47904 matches found
AirKeyboard iOS App 1.0.5 - Remote Input Injection
Exploit Title: AirKeyboard iOS App 1.0.5 - Remote Input Injection Date: 2025-06-13 Exploit Author: Chokri Hammedi Vendor Homepage: https://airkeyboardapp.com Software Link: https://apps.apple.com/us/app/air-keyboard/id6463187929 Version: Version 1.0.5 Tested on: iOS 18.5 with AirKeyboard app '''...
AnyDesk 9.0.1 - Unquoted Service Path
Exploit Title: AnyDesk 9.0.1 - Unquoted Service Path Date: 2024-12-11 Exploit Author: Parastou Razi Contact: [email protected] Vendor Homepage: http://anydesk.com Software Link: http://anydesk.com/download Version: Software Version 9.0.1 Tested on: Windows 11 x64 1. Description: The Anydesk...
ResidenceCMS 2.10.1 - Stored Cross-Site Scripting (XSS)
Exploit Title: ResidenceCMS 2.10.1 - Stored Cross-Site Scripting XSS Date: 8-7-2024 Category: Web Application Exploit Author: Jeremia Geraldi Sihombing Version: 2.10.1 Tested on: Windows CVE: CVE-2024-39143 Description: ---------------- A stored cross-site scripting XSS vulnerability exists in...
Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI)
Exploit Title: Kubio AI Page Builder = 2.5.1 - Local File Inclusion LFI Date: 2025-04-04 Exploit Author: Sheikh Mohammad Hasan https://github.com/4m3rr0r Vendor Homepage: https://wordpress.org/plugins/kubio/ Software Link: https://downloads.wordpress.org/plugin/kubio.2.5.1.zip Reference:...
VeeVPN 1.6.1 - Unquoted Service Path
Exploit Title: VeeVPN 1.6.1 - 'VeePNService' Unquoted Service Path Date: 2024-12-27 Exploit Author: Doğukan Orhan Vendor Homepage: https://veepn.com/ Version: 1.6.1 Tested on: Windows 10 Pro x64 Step to discover Unquoted Service Path: C:\Users\PCwmic service where 'name like "%VeePNService%"' get...
Joomla iProperty Real Estate 4.1.1 - Reflected XSS
Exploit Title: Joomla iProperty Real Estate 4.1.1 - Reflected XSS Exploit Author: CraCkEr Date: 29/07/2023 Vendor: The Thinkery LLC Vendor Homepage: http://thethinkery.net Software Link: https://extensions.joomla.org/extension/vertical-markets/real-estate/iproperty/ Demo:...
ABB FlowX v4.00 - Exposure of Sensitive Information
Exploit Title: ABB FlowX v4.00 - Exposure of Sensitive Information Date: 2023-03-31 Exploit Author: Paul Smith Vendor Homepage: https://new.abb.com/products/measurement-products/flow-computers/spirit-it-flow-x-series Version: ABB Flow-X all versions before V4.00 Tested on: Kali Linux CVE:...
PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting
Exploit Title: PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting XSS Google Dork: None Date: 4/26/2023 Exploit Author: Or4nG.M4n Vendor Homepage: https://github.com/jcwebhole Software Link: https://github.com/jcwebhole/phprestaurants Version: 1.0 functions.php function login...
Online Computer and Laptop Store 1.0 - Remote Code Execution (RCE)
!/usr/bin/env python3 Exploit Title: Online Computer and Laptop Store 1.0 - Remote Code Execution RCE Date: 09/04/2023 Exploit Author: Matisse Beckandt Backendt Vendor Homepage:...
WebTareas 2.4 - Blind SQLi (Authenticated)
Exploit Title: WebTareas 2.4 - Blind SQLi Authenticated Date: 04/20/2022 Exploit Author: Behrad Taher Vendor Homepage: https://sourceforge.net/projects/webtareas/ Version: 2.4p3 CVE : CVE-2021-43481 The script takes 3 arguments: IP, user ID, session ID Example usage: python3 webtareassqli.py...
Simple Online College Entrance Exam System 1.0 - 'Multiple' SQL injection
Exploit Title: Simple Online College Entrance Exam System 1.0 - 'Multiple' SQL injection Date: 07.10.2021 Exploit Author: Amine ismail @aminei Vendor Homepage: https://www.sourcecodester.com/php/14976/simple-online-college-entrance-exam-system-php-and-sqlite-free-source-code.html Software Link:...
Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation
Exploit Title: Drupal Module MiniorangeSAML 8.x-2.22 - Privilege escalation via XML Signature Wrapping Date: 09/07/2021 Exploit Author: Cristian 'void' Giustini Vendor Homepage: https://www.miniorange.com/ Software Link: https://www.drupal.org/project/miniorangesaml Version: 8.x-2.22 REQUIRED...
Evolution CMS 3.1.6 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Evolution CMS 3.1.6 - Remote Code Execution RCE Authenticated Date: 15-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://evo.im/ Software Link: https://github.com/evolution-cms/evolution/releases Version: 3.1.6 Category: Webapps Tested on: Linux/Windows Exampl...
Schlix CMS 2.2.6-6 - Arbitary File Upload (Authenticated)
Exploit Title: Schlix CMS 2.2.6-6 - Arbitary File Upload And Directory Traversal Leads To RCE Authenticated Date: 21.05.2021 Exploit Author: Emir Polat Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/html/schlix-cms-downloads.html Version: 2.2.6-6 Tested On: Ubuntu...
Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path
Exploit Title: Sandboxie Plus v0.7.2 - 'SbieSvc' Unquoted Service Path Date: 2021-1-20 Exploit Author: Mohammed Alshehri Vendor Homepage: sandboxie-plus.com Software Link: https://github.com/sandboxie-plus/Sandboxie/releases/download/0.7.2/Sandboxie-Plus-x64-v0.7.2.exe Version: Version 0.7.2 Test...
moziloCMS 2.0 - Persistent Cross-Site Scripting (Authenticated)
Exploit Title: moziloCMS 2.0 - Persistent Cross-Site Scripting Authenticated Date: 2020-08-31 Exploit Author: Abdulkadir Kaya Vendor Homepage: https://www.mozilo.de/ Version: 2.0 Tested on: Windows & WampServer 1- Go to following url. http://HOST/PATH/admin/ 2- Login the admin panel. 3- Go to...
ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection
Exploit Title: ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection Google Dork: intitle:"Applications Manager Login Screen" Date: 2020-07-23 Exploit Author: aldorm Vendor Homepage: https://www.manageengine.com/ Software Link: Version: 12 and 13 before Build 13200 Tested on:...
PhpIX 2012 Professional - 'id' SQL Injection
Title: PhpIX 2012 Professional - 'id' SQL Injection Date: 2020-02-26 Author: indoushka Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit Vendor : http://www.allhandsmarketing.com/ poc : + Dorking İn Google Or Other Search Enggine. + /productdetail.php?id=448578 ====|...
Linux - Broken Permission and Object Lifetime Handling for PTRACE_TRACEME
== Summary == This bug report describes two issues introduced by commit 64b875f7ac8a "ptrace: Capture the ptracer's creds not PTPTRACECAP", introduced in v4.10 but also stable-backported to older versions. I will send a suggested patch in a minute "ptrace: Fix -ptracercred handling for...
KCFinder 2.51 - Local File Disclosure
--------------------------------------------------- Exploit Title: KCFinder Local File Disclosure Author: DaOne Vendor Homepage: http://kcfinder.sunhater.com/ Category: webapps/php Version: 2.51 + old versions Google dork: inurl:kcfinder/browse.php...
Coppermine Photo Gallery 1.2.0 RC4 - 'init.inc.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the application fails to properly sanitize and validate user-supplied inp...
Langflow 1.2.x - Remote Code Execution (RCE)
!/usr/bin/env python3 Exploit Title: Langflow 1.2.x - Remote Code Execution RCE Date: 2025-07-11 Exploit Author: Raghad Abdallah Al-syouf Vendor Homepage: https://github.com/logspace-ai/langflow Software Link: https://github.com/logspace-ai/langflow/releases Version: = 1.2.x Tested on: Ubuntu /...
Daikin Security Gateway 14 - Remote Password Reset
Daikin Security Gateway 214 - Remote Password Reset Vendor: Daikin Industries, Ltd. Product web page: https://www.daikin.com https://www.daikin.eu/enus/products/product.html/DRGATEWAYAA.html Affected version: App: 100, Frm: 214 Summary: The Security gateway allows the iTM and LC8 controllers to...
TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)
Exploit Title: TP-Link VN020 F3vT TTV6.2.1021 - Denial Of Service DOS Date: 10/22/2024 Exploit Author: Mohamed Maatallah Vendor Homepage: https://www.tp-link.com Version: TTV6.2.1021 VN020-F3vT Tested on: VN020-F3vT Router Hardware Version 1.0 CVE: CVE-2024-12342 Description: Two critical...
General Device Manager 2.5.2.2 - Buffer Overflow (SEH)
Exploit Title: General Device Manager 2.5.2.2 - Buffer Overflow SEH Date: 30.07.2023 Software Link: https://download.xm030.cn/d/MDAwMDA2NTQ= Software Link 2: https://www.maxiguvenlik.com/uploads/importfiles/GeneralDeviceManager.zip Exploit Author: Ahmet Ümit BAYRAM Tested Version: 2.5.2.2 Tested...
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit
!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Authentication Bypass Exploit Exploit Author: LiquidWorm Sielco PolyEco Digital FM Transmitter 2.0.6 Authentication Bypass Exploit Vendor: Sielco S.r.l Product web page: https://www.sielco.org...
Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload
Exploit Title: Best pos Management System v1.0 - Remote Code Execution RCE on File Upload Google Dork: NA Date: 17/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...
Boa Web Server v0.94.14 - Authentication Bypass
Exploit Title: Boa Web Server v0.94.14 - Authentication Bypass Date: 19-11-2022 Exploit Author: George Tsimpidas Vendor: https://github.com/gpg/boa CVE: N/A Tested on: Debian 5.18.5 Description : Boa Web Server Versions from 0.94.13 - 0.94.14 fail to validate the correct security constraint on th...
WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting (XSS) (Unauthenticated)
Exploit Title: WordPress Plugin Frontend Uploader 1.3.2 - Stored Cross Site Scripting XSS Unauthenticated Date: 10/01/2022 Exploit Author: Veshraj Ghimire Vendor Homepage: https://wordpress.org/plugins/frontend-uploader/ Software Link: https://plugins.trac.wordpress.org/browser/frontend-uploader/...
Movie Rating System 1.0 - SQLi to RCE (Unauthenticated)
Exploit Title: Movie Rating System 1.0 - SQLi to RCE Unauthenticated Date: 22/12/2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/15104/sentiment-based-movie-rating-system-using-phpoop-free-source-code.html Version: 1.0 Tested on: Ubuntu This exploit only...
Apache Flink 1.11.0 - Unauthenticated Arbitrary File Read (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Flink File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in Apache Fli...
OKI sPSV Port Manager 1.0.41 - 'sPSVOpLclSrv' Unquoted Service Path
Exploit Title: OKI sPSV Port Manager 1.0.41 - 'sPSVOpLclSrv' Unquoted Service Path Date: 2020-11-08 Exploit Author: Julio Aviña Vendor Homepage: https://www.oki.com/ Software Link: https://www.oki.com/mx/printing/download/sPSV0100412270910.exe Software Version: 1.0.41 File Version: 1.4.2.0 Tested...
InduSoft Web Studio 8.1 SP1 - "Atributos" Denial of Service (PoC)
Exploit Title: InduSoft Web Studio 8.1 SP1 - "Atributos" Denial of Service PoC Discovery by: chuyreds Discovery Date: 2019-11-23 Vendor Homepage: http://www.indusoft.com/ Software Link : http://www.indusoft.com/Products-Downloads Tested Version: 8.1 SP1 Vulnerability Type: Denial of Service DoS...
PHP Laravel Framework 5.5.40 / 5.6.x < 5.6.30 - token Unserialize Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP Laravel Framework token Unserialize Remote Command Execution', 'Description' = %q This module exploits a vulnerability in the PHP Laravel...
Mozilla Spidermonkey - IonMonkey 'Array.prototype.pop' Type Confusion
The following program found through fuzzing and manually modified crashes Spidermonkey built from the current beta channel and Firefox 66.0.3 current stable: // Run with --no-threads for increased reliability const v4 = a: 0, a: 1, a: 2, a: 3, a: 4; function v7v8,v9 if v4.length == 0 v43 = a: 5; ...
Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command Execution', 'Description' = %q This module exploits arbitrar...
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)
!/usr/bin/env import sys import requests print '' print ' Proof-Of-Concept for CVE-2018-7600' print ' by Vitalii Rudnykh' print ' Thanks by AlbinoDrought, RicterZ, FindYanot, CostelSalanders' print ' https://github.com/a2u/CVE-2018-7600' print '' print 'Provided only for educational or informatio...
WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress PHPMailer Host Header Command Injection', 'Description' = %q This module exploits a command injection vulnerability in WordPress version...
gogs 0.13.0 - Remote Code Execution (RCE)
Exploit Title: gogs 0.13.0 - Remote Code Execution RCE Date: 27th June, 2025 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/gogs/gogs.git Version: gogs =0.13.0 Tested on: Ubuntu CVE: CVE-2024-39930 =============================== Example Usage: python3 exploit.py...
BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection
Exploit Title: BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection Date: 14 Apr 2024 Exploit Author: Ivan Spiridonov xbz0n Software Link: https://codecanyon.net/item/bwl-advanced-faq-manager/5007135 Version: 2.0.3 Tested on: Ubuntu 20.04 CVE: CVE-2024-32136 SQL Injection SQL injection is...
Restaurant Management System 1.0 - SQL Injection
Exploit Title: Restaurant Management System 1.0 - SQL Injection Date: 2023-03-20 Exploit Author: calfcrusher [email protected] Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link: https://www.sourcecodester.com/php/11815/restaurant-management-system.html Version: 1.0...
SolarWinds Kiwi CatTools 3.11.8 - Unquoted Service Path
Exploit Title: SolarWinds Kiwi CatTools 3.11.8 - Unquoted Service Path Exploit Author: Mert DAŞ Version: 3.11.8 Date: 14.10.2021 Vendor Homepage: https://www.solarwinds.com/ Tested on: Windows 10 Step to discover Unquoted Service Path : -------------------------------------- C:\Users\Mertsc qc...
ECOA Building Automation System - Cookie Poisoning Authentication Bypass
Exploit Title: ECOA Building Automation System - Cookie Poisoning Authentication Bypass Date: 25.06.2021 Exploit Author: Neurogenesia Vendor Homepage: http://www.ecoa.com.tw ECOA Building Automation System Cookie Poisoning Authentication Bypass Vendor: ECOA Technologies Corp. Product web page:...
Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS
Exploit Title: Care2x Open Source Hospital Information Management 2.7 Alpha - 'Multiple' Stored XSS Date: 13.08.2021 Exploit Author: securityforeveryone.com Author Mail: helloATsecurityforeveryone.com Vendor Homepage: https://care2x.org Software Link: https://sourceforge.net/projects/care2002/...
StreamRipper32 2.6 - Buffer Overflow (PoC)
Exploit Title: StreamRipper32 2.6 - Buffer Overflow PoC Date: 2020-05-14 Exploit Author: Andy Bowden Tested On: Win10 x64 Download Link: http://streamripper.sourceforge.net/sr32/StreamRipper3226.exe Vendor Page: http://streamripper.sourceforge.net/ Version: 2.6 Steps To Reproduce: Double click on...
ktsuss 1.4 - suid Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ktsuss suid Privilege Escalation', 'Description' = %q This module attempts to gain root privileges by exploiting a vulnerability in ktsuss versio...
Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - 'overlayfs' Local Privilege Escalation (Access /etc/shadow)
The overlayfs filesystem does not correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an unprivileged process in kernels with CONFIGUSERNS=y and where overlayfs has the FSUSERNSMOUNT flag, which allows the mounting of overlayfs insi...
HP OpenView Network Node Manager (OV NNM) 7.5.1 - 'OVAS.exe' Overflow (SEH)
!/usr/bin/python HP OpenView NNM 7.5.1 OVAS.EXE Pre Authentication SEH Overflow Tested on Windows 2003 Server SP1. Coded by Mati Aharoni muts..at..offensive-security.com http://www.offensive-security.com/0day/hp-nnm-ov.py.txt shameless plug This vulnerability was found, analysed and exploited as...
Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 - Sandbox Escape
Titles: Microsoft Edge Renderer Process Mojo IPC 134.0.6998.177 - Sandbox Escape Author: nu11secur1ty Date: 08/07/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/software-download/windows11 Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730...
TOTOLINK N300RB 8.54 - Command Execution
Title: TOTOLINK N300RB 8.54 - Command Execution Author: Skander BELABED - Magellan Sécurité Date: 07/11/2025 Vendor: TOTOLINK Product: N300RB Firmware version: 8.54 CVE: CVE-2025-52089 Description: A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8....