50738 matches found
📄 Samsung MP3 Decoder Out-Of-Bounds Read
Proof of concept exploit for a Samsung MP3 Decoder smp123djointstereov1 out-of-bounds read enabling potential ASLR bypass. ============================================================================================================================================= | Title : Samsung MP3 Decoder...
📄 jsonpath 1.1.1 Prototype Pollution
Proof of concept exploit for a prototype pollution vulnerability in jsonpath version 1.1.1, where unsafe writes to $.constructor.prototype allows attackers to inject arbitrary properties and functions into Object.prototype. By abusing jsonpath.value, an attacker can globally modify object...
📄 Oracle Access Manager 12.2.1.4.0 Insecure Deserialization
Proof of concept exploit for an unauthenticated Java deserialization vulnerability in the OpenSSO Agent component of Oracle Access Manager that allows remote attackers to execute arbitrary commands without authentication. The vulnerability exists in the session handling mechanism of the OpenSSO...
📄 Palo Alto Networks PAN-OS 11.2 PHP Code Injection
Palo Alto Networks PAN-OS version 11.2 proof of concept remote command execution exploit that also leverages an authentication bypass vulnerability. ============================================================================================================================================= | Titl...
📄 yuan1994 tpadmin Shell Upload
yuan1994 tpadmin versions up to 1.3.12 suffers from a remote shell upload vulnerability. tpadmin-CVE-2026-2113-poc A proof-of-concept exploiting a Remote Code Execution with web server privileges via Arbitrary File Upload. Vulnerability Description A critical Remote Code Execution vulnerability...
📄 crypto/x509 TLS Certificate Parsing
This Go program demonstrates a theoretical denial of service risk associated with handling unusually large X.509 certificates in TLS connections. It programmatically generates a self-signed certificate containing a very large number of Subject Alternative Names SANs and configures an HTTP client ...
📄 openSIS Classic 9.2 Path Traversal
openSIS Classic version 9.2 suffers from a path traversal vulnerability that allows for local file inclusion. ============================================================================================================================================= | Title : openSIS Classic v 9.2 Path Traversa...
📄 Ivanti Endpoint Manager Mobile (EPMM) Unauthenticated Remote Code Execution
This Metasploit module exploits a OS command injection issue in Ivanti Endpoint Manager Mobile EPMM, formerly known as MobileIron. A remote attacker can achieve unauthenticated RCE with root privileges on an affected device. This module requires Metasploit: https://metasploit.com/download Current...
📄 Samsung QuramDng Embedded DNG Out-Of-Bounds Read / Write
This proof of concept demonstrates an out-of-bounds read / write vulnerability in Samsung's QuramDng image parser, affecting Galaxy S22–S25 devices running One UI 6+. By crafting a malformed DNG that abuses the OpcodeList1 specifically the FixBadPixelsList opcode and embedding it inside a JPEG...
📄 Samsung QuramDNG Type Confusion Detector Vulnerability Scanner
This C++ scanner analyzes DNG Digital Negative files for the CVE-2025-58478 type confusion vulnerability in the libimagecodec.quram.so library used on Samsung devices...
📄 Samsung Quram DNG Advanced Remote Code Execution
This proof of concept uses an advanced exploitation technique that allows a remote attacker to execute arbitrary code on a target device by carefully controlling and manipulating memory in the target application or library. This technique is particularly used against memory-sensitive libraries li...
📄 NFR Agent 1.0.4.2 Arbitrary File Delete
The code exploits a vulnerability in the Novell File Reporter Agent versions 1.0.4.2 and below, which allows an attacker to remotely delete any file on the targeted system...
📄 Microsoft Windows 11 Pro 23H2 Kernel IOCTL Access Control
This Metasploit module exploits an insufficient access control vulnerability in the Windows Kernel through exposed IOCTL handlers. The vulnerability allows non-privileged users to access kernel-level functionality leading to privilege escalation...
📄 Samsung Quram DNG Heap Corruption
Samsung devices utilize Quram's DNG decoder. A malformed ScalePerColumn opcode with oversized areaSpec and extreme pitches leads to arithmetic overflow in the per-column scaling loop. After allocation miscalculation, subsequent writes corrupt heap structures. Carefully crafted payloads enable...
📄 Next.js 15 Remote Code Execution
A PHP-based proof of concept implementation demonstrating the critical remote code execution vulnerability in React Server Components RSC Flight protocol, affecting React and Next.js applications...
📄 Samsung Quram DNG TrimBounds Out-Of-Bounds Read
A vulnerability exists in the image decoding logic of Quram DNG parser within libimagecodec.quram.so. The flawed bounds validation in handling TrimBounds opcode triggers out-of-bounds reads on heap-allocated image buffers. This issue allows remote attackers to craft a malicious DNG payload, embed...
📄 Samsung QuramDng Warp Out-Of-Bounds Read
This python proof of concept demonstrates an out-of-bounds read vulnerability in Samsung's QuramDng image processing library, triggered via a specially crafted DNG Digital Negative file. The script programmatically builds a minimal but valid DNG file containing a malformed WarpRectilinear opcode,...
📄 Samsung Quram DNG Remote Code Execution
A vulnerability exists in Samsung's image decoding library libimagecodec.quram.so responsible for parsing Digital Negatives DNG. A malformed DNG containing oversized IFD entries can cause heap corruption. With precise heap grooming, this condition may lead to remote code execution when the...
📄 Novell GroupWise 2012 Traversal / Shell Upload
This code exploits the directory traversal vulnerability in Novell GroupWise 2012 before Support Pack 1 to steal files, and attempts to upload a web shell payload if possible, making it an effective penetration testing tool...
📄 Roundcube Webmail SVG Tracking
Roundcube's HTML sanitizer doesn't treat SVG feImage href as an image source. Attackers can bypass remote image blocking to track email opens. Roundcube Webmail , , and , but not on . Its href went through the wrong code path and got allowed through. Attackers could track email opens even when...
📄 Online Admission Software 2.6 SQL Injection
Online Admission Software version 2.6 suffers from a remote SQL injection vulnerability. ============================================================================================================================================= | Title : Online Admission Software 2.6 SQL injection Vulnerabilit...
📄 Next.js 15.2.3 Middleware Authorization Bypass
This Python script checks whether a website built with Next.js is vulnerable to CVE‑2025‑29927, a middleware authorization bypass flaw triggered by the request header:x-middleware-subrequest...
📄 WordPress SureTriggers 1.0.78 Authentication Bypass
WordPress SureTriggers plugin versions 1.0.78 and below expose an unauthenticated REST endpoint that allows construction of a user creation payload. This proof of concept demonstrates structure and logic only. No admin account is created, no plugin uploaded...
📄 WordPress StoreKeeper for WooCommerce 14.4.4 Shell Upload
A critical security vulnerability exists in the StoreKeeper for WooCommerce WordPress plugin that allows unauthenticated attackers to upload arbitrary files, including PHP web shells, leading to complete system compromise. Version 14.4.4 is affected...
📄 WordPress Royal Elementor Addons 1.3.78 Shell Upload
WordPress Royal Elementor Addons plugin version 1.3.78 remote shell upload proof of concept exploit. ============================================================================================================================================= | Title : WordPress Royal Elementor Addons 1.3.78 RCE ...
📄 MikroTik RouterOS WinBox 3.41 Username Enumeration
Proof of concept exploit for MikroTik RouterOS WinBox version 3.41 that demonstrates a username enumeration vulnerability. ============================================================================================================================================= | Title : MikroTik RouterOS WinB...
📄 Xiongmai XM530 ONVIF / RTSP Security Scanner
This project is a unified PHP-based security scanner designed to identify critical vulnerabilities in IP cameras, with a primary focus on ONVIF authentication bypass CVE-2025-65856 and unauthenticated RTSP stream exposure. The tool provides a single-file web interface that allows scanning a singl...
📄 WordPress Wux Blog Editor 3.0.0 Vulnerability Scanner
This Metasploit auxiliary module scans WordPress sites for the External Post Editor plugin and checks for the unauthenticated file upload vulnerability that exists in version 3.0.0...
📄 WordPress User Registration and Membership 4.1.2 Authentication Bypass
Proof of concept exploit for WordPress User Registration and Membership plugin versions 4.1.2 and below. These versions contain a critical authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access to user accounts, including administrative privileges, b...
📄 XWiki 16.4.0 Remote Code Execution
Proof of concept exploit for a critical template injection vulnerability in XWiki Platform that allows unauthenticated remote code execution. The vulnerability affects XWiki versions 5.3-milestone-2 to 15.10.10 and 16.0.0-rc-1 to 16.4.0, potentially impacting thousands of enterprise wiki...
📄 WordPress WOOCOMMERCE Designer Pro 1.9.26 Shell Upload
WordPress WOOCOMMERCE Designer Pro plugin version 1.9.26 proof of concept remote shell upload exploit. ============================================================================================================================================= | Title : WordPress WOOCOMMERCE Designer Pro 1.9.26...
📄 WordPress WP Rocket 2.10.3 LFI Vulnerability Scanner
WordPress WP Rocket plugin versions prior to 2.10.4 local file inclusion vulnerability scanning tool. ============================================================================================================================================= | Title : WordPress WP Rocket 2.10.3 LFI Vulnerabilit...
📄 WordPress Tatsu 3.3.11 Shell Upload
WordPress Tatsu plugin version 3.3.11 proof of concept unauthenticated remote shell upload exploit. ============================================================================================================================================= | Title : WordPress Tatsu 3.3.11 Plugin Unauthenticated...
📄 WordPress TNC Toolbox 1.4.2 Information Disclosure
WordPress TNC Toolbox plugin versions 1.4.2 and below sensitive information disclosure proof of concept exploit. ============================================================================================================================================= | Title : WordPress TNC Toolbox = 1.4.2...
📄 Xhibiter NFT Marketplace 1.10.2 SQL Injection
Xhibiter NFT Marketplace versions 1.10.2 and below suffer from a time-based remote blind SQL injection vulnerability in the id parameter of the /collections endpoint...
📄 Novell GroupWise 8.0 Traversal / Code Injection
Proof of concept exploit for an older vulnerability from 2012 that looks for a directory traversal vulnerability in Novell GroupWise version 8.0 before Support Pack 3 and attempts to upload a webshell if possible...
📄 Redis 8.0.2 Remote Code Execution
Redis versions from 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, suffer from a heap out of bounds write that can be leverage for remote code execution. Exploit Title: Redis RCE Date: 2025-10-07 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://redis.io/ Software Link:...
📄 Next.js 14.2.25 Middleware Subrequest Bypass
A vulnerability exists in the Next.js middleware handling mechanism, where requests containing the "x-middleware-subrequest" header are processed differently compared to normal requests, potentially allowing attackers to bypass authentication...
📄 Microsoft Windows 10 / 11 NTLM Hash Disclosure Spoofing
Microsoft Windows 10 / 11 proof of concept exploit that generates a .library-ms XML file pointing to a network share UNC. When opened/imported on Windows, the library points to the specified UNC path. Exploit Title: windows 10/11 - NTLM Hash Disclosure Spoofing Date: 2025-10-06 Exploit Author:...
📄 MySCADA MyPRO Manager 1.2 PHP Code Injection
MySCADA MyPRO Manager version 1.2 suffers from a code injection vulnerability. ============================================================================================================================================= | Title : MySCADA MyPRO Manager 1.2 PHP Code Injection Vulnerability | |...
📄 Node.js 25.x Permission Model Sandbox Bypass / Path Traversal
This Metasploit module validates a sandbox escape weakness in the Node.js permission model that allows restricted file access bypass through symlink-based path traversal. When Node.js is executed with the --permission flag and limited filesystem read/write paths, the permission checks rely on...
📄 NFR Agent 1.0.1 Arbitrary File Delete
Proof of concept exploit for an arbitrary file deletion vulnerability from 2011 in NFR Agent version 1.0.1. ============================================================================================================================================= | Title : NFR Agent 1.0.1 Arbitrary File Delete...
📄 Online Grievance Redressal Software 2.6 SQL Injection
Online Grievance Redressal Software version 2.6 suffers from a remote SQL injection vulnerability. ============================================================================================================================================= | Title : Online Grievance Redressal Software 2.6 SQL...
📄 aiohttp 3.9.1 Directory Traversal
Proof of concept exploit for a directory traversal vulnerability in aiohttp version 3.9.1. Exploit Title: Python aiohttp directory traversal PoC CVE-2024-23334 Google Dork: N/A Date: 2025-10-06 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.aiohttp.org / https://www.python.or...
📄 OctoPrint 1.11.2 Remote Code Execution
OctoPrint versions 1.11.2 and below suffer from a remote code execution vulnerability via a malformed filename being used in an authenticated file upload. Exploit Title: OctoPrint 1.11.2 - File Upload Date: 2025-09-28 Exploit Author: prabhatverma.addada Vendor Homepage: https://octoprint.org...
📄 Casdoor 2.284.0 / 2.285.0 Cross Site Request Forgery
Casdoor versions 2.284.0 and 2.285.0 suffer a cross site request forgery vulnerability that was originally discovered in an earlier version but has not been addressed. Related CVE number: CVE-2023-34927. Exploit Title: Casdoor v2.284.0 2026-02-03 & v2.285.0 2026-02-03 - Cross-Site Request Forgery...
📄 Online Vehicle Service Management System 1.0 Add Administrator
Proof of concept add administrator exploit for Online Vehicle Service Management System version 1.0 that leverages a missing authentication vulnerability. ============================================================================================================================================= ...
📄 Nexus Repository Manager 3.53.0-01 File Disclosure / Traversal
A critical path traversal vulnerability exists in Sonatype Nexus Repository Manager 3 that allows unauthenticated attackers to read arbitrary files from the server filesystem through crafted URL paths. This is a proof of concept for an issue discovered in 2024...
📄 Piranha CMS 12.0 Cross Site Scripting
Piranha CMS version 12.0 suffers from a cross site scripting vulnerability. Exploit Title: Piranha CMS 12.0 - Stored Cross Site Scripting Date: 2025-09-26 Exploit Author: Chidubem Chukwu Terminal Venom LinkedIn : https://www.linkedin.com/in/chidubem-chukwu-20bb202a9? Vendor Homepage:...
📄 RPi-Jukebox-RFID 2.8.0 Cross Site Scripting
RPi-Jukebox-RFID version 2.8.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: RPi-Jukebox-RFID 2.8.0 - Stored XSS CVE-2025-10370 Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://github.com/MiczFlor/RPi-Jukebox-RFID Software Link:...