50738 matches found
📄 jsPDF PDF Object Injection
jsPDF versions prior to 4.2.0 suffer from a PDF object injection vulnerability the addJS method. CVE-2026-25755: PDF Object Injection in jsPDF addJS Method Description A PDF Object Injection vulnerability was identified in the addJS method of jsPDF. The library fails to sanitize user-supplied inp...
📄 Telesquare TLR-2005KSH Remote Command Execution
Telesquare TLR-2005KSH proof of concept remote command execution exploit. ============================================================================================================================================= | Title : Telesquare TLR-2005KSH - Remote Command Execution vulnerability | |...
📄 SolarWinds Web Help Desk Access Control Bypass / Unsafe Deserialization
This Metasploit module exploits access control bypass and unsafe deserialization vulnerabilities in SolarWinds Web Help Desk to achieve unauthenticated remote code execution...
📄 OWASP CRS WAF Bypass
OWASP core rule set CRS versions prior to 4.22.0 and 3.3.8 suffer from a bypass vulnerability. CVE-2026-21876 OWASP CRS WAF bypass CVE-2026-21876 docker container + minimal PoC. I would like to thank @airween and @fzipi separately for their quick response! The vulnerability fix was ready in a ver...
📄 Icinga for Windows 1.13.3 Private Key Exposure
Icinga for Windows PowerShell Framework versions prior to 1.13.4, 1.12.4, and 1.11.2 install the certificate directory with insecure default permissions. The directory C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\certificate is created with BUILTIN\Users:RX permissions,...
📄 AMSS++ 4.7 Backdoor Admin Account
AMSS++ version 4.7 has a hardcoded backdoor administrative account. Title: AMSS++ 4.7 - Backdoor Admin Account Author: indoushka Date: 2020-02-23 Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit Vendor : http://amssplus.ubn4.go.th/amssplusdownload/amssplus431install.ra...
📄 Supermicro Onboard IPMI X9SCL / X9SCM SMT_X9_214 PHP Buffer Overflow
Supermicro Onboard IPMI X9SCL and X9SCM with firmware SMTX9214 PHP proof of concept buffer overflow exploit that spawns a reverse shell. It exploits an older vulnerability from 2013...
📄 SuiteCRM 7.11.18 Log File Remote Code Execution
SuiteCRM version 7.11.18 allows modification of the logging configuration. The log filename extension is not validated properly .pHp accepted, causing the log to be interpreted as PHP. Then attacker injects PHP payload into the logs changing username lastname field resulting in the log file...
📄 sudo 1.9.17 chroot Privilege Escalation
This Metasploit module exploits CVE-2025-32463, a local privilege escalation vulnerability in Sudo's chroot functionality. The vulnerability allows attackers to load malicious NSS Name Service Switch modules from within a chroot environment, leading to arbitrary code execution as root...
📄 Google Chrome CSSFontFeatureValuesMap Use-After-Free
Google Chrome versions prior to 145.0.7632.75 CSSFontFeatureValuesMap use-after-free proof of concept exploit. When an iterator is created over a CSSFontFeatureValuesMap object and the underlying HashMap is mutated during iteration, a rehash operation occurs, freeing the original memory while the...
📄 Squirrel Out-Of-Bounds Read
A vulnerability exists in the Squirrel engine's stack implementation due to missing bounds checking in the PopTarget function. When attempting to pop from an empty stack, the function reads from datasize - 1 index -1, causing a heap buffer underflow...
📄 Soosyze CMS 2.0 Rate Limit Scanner
Soosyze CMS 2.0 suffers from a missing authentication rate‑limiting vulnerability CWE‑307 on the /user/login endpoint. The application allows unlimited failed login attempts without triggering protections such as rate limiting, account lockout, or CAPTCHA. The provided automatic detection script...
📄 Sophos Web Virtual Appliance 3.7.0 Directory Traversal
Proof of concept exploit for an older vulnerability from 2013 where Sophos Web Virtual Appliance version 3.7.0 suffered from a directory traversal vulnerability...
📄 GLPI Accessible Documents Insecure Direct Object Reference
This Metasploit auxiliary module scans a GLPI installation for improperly exposed documents linked to KnowbaseItem objects via the document.send.php endpoint. The module performs an automated enumeration of docid values within a defined range and attempts to access documents without authenticatio...
📄 Splunk Enterprise 8.2.9 / 9.0.2 Authenticated Remote Code Execution
Proof of concept exploit for CVE-2022-43571, a critical authenticated remote code execution vulnerability affecting Splunk Enterprise versions 8.2.9 and 9.0.2. The flaw resides in the SimpleXML dashboard PDF generation process, where insufficient input sanitization allows a privileged authenticat...
📄 GnuTLS X.509 Name Constraints Denial of Service
This program is a multi-threaded test application created to analyze the impact of excessive X.509 Name Constraints processing in vulnerable versions of GnuTLS CVE-2025-14831. It generates a configurable certificate chain and attaches a very large number of Name Constraints and Subject Alternativ...
📄 Dell RecoverPoint for Virtual Machines Shell Upload
This proof of concept leverage Tomcat manager credentials to upload and execute a malicious WAR file containing a JSP web shell on Dell RecoverPoint appliances...
📄 wlc SSL Certification Validation Bypass
This proof of concept demonstrates a security issue in wlc versions earlier than 1.17.0, where SSL/TLS certificate validation can be bypassed. By attempting connections to endpoints with invalid certificates such as self‑signed or expired certificates, the proof of concept verifies whether wlc...
📄 Solar FTP Server 2.1.1 PASV Denial of Service
Solar FTP Server version 2.1.1 PASV command denial of service proof of concept exploit written in PHP. ============================================================================================================================================= | Title : Solar FTP Server 2.1.1 PASV Command - Deni...
📄 Apache Traffic Server 9.2.5 Denial of Service
Proof of concept remote denial of service exploit for Apache Traffic Server versions 9.2.0 through 9.2.5 that leverages the host header. ============================================================================================================================================= | Title : Apache...
📄 Selenium Server (Grid) 4.27.0 Code Injection
Proof of concept exploit for Selenium Server Grid versions 4.27.0 and below that exploits firefoxprofile to force the browser to run bash commands. ============================================================================================================================================= | Title...
📄 SmarterMail 100.0.9413 GUID File Remote Code Execution
This PHP code implements a fully automated remote exploitation framework targeting SmarterMail version 100.0.9413. It is designed to identify the service, determine the underlying operating system, abuse a file upload mechanism with path traversal, and achieve arbitrary file write leading to remo...
📄 Python Tarfile Bypass
This proof of concept exploit targets CVE-2025-4138, a vulnerability in Python's built-in tarfile module when extracting archives using filter="data". The issue allows a crafted archive to bypass intended path restrictions by abusing filesystem path length handling and symbolic link resolution...
📄 Pillow PSD Parser Out-Of-Bounds Write
Proof of concept exploit that creates a malicious .psd file for Pillow that attempts an out-of-bounds write. This issue is patched in version 12.1.1. ============================================================================================================================================= | Tit...
📄 Sawtooth Lighthouse Studio 9.16.14 Remote Command Execution
Sawtooth Lighthouse Studio version 9.16.14 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : Sawtooth Lighthouse Studio 9.16.14 RCE | | Author :...
📄 Serendipity 2.5.0 PHP Code Injection
Serendipity version 2.5.0 proof of concept PHP code injection exploit. ============================================================================================================================================= | Title : Serendipity 2.5.0 PHP COde Injection Vulnerability | | Author : indoushka ...
📄 Skyvern 0.1.84 Template Injection / Code Execution
Skyvern version 0.1.84 remote code execution proof of concept exploit that leverages a vulnerability in workflow creation functionality where user-supplied input in the prompt field is processed through Jinja2 templating engine without proper sanitization, allowing attackers to execute arbitrary...
📄 Raynet rvia 12.6.4392.49-amd64.deb Privilege Escalation
Proof of concept privilege escalation exploit for Raynet's RayVentory Inventory Agent version 12.6.4392.49-amd64.deb. ============================================================================================================================================= | Title : Raynet rvia...
📄 Sitecore Experience Manager / Experience Platform 10.1 Shell Upload / Hardcoded Credentials
Proof of concept exploit for a remote code execution vulnerability chain affecting Sitecore Experience Platform versions 10.x combining hardcoded credentials with file upload vulnerabilities for complete system compromise...
📄 SofaWiki 3.9.2 Shell Upload
This is a proof of concept remote shell upload exploit for SofaWiki version 3.9.2 that leverages an issue originally discovered in 2024. ============================================================================================================================================= | Title : SofaWiki...
📄 Shenzhen Aitemi M300 Wi-Fi Repeater Remote Code Execution
Shenzhen Aitemi M300 Wi-Fi Repeater unauthenticated proof of concept remote code execution exploit that leverages the time parameter in protocol.csp. ============================================================================================================================================= | Tit...
📄 Yoast SEO 22.5 Cross Site Scripting
These are details relating a cross site scripting vulnerability in Yoast SEO versions 22.5 and below that was originally discovered in 2024. CVE-2024-4041 Yoast SEO /?page=%22%20onmouseover%3D%22alertdocument.domain%22%20x%3D%22 3. In the admin bar, open the Yoast menu and hover/click Get Yoast S...
📄 SmarterMail 16.3.6989.16341 Path Traversal
This PHP proof of concept is a detection-only artifact generator for CVE-2025-52691 affecting SmarterMail version 16.3.6989.16341. It sends a crafted multipart upload request to the /api/upload endpoint, leveraging a path traversal condition in the contextData GUID to determine whether the target...
📄 WordPress StoryChief 1.0.42 Shell Upload
This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in the StoryChief WordPress plugin less than or equal to 1.0.42. The plugin exposes a webhook endpoint at /wp-json/storychief/webhook which accepts a forged HMAC. Because the plugin uses an empty secret for HMA...
📄 eNet SMART HOME 2.3.1 Privilege Escalation
The eNet Smart Home device firmware versions 2.3.1 build 46841 and 2.2.1 build 46056 exposes JSON‑RPC management methods that may allow authenticated low‑privileged users to perform unauthorized administrative actions. Improper server‑side authorization controls on the /jsonrpc/management endpoin...
📄 RuoYi 4.7.9 Advanced SQL Injection Exploitation Toolkit
This Python script is a sophisticated SQL injection exploitation tool that targets Java web applications specifically RuoYi framework, with additional remote code execution capabilities. The tool performs blind SQL injection attacks and includes multiple methods for escalating from SQL injection ...
📄 ChurchCRM 6.8.0 Information Disclosure Tester
ChurchCRM versions 6.8.0 and earlier expose the installation setup endpoint without proper access restrictions. If the setup process remains accessible after deployment, it may allow unauthorized users to interact with configuration parameters. This misconfiguration increases the risk of...
📄 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner
This C++ scanner analyzes DNG Digital Negative files for the CVE-2025-58478 type confusion vulnerability in the libimagecodec.quram.so library used on Samsung devices...
📄 Samsung QuramDng Malformed DNG TrimBounds Opcode Out‑Of‑Bounds Read
A vulnerability exists in the image decoding logic of Quram DNG parser within libimagecodec.quram.so. The flawed bounds validation in handling TrimBounds opcode triggers out-of-bounds reads on heap-allocated image buffers. This issue allows remote attackers to craft a malicious DNG payload, embed...
📄 Remote for Mac 2025.6 Unauthenticated UDP Keyboard Remote Code Execution
A remote code execution vulnerability exists in Remote for Mac version 2025.6. When the "Allow unknown devices" option is enabled, the application accepts unauthenticated key input over UDP on port 1947. By sending a crafted sequence of UDP packets that simulate keyboard events, an attacker can...
📄 Ray 2.8.0 Path Traversal
A path traversal vulnerability was identified in versions prior to 2.8.1 of Ray affecting the Ray Dashboard service default port 8265. The issue stems from improper validation and sanitization of user-supplied file paths within the static file handling mechanism. By manipulating path traversal...
📄 Saturn Remote Mouse Server 1 Command Injection
A service component of Saturn Remote Mouse Server listens for unauthenticated UDP JSON-like frames on UDP port 27000. Improper input handling allows specially crafted frames to cause execution of arbitrary commands within the context of the service process, resulting in remote code execution on t...
📄 Samsung Malformed DNG ColorMatrix2 Out-Of-Bounds Read
A memory safety vulnerability was identified in Samsung’s image decoding library libimagecodec.quram.so, affecting the handling of DNG Digital Negative image files. The issue stems from improper bounds validation when parsing the ColorMatrix2 0xC622 tag within DNG metadata. By supplying a crafted...
📄 Ruckus Unleashed 200.13.6.1.319 XSS Scanner
This is a testing script to validate whether or not a Ruckus Unleashed system is vulnerable to the cross site scripting vulnerability in version 200.13.6.1.319...
📄 Redash 25.8.0 Password Hash Extraction
This PHP script is a security exploitation tool that targets Redash, an open-source data visualization platform. The tool leverages a configuration vulnerability in Redash's default PostgreSQL setup to perform two critical attacks. It can execute arbitrary system commands on the database server...
📄 pfSense Ultimate Exploit Framework
This Python script is an exploitation framework targeting two authenticated remote code execution vulnerabilities in pfSense. One exploit vector is an unsafe deserialization in pfSense CE version 2.7.2 and another is related to XMLRPC execphp abuse in pfSense CE version 2.8.0...
📄 Rejetto HTTP File Server 2.3m Unauthenticated Remote Code Execution
Proof of concept exploit for an unauthenticated remote code execution vulnerability in Rejetto HTTP File Server version 2.3m that leverages template injection...
📄 Samsung QuramDNG Heap Corruption
A vulnerability exists in Samsung's image decoding library libimagecodec.quram.so responsible for parsing Digital Negatives DNG. A malformed DNG containing oversized IFD entries can cause heap corruption. With precise heap grooming, this condition may lead to remote code execution when the...
📄 motionEye 0.43.1b4 Remote Command Injection
A remote command injection vulnerability exists in motionEye versions up to and including 0.43.1b4. The issue arises from improper validation and sanitization of user‑supplied input within camera configuration parameters. Under certain conditions, authenticated users can inject crafted input that...
📄 RustFly 2.0.0 Event Manipulation
The remote UI control mechanism of RustFly accepts raw hex-encoded instructions over UDP. Some sequences trigger execution of remote system-level operations. Improper sanitization allows command-level injection. Version 2.0.0 is affected...