50738 matches found
📄 Online Admission Software 2.6 Insecure Direct Object Reference
Online Admission Software version 2.6 suffers from an insecure direct object reference vulnerability. ============================================================================================================================================= | Title : Online Admission Software 2.6 IDOR...
📄 NPU Driver Use-After-Free Detector
This Metasploit module detects vulnerable NPU drivers susceptible to CVE-2025-21424, a use-after-free vulnerability in the MSM NPU kernel driver. Additional details are included that identify shortcomings in the original proof of concept...
📄 Ingress-NGINX Admission Controller 1.11.1 Remote Code Execution
Ingress-NGINX Admission Controller version 1.11.1 remote code execution proof of concept exploit that chains together multiple vulnerabilities. Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE Date: 2025-10-07 Exploit Author: Beatriz Fresno Naumova Vendor Homepage:...
📄 D-Link DIR-825 Rev.B 2.10 Buffer Overflow
D-Link DIR-825 Rev.B versions 2.10 and below proof of concept stack buffer overflow denial of service exploit. Exploit Title: D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow DoS Google Dork: N/A Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.dlink.com/...
📄 Mutiny 5.0-1.07 Directory Traversal
Mutiny version 5.0-1.07 directory traversal proof of concept exploit that demonstrates an issue originally discovered in 2013. ============================================================================================================================================= | Title : Mutiny 5.0-1.07...
📄 MotionEye Frontend 0.43.1b4 Command Injection
Proof of concept exploit for a command injection vulnerability in MotionEye Frontend version 0.43.1b4. ============================================================================================================================================= | Title : MotionEye Frontend 0.43.1b4 RCE | | Author...
📄 Monstra CMS 3.0.4 Shell Upload
Monstra CMS version 3.0.4 proof of concept remote shell upload exploit. ============================================================================================================================================= | Title : Monstra CMS 3.0.4 shell upload Vulnerability | | Author : indoushka | |...
📄 mPDF 8.1.0 Server-Side Request Forgery / Local File Disclosure / DoS
mPDF version 8.1.0 is vulnerable to multiple security issues related to unsafe handling of external resources, file paths, and image content during HTML-to-PDF rendering. When untrusted or partially trusted HTML input is processed, attackers may exploit insufficient validation to trigger...
📄 Go crypto/x509 Hostname Verification Denial of Service
A denial of service vulnerability exists in the Go programming language crypto/x509 package. The issue occurs during TLS hostname verification when constructing error messages for certificates containing a very large number of DNS names. In affected versions, error message construction uses...
📄 NanoMQ 0.24.6 API SQL Rule Engine Buffer Overflow
This script is a proof of concept used to test NanoMQ's API for improper input handling. It sends an intentionally long and malformed SQL alias through the /api/v4/rules endpoint to check whether the service safely rejects the input or crashes. The code does not achieve real remote code execution...
📄 Blesta 5.13.1 Admin Interface PHP Object Injection
Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and orderinfo POST parameters when dispatching the /app/controllers/adminclients.php script, and through the...
📄 NCR Command Center Agent 16.3 Remote Command Execution
Proof of concept exploit for a remote command execution vulnerability in NCR Command Center Agent version 16.3 on Aloha POS/BOH servers. The vulnerability allows remote, unauthenticated attackers to execute arbitrary commands with SYSTEM privileges by sending a specially crafted XML document to...
📄 Microsoft Windows 11 Build 10.0.27898.1000 Advanced Admin Protection Bypass
This enhanced proof of concept demonstrates an advanced method for bypassing Windows Administrator Protection by manipulating registry hives using both WinAPI and NTAPI. The code implements safe smart‑pointer wrappers for handles, secure SID management, deep registry enumeration, privilege checks...
📄 Blesta 5.13.1 2Checkout PHP Object Injection
Blesta versions 3.0.0 through 5.13.1 suffer from a 2Checkout PHP object injection vulnerability. The vulnerabilities exist because user input passed through the invoices POST parameter or the item-ext-ref GET parameter when dispatching the Checkout2::validate or Checkout2::success method is not...
📄 Nagios XI Monitoring Wizard Command Injection
Nagios XI is a widely used enterprise monitoring solution. A vulnerability exists within the Monitoring Wizard configuration page where the database parameter is unsafely passed into backend operations. Authenticated users can exploit this to execute arbitrary system commands, allowing full remot...
📄 Blesta 5.13.1 Cross Site Scripting
Blesta versions 3.2.0 through 5.13.1 suffer from a cross site scripting vulnerability. User input passed through the confirmurl GET parameter to the /dialog/confirm and /clientdialog/confirm/ endpoints is not properly sanitized before being used to generate HTML output; specifically, before being...
📄 Casdoor 2.283.0 Cross Site Request Forgery
Casdoor version 2.283.0 suffers from a cross site request forgery vulnerability. Related CVE number: CVE-2023-34927. Exploit Title: Casdoor v2.283.0 2026-02-02 - Cross-Site Request Forgery CSRF Application: Casdoor Version: v2.283.0 Date: 03/02/2026 Exploit Author: Van Lam Nguyen Facebook:...
📄 LimeSurvey 5.2.4 Remote Code Execution
Proof of concept exploit for LimeSurvey version 5.2.4 that loads a malicious PHP plugin and executes a reverse shell. ============================================================================================================================================= | Title : LimeSurvey 5.2.4 reverse...
📄 Flask-Uploads 0.2.1 Path Traversal / Arbitrary File Write
Flask-Uploads versions 0.2.1 and below Metasploit module that exploits a path traversal vulnerability to achieve an arbitrary file write. ============================================================================================================================================= | Title :...
📄 Chromium Memory Corruption Trigger Simulation
This is a theoretical trigger simulation for a Chromium-class vulnerability associated with memory corruption scenarios commonly affecting the V8 JavaScript engine or the Blink rendering engine. The code intentionally performs heap allocation patterns and unsafe memory access attempts in order to...
📄 Podinfo 6.10.0 Cross Site Scripting
Podinfo versions 6.10.0 and below suffer from a cross site scripting vulnerability. CVE-2025-70849: Stored XSS in Podinfo Summary A security vulnerability CWE-79 was identified in Podinfo, a web application for demonstrating Kubernetes microservices. The /store feature allows unauthenticated user...
📄 Pragyan CMS 3.0 Blind SQL Injection
A critical blind SQL injection vulnerability exists in Pragyan CMS version 3.0 and earlier, affecting the main index endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older research...
📄 FlatPress 1.0.2 Cross Site Scripting
Cross site scripting vulnerabilities exist in FlatPress version 1.0.2. FlatPress is a blogging engine that saves posts as simple text files. This issue is older research added to the archive. FlatPress 1.0.2 - Cross-site Scripting Advisory ID: RO-14-011 Severity: Critical Vendor: FlatPress Produc...
📄 Aggie 2.6.1 Host Header Injection
This is a detailed analysis and proof of concept exploit for CVE-2025-22381, a host header injection vulnerability discovered in Aggie version 2.6.1. CVE-2025-22381: Host Header Injection in Aggie Detailed analysis and Proof-of-Concept for CVE-2025-22381, a Host Header Injection vulnerability...
📄 Appsmith 1.92 Origin Header Injection
A critical vulnerability in Appsmith version 1.92 allows an unauthenticated attacker to manipulate the Origin HTTP header during the password reset process. Due to improper trust in client‑supplied headers, Appsmith constructs password reset links based on the injected origin. This enables an...
📄 MiniCMS 1.11 Exploitation Toolkit
This toolkit focuses on validating and demonstrating the impact of a known and documented design flaw in MiniCMS 1.11 related to its build process CVE-2018-1000638. MiniCMS relies on an insecure build.php script that blindly packages filesystem contents into install.php without enforcing integrit...
📄 glFusion 1.3.0 Blind SQL Injection
A critical blind SQL Injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This is older research...
📄 Clicky by Yoast 1.4.3 Cross Site Scripting
Multiple persistent cross site scripting vulnerabilities exist in Clicky by Yoast WordPress Plugin version 1.4.3. This issue is older research added to the archive. Clicky by Yoast 1.4.3 - Multiple Stored Cross-site Scripting Advisory ID: RO-16-006 Severity: Medium Vendor: Yoast Product: Clicky b...
📄 WP Flash Player 1.3 Cross Site Scripting
Multiple cross site scripting vulnerabilities exist in WP Flash Player WordPress Plugin version 1.3. This issue is older research added to the archive. WP Flash Player 1.3 - Multiple Cross-site Scripting Advisory ID: RO-15-011 Severity: High Vendor: WordPress Product: WP Flash Player Version: 1.3...
📄 BulletProof Security 0.53.3 Cross Site Scripting
Multiple cross site scripting vulnerabilities exist in BulletProof Security WordPress Plugin version 0.53.3. This issue is older research added to the archive. BulletProof Security 0.53.3 - Multiple Cross-site Scripting Advisory ID: RO-16-007 Severity: Medium Vendor: AITpro Product: BulletProof...
📄 Gibbon 14.0.01 Frame Injection
Frame injection vulnerabilities exist in Gibbon version 14.0.01. These vulnerabilities allow remote attackers to inject arbitrary HTML frames into the application. This issue is older research added to the archive. Gibbon v14.0.01 - Frame Injection Vulnerabilities Advisory ID: RO-18-012 Severity:...
📄 glFusion 1.3.0 Blind SQL Injection
A critical blind SQL injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older...
📄 Mailpit SMTP CRLF Injection
A CRLF injection vulnerability exists in Mailpit's SMTP server versions prior to 1.28.3. The vulnerability allows attackers to inject arbitrary SMTP headers by including carriage return characters in email addresses due to insufficient regex validation. Mailpit - SMTP CRLF Injection via Regex...
📄 Gakido CRLF Injection
A vulnerability was discovered in Gakido that allowed HTTP header injection through CRLF sequences in user-supplied header values and names. Versions prior to 0.1.1 are affected. Gakido - CRLF Injection Advisory ID: RO-26-005 CVE ID: CVE-2026-24489 Severity: Medium Vendor: HappyHackingSpace...
📄 Serendipity 1.6.2 Cross Site Scripting
Multiple cross site scripting vulnerabilities exist in Serendipity version 1.6.2. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive. Serendipity 1.6.2 - Cross-site Scripting Advisory ID: RO-13-002 Severity: Mediu...
📄 NetScaler 14.1 Vulnerability Scanner
This Metasploit module scans for vulnerable Citrix NetScaler ADC instances affected by the memory overflow noted in CVE-2025-6543. It identifies vulnerable versions through SNMP and SSH banner grabbing...
📄 WordPress Hustle 7.8.4 Credential Disclosure Scanner
WordPress Hustle plugin credential disclosure security scanner that detects the installed plugin version, verifies whether it falls within known vulnerable releases 7.8.0–7.8.3, and scans for sensitive files containing hardcoded HubSpot credentials. The tool also fetches the latest official plugi...
📄 Cockpit CMS 0.13.0 Cross Site Scripting
Multiple reflected cross site scripting vulnerabilities exist in Cockpit CMS version 0.13.0. The vulnerabilities allow remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive. Cockpit CMS 0.13.0 - Multiple Reflected XSS Advisory ID: RO-16-003...
📄 Cockpit CMS 0.13.0 Remote Code Execution
Multiple remote code execution vulnerabilities exist in Cockpit CMS version 0.13.0. The vulnerabilities allow remote attackers to execute arbitrary PHP code on the server. This issue is older research added to the archive. Cockpit CMS 0.13.0 - Remote Code Execution Advisory ID: RO-16-004 Severity...
📄 MaNGOSWeb 4.0.6 Multi-Exploit Framework
A comprehensive penetration testing tool designed to identify and exploit multiple critical vulnerabilities in MangosWeb 4 version 4.0.6, a World of Warcraft emulator web interface. These include SQL injection, XML injection, file write vulnerabilities, and more...
📄 Mailpit 1.28.1 Cross Site WebSocket Hijacking
A cross site websocket hijacking vulnerability exists in Mailpit versions 1.28.1 and below. The vulnerability allows remote attackers to intercept sensitive data such as email contents, headers, and server statistics in real-time. Mailpit - Cross-Site WebSocket Hijacking CSWSH Advisory ID:...
📄 feedyour.email 2.4.1 SQL Injection
A SQL injection vulnerability exists in feedyour.email versions 2.4.1 and below. The vulnerability allows remote attackers to execute arbitrary SQL commands via the search functionality. feedyour.email - SQL Injection via Search Parameter Advisory ID: RO-26-003 CVE ID: CVE-2025-XXXX Pending...
📄 Moodle 4.x PHP Code Injection
This proof of concept demonstrates a code injection vulnerability in Moodle versions 4.x. ============================================================================================================================================= | Title : Moodle 4.x PHP Code Injection Vulnerability | | Author ...
📄 Apache Roller 6.1.2 Cross Site Request Forgery
Apache Roller versions 6.1.2 and below contain a cross site request forgery vulnerability in endpoint /roller/roller-ui/profile!save.rol. This vulnerability allows attackers to arbitrarily update the victim user's profile information e.g., email, full name, locale, timezone via a crafted HTML pag...
📄 GIMP PNM Integer Overflow
This is a proof of concept exploit that generates a malicious .pnm file for an integer overflow vulnerability in GIMP PNM. ============================================================================================================================================= | Title : GIMP PNM Integer...
📄 FreePBX Endpoint Authentication Bypass / SQL Injection
This proof of concept exploit demonstrates a chained attack scenario in FreePBX that combines an authentication bypass with a SQL injection vulnerability in the custom endpoint extension component. When specific configuration conditions are met, an attacker may interact with administrative...
📄 WP-Polls 2.73 Cross Site Scripting
A cross site scripting vulnerability exists in WP-Polls WordPress Plugin version 2.73. This issue is older research added to the archive. WP-Polls 2.73 - Reflected Cross-site Scripting Advisory ID: RO-16-005 CVE ID: CVE-2016-10936 Severity: Medium Vendor: WordPress Product: WP-Polls Version: 2.73...
📄 Geeklog 2.2.1 Blind SQL Injection
A blind SQL injection vulnerability exists in Geeklog CMS version 2.2.1. The vulnerability allows remote attackers to execute arbitrary SQL commands via the uid parameter in comment.php. This issue is older research added to the archive. Geeklog 2.2.1 - Blind SQL Injection Advisory ID: RO-20-002...
📄 Mailpit Server-Side Request Forgery
A server-side request forgery vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. Versions prior to 1.28.0 are affected. Mailpit - Server-Side Request Forgery SSRF Advisory ID: RO-26-001 CVE ID: CVE-2026-21859 Severity: Medium...
📄 n8n 2.0.0-rc.4 Remote Command Execution
n8n version 2.0.0-rc.4 PHP port of a research exploit that chains together multiple vulnerabilities including arbitrary file read and sandbox escape in order to achieve remote command execution...