47904 matches found
Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell
!/usr/bin/env python Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected version: = 4.7.18.0.eden Logic ver: 6.00 Summary: EVE is a smart home and building automation solution designed for both residential and commercial...
GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)
Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution RCE Date: 19-MAR-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.2.0 or less Tested on:...
Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass
!/usr/bin/env python3 Exploit Title: Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass Google Dork: inurl:/mifs "Ivanti" OR "EPM" OR "Endpoint Manager" Date: 2025-01-21 Exploit Author: Your Name https://github.com/your-username Vendor Homepage: https://www.ivanti.com/ Software Link:...
Lingdang CRM 8.6.4.7 - SQL Injection
Exploit Title: Lingdang CRM 8.6.4.7 - SQL Injection Google Dork: N/A Date: 2025-08-19 Exploit Author: Beatriz Fresno Naumova Vendor: Shanghai Lingdang Information Technology Software Link: N/A – commercial product Version: = 8.6.4.7 fixed in 8.6.5.x per vendor advisory Tested on: Generic LAMP...
GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure
Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 - Credentials Disclosure Date: 19-MAR-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.2.0 or less Tested on:...
StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload
Exploit Title: StoryChief Wordpress Plugin 1.0.42 - Arbitrary File Upload Exploit Author: xpl0dec Vendor Homepage: https://www.storychief.io/wordpress-content-scheduler Software Link: https://github.com/Story-Chief/wordpress/ Version: ”; ? 2. Adjust the echo phpinfo section as needed 3. Host it o...
Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure
/ Exploit Title : Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure Author : Byte Reaper Telegram : @ByteReaper0 CVE : CVE-2025-6082 Software Link : https://frp.wordpress.org/plugins/birth-chart-compatibility/ Description : Proof‑of‑Concept exploits the Full Path Disclosure bu...
Tenda AC20 16.03.08.12 - Command Injection
/ Exploit Title : Tenda AC20 16.03.08.12 - Command Injection Author : Byte Reaper CVE : CVE-2025-9090 Description: A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. target endpoint :...
Soosyze CMS 2.0 - Brute Force Login
Exploit Title: Soosyze CMS 2.0 - Brute Force Login Google Dork: N/A Date: 2025-08-13 Exploit Author: Beatriz Fresno Naumova beafn28 Vendor Homepage: https://soosyze.com/ Software Link: https://github.com/soosyze/soosyze Version: 2.0 tested Tested on: macOS Sonoma 14.x Apple Silicon M1, /bin/bash...
PHPMyAdmin 3.0 - Bruteforce Login Bypass
""" Exploit-Title: PHPMyAdmin 3.0 - Bruteforce Login Bypass Author: Nikola Markovic [email protected] Date: 2023 Google-Dork: intext: phpMyAdmin Vendor: https://www.phpmyadmin.net/ Version: 3.0 & 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 Tested on: win/linux/unix Python-Version: 3.0 CVE...
BigAnt Office Messenger 5.6.06 - SQL Injection
Exploit Title: BigAnt Office Messenger 5.6.06 - SQL Injection Date: 01.09.2025 Exploit Author: Nicat Abbasov Vendor Homepage: https://www.bigantsoft.com/ Software Link: https://www.bigantsoft.com/download.html Version: 5.6.06 Tested on: 5.6.06 CVE : CVE-2024-54761 Github repo:...
Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure
Exploit Title: Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure Date: 13/08/2025 Exploit Author: Ruben Enkaoua Author link: https://x.com/RubenLabs, https://github.com/rubenformation Original Blog: https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/...
Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection (XXE)
/ Exploit Title: Lantronix Provisioning Manager 7.10.3 - XML External Entity Injection XXE Google Dork: N/A Date: 2025-08-17 Exploit Author: Byte Reaper Vendor Homepage: https://www.lantronix.com/ Software Link: https://www.lantronix.com/products/lantronix-provisioning-manager/ Version:...
RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)
Exploit Title: RiteCMS 3.0.0 – Reflected Cross-Site Scripting XSS Google Dork: N/A Date: 2024-08-12 Exploit Author: GURJOT SINGH Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.0.0/ritecms.v3.0.0.zip Version: Steps: 1. Log in or...
Microsoft SharePoint Server 2019 (16.0.10383.20020) - Remote Code Execution (RCE)
Exploit Title: Microsoft SharePoint Server 2019 – Remote Code Execution RCE Google Dork: intitle:"Microsoft SharePoint" inurl:"/layouts/15/ToolPane.aspx" Date: 2025-08-07 Exploit Author: Agampreet Singh RedRoot Tool Maker – https://github.com/Agampreet-Singh/RedRoot Vendor Homepage:...
Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials
/ Title : Belkin F9K1009 F9K1010 2.00.04/2.00.09 - Hard Coded Credentials Author : Byte Reaper CVE : CVE-2025-8730 Description : Exploit demonstrating an authentication bypass vulnerability in the web interface of Belkin F9K1009 and F9K1010 routers. The flaw resides in improper session validation...
Ghost CMS 5.59.1 - Arbitrary File Read
!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Ghost CMS 5.59.1 - Arbitrary File Read Date: 2023-09-20 Exploit Author: ibrahimsql https://github.com/ibrahmsql Vendor Homepage: https://ghost.org Software Link: https://github.com/TryGhost/Ghost Version: =2.28.1, zipfile, tempfile Usag...
JetBrains TeamCity 2023.11.4 - Authentication Bypass
!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: JetBrains TeamCity 2023.11.4 - Authentication Bypass Date: 2024-02-21 Exploit Author: ibrahimsql https://github.com/ibrahimsql Vendor Homepage: https://www.jetbrains.com/teamcity/ Version: =2.25.1 """ import requests import argparse...
Ghost CMS 5.42.1 - Path Traversal
!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Ghost CMS 5.42.1 - Path Traversal Date: 2023-06-15 Exploit Author:ibrahimsql https://github.com/ibrahimsql Vendor Homepage: https://ghost.org Software Link: https://github.com/TryGhost/Ghost Version: =2.28.1 """ import requests import s...
VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting (XSS)
VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Exploit Title: VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Date: 2025-08-08 - Exploit Author: Imraan Khan Lich-Sec - Vendor Homepage: https://www.vmware.com - Version: vSphere Client 8.0.3.0 - Tested On:...
Cisco ISE 3.0 - Remote Code Execution (RCE)
Exploit Title: Cisco ISE 3.0 - Remote Code Execution RCE Exploit Author: @ibrahimsql ibrahimsql.com Exploit Author's github: https://github.com/ibrahmsql Description: Cisco ISE API Java Deserialization RCE CVE: CVE-2025-20124 Vendor Homepage: https://www.cisco.com/ Requirements: requests=2.25.0,...
Citrix NetScaler ADC/Gateway 14.1 - Memory Disclosure
Exploit Title: Citrix NetScaler ADC/Gateway 14.1 - Memory Disclosure Exploit Author: Yesith Alvarez Vendor Homepage: hhttps://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 CVE: CVE-2025-5777 Link: https://github.com/yealvarez/CVE/blob/main/CVE-2025-5777/exploit.py impor...
Microsoft Windows - Storage QoS Filter Driver Checker
Titles: Microsoft Windows - Storage QoS Filter Driver Checker Author: nu11secur1ty Date: 08/04/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/software-download/windows11 Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730 Description This PowerShell...
projectworlds Online Admission System 1.0 - SQL Injection
/ Title : projectworlds Online Admission System 1.0 - SQL Injection Author : Byte Reaper CVE : CVE-2025-8471 / include include include include include "argparse.h" include define FULL 2200 int verbose = 0; int selCookie = 0; const char cookies; void sleepAssemblyvoid struct timespec s ; s.tvsec =...
Microsoft Edge Renderer Process (Mojo IPC) 134.0.6998.177 - Sandbox Escape
Titles: Microsoft Edge Renderer Process Mojo IPC 134.0.6998.177 - Sandbox Escape Author: nu11secur1ty Date: 08/07/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/software-download/windows11 Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730...
atjiu pybbs 6.0.0 - Cross Site Scripting (XSS)
/ Exploit Title : atjiu pybbs 6.0.0 - Cross Site Scripting XSS Exploit Author: Byte Reaper Vendor Homepage: https://github.com/atjiu/pybbs Tested on: Kali Linux CVE: CVE-2025-8550...
Cisco ISE 3.0 - Authorization Bypass
Exploit Title: Cisco ISE 3.0 - Authorization Bypass Exploit Author: @ibrahimsql ibrahimsql.com Exploit Author's github: https://github.com/ibrahmsql Description: Cisco ISE API Authorization Bypass CVE: CVE-2025-20125 Vendor Homepage: https://www.cisco.com/ Requirements: requests=2.25.0,...
Tigo Energy Cloud Connect Advanced (CCA) 4.0.1 - Command Injection
/ Title : Tigo Energy Cloud Connect Advanced CCA 4.0.1 - Command Injection Author : Byte Reaper CVE : CVE-2025-7769 / include include include include "argparse.h" include include include define FULLURL 2500 define POSTPAYLOAD 5500 const char baseurl = NULL; const char cookies = NULL; const char i...
ServiceNow Multiple Versions - Input Validation & Template Injection
!/usr/bin/env python3 """ Title : ServiceNow Multiple Versions - Input Validation & Template Injection Date: 2025-01-31 Author: ibrahimsql Vendor: ServiceNow Version: Vancouver, Washington DC, Utah various patches affected from 0 before Utah Patch 10 Hot Fix 3 affected from 0 before Utah Patch 10...
Grav CMS 1.7.48 - Remote Code Execution (RCE)
Exploit Title: Grav CMS 1.7.48 - Remote Code Execution RCE Date: 2025-08-07 Exploit Author: binneko https://github.com/binneko Vendor Homepage: https://getgrav.org/ Software Link: https://github.com/getgrav/grav/releases/tag/1.7.48 Version: Grav CMS v1.7.48 / Admin Plugin v1.10.48 Tested on: Debi...
Microsoft Virtual Hard Disk (VHDX) 11 - Remote Code Execution (RCE)
Titles: Microsoft Virtual Hard Disk VHDX 11 - Remote Code Execution RCE Author: nu11secur1ty Date: 07/23/2025 Vendor: Microsoft Software: https://www.microsoft.com/en-us/windows/windows-11?r=1 Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-49683 Base Score: 7.8 HIGHVector:...
Gandia Integra Total 4.4.2236.1 - SQL Injection
/ Author : Byte Reaper CVE : CVE-2025-41373 Vulnerability : SQL Affected Path : /encuestas/integrawebv4/integra/html/view/hislistadoacciones.php?idestudio= Affected Versions : 2.1.2217.3 to v4.4.2236.1 Description: This endpoint concatenates the idestudio parameter directly into an SQL query...
Microsoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure
Titles: Microsoft Edge Chromium-based 135.0.7049.114/.115 - Information Disclosure Date: 08/02/2025 Vendor: Microsoft Software: https://www.microsoft.com/bg-bg/edge/download?form=MA13FJ Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49741 Description CVE-2025-49741...
Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation
!/usr/bin/env python3 Exploit Title: Ultimate Member WordPress Plugin 2.6.6 - Privilege Escalation Exploit Author: Gurjot Singh CVE: CVE-2023-3460 Description : The attached PoC demonstrates how an unauthenticated attacker can escalate privileges to admin by abusing unsanitized input in...
LPAR2RRD 8.04 - Remote Code Execution (RCE)
/ Author : Byte Reaper Title : LPAR2RRD 8.04 - Remote Code Execution RCE CVE : CVE-2025-54769 Vulnerability: RCE && directory traversal Description : Uploads a malicious Perl script via the LPAR2RRD upgrade endpoint, exploits directory traversal to place it in a CGI-executable path, then triggers...
Copyparty 1.18.6 - Reflected Cross-Site Scripting (XSS)
/ Author : Byte Reaper CVE : CVE-2025-54589 Title : Copyparty 1.18.6 - Reflected Cross-Site Scripting XSS CVE-2025-54589 is a reflected cross-site scripting XSS vulnerability in Copyparty ≤ 1.18.6 where the filter parameter is inserted into the HTML response without proper sanitization, allowing ...
Swagger UI 1.0.3 - Cross-Site Scripting (XSS)
/ Author : Byte Reaper Telegram : @ByteReaper0 CVE : CVE-2025-8191 Title : Swagger UI 1.0.3 - Cross-Site Scripting XSS Description : CVE-2025-8191, a vulnerability in the Swagger UI service due to poor description parameter filtering, leading to command execution on a remote server. / include...
Mezzanine CMS 6.1.0 - Stored Cross Site Scripting (XSS)
Exploit Title: Mezzanine CMS 6.1.0 Stored Cross Site Scripting XSS via component /blog/blogpost/add Date: 23/07/2025 Exploit Author: Kevin Dicks Vendor Homepage: https://github.com/stephenmcd/mezzanine Software Link: https://github.com/stephenmcd/mezzanine Version: 6.1.0 Category: Web Application...
Adobe ColdFusion 2023.6 - Remote File Read
Exploit Title: Adobe ColdFusion 2023.6 - Remote File Read Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: ColdFusion 2023 LUcee - Remote Code Execution CVE: CVE-2024-20767 Vendor Homepage: https://www.adobe.com/ Requirements: requests=2.25.0,...
Linux PAM Environment - Variable Injection Local Privilege Escalation
Exploit Title: Linux PAM Environment - Variable Injection Local Privilege Escalation Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: PAM pamenv.so module allows environment variable injection via /.pamenvironment leading to privilege escalation throu...
XWiki 14 - SQL Injection via getdeleteddocuments.vm
Exploit Title: XWiki 14 - SQL Injection via getdeleteddocuments.vm Google Dork: N/A Date: 28 July 2025 Exploit Author: Byte Reaper LinkedIn: N/A Vendor Homepage: https://www.xwiki.org Software Link: https://www.xwiki.org Version: XWiki Platform ≤ 14.x Tested on: XWiki Platform ≤ 14.x CVE:...
Xlight FTP 1.1 - Denial Of Service (DOS)
Exploit Title: Xlight FTP 1.1 - Denial Of Service DOS Google Dork: N/A Date: 22 July 2025 Exploit Author: Fernando Mengali LinkedIn: https://www.linkedin.com/in/fernando-mengali/ Vendor Homepage: https://www.xlightftpd.com Software Link: N/A Version: 1.1 Tested on: Windows XP CVE: CVE-2024-0737...
Invision Community 4.7.20 - (calendar/view.php) SQL Injection
Exploit Title: Invision Community = 4.7.18. Proof of Concept https://karmainsecurity.com/pocs/CVE-2025-48932.php...
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Facebook Integration Page Name Field
Exploit Title: LiveHelperChat 4.61 - Stored Cross Site Scripting XSS via Facebook Integration Page Name Field Date: 09/06/2025 Exploit Author: Manojkumar J TheWhiteEvil Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/...
Microsoft Edge Windows 10 Version 1511 - Cross Site Scripting (XSS)
Titles: Microsoft Edge Windows 10 Version 1511 - Cross Site Scripting XSS Author: nu11secur1ty Date: 2025-07-18 Vendor: Microsoft Software: Microsoft Edge Browser Reference: https://www.cve.org/CVERecord?id=CVE-2015-6176 !/usr/bin/python nu11secur1ty CVE-2015-6176 import http.server import...
Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE
Exploit Title: Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE Google Dork: inurl:/wp-content/plugins/pie-register/ Date: 2025-07-09 Exploit Author: Md Amanat Ullah xSwads Vendor Homepage: https://wordpress.org/plugins/pie-register/ Software Link:...
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Operator Surname
Exploit Title: LiveHelperChat 4.61 - Stored Cross Site Scripting XSS via Operator Surname Date: 09/06/2025 Exploit Author: Manojkumar J TheWhiteEvil Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ Software Link:...
Simple File List WordPress Plugin 4.2.2 - File Upload to RCE
Exploit Title: Simple File List WordPress Plugin 4.2.2 - File Upload to RCE Google Dork: inurl:/wp-content/plugins/simple-file-list/ Date: 2025-07-15 Exploit Author: Md Amanat Ullah xSwads Vendor Homepage: https://wordpress.org/plugins/simple-file-list/ Software Link:...
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via the Chat Transfer Function
Exploit Title: LiveHelperChat 4.61 - Stored Cross Site Scripting XSS via the Chat Transfer Function Date: 09/06/2025 Exploit Author: Manojkumar J TheWhiteEvil Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ Software...
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Department Assignment Alias Nick Field
Exploit Title: LiveHelperChat 4. Save the changes. 5. Revist the Department Assignment settings page and edit the Alias Nick field, the cross site scripting xss will execute...