47884 matches found
OpenBSD 6.x - Dynamic Loader Privilege Escalation
Qualys Security Advisory Local Privilege Escalation in OpenBSD's dynamic loader CVE-2019-19726 ============================================================================== Contents ============================================================================== Summary Analysis Demonstration...
Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path
Exploit Title: Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path Discovery Date: 2019-10-28 Exploit Author: Alberto Vargas Vendor Homepage: https://www.issivs.com/product-detail/secure-os-enterprise/ Software Link:...
Outlook Password Recovery 2.10 - Denial of Service
Exploit Title: Outlook Password Recovery v2.10 Denial of Service Exploit Date: 16.08.2019 Vendor Homepage:https://www.top-password.com/ Software Link: https://www.top-password.com/outlook-password-recovery.html Exploit Author: Velayutham Selvaraj & Praveen Thiyagarayam TwinTech Solutions Tested...
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
/ raptordtprintnamesparc.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability and for his interesting research activities on...
Microsoft Windows - 'CiSetFileCache' WDAC Security Feature Bypass TOCTOU
Windows: CiSetFileCache TOCTOU CVE-2017-11830 Variant WDAC Security Feature Bypass Platform: Windows 10 1803, 1709 should include S-Mode but not tested Class: Security Feature Bypass Summary: While the TOCTOU attack against cache signing has been mitigated through NtSetCachedSigningLevel it’s...
Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Local Privilege Escalation (MS16-135) (1)
Complete Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40823.zip Presentation: https://www.exploit-db.com/docs/english/40822-i-know-where-your-page-lives---de-randomizing-the-latest-windows-10-kernel.pdf I Know Where Your Page Lives:...
Microsoft Windows Server - Code Execution (MS08-067)
/ MS08-067 Remote Stack Overflow Vulnerability Exploit Author: Polymorphours Email: [email protected] Homepage:http://www.whitecell.org Date: 2008-10-28 / include "stdafx.h" include include include include pragma commentlib, "mpr" pragma commentlib, "Rpcrt4" pragma commentlib, "ws232"...
Discourse 3.1.1 - Unauthenticated Chat Message Access
!/usr/bin/env ruby Title : Discourse 3.1.1 - Unauthenticated Chat Message Access CVE-2023-45131 CVSS: 7.5 High Affected: Discourse 3.1.1 stable, 3.2.0.beta2 Author ibrahimsql @ https://twitter.com/ibrahmsql Date: 2023-12-14 require 'net/http' require 'uri' require 'json' require 'openssl' require...
Pymatgen 2024.1 - Remote Code Execution (RCE)
Exploit Title : Pymatgen 2024.1 - Remote Code Execution RCE Google Dork : not applicable Date : 2024-11-13 Exploit Author : Mohammed Idrees Banyamer Vendor Homepage : https ://pymatgen.org Software Link : https ://pypi.org /project /pymatgen/ Version : 2024.1 Tested on : Kali Linux 2024.1 CVE :...
OpenPanel 0.3.4 - Directory Traversal
Exploit Title: OpenPanel 0.3.4 - Directory Traversal Date: Dec 05, 2024 Exploit Author: Korn Chaisuwan, Punthat Siriwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2024-53537 Compress Function POS...
PimpMyLog v1.7.14 - Improper access control
Exploit Title: PimpMyLog v1.7.14 - Improper access control Date: 2023-07-10 Exploit Author: thoughtfault Vendor Homepage: https://www.pimpmylog.com/ Software Link: https://github.com/potsky/PimpMyLog Version: 1.5.2-1.7.14 Tested on: Ubuntu 22.04 CVE : N/A Description: PimpMyLog suffers from...
Screen SFT DAB 600/C - Authentication Bypass Admin Password Change
!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Admin Password Change Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...
ActFax 10.10 - Unquoted Path Services
Exploit Title: ActFax 10.10 - Unquoted Path Services Date: 22/03/2023 Exploit Author: Birkan ALHAN @taftss Vendor Homepage: https://www.actfax.com Software Link: https://www.actfax.com/en/download.html Version: Version 10.10, Build 0551 2023-02-01 Tested on: Windows 10 21H2 OS Build 19044.2728...
Rukovoditel 3.3.1 - Remote Code Execution (RCE)
Exploit Title: Rukovoditel 3.3.1 - Remote Code Execution RCE Version: 3.3.1 Bugs: rce via jpeg file upload Technology: PHP Vendor URL: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Date of found: 12-03-2023 Author: Mirabbas Ağalarov Tested on: Linux 2...
Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path
Exploit Title: Microsoft Gaming Services 2.52.13001.0 - Unquoted Service Path Discovery by: Johto Robbie Discovery Date: May 12, 2021 Tested Version: 2.52.13001.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 x64 Home Step to discover Unquoted Service Path: Go to Start and ty...
Point of Sale System 1.0 - Multiple Stored XSS
Exploit Title: Point of Sale System 1.0 - Multiple Stored XSS Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-18 Vendor Homepage: https://www.sourcecodester.com/php/9620/point-sale-system-pos.html Software Link:...
Orchard Core RC1 - Persistent Cross-Site Scripting
Exploit Title: Orchard Core RC1 - Persistent Cross-Site Scripting Google Dork: "Orchardcms" Date: 2020-05-07 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: http://www.orchardcore.net/ Software Link: https://github.com/OrchardCMS/OrchardCore Version: RC1 Tested on: Windows CVE...
Zen Load Balancer 3.10.1 - Remote Code Execution
Exploit Title: Zen Load Balancer 3.10.1 - Remote Code Execution Google Dork: no Date: 2020-03-28 Exploit Author: Cody Sixteen Vendor Homepage: https://code610.blogspot.com Software Link: https://sourceforge.net/projects/zenloadbalancer/files/Distro/zenloadbalancer-distro3.10.1.iso/download Versio...
LeptonCMS 4.5.0 - Persistent Cross-Site Scripting
Exploit Title: LeptonCMS 4.5.0 - Persistent Cross-Site Scripting Google Dork: "lepton cms" Date: 2019-03-24 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://lepton-cms.org/english/home.php Software Link: https://lepton-cms.org/posts/new-release-lepton-4.5.0-139.php...
WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
Exploit Title: Wordpress Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\soliloquy-lite" Date: 2019-06-13 Exploit Author: Unk9vvN Vendor Homepage: https://soliloquywp.com/ Software Link: https://wordpress.org/plugins/soliloquy-lite/ Version: 2.5.6...
elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'elFinder PHP Connector exiftran Command Injection', 'Description' = %q This module exploits a command injection vulnerability in elFinder version...
phpMyAdmin - (Authenticated) Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'phpMyAdmin Authenticated Remote Code Execution', 'Description' = %q phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which ca...
Primefaces 5.x - Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2017-1000486 Primefaces Remote Code Execution Exploit', 'Description' = %q This module exploits an expression language remote code execution...
Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Add Admin User)
!/usr/bin/python Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005 Inspired by yukyuk's P.o.C https://www.reddit.com/user/fyukyuk Tested on Drupal 7.31 with BackBox 3.x This material is intended for educational purposes only and the author can not be held liable fo...
PHP 5.4.3 (Windows x86 Polish) - Code Execution
// Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched Polish =================== offset-brute.html...
KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection
Exploit Title: KiviCare Clinic & Patient Management System EHR 3.6.4 - Unauthenticated SQL Injection SQL Injection Google Dork: inurl:"/wp-content/plugins/kivicare-clinic-management-system/ Date: 11/12/2024 Exploit Author: Samet "samogod" Gözet Vendor Homepage: wordpress.org Software Link:...
XWiki Platform 15.10.10 - Remote Code Execution
Exploit Title: XWiki Platform - Remote Code Execution Exploit Author: Al Baradi Joy Exploit Date: April 6, 2025 CVE ID: CVE-2025-24893 Vendor Homepage: https://www.xwiki.org/ Software Link: https://github.com/xwiki/xwiki-platform Version: Affected versions up to and including XWiki 15.10.10 Teste...
NoteMark < 0.13.0 - Stored XSS
Exploit Title: Stored XSS in NoteMark Date: 07/29/2024 Exploit Author: Alessio Romano sfoffo Vendor Homepage: https://notemark.docs.enchantedcode.co.uk/ Version: 0.13.0 and below Tested on: Linux References: https://notes.sfoffo.com/contributions/2024-contributions/cve-2024-41819,...
Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking
Exploit Title: Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking Date: 14/05/2023 Exploit Author: Ahsan Azad Vendor Homepage: https://hubstaff.com/ Software Link: https://app.hubstaff.com/download Version: 1.6.13, 1.6.14 Tested On: 64-bit operating system, x64-based processor...
IBM Aspera Faspex 4.4.1 - YAML deserialization (RCE)
Exploit Title: IBM Aspera Faspex 4.4.1 - YAML deserialization RCE Date: 02/02/2023 Exploit Author: Maurice Lambert Vendor Homepage: https://www.ibm.com/ Software Link: https://www.ibm.com/docs/en/aspera-faspex/5.0?topic=welcome-faspex Version: 4.4.1 Tested on: Linux CVE : CVE-2022-47986 """ This...
WPForms 1.7.8 - Cross-Site Scripting (XSS)
Exploit Title: WPForms 1.7.8 - Cross-Site Scripting XSS Date: 2022-12-05 Author: Milad karimi Software Link: https://wordpress.org/plugins/wpforms-lite Version: 1.7.8 Tested on: Windows 10 CVE: N/A 1. Description: This plugin creates a WPForms from any post types. The slider import search feature...
WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting (XSS)
Exploit Title: WordPress Plugin Advanced Order Export For WooCommerce 3.1.7 - Reflected Cross-Site Scripting XSS Date: 15/2/2021 Author: 0xB9 Software Link: https://wordpress.org/plugins/woo-order-export-lite/ Version: 3.1.7 Tested on: Windows 10 CVE: CVE-2021-24169 1. Description: This plugin...
e107 CMS 2.3.0 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: e107 CMS 2.3.0 - Remote Code Execution RCE Authenticated Date: 21-09-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://e107.org/ Software Link: https://e107.org/download Version: 2.3.0 Category: Webapps Tested on: Linux/Windows e107 is a free website content...
Dolibarr ERP 14.0.1 - Privilege Escalation
Exploit Title: Dolibarr ERP/CRM 14.0.1 - Privilege Escalation Date: April 8, 2021 Exploit Author: Vishwaraj101 Vendor Homepage: https://www.dolibarr.org/ Affected Version: = 14.0.1 Patch: https://github.com/Dolibarr/dolibarr/commit/489cff46a37b04784d8e884af7fc2ad623bee17d Summary: Using the below...
Novel Boutique House-plus 3.5.1 - Arbitrary File Download
Exploit Title: Novel Boutique House-plus 3.5.1 - Arbitrary File Download Date: 27/03/2021 Exploit Author: tuyiqiang Vendor Homepage: https://xiongxyang.gitee.io/ Software Link: https://gitee.com/noveldevteam/novel-plus,https://github.com/201206030/novel-plus Version: all Tested on: linux Vulnerab...
Online Shopping Portal 3.1 - Authentication Bypass
Exploit Title: Online Shopping Portal 3.1 - Authentication Bypass Date: 2020-06-25 Exploit Author: Ümit Yalçın Vendor Homepage: https://phpgurukul.com/shopping-portal-free-download/ Version: 3.1 Tested on: Windows 10 / WampServer 1- Authentication Bypass Go to following url!...
Hostel Management System 2.0 - 'id' SQL Injection
Exploit Title: Hostel Management System 2.0 - 'id' SQL Injection Google Dork: intitle: "Hostel management system" Date: 2020-01-03 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/hostel-management-system/ Version: v2.0 Tested on: Windows CVE...
HomeAutomation 3.3.2 - Authentication Bypass
Exploit: HomeAutomation 3.3.2 - Authentication Bypass Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisory ID: ZSL-2019-5557 Advisory URL:...
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service
Exploit Title: WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service Date: 2019-10-30 Vendor Homepage:https://www.alloksoft.com/ Software Link: https://www.alloksoft.com/wmv.htm Exploit Author: Nithoshitha S Tested Version: v4.6.1217 Tested on: Windows 7 x64 Windows XP SP3 1.- Run python...
Uplay 92.0.0.6280 - Local Privilege Escalation
Exploit Title: Uplay 92.0.0.6280 - Local Privilege Escalation Date: 2019-08-07 Exploit Author: Kusol Watchara-Apanukorn, Pongtorn Angsuchotmetee, Manich Koomsusi Vendor Homepage: https://uplay.ubisoft.com/ Version: 92.0.0.6280 Tested on: Windows 10 x64 CVE : N/A Vulnerability Description:...
Microsoft Edge Chakra - 'InitClass' Type Confusion
/ Issue description This is similar to issue 1702 https://www.exploit-db.com/exploits/46203 . This time, it uses an InitClass instruction to reach the SetIsPrototype method. PoC: / function opto, c, value o.b = 1; class A extends c o.a = value; function main for let i = 0; i 2000; i++ let o = a: ...
Oracle WebLogic < 10.3.6 - 'wls-wsat' Component Deserialisation Remote Command Execution
!/usr/bin/env python -- coding: utf-8 -- Exploit Title: Weblogic wls-wsat Component Deserialization RCE Date Authored: Jan 3, 2018 Date Announced: 10/19/2017 Exploit Author: Kevin Kirsche d3c3pt10n Exploit Github: https://github.com/kkirsche/CVE-2017-10271 Exploit is based off of POC by Luffin fr...
ProFTPd-1.3.3c - Backdoor Command Execution (Metasploit)
$Id: proftpd133cbackdoor.rb 11214 2010-12-03 12:34:38Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Microsoft Windows Server - Universal Code Execution (MS08-067)
MS08-067 Exploit for CN by EMM exploit: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6841.rar 2008-MS08-067.rar milw0rm.com 2008-10-26...
Apache Tomcat - 'WebDAV' Remote File Disclosure
!/usr/bin/perl Apache Tomcat Remote File Disclosure Zeroday Xploit kcdarookie aka eliteb0y / 2007 thanx to the whole team & andi : +++KEEP PRIV8+++ This Bug may reside in different WebDav implementations, Warp your mind! +You will need auth for the exploit to work... use IO::Socket; use...
HTTP/2 2.0 - Denial Of Service (DOS)
!/usr/bin/env python3 """ Exploit Title: HTTP/2 2.0 - Denial Of Service DOS Google Dork: -NA- Date: 29th August 2025 Exploit Author: Madhusudhan Rajappa Vendor Homepage: -NA- Software Link: -NA- Version: HTTP/2.0 Tested on: -NA- CVE : CVE-2023-44487 """ import asyncio import ssl import time impor...
Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials
/ Title : Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials Author : Byte Reaper CVE : CVE-2025-8730 Description : Exploit demonstrating an authentication bypass vulnerability in the web interface of Belkin F9K1009 and F9K1010 routers. The flaw resides in improper session validation...
Hugging Face Transformers MobileViTV2 4.41.1 - Remote Code Execution (RCE)
Exploit Title: Hugging Face Transformers MobileViTV2 RCE Date: 29-11-2024 Exploit Author: The Kernel Panic Vendor Homepage: https://huggingface.co/ Software Link: https://github.com/huggingface/transformers/releases Version: 4.41.1 Tested on: Linux, Windows, Mac CVE : CVE-2024-11392 Code flow fro...
Froxlor 2.0.3 Stable - Remote Code Execution (RCE)
!/usr/bin/python3 Exploit Title: Froxlor 2.0.3 Stable - Remote Code Execution RCE Date: 2023-01-08 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2023-0315 Vendor Homepage: https://froxlor.org/ Version: v2.0.3 Tested on: Ubuntu 20.04 / PHP 8.2 import telnetlib import requests import socket import...
WebTareas 2.4 - SQL Injection (Unauthorised)
Exploit Title: WebTareas 2.4 - SQL Injection Unauthorised Date: 15/10/2022 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Vendor Homepage: https://sourceforge.net/projects/webtareas/ Software Link: https://sourceforge.net/projects/webtareas/ Version: 2.4 Testeted on:...