50630 matches found
📄 Blesta 5.13.1 Cross Site Scripting
Blesta versions 3.2.0 through 5.13.1 suffer from a cross site scripting vulnerability. User input passed through the confirmurl GET parameter to the /dialog/confirm and /clientdialog/confirm/ endpoints is not properly sanitized before being used to generate HTML output; specifically, before being...
📄 Nagios XI Monitoring Wizard Command Injection
Nagios XI is a widely used enterprise monitoring solution. A vulnerability exists within the Monitoring Wizard configuration page where the database parameter is unsafely passed into backend operations. Authenticated users can exploit this to execute arbitrary system commands, allowing full remot...
📄 MotionEye Frontend 0.43.1b4 Command Injection
Proof of concept exploit for a command injection vulnerability in MotionEye Frontend version 0.43.1b4. ============================================================================================================================================= | Title : MotionEye Frontend 0.43.1b4 RCE | | Author...
📄 NCR Command Center Agent 16.3 Remote Command Execution
Proof of concept exploit for a remote command execution vulnerability in NCR Command Center Agent version 16.3 on Aloha POS/BOH servers. The vulnerability allows remote, unauthenticated attackers to execute arbitrary commands with SYSTEM privileges by sending a specially crafted XML document to...
📄 Mutiny 5.0-1.07 Directory Traversal
Mutiny version 5.0-1.07 directory traversal proof of concept exploit that demonstrates an issue originally discovered in 2013. ============================================================================================================================================= | Title : Mutiny 5.0-1.07...
📄 Blesta 5.13.1 Admin Interface PHP Object Injection
Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and orderinfo POST parameters when dispatching the /app/controllers/adminclients.php script, and through the...
📄 Go crypto/x509 Hostname Verification Denial of Service
A denial of service vulnerability exists in the Go programming language crypto/x509 package. The issue occurs during TLS hostname verification when constructing error messages for certificates containing a very large number of DNS names. In affected versions, error message construction uses...
📄 Monstra CMS 3.0.4 Shell Upload
Monstra CMS version 3.0.4 proof of concept remote shell upload exploit. ============================================================================================================================================= | Title : Monstra CMS 3.0.4 shell upload Vulnerability | | Author : indoushka | |...
📄 Podinfo 6.10.0 Cross Site Scripting
Podinfo versions 6.10.0 and below suffer from a cross site scripting vulnerability. CVE-2025-70849: Stored XSS in Podinfo Summary A security vulnerability CWE-79 was identified in Podinfo, a web application for demonstrating Kubernetes microservices. The /store feature allows unauthenticated user...
📄 Flask-Uploads 0.2.1 Path Traversal / Arbitrary File Write
Flask-Uploads versions 0.2.1 and below Metasploit module that exploits a path traversal vulnerability to achieve an arbitrary file write. ============================================================================================================================================= | Title :...
📄 Casdoor 2.283.0 Cross Site Request Forgery
Casdoor version 2.283.0 suffers from a cross site request forgery vulnerability. Related CVE number: CVE-2023-34927. Exploit Title: Casdoor v2.283.0 2026-02-02 - Cross-Site Request Forgery CSRF Application: Casdoor Version: v2.283.0 Date: 03/02/2026 Exploit Author: Van Lam Nguyen Facebook:...
📄 LimeSurvey 5.2.4 Remote Code Execution
Proof of concept exploit for LimeSurvey version 5.2.4 that loads a malicious PHP plugin and executes a reverse shell. ============================================================================================================================================= | Title : LimeSurvey 5.2.4 reverse...
📄 Chromium Memory Corruption Trigger Simulation
This is a theoretical trigger simulation for a Chromium-class vulnerability associated with memory corruption scenarios commonly affecting the V8 JavaScript engine or the Blink rendering engine. The code intentionally performs heap allocation patterns and unsafe memory access attempts in order to...
📄 MiniCMS 1.11 Exploitation Toolkit
This toolkit focuses on validating and demonstrating the impact of a known and documented design flaw in MiniCMS 1.11 related to its build process CVE-2018-1000638. MiniCMS relies on an insecure build.php script that blindly packages filesystem contents into install.php without enforcing integrit...
📄 Geeklog 2.2.1 Blind SQL Injection
A blind SQL injection vulnerability exists in Geeklog CMS version 2.2.1. The vulnerability allows remote attackers to execute arbitrary SQL commands via the uid parameter in comment.php. This issue is older research added to the archive. Geeklog 2.2.1 - Blind SQL Injection Advisory ID: RO-20-002...
📄 Apache Roller 6.1.2 Cross Site Request Forgery
Apache Roller versions 6.1.2 and below contain a cross site request forgery vulnerability in endpoint /roller/roller-ui/profile!save.rol. This vulnerability allows attackers to arbitrarily update the victim user's profile information e.g., email, full name, locale, timezone via a crafted HTML pag...
📄 Mailpit SMTP CRLF Injection
A CRLF injection vulnerability exists in Mailpit's SMTP server versions prior to 1.28.3. The vulnerability allows attackers to inject arbitrary SMTP headers by including carriage return characters in email addresses due to insufficient regex validation. Mailpit - SMTP CRLF Injection via Regex...
📄 GIMP PNM Integer Overflow
This is a proof of concept exploit that generates a malicious .pnm file for an integer overflow vulnerability in GIMP PNM. ============================================================================================================================================= | Title : GIMP PNM Integer...
📄 glFusion 1.3.0 Blind SQL Injection
A critical blind SQL injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older...
📄 Appsmith 1.92 Origin Header Injection
A critical vulnerability in Appsmith version 1.92 allows an unauthenticated attacker to manipulate the Origin HTTP header during the password reset process. Due to improper trust in client‑supplied headers, Appsmith constructs password reset links based on the injected origin. This enables an...
📄 WP Flash Player 1.3 Cross Site Scripting
Multiple cross site scripting vulnerabilities exist in WP Flash Player WordPress Plugin version 1.3. This issue is older research added to the archive. WP Flash Player 1.3 - Multiple Cross-site Scripting Advisory ID: RO-15-011 Severity: High Vendor: WordPress Product: WP Flash Player Version: 1.3...
📄 Gakido CRLF Injection
A vulnerability was discovered in Gakido that allowed HTTP header injection through CRLF sequences in user-supplied header values and names. Versions prior to 0.1.1 are affected. Gakido - CRLF Injection Advisory ID: RO-26-005 CVE ID: CVE-2026-24489 Severity: Medium Vendor: HappyHackingSpace...
📄 Mailpit Server-Side Request Forgery
A server-side request forgery vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. Versions prior to 1.28.0 are affected. Mailpit - Server-Side Request Forgery SSRF Advisory ID: RO-26-001 CVE ID: CVE-2026-21859 Severity: Medium...
📄 BulletProof Security 0.53.3 Cross Site Scripting
Multiple cross site scripting vulnerabilities exist in BulletProof Security WordPress Plugin version 0.53.3. This issue is older research added to the archive. BulletProof Security 0.53.3 - Multiple Cross-site Scripting Advisory ID: RO-16-007 Severity: Medium Vendor: AITpro Product: BulletProof...
📄 feedyour.email 2.4.1 SQL Injection
A SQL injection vulnerability exists in feedyour.email versions 2.4.1 and below. The vulnerability allows remote attackers to execute arbitrary SQL commands via the search functionality. feedyour.email - SQL Injection via Search Parameter Advisory ID: RO-26-003 CVE ID: CVE-2025-XXXX Pending...
📄 Pragyan CMS 3.0 Blind SQL Injection
A critical blind SQL injection vulnerability exists in Pragyan CMS version 3.0 and earlier, affecting the main index endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older research...
📄 NetScaler 14.1 Vulnerability Scanner
This Metasploit module scans for vulnerable Citrix NetScaler ADC instances affected by the memory overflow noted in CVE-2025-6543. It identifies vulnerable versions through SNMP and SSH banner grabbing...
📄 MaNGOSWeb 4.0.6 Multi-Exploit Framework
A comprehensive penetration testing tool designed to identify and exploit multiple critical vulnerabilities in MangosWeb 4 version 4.0.6, a World of Warcraft emulator web interface. These include SQL injection, XML injection, file write vulnerabilities, and more...
📄 Cockpit CMS 0.13.0 Cross Site Scripting
Multiple reflected cross site scripting vulnerabilities exist in Cockpit CMS version 0.13.0. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive. Cockpit CMS 0.13.0 - Multiple Reflected XSS Advisory ID: RO-16-003...
📄 Cockpit CMS 0.13.0 Remote Code Execution
Multiple remote code execution vulnerabilities exist in Cockpit CMS version 0.13.0. The vulnerabilities allow remote attackers to execute arbitrary PHP code on the server. This issue is older research added to the archive. Cockpit CMS 0.13.0 - Remote Code Execution Advisory ID: RO-16-004 Severity...
📄 Clicky by Yoast 1.4.3 Cross Site Scripting
Multiple persistent cross site scripting vulnerabilities exist in Clicky by Yoast WordPress Plugin version 1.4.3. This issue is older research added to the archive. Clicky by Yoast 1.4.3 - Multiple Stored Cross-site Scripting Advisory ID: RO-16-006 Severity: Medium Vendor: Yoast Product: Clicky b...
📄 WP-Polls 2.73 Cross Site Scripting
A cross site scripting vulnerability exists in WP-Polls WordPress Plugin version 2.73. This issue is older research added to the archive. WP-Polls 2.73 - Reflected Cross-site Scripting Advisory ID: RO-16-005 CVE ID: CVE-2016-10936 Severity: Medium Vendor: WordPress Product: WP-Polls Version: 2.73...
📄 FlatPress 1.0.2 Cross Site Scripting
Cross site scripting vulnerabilities exist in FlatPress version 1.0.2. FlatPress is a blogging engine that saves posts as simple text files. This issue is older research added to the archive. FlatPress 1.0.2 - Cross-site Scripting Advisory ID: RO-14-011 Severity: Critical Vendor: FlatPress Produc...
📄 Mailpit 1.28.1 Cross Site WebSocket Hijacking
A cross site websocket hijacking vulnerability exists in Mailpit versions 1.28.1 and below. The vulnerability allows remote attackers to intercept sensitive data such as email contents, headers, and server statistics in real-time. Mailpit - Cross-Site WebSocket Hijacking CSWSH Advisory ID:...
📄 Aggie 2.6.1 Host Header Injection
This is a detailed analysis and proof of concept exploit for CVE-2025-22381, a host header injection vulnerability discovered in Aggie version 2.6.1. CVE-2025-22381: Host Header Injection in Aggie Detailed analysis and Proof-of-Concept for CVE-2025-22381, a Host Header Injection vulnerability...
📄 FreePBX Endpoint Authentication Bypass / SQL Injection
This proof of concept exploit demonstrates a chained attack scenario in FreePBX that combines an authentication bypass with a SQL injection vulnerability in the custom endpoint extension component. When specific configuration conditions are met, an attacker may interact with administrative...
📄 glFusion 1.3.0 Blind SQL Injection
A critical blind SQL Injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This is older research...
📄 Serendipity 1.6.2 Cross Site Scripting
Multiple cross site scripting vulnerabilities exist in Serendipity version 1.6.2. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive. Serendipity 1.6.2 - Cross-site Scripting Advisory ID: RO-13-002 Severity: Mediu...
📄 Gibbon 14.0.01 Frame Injection
Frame injection vulnerabilities exist in Gibbon version 14.0.01. These vulnerabilities allow remote attackers to inject arbitrary HTML frames into the application. This issue is older research added to the archive. Gibbon v14.0.01 - Frame Injection Vulnerabilities Advisory ID: RO-18-012 Severity:...
📄 Moodle 4.x PHP Code Injection
This proof of concept demonstrates a code injection vulnerability in Moodle versions 4.x. ============================================================================================================================================= | Title : Moodle 4.x PHP Code Injection Vulnerability | | Author ...
📄 WordPress Hustle 7.8.4 Credential Disclosure Scanner
WordPress Hustle plugin credential disclosure security scanner that detects the installed plugin version, verifies whether it falls within known vulnerable releases 7.8.0–7.8.3, and scans for sensitive files containing hardcoded HubSpot credentials. The tool also fetches the latest official plugi...
📄 Monsta FTP 2.11 Remote File Injection
This Metasploit module exploits a vulnerability in Monsta FTP version 2.11 and enables remote file injection by creating a malicious FTP server. The application builds this server to upload a malicious PHP file reverse shell. After the file is uploaded, the module immediately verifies the...
📄 Oracle E-Business Suite 12.2.3 Request Smuggling
This script is a refined proof of concept targeting Oracle E‑Business Suite EBS vulnerability CVE‑2025‑61882. It corrects logical flaws in request smuggling payload construction, particularly around request termination and CRLF preservation, ensuring reliable proxy/backend desynchronization. The...
📄 Advantech IoTSuite / IoT Edge SQL Injection
A critical unauthenticated SQL injection vulnerability was identified in Advantech WISE-IoTSuite / SaaS Composer. The issue resides in the /displays/filename.json endpoint, where the filename parameter is improperly sanitized before being concatenated into a backend PostgreSQL query. An attacker...
📄 Next.js 13.5.9 Middleware Bypass Scanner
This is an authorization bypass scanner for Next.js versions 13.5.9 and below. A vulnerability exists in the Next.js middleware handling mechanism, where requests containing the "x-middleware-subrequest" header are processed differently compared to normal requests...
📄 Microsoft Windows 11 build 10.0.27898.1000 Local Privilege Escalation
Proof of concept exploit designed to test a potential local privilege escalation vulnerability in Windows, specifically targeting a feature called AiRegistrySync. It checks if modifications made by a standard user in their own Registry profile can be automatically synchronized propagated into the...
📄 n8n 2.0.0-rc.4 Remote Command Execution
n8n version 2.0.0-rc.4 PHP port of a research exploit that chains together multiple vulnerabilities including arbitrary file read and sandbox escape in order to achieve remote command execution...
📄 MyPRO Manager 1.2 Command Injection
MyPRO Manager versions 1.2 and below suffer from an unauthenticated command injection vulnerability. ============================================================================================================================================= | Title : MyPRO Manager 1.2 php code injection | |...
📄 LibreChat MCP 0.8.2-rc2 Remote Code Execution
This proof of concept exploit targets the LibreChat MCP remote code execution vulnerability known as CVE-2026-22252. It provides a comprehensive and professional framework for detecting, testing, and exploiting the vulnerability with multiple extraction modes...
📄 libarchive RAR Double Free / Use-After-Free
This proof of concept demonstrates a memory management flaw in libarchive versions prior to 3.8.0 when handling malformed RAR headers. By supplying a corrupted RAR structure, the code forces error paths during archive parsing, leading to improper cleanup. As a result, the archive object may be...