50738 matches found
π ZAI-Shell P2P Command Injection
This Metasploit module targets a command injection vulnerability in ZAI-Shell when running in noaimode. The exploit communicates over a plaintext P2P protocol default port 5757 and sends crafted JSON messages to execute arbitrary system commands on the target. The module includes an enhanced...
π WordPress SliderβFuture 1.0.5 Arbitrary File Upload
This is a Metasploit module that demonstrates an unauthenticated file upload vulnerability in WordPress SliderβFuture plugin version 1.0.5. ============================================================================================================================================= | Title :...
π Frigate NVR 0.16.3 Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Frigate NVR versions 0.16.3 and below by manipulating the application's configuration through the go2rtc stream settings. The module retrieves the current configuration, safely parses and modifies it to introduce a controlle...
π FUXA 1.2.8 Authentication Bypass / Remote Code Execution
This Metasploit module adds support for exploiting CVE-2025-69985 in FUXA SCADA/HMI software versions 1.2.8 and below. The vulnerability allows unauthenticated access to the /api/runscript endpoint due to an authentication bypass, leading to remote code execution via Node.js childprocess.execSync...
π WordPress WPvivid Backup and Migration 0.9.123 Shell Upload
A critical vulnerability in the WPvivid Backup and Migration plugin for WordPress allows unauthenticated attackers to upload arbitrary files, potentially resulting in remote code execution. The issue stems from a cryptographic failβopen condition combined with insufficient file path validation...
π Xerte Online Toolkits 3.14 Shell Upload
A vulnerability in Xerte Online Toolkits versions 3.14 and earlier allows unauthenticated users to upload arbitrary files via the template import functionality. The issue exists in /websitecode/php/import/import.php. Due to missing authentication checks on the import endpoint, an attacker can...
π fast-xml-parser 5.3.5 Denial of Service
A denial of service vulnerability was identified in fast-xml-parser affecting versions 4.1.3 through 5.3.5. The issue arises from improper handling of XML Document Type Definitions DTD, specifically when processing internal entity expansion. An attacker can supply a crafted XML payload containing...
π telnetd Environment Variable Bypass
It has been discovered that telnetd has further bypass issues relating to environment variables that can achieve remote root. For 27 years, this issue persists. From: Justin Swartz Date: Tue, 24 Feb 2026 03:17:02 +0200 Greetings, I have been reviewing the recent vulnerability report by Ron Ben...
π Supermicro X8 Vulnerability Scanner
This code is a vulnerability scanner designed to scan for vulnerabilities in the Supermicro Onboard IPMI interface. The code checks for two known buffer overflow vulnerabilities. The checks are for older issues from 2013...
π fast-xml-parser REGEX Injection / Cross Site Scripting
fast-xml-parser versions starting at 4.1.3 and below 5.3.5 suffer from a REGEX injection issue that can allow for cross site scripting attacks. ============================================================================================================================================= | Title :...
π PJSIP PJMEDIA H.264 Denial of Service
A logic validation flaw was identified in the H.264 packetization routine within the PJMEDIA component of PJSIP. Specifically, insufficient validation of FU-A Fragmentation Unit β Type A state handling in pjmediah264packetize may allow malformed RTP payloads to trigger unsafe pointer arithmetic...
π Google Chrome 145.0.7632.117 DevTools Injection
A high-severity vulnerability was identified in the DevTools component of Google Chrome versions prior to 145.0.7632.117. The issue stems from an inappropriate implementation that allowed insufficient isolation between Chrome extensions and privileged DevTools pages. If a user was convinced to...
π zlib crc32_combine_gen64 Denial of Service
zlib versions prior to 1.3.2 has an infinite loop vulnerability in the crc32combinegen64 function that can result in a denial of service condition. ============================================================================================================================================= | Title...
π Rack::Directory Cross Site Scripting
A persistent cross site scripting vulnerability affects Rack::Directory in Rack versions prior to 2.2.22, 3.1.20, and 3.2.5. ============================================================================================================================================= | Title : Rack Rack::Directory...
π OpenBabel 3.1.1 Parsing Issues
This Metasploit auxiliary module generates specially crafted proof of concept files targeting potential parsing vulnerabilities in OpenBabel version 3.1.1 such as NULL pointer dereference and out-of-bounds read conditions...
π Textpattern 4.9.0 Cross Site Scripting
Textpattern version 4.9.0 suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : Textpattern 4.9.0 Second-Order XSS via Atom Feed Injection | | Autho...
π Windows Notepad Markdown Link Code Execution
The Windows Notepad App Microsoft Store version fails to properly validate protocol handlers in markdown links. When a user Ctrl+Click on a crafted link in a .md file, Notepad passes the raw URI to ShellExecuteExW without sufficient filtering. This allows execution of arbitrary binaries in two...
π Siklu EtherHaul Series EH-8010 / EH-1200 Arbitrary File Upload
This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in Siklu EtherHaul wireless backhaul devices. By abusing the proprietary encrypted RFPipe protocol, an unauthenticated remote attacker can upload arbitrary files to the target system without valid credentials...
π WordPress TeconceTheme Coven Core 1.3 Blind SQL Injection
Proof of concept exploit for a remote blind SQL injection vulnerability in Wordpress TeconceTheme Coven Core theme version 1.3. ============================================================================================================================================= | Title : TeconceTheme Cove...
π FreeBSD Routing Socket Input Validation
This proof of concept exploit attempts to test the robustness of the FreeBSD routing socket subsystem by crafting a RTMADD message containing an intentionally oversized sockaddr structure salen greater than the traditional sockaddrstorage limit of 128 bytes...
π SPIP Gadget Chain Insecure Deserialization
SPIP Gadget Chain versions prior to 4.4.9 suffer from a potential PHP object deserialization vulnerability. ============================================================================================================================================= | Title : SPIP Gadget Chain before 4.4.9...
π Calibre 9.2.1 Path Traversal / Arbitrary File Write
Calibre versions 9.2.1 and below are vulnerable to a path traversal flaw in the PDB file parser, affecting both the 132-byte and 202-byte header variants of the PDB reader implementation. The vulnerability allows a specially crafted PDB file to embed directory traversal sequences such as ../ with...
π Moodle TeX Formula Rendering Denial of Service
A denial of service vulnerability was identified in the TeX formula rendering component of Moodle. The issue occurs when rendering TeX content using the mimetex engine without enforcing sufficient execution time or resource limitations. By submitting specially crafted TeX formulas designed to...
π PDF Object Injection Generator
PDF object injection is a vulnerability in applications that dynamically generate PDFs from user input without proper validation or escaping. This proof of concept generates a malicious pdf for testing software such as jsPDF...
π Open Babel 3.1.1 CIF File Memory Corruption
This Metasploit auxiliary module generates a crafted .cif file designed to test for memory corruption conditions in Open Babel version 3.1.1. By providing an excessive number of symmetry operations, it triggers a crash DoS during file parsing. The exact outcome depends on the target's build,...
π Cosign 3.0.4 Certificate Chain Validation Bypass
A logic flaw in the certificate verification process of Cosign versions 3.0.4 and below allows signatures to be accepted even when the issuing Intermediate Certificate Authority CA has already expired. This proof of concept generates a chain that can be tested with this software in order to prove...
π MSβEVEN TOCTOU ElfrBackupELFW Arbitrary File Write
This module exploits a Time-of-Check Time-of-Use TOCTOU vulnerability in the MS-EVEN protocol Windows Event Log service. A low-privileged authenticated user can write arbitrary files to a remote Windows machine by abusing the ElfrBackupELFW RPC function. This module strictly follows the MS-EVEN...
π BeyondTrust PRA / RS Unauthenticated Remote Code Execution
This Metasploit module exploit achieves unauthenticated remote code execution against BeyondTrust Privileged Remote Access PRA and Remote Support RS. It leverages three different vulnerabilities depending on the user-selected target. The default target leverages CVE-2026-1731, a direct command...
π FUX 1.2.8 Authentication Bypass / Remote Command Execution
This Python exploit targets CVE-2025-69985, an authentication bypass in FUXA web-based SCADA/HMI software that allows access to the protected /api/runscript endpoint even when authentication is enabled. By sending a crafted JavaScript payload using childprocess.execSync, it achieves full remote...
π Icinga for Windows 1.13.3 Private Key Disclosure
This Metasploit module identifies and exploits insecure default ACL permissions in vulnerable versions of the Icinga for Windows PowerShell Framework. The certificate directory is created with overly permissive read access for the BUILTIN\Users group, allowing any local user to access the...
π Frigate NVR 0.16.3 Remote Command Execution
This Python exploit targets a critical configuration manipulation vulnerability in Frigate NVR versions up to 0.16.3 both authenticated and unauthenticated paths. By injecting a malicious go2rtc stream and a fake camera entry, it triggers arbitrary command execution as the Frigate process during...
π Ollama Model Registry Path Traversal / Remote Code Execution
Ollama versions prior to 0.1.34 are vulnerable to a path traversal attack via the model pull mechanism CVE-2024-37032. When pulling a model, the digest field in OCI manifests is not validated, allowing an attacker to inject path traversal sequences to write arbitrary files on the server. This...
π SPIP Saisies 5.11.0 Remote Code Execution
Proof of concept exploit for a PHP code injection vulnerability in the Saisies plugin for SPIP. The vulnerability allows an attacker to inject and execute arbitrary PHP code through the vulnerable parameter anciennesvaleurs. Versions 5.4.0 through 5.11.0 are affected. Written in PHP...
π Tattile Cameras 1.181.5 Unauthenticated RTSP Stream Disclosure
Tattile Cameras version 1.181.5 suffer from an unauthenticated and unauthorized live RTSP video stream access. Tattile Cameras 1.181.5 Unauthenticated RTSP Stream Disclosure Vendor: Tattile s.r.l. Product web page: https://www.tattile.com Affected version: Smart+ family: Smart+ Tolling+ Smart+...
π Tattile Cameras 1.181.5 Default Credentials
Tattile Cameras version 1.181.5 ship with default credentials that remain active after installation and commissioning without enforcing a mandatory password change. Tattile Cameras 1.181.5 Use of Default Credentials Vendor: Tattile s.r.l. Product web page: https://www.tattile.com Affected version...
π Echo Framework 5.0.4 Path Traversal
This Python script is a security testing tool designed to detect a path traversal vulnerability in web applications built with the Echo framework version 5 running on Windows systems...
π SPIP Saisies 5.11.0 Remote Code Execution
This Metasploit module exploits a PHP code injection vulnerability in the Saisies plugin for SPIP. The vulnerability allows an attacker to inject and execute arbitrary PHP code through the vulnerable parameter anciennesvaleurs. Versions 5.4.0 through 5.11.0 are affected...
π SPIP Unauthenticated Remote Code Execution / Insecure Deserialization
A remote code execution vulnerability was identified in SPIP due to improper handling of user-supplied serialized data. The application fails to properly validate or restrict unsafe object deserialization, allowing an attacker to supply crafted input that triggers unintended object instantiation...
π SPIP Cross Site Scripting
SPIP versions prior to 4.4.9 suffer from a persistent cross site scripting injection vulnerability in the editor. ============================================================================================================================================= | Title : SPIP before 4.4.9 Stored XSS...
π Cilium 1.18.5 Traffic Bypass
This Python proof of concept script performs a comprehensive node-level analysis to assess a vulnerability in Cilium versions 1.18.0 through 1.18.5 that allows cross-node Pod traffic to bypass Host Firewall policies when Native Routing, WireGuard, and Node Encryption are enabled...
π Tattile Cameras 1.181.5 Insufficient Token Expiration
Tattile Cameras version 1.181.5 suffers an insufficient session expiration. This occurs when the web application permits an attacker to reuse old session credentials or tokens for authorization. Insufficient session expiration increases the device's exposure to attacks that can steal or reuse...
π Advanced JUNG Smart Visu Security Scanner
This is a multi-threaded security scanner for JUNG Smart Visu servers that detects reflected cross site scripting, header injection, open redirects, and JSON injection. It tests predefined endpoints with custom payloads, analyzes HTTP responses for vulnerabilities, and generates a detailed report...
π Windows File Explorer Information Disclosure
Proof of concept exploit that demonstrates how the Microsoft Windows File Explorer fails to properly restrict access to sensitive system locations. Exploit Title: Windows File Explorer Information Disclosure CVE-2026-20937 Date: 2026-02-24 Exploit Author: nu11secur1ty Vendor Homepage:...
π SPIP Blind Server-Side Request Forgery
SPIP versions prior to 4.4.9 suffers from a blind server-side request forgery vulnerability within the private administration interface. ============================================================================================================================================= | Title : SPIP 4.4...
π Microsoft Event Log Remote Protocol Arbitrary File Write
This Python script demonstrates the abuse of the Microsoft Event Log Remote Protocol MS-EVEN to achieve an arbitrary file write over SMB using low-privileged credentials. By interacting with the Windows \pipe\eventlog named pipe through DCERPC, the script leverages the ElfrOpenBELW and...
π QEMU VMDK Out-Of-Bounds Read
A flaw was found in QEMU's VMDK block driver implementation. When processing compressed grain markers within a monolithicSparse VMDK image, insufficient bounds validation may allow the decompression routine to read beyond the allocated buffer. A specially crafted VMDK image could trigger an...
π GrandStream GXP1600 Unauthenticated Remote Code Execution
An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...
π Telerik Report Server 2024 Q1-10.0.24.305 Remote Code Execution
Telerik Report Server versions 2024 Q1 10.0.24.305 and potentially earlier contain a critical vulnerability that allows unauthenticated attackers to achieve remote code execution through insecure deserialization in report processing functionality. The vulnerability exists due to improper input...
π Termius 9.9.0 Remote Code Execution
This Metasploit module demonstrates a remote code execution vulnerability in the Termius Electron application caused by an exposed symbol in the global JavaScript Symbol Registry. By accessing a shared Symbol.for key that unintentionally references preloaded Node.js modules, attacker-controlled...
π Tactical RMM 1.3.1 Jinja2 Server-Side Template Injection
This Metasploit module targets a server-side template injection vulnerability in Tactical RMM's template preview endpoint. The implementation is clearly marked as experimental and manually ranked due to the inherently unstable exploitation technique it relies on. The module attempts to achieve...