50624 matches found
📄 Solar FTP Server 2.1.1 PASV Denial of Service
Solar FTP Server version 2.1.1 PASV command denial of service proof of concept exploit written in PHP. ============================================================================================================================================= | Title : Solar FTP Server 2.1.1 PASV Command - Deni...
📄 Apache Traffic Server 9.2.5 Denial of Service
Proof of concept remote denial of service exploit for Apache Traffic Server versions 9.2.0 through 9.2.5 that leverages the host header. ============================================================================================================================================= | Title : Apache...
📄 Splunk Enterprise 8.2.9 / 9.0.2 Authenticated Remote Code Execution
Proof of concept exploit for CVE-2022-43571, a critical authenticated remote code execution vulnerability affecting Splunk Enterprise versions 8.2.9 and 9.0.2. The flaw resides in the SimpleXML dashboard PDF generation process, where insufficient input sanitization allows a privileged authenticat...
📄 GnuTLS X.509 Name Constraints Denial of Service
This program is a multi-threaded test application created to analyze the impact of excessive X.509 Name Constraints processing in vulnerable versions of GnuTLS CVE-2025-14831. It generates a configurable certificate chain and attaches a very large number of Name Constraints and Subject Alternativ...
📄 Selenium Server (Grid) 4.27.0 Code Injection
Proof of concept exploit for Selenium Server Grid versions 4.27.0 and below that exploits firefoxprofile to force the browser to run bash commands. ============================================================================================================================================= | Title...
📄 Sophos Web Virtual Appliance 3.7.0 Directory Traversal
Proof of concept exploit for an older vulnerability from 2013 where Sophos Web Virtual Appliance version 3.7.0 suffered from a directory traversal vulnerability...
📄 wlc SSL Certification Validation Bypass
This proof of concept demonstrates a security issue in wlc versions earlier than 1.17.0, where SSL/TLS certificate validation can be bypassed. By attempting connections to endpoints with invalid certificates such as self‑signed or expired certificates, the proof of concept verifies whether wlc...
📄 Soosyze CMS 2.0 Rate Limit Scanner
Soosyze CMS 2.0 suffers from a missing authentication rate‑limiting vulnerability CWE‑307 on the /user/login endpoint. The application allows unlimited failed login attempts without triggering protections such as rate limiting, account lockout, or CAPTCHA. The provided automatic detection script...
📄 SofaWiki 3.9.2 Shell Upload
This is a proof of concept remote shell upload exploit for SofaWiki version 3.9.2 that leverages an issue originally discovered in 2024. ============================================================================================================================================= | Title : SofaWiki...
📄 Raynet rvia 12.6.4392.49-amd64.deb Privilege Escalation
Proof of concept privilege escalation exploit for Raynet's RayVentory Inventory Agent version 12.6.4392.49-amd64.deb. ============================================================================================================================================= | Title : Raynet rvia...
📄 Sawtooth Lighthouse Studio 9.16.14 Remote Command Execution
Sawtooth Lighthouse Studio version 9.16.14 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : Sawtooth Lighthouse Studio 9.16.14 RCE | | Author :...
📄 Serendipity 2.5.0 PHP Code Injection
Serendipity version 2.5.0 proof of concept PHP code injection exploit. ============================================================================================================================================= | Title : Serendipity 2.5.0 PHP COde Injection Vulnerability | | Author : indoushka ...
📄 Shenzhen Aitemi M300 Wi-Fi Repeater Remote Code Execution
Shenzhen Aitemi M300 Wi-Fi Repeater unauthenticated proof of concept remote code execution exploit that leverages the time parameter in protocol.csp. ============================================================================================================================================= | Tit...
📄 Pillow PSD Parser Out-Of-Bounds Write
Proof of concept exploit that creates a malicious .psd file for Pillow that attempts an out-of-bounds write. This issue is patched in version 12.1.1. ============================================================================================================================================= | Tit...
📄 SmarterMail 16.3.6989.16341 Path Traversal
This PHP proof of concept is a detection-only artifact generator for CVE-2025-52691 affecting SmarterMail version 16.3.6989.16341. It sends a crafted multipart upload request to the /api/upload endpoint, leveraging a path traversal condition in the contextData GUID to determine whether the target...
📄 WordPress StoryChief 1.0.42 Shell Upload
This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in the StoryChief WordPress plugin less than or equal to 1.0.42. The plugin exposes a webhook endpoint at /wp-json/storychief/webhook which accepts a forged HMAC. Because the plugin uses an empty secret for HMA...
📄 Python Tarfile Bypass
This proof of concept exploit targets CVE-2025-4138, a vulnerability in Python's built-in tarfile module when extracting archives using filter="data". The issue allows a crafted archive to bypass intended path restrictions by abusing filesystem path length handling and symbolic link resolution...
📄 Yoast SEO 22.5 Cross Site Scripting
These are details relating a cross site scripting vulnerability in Yoast SEO versions 22.5 and below that was originally discovered in 2024. CVE-2024-4041 Yoast SEO /?page=%22%20onmouseover%3D%22alertdocument.domain%22%20x%3D%22 3. In the admin bar, open the Yoast menu and hover/click Get Yoast S...
📄 Sitecore Experience Manager / Experience Platform 10.1 Shell Upload / Hardcoded Credentials
Proof of concept exploit for a remote code execution vulnerability chain affecting Sitecore Experience Platform versions 10.x combining hardcoded credentials with file upload vulnerabilities for complete system compromise...
📄 Skyvern 0.1.84 Template Injection / Code Execution
Skyvern version 0.1.84 remote code execution proof of concept exploit that leverages a vulnerability in workflow creation functionality where user-supplied input in the prompt field is processed through Jinja2 templating engine without proper sanitization, allowing attackers to execute arbitrary...
📄 RustFly 2.0.0 Event Manipulation
The remote UI control mechanism of RustFly accepts raw hex-encoded instructions over UDP. Some sequences trigger execution of remote system-level operations. Improper sanitization allows command-level injection. Version 2.0.0 is affected...
📄 eNet SMART HOME 2.3.1 Privilege Escalation
The eNet Smart Home device firmware versions 2.3.1 build 46841 and 2.2.1 build 46056 exposes JSON‑RPC management methods that may allow authenticated low‑privileged users to perform unauthorized administrative actions. Improper server‑side authorization controls on the /jsonrpc/management endpoin...
📄 Rejetto HTTP File Server 2.3m Unauthenticated Remote Code Execution
Proof of concept exploit for an unauthenticated remote code execution vulnerability in Rejetto HTTP File Server version 2.3m that leverages template injection...
📄 Samsung QuramDng Malformed DNG TrimBounds Opcode Out‑Of‑Bounds Read
A vulnerability exists in the image decoding logic of Quram DNG parser within libimagecodec.quram.so. The flawed bounds validation in handling TrimBounds opcode triggers out-of-bounds reads on heap-allocated image buffers. This issue allows remote attackers to craft a malicious DNG payload, embed...
📄 Samsung QuramDNG Heap Corruption
A vulnerability exists in Samsung's image decoding library libimagecodec.quram.so responsible for parsing Digital Negatives DNG. A malformed DNG containing oversized IFD entries can cause heap corruption. With precise heap grooming, this condition may lead to remote code execution when the...
📄 Ray 2.8.0 Path Traversal
A path traversal vulnerability was identified in versions prior to 2.8.1 of Ray affecting the Ray Dashboard service default port 8265. The issue stems from improper validation and sanitization of user-supplied file paths within the static file handling mechanism. By manipulating path traversal...
📄 motionEye 0.43.1b4 Remote Command Injection
A remote command injection vulnerability exists in motionEye versions up to and including 0.43.1b4. The issue arises from improper validation and sanitization of user‑supplied input within camera configuration parameters. Under certain conditions, authenticated users can inject crafted input that...
📄 Remote for Mac 2025.6 Unauthenticated UDP Keyboard Remote Code Execution
A remote code execution vulnerability exists in Remote for Mac version 2025.6. When the "Allow unknown devices" option is enabled, the application accepts unauthenticated key input over UDP on port 1947. By sending a crafted sequence of UDP packets that simulate keyboard events, an attacker can...
📄 pfSense Ultimate Exploit Framework
This Python script is an exploitation framework targeting two authenticated remote code execution vulnerabilities in pfSense. One exploit vector is an unsafe deserialization in pfSense CE version 2.7.2 and another is related to XMLRPC execphp abuse in pfSense CE version 2.8.0...
📄 ChurchCRM 6.8.0 Information Disclosure Tester
ChurchCRM versions 6.8.0 and earlier expose the installation setup endpoint without proper access restrictions. If the setup process remains accessible after deployment, it may allow unauthorized users to interact with configuration parameters. This misconfiguration increases the risk of...
📄 RuoYi 4.7.9 Advanced SQL Injection Exploitation Toolkit
This Python script is a sophisticated SQL injection exploitation tool that targets Java web applications specifically RuoYi framework, with additional remote code execution capabilities. The tool performs blind SQL injection attacks and includes multiple methods for escalating from SQL injection ...
📄 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner
This C++ scanner analyzes DNG Digital Negative files for the CVE-2025-58478 type confusion vulnerability in the libimagecodec.quram.so library used on Samsung devices...
📄 Ruckus Unleashed 200.13.6.1.319 XSS Scanner
This is a testing script to validate whether or not a Ruckus Unleashed system is vulnerable to the cross site scripting vulnerability in version 200.13.6.1.319...
📄 SAP NetWeaver 7.50 Visual Composer Metadata Shell Upload
SAP NetWeaver Visual Composer contains an unauthenticated file upload vulnerability in the metadata uploader component that allows attackers to upload arbitrary files including JSP web shells and WAR applications, leading to remote code execution on the SAP server. The vulnerability exists in the...
📄 Redash 25.8.0 Password Hash Extraction
This PHP script is a security exploitation tool that targets Redash, an open-source data visualization platform. The tool leverages a configuration vulnerability in Redash's default PostgreSQL setup to perform two critical attacks. It can execute arbitrary system commands on the database server...
📄 Samsung Malformed DNG ColorMatrix2 Out-Of-Bounds Read
A memory safety vulnerability was identified in Samsung’s image decoding library libimagecodec.quram.so, affecting the handling of DNG Digital Negative image files. The issue stems from improper bounds validation when parsing the ColorMatrix2 0xC622 tag within DNG metadata. By supplying a crafted...
📄 Saturn Remote Mouse Server 1 Command Injection
A service component of Saturn Remote Mouse Server listens for unauthenticated UDP JSON-like frames on UDP port 27000. Improper input handling allows specially crafted frames to cause execution of arbitrary commands within the context of the service process, resulting in remote code execution on t...
📄 SmarterMail 9518 Cross Site Scripting
SmarterMail versions 9518 and below have an issue where user input passed through the MailboxId GET parameter to the MAPI endpoints is not properly sanitized before being used to generate HTML output. This can be exploited by attackers to perform reflective cross site scripting attacks which, in...
📄 Qualcomm CVP Kernel Driver Pointer Disclosure / Privilege Escalation
This advisory describes a local privilege escalation vulnerability affecting the Qualcomm CVP kernel driver msmcvp, exposed through the /dev/cvp device node on Android systems using Qualcomm SoCs. The vulnerability originates from an improperly obfuscated kernel pointer returned to user space as ...
📄 Extensis Portfolio Manager 4.0.1 Shell Upload
This Metasploit module exploits multiple vulnerabilities in Extensis Portfolio Server to achieve remote code execution. It leverages CVE-2022-24251 and related issues to upload a JSP webshell and execute arbitrary commands. Version 4.0.1 is affected...
📄 Python 3 Minidom Denial of Service
This proof of concept demonstrates an algorithmic denial of service condition caused by parsing an XML document containing an extremely large number of attributes using Python's xml.dom.minidom library. Due to inefficient attribute handling with quadratic time complexity, the XML parser may consu...
📄 PaperCut MF/NG 25.0.5 Authentication Bypass / Remote Code Execution
A critical security vulnerability was discovered in version 25.0.5 of PaperCut MF/NG that allows attackers to bypass authentication and execute remote commands on the target system without requiring any credentials...
📄 BeyondTrust Remote Support / Privileged Remote Access Remote Code Execution
A critical pre‑authentication remote code execution vulnerability identified as CVE-2026-1731 affects products from BeyondTrust, specifically Remote Support and Privileged Remote Access. The vulnerability allows an unauthenticated attacker to execute arbitrary commands on a vulnerable system by...
📄 MongoDB BSON Decompression OP_COMPRESSED Memory Disclosure
This Metasploit module demonstrates an educational memory leak in MongoDB BSON decompression. It sends malformed BSON in OPCOMPRESSED messages to trigger memory disclosure. Quite a huge list of versions are affected...
📄 n8n Workflow Automation Remote Configuration / Admin Data Extraction
This Metasploit module exploits multiple vulnerabilities in n8n workflow automation tool. It leverages a file read vulnerability to steal encryption keys and database, then uses stolen credentials to authenticate and execute arbitrary commands via the Execute Command node...
📄 Pymatgen 2024.1 CIF Parser Reverse Shell
Pymatgen version 2024.1 contains a critical remote code execution vulnerability in its Crystallographic Information File CIF parser that allows attackers to execute arbitrary Python code through specially crafted CIF files, leading to complete system compromise. The vulnerability exists in the CI...
📄 Pterodactyl Panel Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Pterodactyl Panel versions before 1.11.11. The vulnerability allows an attacker to write a malicious PHP file via the locale functionality and then execute it to gain a reverse shell...
📄 eNet SMART HOME Server 2.3.1 Remote Privilege Escalation
The eNet Smart Home system suffers from a privilege escalation vulnerability due to insufficient authorization checks in the JSON-RPC endpoint for user management. A low-privileged user, can exploit the setUserGroup method by sending a crafted POST request to /jsonrpc/management, specifying their...
📄 NFR Agent SRS Record 1.0.4.3 PHP Code Injection
Proof of concept code injection exploit for NFR Agent SRS Record version 1.0.4.3. This is for an older finding from 2012. ============================================================================================================================================= | Title : NFR Agent SRS Record...
📄 PluckCMS 4.7.10 Shell Upload
PluckCMS version 4.7.10 remote shell upload proof of concept exploit. ============================================================================================================================================= | Title : PluckCMS 4.7.10 Unrestricted File Upload RCE | | Author : indoushka | |...