📄 Backdoor.Win32.Poison.jh MVID-2025-0704 Insecure Permissions

Backdoor.Win32.Poison.jh malware creates the directory 28463 under C:\Windows\SysWOW64, granting Full F permissions to the Everyone user group. This allows any local user to modify or replace any dropped files, enabling trivial malware disruption or execution hijacking. This reflects poor...

📄 HP ProCurve 4.00 Credential Disclosure

Proof of concept code that performs a credential dumping attack against vulnerable HP ProCurve SNAC systems. ============================================================================================================================================= | Title : HP ProCurve 4.00 Credential Dumping...

📄 GALAYOU G2 IP Camera Authentication Bypass

A critical authentication bypass vulnerability exists in the RTSP service of the GALAYOU G2 IP camera. The device exposes multiple RTSP stream endpoints that can be accessed without valid credentials, even when authentication is enabled...

📄 Open Journal Systems 3.5.0-1 Path Traversal

Open Journal Systems versions 3.5.0-1 and below suffer from a path traversal vulnerability in NativeXmlIssueGalleyFilter.php. --------------------------------------------------------------------------------------------- Open Journal Systems issuegalleys - issuegalley - issuefile - filename tag of...

📄 Apache mod_ssl TLS 1.3 Client Certificate Authentication Bypass

Apache modssl TLS 1.3 client certificate authentication bypass proof of concept exploit. ============================================================================================================================================= | Title : Apache modssl TLS 1.3 Client Certificate Authentication...

📄 PKP-WAL 3.5.0-3 X-Forwarded-Host LESS Code Injection

PKP-WAL versions 3.5.0-3 and below suffer from a LESS X-Forwarded-Host related code injection vulnerability. ----------------------------------------------------------------------- PKP-WAL getBaseUrl method, can be manipulated by unauthenticated attackers through the X-Forwarded-Host HTTP header,...

📄 PKP-WAL 3.5.0-1 baseColour LESS Code Injection

PKP-WAL versions 3.5.0-1 and below suffer from a LESS baseColour related code injection vulnerability. ----------------------------------------------------------------- PKP-WAL = 3.5.0-1 baseColour LESS Code Injection Vulnerability -----------------------------------------------------------------...

📄 PKP-WAL 3.5.0-1 SQL Injection

PKP-WAL versions 3.5.0-1 and below suffer from a remote SQL injection vulnerability in the Institution Collector. ---------------------------------------------------------------------- PKP-WAL = 3.5.0-1 Institution Collector SQL Injection Vulnerability...

📄 Textpattern 4.9.0 Cross Site Scripting

Textpattern CMS version 4.9.0 contains a persistent cross site scripting vulnerability in the administrative interface. The vulnerability allows authenticated attackers with administrative privileges to inject malicious JavaScript payloads into site preferences under the Site URL field, which is...

📄 Institute Admission Software 2.5 SQL Injection

Institute Admission Software version 2.5 suffers from a remote SQL injection vulnerability. ============================================================================================================================================= | Title : Institute Admission Software 2.5 SQL INjection...

📄 IGEL OS Workspace Edition 11.10.430 Privilege Escalation

IGEL OS Workspace Edition version 11.10.430 suffers from a privilege escalation vulnerability. This vulnerability demonstrates how architectural trust in custom configuration frameworks can be abused to establish long-term persistence, even on systems designed to be non-persistent and hardened by...

📄 HEUR.Backdoor.Win32.Poison.gen MVID-2025-0701 DLL Hijacking

HEUR.Backdoor.Win32.Poison.gen malware looks for and executes a x32-bit "WININET.dll" PE file in its current directory. Therefore, we can hijack the DLL and execute our own c ode to intercept and terminate the malware. It is suggested that RansomLordNG be leveraged for this purpose. Discovery /...

📄 Adobe DNG SDK 1.5 DNG File Integer Overflow

A critical integer overflow vulnerability exists in Adobe DNG SDK version 1.5 during the parsing of crafted DNG files. The flaw occurs in the handling of OpcodeList processing, specifically within the ScalePerColumn opcode, where insufficient validation of signed and unsigned integer values leads...

📄 Adobe DNG SDK Missing Validation Out-Of-Bounds Read

An out of bounds read vulnerability exists in Adobe DNG SDK versions prior to 1.7.1.2410 due to improper handling of raw images containing exactly two color planes fSrcPlanes = 2. The flaw occurs during image rendering when the SDK assumes a four-plane layout and reads memory beyond the allocated...

📄 Adobe DNG SDK RefBaselineABCDtoRGB Out-Of-Bounds Read

This report details the creation of a specification-compliant, engineering-grade proof of concept file that reliably triggers the out-of-bounds read vulnerability documented as CVE-2025-64893 in Adobe DNG SDK versions 1.7.1 and below...

📄 Adobe DNG SDK 1.5 Integer Overflow / Local Crash

This proof of concept exploit demonstrates a local crash condition caused by an integer overflow vulnerability in the Adobe DNG SDK versions 1.5 through 1.7.0. The provided Bash script dynamically generates a malformed DNG image file containing a crafted opcode list that abuses the ScalePerColumn...

📄 Pi-hole 5.18.3 Remote Code Execution

This PHP script is an authenticated remote code execution exploit targeting Pi-hole's web admin interface. It requires valid administrator credentials to log in, obtains a CSRF token, and abuses the adlist management feature by injecting a crafted gopher:// URL. The payload forces the server to...

📄 HPE OneView Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability against Hewlett Packard Enterprise HPE OneView. All versions below 11.00 are vulnerable so long as the vendor supplied hotfix has not been applied, however some VM product versions do not enable the vulnerable...

📄 Assistive Technologies Persistence

This Metasploit module achieves persistence by registering a custom Assistive Technology AT in the Windows registry. Then it configures the system to launch the AT executable during user logon or desktop switch such as with an admin privileged program. Requires Windows 8 or higher and...

📄 Adobe DNG SDK 1.5 Remote Delivery Integer Overflow

This exploit demonstrates practical real-world exploitation scenarios of the Adobe DNG SDK integer overflow vulnerability CVE-2025-64783 through third-party applications and network-based delivery mechanisms. Version 1.5 is affected...

📄 Adobe DNG SDK Linearize Out-Of-Bounds Read

A memory safety vulnerability exists in Adobe DNG SDK versions prior to 1.7.1.2410 that affects the Linearize image processing routine. When handling trimmed source images, the function erroneously performs operations using full image dimensions, resulting in an out‑of‑bounds read condition. This...

📄 Adobe DNG SDK 1.5 Web Upload Integer Overflow

Adobe DNG SDK versions 1.5 through 1.7.0 can have an integer overflow triggered via a web upload. If the backend processes the uploaded file with a vulnerable version of the DNG SDK, the malformed opcode data may result in an application crash or unexpected behavior...

📄 Adobe DNG SDK Missing Validation Heap Buffer Overflow

A heap buffer overflow vulnerability exists in Adobe's DNG SDK versions 1.7.1 and below due to improper handling of raw images with two color planes fSrcPlanes = 2...

📄 Adobe DNG SDK RefBaselineABCDtoRGB Out-Of-Bounds Read / Information Disclosure

This work presents a technical, research‑grade proof of concept demonstrating CVE‑2025‑64893, an out of bounds read vulnerability in Adobe DNG SDK versions prior to 1.7.1.2410. The vulnerability is caused by a logic flaw in the rendering pipeline where a crafted but specification‑compliant DNG fi...

📄 Adobe DNG SDK RefBaselineABCDtoRGB Out-Of-Bounds Read / Information Disclosure

This work presents a technical, research‑grade proof of concept demonstrating CVE‑2025‑64893, an out of bounds read vulnerability in Adobe DNG SDK versions prior to 1.7.1.2410. The vulnerability is caused by a logic flaw in the rendering pipeline where a crafted but specification‑compliant DNG fi...

📄 Adobe DNG SDK Image Processing Logic

Proof of concept exploit that demonstrates a heap out-of-bounds read / write leading to memory corruption and potential code execution in the Image Processing Logic of Adobe DNG SDK versions prior to 1.7.1.2410...

📄 Backdoor.Win32.ControlTotal.t MVID-2025-0702 Insecure Credential Storage

Backdoor.Win32.ControlTotal.t malware listens on TCP port 2032 and requires authentication. The password "jdf4df4vdf" is stored in cleartext within the PE file. Discovery / credits: Malvuln John Page aka hyp3rlinx c 2025 Original source:...

📄 Headlamp 0.38.0 Unauthenticated Cached Credentials Access

Proof of concept exploit for a flaw in Headlamp Kubernetes dashboard versions 0.38.0 and below that allows unauthenticated users to access sensitive Helm release data, including secrets, tokens, and passwords, due to improper server-side caching...

📄 FortiWeb Fabric Connector 7.6.x SQL Injection / Remote Code Execution

This proof of concept exploit demonstrates a pre-authentication remote SQL injection vulnerability in Fortinet FortiWeb Fabric Connector versions 7.0 through 7.6.x. The flaw allows unauthenticated attackers to achieve remote code execution through malicious SQL queries in the Authorization header...

📄 Lepton CMS 7.4.0 Cross Site Scripting / Code Execution

Lepton CMS version 7.4.0 has a vulnerability which allows for a persistent cross site scripting payload to escalate into PHP execution through the droplet engine...

📄 WordPress ACF 0.9.1.1 Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Advanced Custom Fields: Extended ACF Extended WordPress plugin versions 0.9.0.5 through 0.9.1.1. The vulnerability exists in the prepareform function of the acfemoduleformfrontrender class, which accepts...

📄 LibreNMS 24.9.1 Code Injection

LibreNMS version 24.9.1 suffers from a remote command execution vulnerability. ============================================================================================================================================= | Title : LibreNMS 24.9.1 PHP Code Injection Vulnerability | | Author :...

📄 Institute Admission Software 2.5 Shell Upload

Institute Admission Software version 2.5 fails to properly validate and restrict uploaded files in the gallery upload functionality within the admin panel. =============================================================================================================================================...

📄 libtransmission 2.93 Integer Overflow

libtransmission versions 2.93 and below suffer from multiple integer overflows. A remote attacker could create a specially crafted .torrent file which may be small when compressed that exploits these overflows when a victim loads it via Transmission or its command-line interface transmission-cli...

📄 Cisco ISE API 3.2 Command Injection

Proof of concept exploit for a command injection vulnerability in Cisco ISE API version 3.2. ============================================================================================================================================= | Title : Cisco ISE API 3.2 command injection Exploits | |...

📄 Dahua TPC-AEBF5201 P2P Camera ToolsComplete Security Analysis Suite

This PHP proof-of-concept provides defensive tooling to analyze DH-P2P / Easy4IP behaviors observed during DFIR activities. It includes routines to decrypt Account1SecEData, derive device-specific cryptographic keys, and reproduce authentication code generation logic. The project is intended to...

📄 AVAST Antivirus 25.11 Unquoted Service Path

AVAST Antivirus version 25.11 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with...

📄 Keras 2.15 Insecure Deserialization

Keras version 2.15 insecure deserialization proof of concept exploit. A security issue in certain versions of Keras allows attackers to craft a malicious model file typically a .keras or HDF5-based model containing unsafe serialization primitives. When such a model is loaded, the deserialization...

📄 Langflow 1.3.0 Remote Code Execution

A critical remote code execution vulnerability exists in Langflow that allows unauthenticated attackers to execute arbitrary system commands via the code validation API endpoint. The vulnerability enables complete compromise of Langflow instances through improper input sanitization in the Python...

📄 Juniper ScreenOS 6.2.0r15 Backdoor Scanner

Juniper ScreenOS version 6.2.0r15 SSH backdoor scanner written in PHP. ============================================================================================================================================= | Title : Juniper ScreenOS 6.2.0r15 PHP Backdoor Scanner | | Author : indoushka | |...

📄 Xiongmai XM530 IP Camera ONVIF Complete Authentication Bypass

There is a complete authentication bypass in the ONVIF implementation of Xiongmai XM530-series IP cameras that allows unauthenticated remote access to sensitive device information, configuration, and video streams. CVE-2025-65856 Xiongmai XM530 IP Camera ONVIF Complete Authentication Bypass ---...

📄 Mantis Bug Tracker 2.3.0 Remote Code Execution

Mantis Bug Tracker version 2.3.0 unauthenticated remote code execution exploit that chains together two vulnerabilities. The exploit resets the administrator password and then takes advantage of a command injection vulnerability. Exploit Title: Mantis Bug Tracker 2.3.0 - Remote Code Execution...

📄 js2py 0.74 Automated Sandbox Escape / Code Execution

js2py version 0.74 automated sandbox escape and remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : js2py v0.74 Automated Sandbox Escape & Revers...

📄 Laravel Pulse 1.3.1 Arbitrary Code Injection

Proof of concept exploit written in PHP for Laravel Pulse version 1.3.1. This version of Laravel Pulse suffers from an arbitrary code injection vulnerability...

📄 C‑Bitrix 25.100.500 Translate Module Arbitrary File Upload

C‑Bitrix version 25.100.500 proof of concept exploit that demonstrates an arbitrary file upload vulnerability in the translate module. ============================================================================================================================================= | Title : C‑Bitrix...

📄 Xiongmai XM530 IP Camera Hardcoded RTSP Credential Exposure

The GetStreamUri ONVIF endpoint in Xiongmai XM530-series IP cameras exposes RTSP URIs containing hardcoded credentials, enabling direct unauthorized access to live video streams. CVE-2025-65857 Xiongmai XM530 IP Camera Hardcoded RTSP Credentials Exposure --- Summary The GetStreamUri ONVIF endpoin...

📄 JSONPath Plus Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in JSONPath Plus library versions prior to 10.3.0 The vulnerability allows arbitrary JavaScript code execution through malicious JSONPath expressions...

📄 Kalmia CMS 0.2.0 User Enumeration

Proof of concept exploit that demonstrates a user enumeration vulnerability via the JWT authentication API on Kalmia CMS version 0.2.0. ============================================================================================================================================= | Title : Kalmia CM...

📄 Headlamp 0.38.0 Credential Reuse

A security issue was discovered in the in-cluster version of Headlamp where unauthenticated users may be able to reuse cached credentials to access Helm functionality through the Headlamp UI. Kubernetes clusters are only affected if Headlamp is installed, is configured with config.enableHelm: tru...

📄 Jenkins 2.441 Arbitrary File Read

Jenkins version 2.441 proof of concept arbitrary file read exploit. ============================================================================================================================================= | Title : Jenkins 2.441 read files Vulnerability | | Author : indoushka | | Tested on :...