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation

Exploit Title: Selea CarPlateServer CPS 4.0.1.6 - Local Privilege Escalation Date: 08.11.2020 Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea CarPlateServer CPS v4.0.1.6 Local Privilege Escalation Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected versio...

File Management System 1.1 - Persistent Cross-Site Scripting

Exploit Title: File Management System 1.1 - Persistent Cross-Site Scripting Date: 2020-06-30 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://www.sourcecodester.com/download-code?nid=13333&title=File+Management+System+Very+Complete+Using+PHP%2FMySQLi+version+1.1 Software Link:...

WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery

Exploit Title: CSRF vulnerabilities in WP Add Mime Types Plugin...

Dnsmasq < 2.78 - Lack of free() Denial of Service

''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14495.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html dnsmasq is vulnerable only if one of the following option is specified: --add-mac,...

Keras 2.15 - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Keras 2.15 - Remote Code Execution RCE Author: Mohammed Idrees Banyamer Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-07-09 Tested on: Ubuntu 22.04 LTS, Python 3.10, TensorFlow/Keras = 2.15 CVE: CVE-2025-1550 Type: Remote Code...

WBCE CMS 1.6.3 - Authenticated Remote Code Execution (RCE)

Exploit Title: WBCE CMS " exit 1 fi if -z "$which nc" ; then echo "! Netcat is not installed." exit 1 fi ip=$1 port=$2 rm -rf shellModule.zip rm -rf shellModule mkdir shellModule echo Crafting Payload cat shellModule/info.php ?php / @category modules @package Reverse Shell @author Swammers8 @link...

reNgine 2.2.0 - Command Injection (Authenticated)

Exploit Title: reNgine 2.2.0 - Command Injection Authenticated Date: 2024-09-29 Exploit Author: Caner Tercan Vendor Homepage: https://rengine.wiki/ Software Link: https://github.com/yogeshojha/rengine Version: v2.2.0 Tested on: macOS POC : 1. Login the Rengine Platform 2. Click the Scan Engine 3...

KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow

Exploit Title: KiTTY 0.76.1.13 - 'Start Duplicated Session Username' Buffer Overflow Exploit Author: DEFCESCO Austin A. DeFrancesco Vendor Homepage: https://github.com/cyd01/KiTTY/= Software Link: https://github.com/cyd01/KiTTY/releases/download/v0.76.1.13/kitty-bin-0.76.1.13.zip Version: ≤...

R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vendor: R Radio Network Product web page: http://www.pktc.ac.th Affected version: 1.07 Summary: R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup. Desc: The transmitter suffers from an improper acces...

SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration

Exploit Title: SureMDM On-premise 6.31 - CAPTCHA Bypass User Enumeration Date: 05/12/2023 Exploit Author: Jonas Benjamin Friedli Vendor Homepage: https://www.42gears.com/products/mobile-device-management/ Version: = 6.31 Tested on: 6.31 CVE : CVE-2023-3897 import requests import sys def printhelp...

Equipment Rental Script-1.0 - SQLi

Title: Equipment Rental Script-1.0 - SQLi Author: nu11secur1ty Date: 09/12/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/equipment-rental-script/sectionDemo Reference: https://portswigger.net/web-security/sql-injection Description: The packageid parameter appears t...

Availability Booking Calendar v1.0 - Multiple Cross-site scripting (XSS)

Exploit Title: Availability Booking Calendar v1.0 - Multiple Cross-site scripting XSS Date: 07/2023 Exploit Author: Andrey Stoykov Tested on: Ubuntu 20.04 Blog: http://msecureltd.blogspot.com XSS 1: Steps to Reproduce: 1. Browse to Bookings 2. Select All Bookings 3. Edit booking and select Promo...

AVG Anti Spyware 7.5 - Unquoted Service Path "AVG Anti-Spyware Guard"

Exploit Title: AVG Anti Spyware 7.5 - Unquoted Service Path Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: https://www.avg.com Software Link: https://www.avg.com/en-ww/homepagepc Version: 7.5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36167 PoC C:\Userswmic service get...

Cobian Backup 0.9 - Unquoted Service Path

Exploit Title: Cobian Backup 0.9 - Unquoted Service Path Date: 06/03/2022 Exploit Author: Hejap Zairy Vendor Homepage: https://www.cobiansoft.com// Software Link: https://www.cobiansoft.com/download.php/ Version:0.9.93 Tested: Windows 10 Pro x64 es C:\Users\Hejapsc qc CobianReflectorService SC...

FileCloud 21.2 - Cross-Site Request Forgery (CSRF)

Exploit Title: FileCloud 21.2 - Cross-Site Request Forgery CSRF Date: 2022-02-20 Exploit Author: Masashi Fujiwara Vendor Homepage: https://www.filecloud.com/ Software Link: https://hub.docker.com/r/filecloud/filecloudserver21.2 Version: All versions of FileCloud prior to 21.3 Fiexd: version...

Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path

Exploit Title: Wondershare UBackit 2.0.5 - 'wsbackup' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2022-02-17 Vendor Homepage: https://www.wondershare.com/ Software Link : https://download.wondershare.com/ubackitfull8767.exe Tested Version: 2.0.5 Vulnerability Type: Unquoted...

Online News Portal 1.0 - 'name' SQL Injection

Exploit Title: Online News Portal 1.0 - 'name' SQL Injection Exploit Author: Richard Jones Date: 2021-03-18 Vendor Homepage: https://www.sourcecodester.com/php/14741/online-news-portal-using-phpmysqli-free-download-source-code.html Software Link:...

XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service

Exploit Title: XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service Exploit Author : ZwX Exploit Date: 2019-11-18 Vendor Homepage : https://www.xmedia-recode.de/ Link Software : https://www.xmedia-recode.de/download.php Tested on OS: Windows 7 Social: twitter.com/ZwX2a contact: [email protected] ''' Proof...

Netatalk 3.1.12 - Authentication Bypass

Exploit Title: Netatalk Authentication Bypass Date: 12/20/2018 Exploit Author: Jacob Baines Vendor Homepage: http://netatalk.sourceforge.net/ Software Link: https://sourceforge.net/projects/netatalk/files/ Version: Before 3.1.12 Tested on: Seagate NAS OS x8664 CVE : CVE-2018-1160 Advisory:...

Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read

// A proof-of-concept exploit for CVE-2017-18344. // Includes KASLR and SMEP bypasses. No SMAP bypass. // No support for 1 GB pages or 5 level page tables. // Tested on Ubuntu xenial 4.4.0-116-generic and 4.13.0-38-generic // and on CentOS 7 3.10.0-862.9.1.el7.x8664. // // gcc pwn.c -o pwn // // ...

Linux Kernel 2.6.20/2.6.24/2.6.27_7-10 (Ubuntu 7.04/8.04/8.10 / Fedora Core 10 / OpenSuse 11.1) - SCTP FWD Memory Corruption Remote Overflow

/ CVE-2009-0065 SCTP FWD Chunk Memory Corruption Linux Kernel 2.6.x SCTP FWD Memory COrruption Remote Exploit coded by: sgrakkyu antifork.org http://kernelbof.blogspot.com NOTE: you need at least one sctp application bound on the target box Supported target: Ubuntu 7.04 x8664 2.6.2015-17-generic ...

Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure

Exploit Title: Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.office.com/ Software Link: https://www.office.com/ Details: https://github.com/passtheticket/CVE-2024-38200 Version: Microsoft Office 2019 MSO Build 1808...

Petrol Pump Management Software v.1.0 - SQL Injection

Exploit Title: Petrol Pump Management Software v.1.0 - SQL Injection Date: 01-03-2024 Exploit Author: Shubham Pandey Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17180/petrol-pump-management-software-free-download.html Version: 1.0 Tested on:...