50630 matches found
📄 Zabbix Agent Binaries 7.4 OpenSSL Path Scanner
This tool performs static analysis on Zabbix Agent binaries to identify hardcoded OpenSSL paths such as OPENSSLDIR, ENGINESDIR, and MODULESDIR. It leverages strings and radare2 to extract embedded configuration paths, OpenSSL version information, and indicators of dynamic engine or module loading...
📄 OpenSSL 3.x ASN.1 AES‑GCM Nonce Stack Corruption
This Metasploit auxiliary module generates a specially crafted CMS file encoded in DER format to test a stack-based buffer overflow vulnerability in OpenSSL's ASN.1 parser related to improper handling of oversized AES-GCM nonce IV values within AES-GCM-Parameters as defined in RFC 5084. The...
📄 macOS 10.13.4 (17E199) fgetattrlist Heap Overflow
Proof of concept Metasploit module that exploits a macOS version 10.13.4 heap overflow vulnerability. A kernel heap overflow exists in fgetattrlist due to missing lower-bound buffer size validation when writing returned attributes to caller-supplied memory...
📄 Samsung libimagecodec.quram.so Buffer Overflow / Denial of Service
This proof of concept demonstrates a denial of service vulnerability in Samsung's libimagecodec.quram.so JPEG decoder. By crafting a structurally valid JPEG file with maliciously large image dimensions height 65535, width 2862 in the SOF0 marker, the decoder performs unsafe size calculations duri...
📄 Alicorn Circa 2004 SQL Injection / Command Injection / XSS
This document articulates an overview of remote SQL injection, command injection, and cross site scripting vulnerabilities found in the Alicorn version from 2004...
📄 MaNGOSWeb 4.0.6 SQL Injection
MaNGOSWeb version 4.0.6 remote SQL injection proof of concept exploit. ============================================================================================================================================= | Title : MaNGOSWeb V4 4.0.6 Sql Injection | | Author : indoushka | | Tested on :...
📄 LibreChat MCP 0.8.2-rc2 Remote Code Execution
Proof of concept exploit for a remote code execution vulnerability in LibreChat MCP version 0.8.2-rc2 that leverages an unsanitized stdio server configuration issue...
📄 FreePBX Endpoint SQL Injection / Remote Code Execution
FreePBX is an open-source IP PBX management tool that provides a modern phone system for businesses that use VoIP to make and receive phone calls. Versions before 16.0.44 and 17.0.23 are vulnerable to CVE-2025-66039, while versions before 16.0.92 and 17.0.6 are vulnerable to CVE-2025-61675. The...
📄 Zimbra Collaboration Suite Postjournal 10.0.x Remote Code Execution
A critical vulnerability exists in the Zimbra Collaboration Suite ZCS PostJournal service that allows attackers to execute arbitrary system commands without authentication. The vulnerability is triggered through SMTP injection using a malicious RCPT TO parameter. This exploit provides full remote...
📄 Papermark 0.20.0 Path Traversal
Papermark version 0.20.0 suffers from an authenticated path traversal vulnerability. // Exploit Title: Papermark 0.20.0 - Path Traversal Authenticated // Date: 2026-01-28 // Exploit Author: Eui Chul Chung // Vendor Homepage: https://www.papermark.com/ // Software Link:...
📄 GNU Inetutils 2.7 Telnet Authentication Bypass Scanner
GNU Inetutils version 2.7 telnet authentication bypass scanner that leverages a crafted USER value. This vulnerability is tracked as CVE-2026-24061 and is conceptually related to historical Telnet NEW-ENVIRON issues such as CVE-1999-0192, but affects modern GNU Inetutils implementations...
📄 Django Summernote 0.8.20.0 Unrestricted File Upload Scanner
This Metasploit Auxiliary Scanner module detects unrestricted file upload vulnerabilities in django-summernote. It targets misconfigurations where image validation depends on the Pillow library and allows non-image files to be uploaded when Pillow is missing. The module safely scans common upload...
📄 FreePBX Firmware Shell Upload
FreePBX versions prior to 16.0.44,16.0.92 and 17.0.6,17.0.23 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61678, in the context of this Metasploit module. The versions before 16.0.44 and 17.0.23 are vulnerable to CVE-2025-66039, while versions before 16.0.92 and 17.0....
📄 AVideo 14.3.1 Cross Site Scripting
AVideo version 14.3.1 suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : AVideo 14.3.1 XSS vulnerability | | Author : indoushka | | Tested on :...
📄 FreeBSD 15.x rtsold DNSSL Command Injection
This Metasploit module targets a command injection vulnerability in the FreeBSD rtsold daemon related to the handling of DNSSL DNS Search List options in IPv6 Router Advertisements. Due to improper validation of domain names, attacker-controlled DNSSL values can inject shell commands via $...
📄 Qualcomm CVP Kernel Pointer Leak
The Qualcomm CVP driver exposes kernel pointers to userland by returning a hashed session ID derived from a kernel pointer using hash32ptr. This function is not a cryptographic hash but a reversible fold that XORs the upper and lower 32 bits of the pointer. Due to predictable ARM64 kernel virtual...
📄 PLY 3.11 Arbitrary Code Execution
An undocumented and unsafe feature in the PyPI‑distributed version of PLY version 3.11 allows arbitrary code execution when the yacc function is invoked with the picklefile parameter. 🚨 Undocumented Remote Code Execution in PLY CVE‑2025‑56005 CVE ID: CVE‑2025‑56005 Reported by: Ahmed Abd Disclosu...
📄 Ivanti Connect Secure 9.x / 22.x Command Injection
The provided PHP script targets CVE‑2024‑21887, a command injection vulnerability in Ivanti Connect Secure versions 9.x and 22.x It is designed to identify and exploit vulnerable systems through a crafted API request. It initializes a reusable cURL session to send malicious JSON payloads to a...
📄 MCPJam 1.4.2 Command Injection
This Metasploit exploit module targets the MCP Model Context Protocol server, specifically exploiting a command injection vulnerability in the /api/mcp/connect endpoint. The vulnerability allows unauthorized remote command execution by sending crafted JSON payloads that are executed by the server...
📄 macOS 10.13.4 (17E199) fgetattrlist Heap Overflow
CVE-2018-4243 is a critical kernel heap overflow vulnerability in macOS and iOS affecting the fgetattrlist system call. The vulnerability allows local attackers to trigger kernel heap corruption, potentially leading to kernel panic, privilege escalation, or arbitrary code execution. This particul...
📄 MaNGOSWeb 4.0.6 Host Header Injection / XML Injection
MaNGOSWeb version 4.0.6 host header proof of concept exploit that a code injection vulnerability. It shows that it can be leveraged for more than cross site scripting and can be used to perform XML external entity injection leading to a file write that can assist in remote code execution...
📄 Lighttpd 1.4.66 FastCGI Resource Exhaustion
Proof of concept exploit for a resource exhaustion vulnerability that exists in lighttpd versions 1.4.56 through 1.4.66 affecting FastCGI and other gateway backends. When processing HTTP/1.1 requests using chunked transfer encoding with request-body streaming enabled, an anomalous client disconne...
📄 MikroTik RouterOS 6.40.10 Denial of Service
This exploit targets a vulnerability in the MikroTik RouterOS SMB service, allowing remote attackers to crash the SMB process and render services unavailable. Specially crafted SMB packets trigger an abnormal condition, leading to a denial of service, requiring manual restart or reboot of the...
📄 MinIO RELEASE.2023-03-20T20-16-18Z Vulnerability Scanner
This PHP script is a command-line vulnerability scanner designed to detect CVE-2023-28432 in MinIO servers. The vulnerability allows unauthenticated access to sensitive environment variables through the /minio/bootstrap/v1/verify endpoint...
📄 GNU Inetutils 2.7 telnet Privilege Escalation
Although Packet Storm has multiple exploits relating to this issue, this advisory keeps the details on the GNU Inetutils 2.7 telnetd privilege escalation vulnerability quite simple. Titles: Telnet Argument Injection Privilege Escalation - RCE Author: nu11secur1ty Date: 1/24/2026 Vendor:...
📄 Magento Adobe Commerce 2.4.6-p5 Arbitrary File Read
Magento Adobe Commerce version 2.4.6-p5 arbitrary file read proof of concept exploit. ============================================================================================================================================= | Title : Magento Adobe Commerce 2.4.6-p5 arbitrary file read...
📄 macOS 10.13.6 Reference Leak
This is a proof of concept for an older flaw that targets macOS 10.13.6. A flaw in the MIG ownership model within the ioserviceaddnotificationool routine of IOKit allows a malicious user to leak Mach port send-right references. By repeatedly invoking notifications with malformed matching data, MI...
📄 ManageEngine DeviceExpert 5.6 Traversal / Code Execution
Proof of concept exploit for ManageEngine DeviceExpert version 5.6 that injects PHP code into a user agent and uses a path traversal vulnerability to execute code...
📄 macOS Sierra 10.12 Build 16A323 Double-Free / Privilege Escalation
macOS Sierra version 10.12 Build 16.A323 local privilege escalation proof of concept exploit. A flaw in the MIG ownership model within the ioserviceaddnotificationool routine of IOKit allows a malicious user to leak Mach port send-right references. By repeatedly invoking notifications with...
📄 Ivanti 11.10 MobileIron Vulnerability Scanner
This PHP-based scanner detects unauthenticated access vulnerabilities in Ivanti EPMM / MobileIron products. The issue allows attackers to retrieve sensitive user information via exposed API endpoints. Version 11.10 is affected...
📄 AVideo 14.3.1 notify.ffmpeg.json.php Remote Code Execution
AVideo version 14.3.1 unauthenticated remote code execution exploit that leverages notify.ffmpeg.json.php. ============================================================================================================================================= | Title : AVideo 14.3.1 via notify.ffmpeg.json.p...
📄 Magento 2 / Adobe Commerce 2.4.x SessionReaper
This PHP script is a proof of concept exploit targeting Magento for CVE‑2025‑54236, commonly referred to as SessionReaper. It is a PHP port of an original Metasploit module and is designed for security testing...
📄 WordPress SureForms 2.2.0 Cross Site Scripting
WordPress SureForms plugin versions 2.2.0 and below suffer from a persistent cross site scripting vulnerability. CVE-2025-14855: SureForms WordPress Plugin Stored XSS Proof of Concept - Target: WordPress Plugin "SureForms" - Plugin Wordpress: https://wordpress.org/plugins/sureforms/ - Vulnerabili...
📄 Juniper JunOS 23.4 Module Scanner / Exploitation Framework
This PHP script is a modular scanner and exploitation framework targeting Juniper JunOS CVE‑2023‑36846, an arbitrary file upload vulnerability due to missing authentication.. It is designed with a clear separation of responsibilities and supports single‑target testing, interactive exploitation, a...
📄 Siklu EtherHaul EH-8010 / EH-1200 Vulnerability Scanner
This PHP-based scanner safely detects an unauthenticated remote command execution vulnerability in Siklu EtherHaul EH-8010 and EH-1200 devices by sending a non-destructive encrypted probe command and validating the response. The scanner does not alter device state and is suitable for large-scale...
📄 Apache bRPC 1.14.0 Command Injection
Apache bRPC versions 1.14.0 and below proof of concept command injection exploit that leverages exposed pprof endpoints. ============================================================================================================================================= | Title : Apache bRPC = 1.14.0...
📄 RPi-Jukebox-RFID 2.8.0 Command Injection
RPi-Jukebox-RFID version 2.8.0 proof of concept command injection exploit that leverages /phoniebox/api/playlist/shuffle.php. ============================================================================================================================================= | Title : RPi-Jukebox-RFID...
📄 Lingdang CRM 8.6.4.7 SQL Injection
Lingdang CRM versions 8.6.4.7 and below remote time-based blind SQL injection proof of concept exploit. ============================================================================================================================================= | Title : Lingdang CRM = 8.6.4.7 - Time-Based Blind...
📄 NodeJS 24.x Path Traversal
NodeJS version 24.x precise windows path traversal proof of concept exploit that leverages reserved device names. ============================================================================================================================================= | Title : NodeJS 24.x Precise Windows Pat...
📄 OpenKM Community Edition 6.3.10 Code Execution / LFI / SQL Injection
OpenKM Community Edition version 6.3.10 proof of concept Metasploit module that exploits local file inclusion, remote code execution, and SQL injection vulnerabilities...
📄 Lighttpd 1.4.66 Resource Leak Denial of Service
Lighttpd versions 1.4.56 through 1.4.66 has a resource exhaustion vulnerability affecting gateway backends such as FastCGI. When handling an HTTP/1.1 request with chunked transfer encoding and request-body streaming enabled, lighttpd mishandles an anomalous client disconnect RDHUP / half-closed T...
📄 AVideo 18.0 Cross Site Scripting
AVideo version 18.0 suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : AVideo 18.0 XSS vulnerability | | Author : indoushka | | Tested on : windo...
📄 ZITADEL 4.7.0 Server-Side Request Forgery
This is a ZITADEL version 4.7.0 server-side request forgery proof of concept exploit written in PHP. ============================================================================================================================================= | Title : ZITADEL 4.7.0 SSRF Exploit - PHP Version | |...
📄 macOS 10.13.4 Heap Overflow
Proof of concept exploit for an old macOS version 10.13.4 heap overflow vulnerability. A kernel heap overflow exists in fgetattrlist due to missing lower-bound buffer size validation when writing returned attributes to caller-supplied memory. When triggered it causes a kernel panic...
📄 Cacti Graph Template Authenticated Remote Code Execution
This Metasploit module exploits an authenticated remote code execution vulnerability in Cacti versions prior to 1.2.29. Authenticated users can upload a graph template through the /graphtemplates.php endpoint. The rightaxislabel parameter is vulnerable to code injection, allowing attackers to...
📄 Soosyze CMS 2.0 Brute Forcer
Soosyze CMS version 2.0 authentication brute forcing tool that leverages an absence of rate limiting on the /user/login endpoint. ============================================================================================================================================= | Title : Soosyze CMS 2.0...
📄 SmarterTools SmarterMail GUID File Upload
This Metasploit module exploits a pre-authentication remote code execution vulnerability in SmarterTools SmarterMail before version 100.0.9413. The endpoint /api/upload fails to sanitize the contextData POST parameter which can contain JSON data with a "guid" key that allows directory traversal. ...
📄 HEUR.Backdoor.Win32.Poison.gen DLL Hijacking
This code implements an advanced WININET.dll proxy via DLL hijacking that is designed as a defensive countermeasure against malware such as HEUR.Backdoor.Win32.Poison.gen. The malware family Poison loads a 32‑bit WININET.dll from its current directory, which enables execution flow hijacking MITRE...
📄 Oracle E-Business Suite CVE-2025-61882 Remote Code Execution
This Metasploit module exploits CVE-2025-61882 in Oracle E-Business Suite by combining server-side request forgery, path traversal, HTTP request smuggling, and XSLT injection. The exploit hosts a malicious XSL file that the target will fetch and process, leading to remote code execution. This...
📄 libxml2 2.9.14 Remote Code Execution
libxml2 version 2.9.14 2022 proof of concept exploit for a heap buffer overflow in the xmlRegEpxFromParse function in xmlregexp.c. This version from the author is in the form of a Metasploit module...