📄 NFTBox NFT Marketplace Solution Private Key Disclosure

NFTBox NFT Marketplace Solution as of 2026/01/22 embeds a private crypto key in the wallet.js file. Exploit Title: NFTBox - NFT Marketplace Solution - Hardcoded Private Key Disclosure Date: 2026-01-21 Exploit Author: Sohel Yousef -- https://www.linkedin.com/in/sohel-yousef-50a905189/ Vendor...

📄 Malwarebytes Anti-Malware 2.x Privilege Escalation

This advisory hosts useful analysis of older research from 2016, when Google's Project Zero discovered multiple security issues in MalwareBytes Anti-Malware version 2.x. The software suffered from a combination of security flaws that allowed attackers to remotely tamper with...

📄 macOS 10.12.2 XNU Kernel Race Condition

This proof of concept code demonstrates a race condition observed in the setdpcontrolport function within XNU kernel versions prior to macOS 10.12.2 and iOS 10.2...

📄 Magento Adobe Commerce 2.4.5-p7 Arbitrary File Read

Magento Adobe Commerce version 2.4.5-p7 suffers from an arbitrary file read vulnerability. ============================================================================================================================================= | Title : Magento Adobe Commerce 2.4.5-p7 arbitrary file read...

📄 Metasploit Web Delivery PHP Proof of Concept

This project presents an advanced proof of concept that emulates the behavior of Metasploit's multi/script/webdelivery module using PHP. The goal is to demonstrate how script-based payload delivery works in a modular and extensible way, without relying directly on Metasploit. The script launches ...

📄 Mobile Mouse 3.6.0.4 Remote Code Execution

Mobile Mouse version 3.6.0.4 remote code execution proof of concept exploit written in php that takes advantage of an older flaw from 2022. ============================================================================================================================================= | Title : Mobil...

📄 Backdrop CMS 1.29.2 CSRF / XSS / Privilege Escalation

Proof of concept exploit that demonstrates how Backdrop CMS version 1.29.2 suffers from cross site request forgery, persistent cross site scripting, and privilege escalation vulnerabilities...

📄 Splunk Enterprise 9.1.5 / 9.2.2 Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise splunkarchiver application. The flaw is rooted in the unsafe use of a Splunk lookup function. The affected versions include any release prior to 9.0.10, as well as versions 9.1.2 through 9.1.5 and 9.2.0...

📄 Splunk Enterprise 8.2.9 / 9.0.2 Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise. An attacker can inject arbitrary Python code into style parameters, such as the fillColor or lineColor of a sparkline element within a Splunk SimpleXML dashboard. The malicious code is executed when a user...

📄 Cisco ISE 3.4 Code Execution / Privilege Escalation / Shell Upload

An unauthenticated file upload vulnerability was identified in the administrative file upload endpoint of Cisco ISE version 3.4 patch 1. The application accepts ZIP archives without authentication and extracts files into sensitive execution paths. An attacker can craft a ZIP archive containing a...

📄 RPi-Jukebox-RFID 2.8.0 Remote Code Execution

RPi-Jukebox-RFID version 2.8.0 proof of concept exploit that demonstrates an OS command injection vulnerability in the shuffle.php API endpoint. The vulnerable parameter playlist is passed directly to a shell command without sanitization, allowing an attacker to execute arbitrary system commands...

📄 Siklu EtherHaul Series EH-8010 / EH-1200 Arbitrary File Upload

Siklu EtherHaul Series EH-8010 and EH-1200 with firmware versions between 7.4.0 and 10.7.3 suffer from an unauthenticated arbitrary file upload vulnerability. Exploit Title: Siklu EtherHaul Series - Unauthenticated Arbitrary File Upload Shodan Dork: "EH-8010" or "EH-1200" Date: 2025-08-02 Exploit...

📄 Siklu EtherHaul Series EH-8010 / EH-1200 Remote Command Execution

Siklu EtherHaul Series EH-8010 and EH-1200 with firmware versions between 7.4.0 and 10.7.3 suffer from a remote command execution vulnerability. Exploit Title:Siklu EtherHaul Series EH-8010 - Remote Command Execution Shodan Dork: "EH-8010" or "EH-1200" Date: 2025-08-02 Exploit Author: semaja2 -...

📄 Chamillo LMS 1.11.2 Missing Cache Header

Chamillo LMS version 1.11.2 is missing a cache header that leads to information disclosure. CVE-2025-69581 An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing...

📄 ahu.mlsp.government.bg Cross Site Scripting

ahu.mlsp.government.bg suffers from a cross site scripting issue. The researcher has waited over a year after reporting this to make public, so hopefully this will encourage them to fix it. Titles: ahu.mlsp.government.bg-XSS-Reflected-CRITICAL Cross-site scripting reflected Author: nu11secur1ty...

📄 Abacre Retail Point of Sale 14.0.0.396 Cross Site Scripting

Abacre Retail Point of Sale version 14.0.0.396 suffers from a persistent cross site scripting vulnerability. CVE-2025-67263 - Stored cross-site scripting XSS in Abacre Retail Point of Sale 14.0.0.396 Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting XSS...

📄 Abacre Retail Point of Sale 14.0.0.396 SQL Injection

Abacre Retail Point of Sale version 14.0.0.396 suffers from a remote blind SQL injection vulnerability. CVE-2025-67261 - Content-based blind SQL injection on Abacre Retail Point of Sale 14.0.0.396 Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The...

📄 AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the AVideos notify.ffmpeg.json.php endpoint. The vulnerability stems from a critical cryptographic weakness in the salt generation mechanism combined with information disclosure vulnerabilities that allow an...

📄 Control Web Panel 0.9.8.1208 Remote Code Execution

Control Web Panel CWP versions less than or equal to 0.9.8.1208 are vulnerable to unauthenticated OS command injection. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be...

📄 n8n Workflow Expression Remote Code Execution

This Metasploit module exploits a critical remote code execution vulnerability CVE-2025-68613 in the n8n workflow automation platform. The vulnerability exists in the workflow expression evaluation system where user-supplied expressions enclosed in are evaluated in an execution context that is no...

📄 Web-Check Screenshot API Command Injection

This Metasploit module exploits a command injection vulnerability in Web-Check's /api/screenshot endpoint. The directChromiumScreenshot function uses childprocess.exec with unsanitized user input, allowing command injection via URL query parameters. The vulnerability was patched in commit...

📄 LibreChat MCP Remote Command Execution

LibreChat's Model Context Protocol MCP implementation contained a remote command execution vulnerability that allowed any authenticated user to execute commands as root on the Docker container. A single API request could trigger the exploit by taking advantage of the exposure of the stdio transpo...

📄 Eptura Archibus Directory Traversal

In Eptura Archibus versions before version 2025.01, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. Title: Eptura Archibus Directory Traversal Description: In Eptura Archibus versions before v2025.01, the "Run script" and "Serve...

📄 Hustle Plugin 7.8.3 Hardcoded Credentials

Hustle plugin versions 7.8.3 and below contain hardcoded HubSpot API credentials in inc/providers/hubspot/hustle-hubspot-api.php. CVE-2024-0368 Hustle Plugin = 7.8.3 contains hardcoded HubSpot API credentials in inc/providers/hubspot/hustle-hubspot-api.php Vulnerability Summary | Field | Value |...

📄 Prison Management System 1.0 Shell Upload

This Metasploit module exploits an unrestricted file upload vulnerability in Prison Management System version 1.0. An authenticated user can upload a PHP file with arbitrary content by abusing the avatar upload functionality in the add-admin.php endpoint. The application fails to properly validat...

📄 WordPress Chained Quiz 1.3.5 Insecure Direct Object Reference

WordPress Chained Quiz plugin versions 1.3.5 and below appear to suffer from an insecure direct object reference. The issue was partially patched in versions 1.3.4 and 1.3.5. Exploit Title: Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie Date: 19-12-2025 Exploit...

📄 FreeBSD rtsold 15.x Remote Code Execution

rtsold8 on FreeBSD processes IPv6 Router Advertisement DNSSL options without validating domain names for shell metacharacters. The decoded domains are passed to resolvconf8, a shell script that uses unquoted variable expansion, enabling command injection via substitution. Exploit Title: FreeBSD...

📄 mrrb.bg Cross Site Scripting

The site at mrrb.bg suffers from a cross site scripting issue. The researcher has waited over a year after reporting this to make public, so hopefully this will encourage them to fix it. Titles: mrrb.bg-APP - XSS-Reflected Author: nu11secur1ty Date: 01/06/2026 Vendor: mrrb.bg Software: mrrb.bg...

📄 Taiga Tribe_gig Authenticated Unserialize Remote Code Execution

This Metasploit module exploits an unserialization flaw by creating a userstory in a project. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class TaigaClientException 'Taiga tribegig authenticated unserialize remote...

📄 WordPress Quiz Maker 6.7.0.56 SQL Injection

WordPress Quiz Maker plugin versions 6.7.0.56 and below suffer from a remote SQL injection vulnerability. Exploit Title: WordPress Quiz Maker 6.7.0.56 - SQL Injection Date: 2025-12-16 Exploit Author: Rahul Sreenivasan Tr0j4n Vendor Homepage: https://ays-pro.com/wordpress/quiz-maker Software Link:...

📄 WordPress Branda 3.4.24 Privilege Escalation

The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...

📄 NanoMQ 0.24.6 Remote Buffer Overflow

A stack-based buffer overflow vulnerability exists in NanoMQ version 0.24.6, allowing remote attackers to cause a denial of service and potentially achieve remote code execution. The vulnerability requires admin privileges, but use of default credentials admin:public may be common, lowering the...

📄 Zimbra Collaboration 10.0 / 10.1 Local File Inclusion

This is a proof of concept exploiting a local file inclusion vulnerability existing in the Webmail Classic UI of Zimbra Collaboration ZCS versions 10.0 and 10.1. The issue is due to improper handling of user-supplied request parameters in the RestFilter servlet. zimbramail-CVE-2025-68645-poc A...

📄 FuguHub 8.1 RSA Private Key Disclosure

A web-accessible documentation file in FuguHub version 8.1 was found to contain an embedded RSA private key paired with an X.509 certificate. The affected file resides within an examples directory and is intended solely for demonstration purposes...

📄 Backdoor.Win32.Netbus.170 Blind Command Execution

This Metasploit module provides historical/educational exploitation of the Backdoor.Win32.Netbus.170 trojan, originally discovered in 1998. It represents a legacy proof-of-concept rather than a modern offensive security tool...

📄 Backdoor.Win32.Poison.jh Insecure File Permissions / Privilege Escalation

This python script demonstrates a local privilege escalation exploit targeting a vulnerability in the Backdoor.Win32.Poison.jh malware sample. The exploit leverages insecure file permissions created by the malware itself, allowing any local user to replace the malicious executable with arbitrary...

📄 Backdoor.Win32.Poison.jh Remote File Hijack

This code represents an educational Metasploit module concept that demonstrates how insecure file permissions created Backdoor.Win32.Poison.jh could be abused to achieve code execution. The scenario assumes that the malware drops an executable file inside a protected Windows directory SysWOW64 wi...

📄 Backdoor.Win32.ControlTotal.t Hardcoded-Password Backdoor

This tool was design to leverage a hardcoded password backdoor in Backdoor.Win32.ControlTotal.t to simulate communications with the malware. ============================================================================================================================================= | Title :...

📄 Netbus Backdoor 1.7 Remote Code Execution

Netbus Backdoor version 1.7 Metasploit module that leverages an insecure credential storage vulnerability that then performs command injection. ============================================================================================================================================= | Title :...

📄 HP ProCurve SNAC Domain Controller Shell Upload

This proof of concept exploits a PHP code injection vulnerability in the HP ProCurve SNAC Domain Controller. ============================================================================================================================================= | Title : HP ProCurve SNAC Domain Controller P...

📄 Varnish / Styx HTTP Request Smuggling

Proof of concept exploit that demonstrates an HTTP request smuggling vulnerability between Varnish and Styx / Nginx. ============================================================================================================================================= | Title : HTTP Request Smuggling TE.CL...

📄 Litespeed Cache 6.4.0.1 Privilege Escalation

WordPress Litespeed Cache plugin version 6.4.0.1 allows attackers to brute-force authentication hashes and create administrative users without any initial credentials...

📄 LINQPad 5.48.00 Insecure Deserialization

LINQPad versions up to 5.48.00 contain an insecure deserialization vulnerability in the paid version of the software that allows attackers to achieve persistent remote code execution by manipulating cache files containing serialized .NET objects. The vulnerability exists in the AutoRefCache...

📄 macOS 10.12.2 XNU Kernel Privilege Escalation

This proof of concept targets a race‑condition vulnerability in the XNU kernel affecting macOS/iOS. By forcing a use‑after‑free condition on kernel ports, the exploit manipulates freed memory through a controlled spray, allowing a user‑controlled replacement object. Successful exploitation yields...

📄 MagnusBilling 6 Server-Side Request Forgery / Path Traversal

Proof of concept exploit for MagnusBilling 6 vulnerabilities including server-side request forgery, path traversal, and cryptographic weaknesses. ============================================================================================================================================= | Title :...

📄 Limesurvey 2.0 Arbitrary File Download

Limesurvey version 2.0 unauthenticated arbitrary file download proof of concept exploit. ============================================================================================================================================= | Title : Limesurvey 2.0 unauthenticated file download vulnerabili...

📄 Adobe Commerce Insecure Deserialization

This flaw in Magento 2 / Adobe Commerce 2.4.x enables remote attackers to manipulate internal session handling paths and abuse PHP object chains Guzzle FileCookieJar gadget to achieve arbitrary file write, leading to remote code execution...

📄 PKP-WAL 3.5.0-1 Cross Site Request Forgery

PKP-WAL versions 3.5.0-1 and below suffer from a cross site request forgery vulnerability. ----------------------------------------------------------------- PKP-WAL = 3.5.0-1 Login Cross-Site Request Forgery Vulnerability ----------------------------------------------------------------- - Softwar...

📄 Backdoor.Win32.Netbus.170 MVID-2025-0703 Insecure Credential Storage

Backdoor.Win32.Netbus.170 malware listens on TCP ports 12632 and 12631. The backdoor server password "ecoli" is stored in cleartext in an .INI textfile, stored under "C:\Windows" having the same name as the malware. Third party attackers who have knowledge of the password can login and issue...

📄 Crafty Controller 4.6.1 Remote Code Execution / Server-Side Template Injection

Crafty Controller version 4.6.1 allows authenticated remote attackers to execute arbitrary system commands on the target server through server-side template injection the webhook configuration feature...