📄 libvips 8.19.0 vips_extract_area_build Local Integer Overflow

This Python script performs an advanced security audit on libvips version 8.19.0. It specifically targets the integer overflow vulnerability in the function vipsextractareabuild...

📄 libvips 8.19.0 VIPS Image Extraction Crash / Auditor

This Python script performs a comprehensive security and stability audit of the vips image processing binary. It tests the extractarea function using extreme int32 and uint32 values as well as normal ranges to detect crashes, memory corruption, or buffer overflows. The audit automates setup,...

📄 Google Cloud Vertex AI SDK Cross Site Scripting / Code Execution

A persistent cross site scripting vulnerability was identified in the genai/evalsvisualization component of Google Cloud Vertex AI SDK google-cloud-aiplatform, affecting versions 1.98.0 up to but not including 1.131.0. The vulnerability allows an unauthenticated remote attacker to inject maliciou...

📄 WeGIA 3.5.0 SQL Injection

Proof of concept remote SQL injection exploit for WeGIA versions 3.5.0 and below. Exploit Title: WeGIA 3.5.0 - SQL Injection Date: 2025-10-14 Exploit Author: Onur Demir OnurDemir-Dev Vendor Homepage: https://www.wegia.org Software Link: https://github.com/LabRedesCefetRJ/WeGIA/ Version: " echo...

📄 Wireshark 4.4.8 NULL Pointer Dereference

Proof of concept exploit that affects Wireshark versions 4.4.0 through 4.4.8. This report documents a NULL Pointer Dereference vulnerability pattern that can be triggered by opening a specially crafted PCAP file. The provided proof of concept is written in Python and demonstrates how malformed...

📄 GVfs 1.58.1 FTP Backend CRLF Injection

A vulnerability was identified in the FTP backend of GVfs due to improper input validation. A remote attacker can exploit this flaw by supplying specially crafted file paths containing Carriage Return and Line Feed CRLF sequences. Because these CRLF sequences are not properly sanitized, they allo...

📄 GNU Inetutils telnetd NEW-ENVIRON Authentication Bypass

This Metasploit module exploits an authentication bypass vulnerability in GNU Inetutils telnetd. By sending a specially crafted NEW-ENVIRON subnegotiation with a USER variable containing -f root, an attacker can login as root without a password. This occurs because telnetd passes the environment...

📄 WordPress MPMF Plugin 1.0.2 Shell Upload

This Metasploit module exploits an unauthenticated file upload vulnerability in WordPress Multi‑Purpose Multi‑Form MPMF plugin version 1.0.2. By abusing a vulnerable AJAX action exposed via admin-ajax.php, an attacker can upload a crafted PHP file and trigger its execution to obtain remote code...

📄 MajorDoMo Remote Command Injection / Race Condition

This Metasploit module exploits an unauthenticated command injection vulnerability in MajorDoMos remote command handler rc/index.php. The param parameter is interpolated into double quotes without escapeshellarg, and the resulting string is passed to safeexec which inserts it into the safeexecs...

📄 WordPress Document Library Lite 1.1.6 Information Disclosure

Proof of concept exploit for WordPress Document Library Lite plugin version 1.1.6. The plugin fails to restrict access to an internal AJAX API endpoint allowing unauthenticated attackers to fetch document records exposing sensitive metadata...

📄 WordPress Eventin 4.0.34 Account Takeover

A critical vulnerability exists in the Speaker Management component of the target where an authenticated attacker can intercept the speaker update process and change any speaker's registered email address without proper authorization. This flaw allows the attacker to hijack arbitrary accounts by...

📄 WordPress Elementor 3.18.1 Shell Upload

Proof of concept exploit for WordPress Elementor plugin version 3.18.1 that demonstrates a remote shell upload vulnerability. ============================================================================================================================================= | Title : WordPress Elementor...

📄 WordPress Flex QR Code Generator 1.2.5 Shell Upload

Proof of concept exploit for a remote shell upload vulnerability in WordPress Flex QR Code Generator plugin version 1.2.5. ============================================================================================================================================= | Title : WordPress Flex QR Code...

📄 WordPress File Upload 4.24.11 Path Traversal / Remote Code Execution

A critical unauthenticated remote code execution vulnerability exists in the WordPress File Upload plugin versions 4.24.11 and earlier. The vulnerability allows attackers to execute arbitrary operating system commands through path traversal and improper input validation in the wfufiledownloader.p...

📄 MajorDoMo Supply Chain Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in MajorDoMo's saverestore module via supply chain poisoning. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require...

📄 WordPress Backup Migration 1.3.7 Database Disclosure

WordPress Backup Migration plugin version 1.3.7 allows unauthenticated users to access sensitive backup files, potentially exposing the full database and website content. An attacker can retrieve backup archives without authentication...

📄 Checkmk 2.4.0p21 Cross Site Scripting

Checkmk suffers from a persistent cross site scripting vulnerability. Versions affected include 2.4.0 before 2.4.0p22 and 2.3.0 before 2.3.0p43. ============================================================================================================================================= | Title :...

📄 WordPress File Away 3.9.9.0.1 Arbitrary File Read

Proof of concept exploit for a WordPress File Away plugin version 3.9.9.0.1 arbitrary file read vulnerability. ============================================================================================================================================= | Title : WordPress File Away Plugin =...

📄 MajorDoMo Console Eval Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in MajorDoMo, an open-source home automation platform. The admin panels PHP console is accessible without authentication due to a missing exit after redirect in modules/panel.class.php. The redirect"/" call...

📄 WordPress External Post Editor 1.2.3 Scanner

This PHP forensic scanner is designed to assess WordPress sites for the External Post Editor plugin vulnerability in version 1.2.3 that allows unauthenticated file upload potentially leading to remote code execution...

📄 WordPress Email Subscribers 5.7.14 SQL Injection

WordPress Email Subscribers plugin version 5.7.14 remote SQL injection proof of concept exploit. ============================================================================================================================================= | Title : wordpress Email Subscribers 5.7.14 Sql Injection...

📄 WordPress King Addons for Elementor 51.1.14 Privilege Escalation

Proof of concept for a WordPress King Addons for Elementor plugin versions 24.12.92 through 51.1.14 unauthenticated privilege escalation vulnerability. ============================================================================================================================================= |...

📄 FreeRDP Integer Overflow

A vulnerability in FreeRDP prior to version 3.23.0 allows an attacker to trigger an endless blocking loop due to an integer overflow in the StreamEnsureCapacity function. The issue occurs when a requested buffer size approaches or exceeds half of SIZEMAX on 32-bit systems. During capacity...

📄 WordPress Really Simple Security 9.1.1.1 Authentication Bypass

This Metasploit module exploits an authentication bypass vulnerability in the WordPress Really Simple SSL plugin versions 9.1.1.1 and below. The vulnerability exists in the skiponboarding REST API endpoint. When exploited, the module allows unauthenticated attackers to gain full administrator...

📄 WordPress PDF Generator Addon for Elementor Page Builder 1.75 Traversal

Proof of concept exploit for a WordPress PDF Generator Addon for Elementor Page Builder plugin version 1.75 unauthenticated arbitrary file download vulnerability that leverages a path traversal...

📄 WordPress Premium Age Verification Restriction 3.0.2 Shell Upload

A critical security vulnerability exists in the WordPress Age Restriction plugin version 3.0.2 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary PHP files and execute remote code via the remotetunnel.php endpoint. This leads to complete compromise of the WordPres...

📄 Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control / Lockout

The Honeywell IQ4 Trend IQ4 exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System User level 100 context, granting read/write privileges to any party able to...

📄 WordPress Query Console 1.0 Code Injection

This code represents an advanced, class-based proof-of-concept targeting a code injection vulnerability in WordPress Query Console plugin version 1.0. It is designed as a CLI-only tool that automates payload upload, verification, command execution testing, and optional interactive shell access,...

📄 WordPress Project Notebooks 1.1.4 Remote Code Execution

Proof of concept exploit for the WordPress Project Notebooks plugin version 1.1.4 remote code execution vulnerability that allows for privilege escalation through improper validation of AJAX actions and nonce exposure...

📄 WordPress Real Spaces Properties Directory Theme 3.6 Missing Authorization

Proof of concept exploit for a missing authorization vulnerability in WordPress Real Spaces Properties Directory Theme version 3.6. ============================================================================================================================================= | Title : WordPress Rea...

📄 Xerte Online Toolkits 3.14 Shell Upload

A vulnerability in Xerte Online Toolkits versions 3.14 and earlier allows unauthenticated users to upload arbitrary files via the template import functionality. The issue exists in /websitecode/php/import/import.php. Due to missing authentication checks on the import endpoint, an attacker can...

📄 WordPress RFC 6.0.8 Security Scanner

WordPress RFC plugin version 6.0.8 security scanner that detects and attempts remote shell upload. ============================================================================================================================================= | Title : WordPress RFC Plugin 6.0.8 Security Scanner | ...

📄 WordPress RomethemeKit for Elementor 1.5.4 Privilege Escalation

Proof of concept exploit for an unauthorized privilege escalation vulnerability in WordPress RomethemeKit for Elementor plugin version 1.5.4 ============================================================================================================================================= | Title :...

📄 WordPress Slider‑Future 1.0.5 Arbitrary File Upload

This is a Metasploit module that demonstrates an unauthenticated file upload vulnerability in WordPress Slider‑Future plugin version 1.0.5. ============================================================================================================================================= | Title :...

📄 ZAI-Shell P2P Command Injection

This Metasploit module targets a command injection vulnerability in ZAI-Shell when running in noaimode. The exploit communicates over a plaintext P2P protocol default port 5757 and sends crafted JSON messages to execute arbitrary system commands on the target. The module includes an enhanced...

📄 WordPress RestroPress Online Food Ordering System 3.1.9.2 Disclosure Scanner

WordPress RestroPress Online Food Ordering System plugin version 3.1.9.2 user metadata exposure scanner. ============================================================================================================================================= | Title : WordPress RestroPress Online Food Orderi...

📄 Frigate NVR 0.16.3 Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Frigate NVR versions 0.16.3 and below by manipulating the application's configuration through the go2rtc stream settings. The module retrieves the current configuration, safely parses and modifies it to introduce a controlle...

📄 fast-xml-parser 5.3.5 Denial of Service

A denial of service vulnerability was identified in fast-xml-parser affecting versions 4.1.3 through 5.3.5. The issue arises from improper handling of XML Document Type Definitions DTD, specifically when processing internal entity expansion. An attacker can supply a crafted XML payload containing...

📄 FUXA 1.2.8 Authentication Bypass / Remote Code Execution

This Metasploit module adds support for exploiting CVE-2025-69985 in FUXA SCADA/HMI software versions 1.2.8 and below. The vulnerability allows unauthenticated access to the /api/runscript endpoint due to an authentication bypass, leading to remote code execution via Node.js childprocess.execSync...

📄 WordPress WPvivid Backup and Migration 0.9.123 Shell Upload

A critical vulnerability in the WPvivid Backup and Migration plugin for WordPress allows unauthenticated attackers to upload arbitrary files, potentially resulting in remote code execution. The issue stems from a cryptographic fail‑open condition combined with insufficient file path validation...

📄 Supermicro X8 Vulnerability Scanner

This code is a vulnerability scanner designed to scan for vulnerabilities in the Supermicro Onboard IPMI interface. The code checks for two known buffer overflow vulnerabilities. The checks are for older issues from 2013...

📄 Windows Notepad Markdown Link Code Execution

The Windows Notepad App Microsoft Store version fails to properly validate protocol handlers in markdown links. When a user Ctrl+Click on a crafted link in a .md file, Notepad passes the raw URI to ShellExecuteExW without sufficient filtering. This allows execution of arbitrary binaries in two...

📄 Google Chrome 145.0.7632.117 DevTools Injection

A high-severity vulnerability was identified in the DevTools component of Google Chrome versions prior to 145.0.7632.117. The issue stems from an inappropriate implementation that allowed insufficient isolation between Chrome extensions and privileged DevTools pages. If a user was convinced to...

📄 WordPress TeconceTheme Coven Core 1.3 Blind SQL Injection

Proof of concept exploit for a remote blind SQL injection vulnerability in Wordpress TeconceTheme Coven Core theme version 1.3. ============================================================================================================================================= | Title : TeconceTheme Cove...

📄 fast-xml-parser REGEX Injection / Cross Site Scripting

fast-xml-parser versions starting at 4.1.3 and below 5.3.5 suffer from a REGEX injection issue that can allow for cross site scripting attacks. ============================================================================================================================================= | Title :...

📄 Rack::Directory Cross Site Scripting

A persistent cross site scripting vulnerability affects Rack::Directory in Rack versions prior to 2.2.22, 3.1.20, and 3.2.5. ============================================================================================================================================= | Title : Rack Rack::Directory...

📄 Siklu EtherHaul Series EH-8010 / EH-1200 Arbitrary File Upload

This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in Siklu EtherHaul wireless backhaul devices. By abusing the proprietary encrypted RFPipe protocol, an unauthenticated remote attacker can upload arbitrary files to the target system without valid credentials...

📄 FreeBSD Routing Socket Input Validation

This proof of concept exploit attempts to test the robustness of the FreeBSD routing socket subsystem by crafting a RTMADD message containing an intentionally oversized sockaddr structure salen greater than the traditional sockaddrstorage limit of 128 bytes...

📄 Textpattern 4.9.0 Cross Site Scripting

Textpattern version 4.9.0 suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : Textpattern 4.9.0 Second-Order XSS via Atom Feed Injection | | Autho...

📄 zlib crc32_combine_gen64 Denial of Service

zlib versions prior to 1.3.2 has an infinite loop vulnerability in the crc32combinegen64 function that can result in a denial of service condition. ============================================================================================================================================= | Title...