Streamripper 2.6 - 'Song Pattern' Buffer Overflow

!/usr/bin/python Exploit Title: StreamRipper32 Buffer Overflow Date: 07/2019 Exploit Author: Andrey Stoykov OSCP Tested On: Win7 SP1 x64 Software Link: http://streamripper.sourceforge.net/sr32/StreamRipper3226.exe Version: 2.6 Steps To Reproduce: Double click on "Add" in the "Station/Song Section...

Zervit Web Server 0.4 - Directory Traversals

zervit Web Server v0.4 Directory Traversals Found By: DrIDE Date: May 12, 2010 Download: http://zervit.sourceforge.net/ Tested on: Windows 7 - Description - zervit HTTP Server v0.4 is a Windows based HTTP server. This is the latest version of the application available. zervit HTTP Server is...

Sendmail 8.11.6 - Address Prescan Memory Corruption

/ source: https://www.securityfocus.com/bid/7230/info A vulnerability in Sendmail may be exploited remotely to execute arbitrary code. The flaw is present in the 'prescan' procedure, which is used for processing email addresses in SMTP headers. This condition has been confirmed to be exploitable ...

Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure

/ Exploit Title : Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure Author : Byte Reaper Telegram : @ByteReaper0 CVE : CVE-2025-6082 Software Link : https://frp.wordpress.org/plugins/birth-chart-compatibility/ Description : Proof‑of‑Concept exploits the Full Path Disclosure bu...

Mezzanine CMS 6.1.0 - Stored Cross Site Scripting (XSS)

Exploit Title: Mezzanine CMS 6.1.0 Stored Cross Site Scripting XSS via component /blog/blogpost/add Date: 23/07/2025 Exploit Author: Kevin Dicks Vendor Homepage: https://github.com/stephenmcd/mezzanine Software Link: https://github.com/stephenmcd/mezzanine Version: 6.1.0 Category: Web Application...

WonderCMS 3.4.2 - Remote Code Execution (RCE)

Exploit Title: WonderCMS 3.4.2 - Remote Code Execution RCE Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ CVE: CVE-2023-41425 import requests import...

Human Resource Management System v1.0 - Multiple SQLi

Title: Human Resource Management System v1.0 - Multiple SQLi Author: nu11secur1ty Date: 04/02/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html Reference:...

Moodle 4.3 - Insecure Direct Object Reference

Exploit Title: Moodle 4.3 'id' Insecure Direct Object Reference IDOR Date: 20/10/2023 Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3+ Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the...

PHP Shopping Cart 4.2 - Multiple-SQLi

Title: PHP Shopping Cart-4.2 Multiple-SQLi Author: nu11secur1ty Date: 09/13/2023 Vendor: https://www.phpjabbers.com/ Software:https://www.phpjabbers.com/php-shopping-cart-script/sectionPricing Reference: https://portswigger.net/web-security/sql-injection Description: The id parameter appears to b...

mooSocial 3.1.8 - Reflected XSS

Exploit Title: mooSocial 3.1.8 - Reflected XSS Exploit Author: CraCkEr Date: 28/07/2023 Vendor: mooSocial Vendor Homepage: https://moosocial.com/ Software Link: https://travel.moosocial.com/ Version: 3.1.8 Tested on: Windows 10 Pro Impact: Manipulate the content of the site CVE: CVE-2023-4173...

projectSend r1605 - Stored XSS

Exploit Title: projectSend r1605 - Stored XSS Application: projectSend Version: r1605 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.projectsend.org/ Software Link: https://www.projectsend.org/ Date of found: 11-06-2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & P...

Online Examination System Project 1.0 - Cross-site request forgery (CSRF)

Exploit Title: Online Examination System Project 1.0 - Cross-site request forgery CSRF Google Dork: n/a Date: 09/06/2023 Exploit Author: Ramil Mustafayev kryptohaker Vendor Homepage: https://github.com/projectworldsofficial/online-examination-systen-in-php Software Link:...

unilogies/bumsys v1.0.3 beta - Unrestricted File Upload

Exploit Title: - unilogies/bumsys v1.0.3-beta - Unrestricted File Upload Google Dork : NA Date: 19-01-2023 Exploit Author: AFFAN AHMED Vendor Homepage: https://github.com/unilogies/bumsys Software Link: https://github.com/unilogies/bumsys/archive/refs/tags/v1.0.3-beta.zip Version: 1.0.3-beta Test...

Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP

Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3 FPGA:10....

WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection

Exploit Title: WordPress Plugin WP Visitor Statistics 4.7 - SQL Injection Date 22/12/2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.plugins-market.com/ Software Link: https://downloads.wordpress.org/plugin/wp-stats-manager.4.7.zip Version: = 4.7 Tested on: Ubuntu 18.04 CV...

Laravel Valet 2.0.3 - Local Privilege Escalation (macOS)

Exploit Title: Laravel Valet 2.0.3 - Local Privilege Escalation macOS Exploit Author: leonjza Vendor Homepage: https://laravel.com/docs/8.x/valet Version: v1.1.4 to v2.0.3 !/usr/bin/env python2 Laravel Valet v1.1.4 - 2.0.3 Local Privilege Escalation macOS February 2017 - @leonjza Affected version...

Chikitsa Patient Management System 2.0.2 - 'plugin' Remote Code Execution (RCE) (Authenticated)

Exploit Title: Chikitsa Patient Management System 2.0.2 - Remote Code Execution RCE Authenticated Date: 03/12/2021 Exploit Author: 0z09e https://twitter.com/0z09e Vendor Homepage: https://sourceforge.net/u/dharashah/profile/ Software Link:...

Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting (XSS)

Exploit Title: Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting XSS Date: 18-10-2021 Exploit Author: Aniket Anil Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html...

Microsoft Windows cmd.exe - Stack Buffer Overflow

Title: Microsoft Windows cmd.exe - Stack Buffer Overflow Author: John Page aka hyp3rlinx Date: 15/09/2021 Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CMD.EXE-STACK-BUFFER-OVERFLOW.txt ISR: ApparitionSec Vendor www.microsoft.com Product cmd.exe is the default command-line...

Employee Record Management System 1.2 - Stored Cross-Site Scripting (XSS)

Exploit Title: Employee Record Management System 1.2 - Stored Cross-Site Scripting XSS Date: 07 July 2021 Exploit Author: Subhadip Nag mrl0s3r Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/employee-record-management-system-in-php-and-mysql/ Tested on: Server: XAMP...

Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free

Reproduction Repros on 10.14.3 when run as root. It may need multiple tries to trigger. $ clang -o in6selectsrc in6selectsrc.cc $ while 1; do sudo ./in6selectsrc; done res0: 3 res1: 0 res1.5: -1 // failure expected here res2: 0 done ... crash Explanation The following snippet is taken from...

Microsoft Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Windows XP systems that are not part of a domain default to treating all network logons as if they were Guest. This prevents SMB relay attacks from gaining administrativ...

PHP 7.1.8 - Heap Buffer Overflow

Description: ------------ A heap out-of-bound read vulnerability in timelibmeridian can be triggered via wddxdeserialize or other vectors that call into this function on untrusted inputs. $ /php-7.1.8/sapi/cli/php --version PHP 7.1.8 cli built: Aug 9 2017 21:42:13 NTS Copyright c 1997-2017 The PH...

GeekLog 2.x - 'ImageImageMagick.php' Remote File Inclusion

-------------------------------- 05/18/2007 --------------------------------- GeekLog 2. ImageImageMagick.php RFI Vuln ----------------------------------- ASCII ----------------------------------- / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / -dsd863 at ya...

NodeJS 24.x - Path Traversal

Exploit Title : NodeJS 24.x - Path Traversal Exploit Author : Abdualhadi khalifa CVE : CVE-2025-27210 import argparse import requests import urllib.parse import json import sys def exploitpathtraversalprecisetargeturl: str, targetfile: str, method: str - dict: traversesequence = "..\" 6...

Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Microsoft Windows Server 2025 JScript Engine - Remote Code Execution RCE Exploit Author: Mohammed Idrees Banyamer Instagram: @@banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-05-31 CVE: CVE-2025-30397 Vendor: Microsoft Affected Versions: Windo...

Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass

Exploit Title: Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass Date: 2022-10-10 Exploit Author: Zach Hanley, SC Vendor Homepage: https://www.fortinet.com Version: 7.0.0 Tested on: Linux CVE : CVE-2022-40684 This module requires Metasploit:...

Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection

Exploit Title: Microchip TimeProvider 4100 Grandmaster Data plot modules 2.4.6 - SQL Injection Exploit Author: Armando Huesca Prida, Marco Negro Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero, Vito Pistillo, Davide Renna, Manuel Leone, Massimiliano Brolli Date of Disclosure:...

Open Source Medicine Ordering System v1.0 - SQLi

Exploit Title : Open Source Medicine Ordering System v1.0 - SQLi Author : Onur Karasalihoğlu Date : 27/02/2024 Sample Usage % python3 omossqliexploit.py https://target.com Available Databases: 1. informationschema 2. omosdb Please select a database to use enter number: 2 You selected: omosdb...

Daily Habit Tracker 1.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: Daily Habit Tracker 1.0 - Stored Cross-Site Scripting XSS Date: 2 Feb 2024 Exploit Author: Yevhenii Butenko Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/17118/daily-habit-tracker-using-php-and-mysql-source-code.html Version: 1.0...

TELSAT marKoni FM Transmitter 1.9.5 - Backdoor Account Information Disclosure

TELSAT marKoni FM Transmitter 1.9.5 Backdoor Account Vendor: TELSAT Srl Product web page: https://www.markoni.it Affected version: Markoni-D Compact FM Transmitters Markoni-DH Exciter+Amplifiers FM Transmitters Markoni-A Analogue Modulator FM Transmitters Firmware: 1.9.5 1.9.3 1.5.9 1.4.6 1.3.9...

OSGi v3.8-3.18 Console - RCE

!/usr/bin/python Exploit Title: OSGi v3.8-3.18 Console RCE Date: 2023-07-28 Exploit Author: Andrzej Olchawa, Milenko Starcik, VisionSpace Technologies GmbH Exploit Repository: https://github.com/visionspacetec/offsec-osgi-exploits.git Vendor Homepage: https://eclipse.dev/equinox Software Link:...

Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)

Exploit Title: Enrollment System Project v1.0 - SQL Injection Authentication Bypass SQLI Date of found: 18/05/2023 Exploit Author: VIVEK CHOUDHARY @sudovivek Version: V1.0 Tested on: Windows 10 Vendor Homepage: https://www.sourcecodester.com Software Link:...

Arcsoft PhotoStudio 6.0.0.172 - Unquoted Service Path

Exploit Title: Arcsoft PhotoStudio 6.0.0.172 - Unquoted Service Path Date: 2023/04/22 Exploit Author: msd0pe Vendor Homepage: https://www.arcsoft.com/ My Github: https://github.com/msd0pe-1 Arcsoft PhotoStudio: Versions = wmic service get name,pathname,displayname,startmode | findstr /i auto |...

Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai

Exploit Title: Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai Date: 2021-09-11 Exploit Author: Abhiram V Vendor Homepage: https://parl.ai/ Software Link: https://github.com/facebookresearch/ParlAI Version: 1.1.0 Tested on: Linux CVE: CVE-2021-24040 References :...

NuCom 11N Wireless Router 5.07.90 - Remote Privilege Escalation

Exploit Title: NuCom 11N Wireless Router 5.07.90 - Remote Privilege Escalation Date: 01.03.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.nucom.es Vendor: NUEVAS COMUNICACIONES IBERIA, S.A. Product web page: https://www.nucom.es Affected version: 5.07.90multiNCM01 5.07.89multiNCM01...

sar2html 3.2.1 - 'plot' Remote Code Execution

Exploit Title: sar2html 3.2.1 - 'plot' Remote Code Execution Date: 27-12-2020 Exploit Author: Musyoka Ian Vendor Homepage:https://github.com/cemtan/sar2html Software Link: https://sourceforge.net/projects/sar2html/ Version: 3.2.1 Tested on: Ubuntu 18.04.1 !/usr/bin/env python3 import requests...

Hotel Management System 1.0 - Remote Code Execution (Authenticated)

Exploit Title: Hotel Management System 1.0 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-09-23 Exploit Author: Eren Şimşek Vendor Homepage: https://www.sourcecodester.com/php/14458/hotel-management-system-project-using-phpmysql.html Software Link:...

Optergy 2.3.0a - Remote Code Execution (Backdoor)

Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: \n' sys.exit while True: challengeurl = 'http://'+sys.argv1+'/tools/ajax/ConsoleResult.html?get' try: req1 =...

DHCP Client - Command Injection 'DynoRoot' (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DHCP Client Command Injection DynoRoot', 'Description' = %q This module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager...

ElasticSearch - Search Groovy Sandbox Bypass (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ElasticSearch Search Groovy Sandbox Bypass', 'Description' = %q This module exploits a remote command execution RCE vulnerability in...

Plesk < 9.5.4 - Remote Command Execution

Plesk Apache zeroday / June 2013 discovered & exploited by kingcope this Plesk configuration setting makes it possible: scriptAlias /phppath/ "/usr/bin/" Furthermore this is not cve-2012-1823 because the php interpreter is called directly. no php file is called Parallels Plesk Remote Exploit -- P...

GL-iNet MT6000 4.5.5 - Arbitrary File Download

Exploit Title: GL-iNet MT6000 4.5.5 - Arbitrary File Download CVE: CVE-2024-27356 Google Dork: intitle:"GL.iNet Admin Panel" Date: 2/26/2024 Exploit Author: Bandar Alharbi aggressor Vendor Homepage: www.gl-inet.com Tested Software Link:...

Joomla VirtueMart Shopping Cart 4.0.12 - Reflected XSS

Exploit Title: Joomla VirtueMart Shopping-Cart 4.0.12 - Reflected XSS Exploit Author: CraCkEr Date: 24/07/2023 Vendor: VirtueMart Team Vendor Homepage: https://www.virtuemart.net/ Software Link: https://demo.virtuemart.net/ Joomla Extension Link:...

BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)

Exploit Title: BuildaGate5library v5 - Reflected Cross-Site Scripting XSS Date: 06/07/2023 Exploit Author: Idan Malihi Vendor Homepage: None Version: 5 Tested on: Microsoft Windows 10 Pro CVE : CVE-2023-36163 PoC: An attacker just needs to find the vulnerable parameter mc= and inject the JS code...

SoftExpert (SE) Suite v2.1.3 - Local File Inclusion

Exploit Title: SoftExpert SE Suite v2.1.3 - Local File Inclusion Date: 27-04-2023 Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.softexpert.com/ Version: 2.0 target=$1 u=$2 p=$3 file=$echo -n "$4"|base64 -w 0 end="\0330m\e0m" red="\e0;31m\0331m" blue="\e0;34m\0331m" echo ...

OCS Inventory NG 2.3.0.0 - Unquoted Service Path

Exploit Title: OCS Inventory NG 2.3.0.0 - Unquoted Service Path Date: 2023/04/21 Exploit Author: msd0pe Vendor Homepage: https://oscinventory-ng.org Software Link: https://github.com/OCSInventory-NG/WindowsAgent My Github: https://github.com/msd0pe-1 Fixed in version 2.3.1.0 OCS Inventory NG...

Best pos Management System v1.0 - SQL Injection

Exploit Title: Best pos Management System v1.0 - SQL Injection Google Dork: NA Date: 14/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...

USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor

Exploit Title: USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 - Remote Root Backdoor Exploit Author: LiquidWorm !/usr/bin/env python3 USR IOT 4G LTE Industrial Cellular VPN Router 1.0.36 Remote Root Backdoor Vendor: Jinan USR IOT Technology Limited Product web page: https://www.pusr.com |...

WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion

Exploit Title: WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/ Date: 26-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/video-synchro-pdf/ Version: 1.7.4 Tested on:...