50738 matches found
📄 Apache bRPC 1.14.0 Command Injection
Apache bRPC versions 1.14.0 and below proof of concept command injection exploit that leverages exposed pprof endpoints. ============================================================================================================================================= | Title : Apache bRPC = 1.14.0...
📄 Lingdang CRM 8.6.4.7 SQL Injection
Lingdang CRM versions 8.6.4.7 and below remote time-based blind SQL injection proof of concept exploit. ============================================================================================================================================= | Title : Lingdang CRM = 8.6.4.7 - Time-Based Blind...
📄 NodeJS 24.x Path Traversal
NodeJS version 24.x precise windows path traversal proof of concept exploit that leverages reserved device names. ============================================================================================================================================= | Title : NodeJS 24.x Precise Windows Pat...
📄 RPi-Jukebox-RFID 2.8.0 Command Injection
RPi-Jukebox-RFID version 2.8.0 proof of concept command injection exploit that leverages /phoniebox/api/playlist/shuffle.php. ============================================================================================================================================= | Title : RPi-Jukebox-RFID...
📄 Cacti Graph Template Authenticated Remote Code Execution
This Metasploit module exploits an authenticated remote code execution vulnerability in Cacti versions prior to 1.2.29. Authenticated users can upload a graph template through the /graphtemplates.php endpoint. The rightaxislabel parameter is vulnerable to code injection, allowing attackers to...
📄 macOS 10.12.2 XNU Kernel Race Condition
This proof of concept code demonstrates a race condition observed in the setdpcontrolport function within XNU kernel versions prior to macOS 10.12.2 and iOS 10.2...
📄 HEUR.Backdoor.Win32.Poison.gen DLL Hijacking
This code implements an advanced WININET.dll proxy via DLL hijacking that is designed as a defensive countermeasure against malware such as HEUR.Backdoor.Win32.Poison.gen. The malware family Poison loads a 32‑bit WININET.dll from its current directory, which enables execution flow hijacking MITRE...
📄 libxml2 2.9.14 Remote Code Execution
libxml2 version 2.9.14 2022 proof of concept exploit for a heap buffer overflow in the xmlRegEpxFromParse function in xmlregexp.c. This version from the author is in the form of a Metasploit module...
📄 Malwarebytes Anti-Malware 2.x Privilege Escalation
This advisory hosts useful analysis of older research from 2016, when Google's Project Zero discovered multiple security issues in MalwareBytes Anti-Malware version 2.x. The software suffered from a combination of security flaws that allowed attackers to remotely tamper with...
📄 Oracle E-Business Suite CVE-2025-61882 Remote Code Execution
This Metasploit module exploits CVE-2025-61882 in Oracle E-Business Suite by combining server-side request forgery, path traversal, HTTP request smuggling, and XSLT injection. The exploit hosts a malicious XSL file that the target will fetch and process, leading to remote code execution. This...
📄 Magento Adobe Commerce 2.4.5-p7 Arbitrary File Read
Magento Adobe Commerce version 2.4.5-p7 suffers from an arbitrary file read vulnerability. ============================================================================================================================================= | Title : Magento Adobe Commerce 2.4.5-p7 arbitrary file read...
📄 NFTBox NFT Marketplace Solution Private Key Disclosure
NFTBox NFT Marketplace Solution as of 2026/01/22 embeds a private crypto key in the wallet.js file. Exploit Title: NFTBox - NFT Marketplace Solution - Hardcoded Private Key Disclosure Date: 2026-01-21 Exploit Author: Sohel Yousef -- https://www.linkedin.com/in/sohel-yousef-50a905189/ Vendor...
📄 Splunk Enterprise 9.1.5 / 9.2.2 Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise splunkarchiver application. The flaw is rooted in the unsafe use of a Splunk lookup function. The affected versions include any release prior to 9.0.10, as well as versions 9.1.2 through 9.1.5 and 9.2.0...
📄 Mobile Mouse 3.6.0.4 Remote Code Execution
Mobile Mouse version 3.6.0.4 remote code execution proof of concept exploit written in php that takes advantage of an older flaw from 2022. ============================================================================================================================================= | Title : Mobil...
📄 Backdrop CMS 1.29.2 CSRF / XSS / Privilege Escalation
Proof of concept exploit that demonstrates how Backdrop CMS version 1.29.2 suffers from cross site request forgery, persistent cross site scripting, and privilege escalation vulnerabilities...
📄 Cisco ISE 3.4 Code Execution / Privilege Escalation / Shell Upload
An unauthenticated file upload vulnerability was identified in the administrative file upload endpoint of Cisco ISE version 3.4 patch 1. The application accepts ZIP archives without authentication and extracts files into sensitive execution paths. An attacker can craft a ZIP archive containing a...
📄 Splunk Enterprise 8.2.9 / 9.0.2 Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise. An attacker can inject arbitrary Python code into style parameters, such as the fillColor or lineColor of a sparkline element within a Splunk SimpleXML dashboard. The malicious code is executed when a user...
📄 Metasploit Web Delivery PHP Proof of Concept
This project presents an advanced proof of concept that emulates the behavior of Metasploit's multi/script/webdelivery module using PHP. The goal is to demonstrate how script-based payload delivery works in a modular and extensible way, without relying directly on Metasploit. The script launches ...
📄 Siklu EtherHaul Series EH-8010 / EH-1200 Remote Command Execution
Siklu EtherHaul Series EH-8010 and EH-1200 with firmware versions between 7.4.0 and 10.7.3 suffer from a remote command execution vulnerability. Exploit Title:Siklu EtherHaul Series EH-8010 - Remote Command Execution Shodan Dork: "EH-8010" or "EH-1200" Date: 2025-08-02 Exploit Author: semaja2 -...
📄 Siklu EtherHaul Series EH-8010 / EH-1200 Arbitrary File Upload
Siklu EtherHaul Series EH-8010 and EH-1200 with firmware versions between 7.4.0 and 10.7.3 suffer from an unauthenticated arbitrary file upload vulnerability. Exploit Title: Siklu EtherHaul Series - Unauthenticated Arbitrary File Upload Shodan Dork: "EH-8010" or "EH-1200" Date: 2025-08-02 Exploit...
📄 RPi-Jukebox-RFID 2.8.0 Remote Code Execution
RPi-Jukebox-RFID version 2.8.0 proof of concept exploit that demonstrates an OS command injection vulnerability in the shuffle.php API endpoint. The vulnerable parameter playlist is passed directly to a shell command without sanitization, allowing an attacker to execute arbitrary system commands...
📄 ahu.mlsp.government.bg Cross Site Scripting
ahu.mlsp.government.bg suffers from a cross site scripting issue. The researcher has waited over a year after reporting this to make public, so hopefully this will encourage them to fix it. Titles: ahu.mlsp.government.bg-XSS-Reflected-CRITICAL Cross-site scripting reflected Author: nu11secur1ty...
📄 Chamillo LMS 1.11.2 Missing Cache Header
Chamillo LMS version 1.11.2 is missing a cache header that leads to information disclosure. CVE-2025-69581 An issue was discovered in Chamillo LMS 1.11.2. The Social Network /personaldata endpoint exposes full sensitive user information even after logout because proper cache-control is missing...
📄 Abacre Retail Point of Sale 14.0.0.396 Cross Site Scripting
Abacre Retail Point of Sale version 14.0.0.396 suffers from a persistent cross site scripting vulnerability. CVE-2025-67263 - Stored cross-site scripting XSS in Abacre Retail Point of Sale 14.0.0.396 Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting XSS...
📄 Abacre Retail Point of Sale 14.0.0.396 SQL Injection
Abacre Retail Point of Sale version 14.0.0.396 suffers from a remote blind SQL injection vulnerability. CVE-2025-67261 - Content-based blind SQL injection on Abacre Retail Point of Sale 14.0.0.396 Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The...
📄 AVideo Notify.ffmpeg.json.php Unauthenticated Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability in the AVideos notify.ffmpeg.json.php endpoint. The vulnerability stems from a critical cryptographic weakness in the salt generation mechanism combined with information disclosure vulnerabilities that allow an...
📄 n8n Workflow Expression Remote Code Execution
This Metasploit module exploits a critical remote code execution vulnerability CVE-2025-68613 in the n8n workflow automation platform. The vulnerability exists in the workflow expression evaluation system where user-supplied expressions enclosed in are evaluated in an execution context that is no...
📄 Control Web Panel 0.9.8.1208 Remote Code Execution
Control Web Panel CWP versions less than or equal to 0.9.8.1208 are vulnerable to unauthenticated OS command injection. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be...
📄 Web-Check Screenshot API Command Injection
This Metasploit module exploits a command injection vulnerability in Web-Check's /api/screenshot endpoint. The directChromiumScreenshot function uses childprocess.exec with unsanitized user input, allowing command injection via URL query parameters. The vulnerability was patched in commit...
📄 LibreChat MCP Remote Command Execution
LibreChat's Model Context Protocol MCP implementation contained a remote command execution vulnerability that allowed any authenticated user to execute commands as root on the Docker container. A single API request could trigger the exploit by taking advantage of the exposure of the stdio transpo...
📄 Hustle Plugin 7.8.3 Hardcoded Credentials
Hustle plugin versions 7.8.3 and below contain hardcoded HubSpot API credentials in inc/providers/hubspot/hustle-hubspot-api.php. CVE-2024-0368 Hustle Plugin = 7.8.3 contains hardcoded HubSpot API credentials in inc/providers/hubspot/hustle-hubspot-api.php Vulnerability Summary | Field | Value |...
📄 Eptura Archibus Directory Traversal
In Eptura Archibus versions before version 2025.01, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. Title: Eptura Archibus Directory Traversal Description: In Eptura Archibus versions before v2025.01, the "Run script" and "Serve...
📄 Prison Management System 1.0 Shell Upload
This Metasploit module exploits an unrestricted file upload vulnerability in Prison Management System version 1.0. An authenticated user can upload a PHP file with arbitrary content by abusing the avatar upload functionality in the add-admin.php endpoint. The application fails to properly validat...
📄 mrrb.bg Cross Site Scripting
The site at mrrb.bg suffers from a cross site scripting issue. The researcher has waited over a year after reporting this to make public, so hopefully this will encourage them to fix it. Titles: mrrb.bg-APP - XSS-Reflected Author: nu11secur1ty Date: 01/06/2026 Vendor: mrrb.bg Software: mrrb.bg...
📄 Taiga Tribe_gig Authenticated Unserialize Remote Code Execution
This Metasploit module exploits an unserialization flaw by creating a userstory in a project. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class TaigaClientException 'Taiga tribegig authenticated unserialize remote...
📄 WordPress Chained Quiz 1.3.5 Insecure Direct Object Reference
WordPress Chained Quiz plugin versions 1.3.5 and below appear to suffer from an insecure direct object reference. The issue was partially patched in versions 1.3.4 and 1.3.5. Exploit Title: Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie Date: 19-12-2025 Exploit...
📄 FreeBSD rtsold 15.x Remote Code Execution
rtsold8 on FreeBSD processes IPv6 Router Advertisement DNSSL options without validating domain names for shell metacharacters. The decoded domains are passed to resolvconf8, a shell script that uses unquoted variable expansion, enabling command injection via substitution. Exploit Title: FreeBSD...
📄 WordPress Quiz Maker 6.7.0.56 SQL Injection
WordPress Quiz Maker plugin versions 6.7.0.56 and below suffer from a remote SQL injection vulnerability. Exploit Title: WordPress Quiz Maker 6.7.0.56 - SQL Injection Date: 2025-12-16 Exploit Author: Rahul Sreenivasan Tr0j4n Vendor Homepage: https://ays-pro.com/wordpress/quiz-maker Software Link:...
📄 WordPress Branda 3.4.24 Privilege Escalation
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to...
📄 NanoMQ 0.24.6 Remote Buffer Overflow
A stack-based buffer overflow vulnerability exists in NanoMQ version 0.24.6, allowing remote attackers to cause a denial of service and potentially achieve remote code execution. The vulnerability requires admin privileges, but use of default credentials admin:public may be common, lowering the...
📄 Zimbra Collaboration 10.0 / 10.1 Local File Inclusion
This is a proof of concept exploiting a local file inclusion vulnerability existing in the Webmail Classic UI of Zimbra Collaboration ZCS versions 10.0 and 10.1. The issue is due to improper handling of user-supplied request parameters in the RestFilter servlet. zimbramail-CVE-2025-68645-poc A...
📄 Backdoor.Win32.Poison.jh Insecure File Permissions / Privilege Escalation
This python script demonstrates a local privilege escalation exploit targeting a vulnerability in the Backdoor.Win32.Poison.jh malware sample. The exploit leverages insecure file permissions created by the malware itself, allowing any local user to replace the malicious executable with arbitrary...
📄 Backdoor.Win32.ControlTotal.t Hardcoded-Password Backdoor
This tool was design to leverage a hardcoded password backdoor in Backdoor.Win32.ControlTotal.t to simulate communications with the malware. ============================================================================================================================================= | Title :...
📄 Backdoor.Win32.Poison.jh Remote File Hijack
This code represents an educational Metasploit module concept that demonstrates how insecure file permissions created Backdoor.Win32.Poison.jh could be abused to achieve code execution. The scenario assumes that the malware drops an executable file inside a protected Windows directory SysWOW64 wi...
📄 Netbus Backdoor 1.7 Remote Code Execution
Netbus Backdoor version 1.7 Metasploit module that leverages an insecure credential storage vulnerability that then performs command injection. ============================================================================================================================================= | Title :...
📄 FuguHub 8.1 RSA Private Key Disclosure
A web-accessible documentation file in FuguHub version 8.1 was found to contain an embedded RSA private key paired with an X.509 certificate. The affected file resides within an examples directory and is intended solely for demonstration purposes...
📄 Backdoor.Win32.Netbus.170 Blind Command Execution
This Metasploit module provides historical/educational exploitation of the Backdoor.Win32.Netbus.170 trojan, originally discovered in 1998. It represents a legacy proof-of-concept rather than a modern offensive security tool...
📄 Limesurvey 2.0 Arbitrary File Download
Limesurvey version 2.0 unauthenticated arbitrary file download proof of concept exploit. ============================================================================================================================================= | Title : Limesurvey 2.0 unauthenticated file download vulnerabili...
📄 Varnish / Styx HTTP Request Smuggling
Proof of concept exploit that demonstrates an HTTP request smuggling vulnerability between Varnish and Styx / Nginx. ============================================================================================================================================= | Title : HTTP Request Smuggling TE.CL...
📄 Adobe Commerce Insecure Deserialization
This flaw in Magento 2 / Adobe Commerce 2.4.x enables remote attackers to manipulate internal session handling paths and abuse PHP object chains Guzzle FileCookieJar gadget to achieve arbitrary file write, leading to remote code execution...