50738 matches found
📄 WordPress Contest Gallery 28.1.4 SQL Injection
WordPress Contest Gallery plugin version 28.1.4 unauthenticated blind SQL Injection exploit written in Python3. ================================================================================================================================== | Title : WordPress Contest Gallery 28.1.4...
📄 Wing FTP Server 8.1.2 Authenticated Remote Code Execution
Wing FTP Server versions prior to 8.1.3 allows authenticated administrators to execute arbitrary Lua code on the server. ================================================================================================================================== | Title : Wing FTP Server 8.1.2 - Authenticat...
📄 WordPress PickPlugins 2.0.46 OTP Bypass
WordPress PickPlugins plugin version 2.0.46 proof of concept user verification OTP authentication bypass exploit. ================================================================================================================================== | Title : WordPress PickPlugins 2.0.46 User...
📄 Grav CMS Remote Code Execution
This Python exploit targets a vulnerability in Grav CMS versions prior to 2.0.0-beta.2 by abusing the administrative Direct Install plugin feature to achieve remote code execution...
📄 D-Link DSL2600U rom-0 Admin Password Disclosure
Proof of concept that demonstrates a vulnerability in D-Link DSL2600U routers with firmware version 1.08 that allows unauthenticated attackers to download the rom-0 configuration file containing the administrator password...
📄 CMSsiam 2 SQL Injection
CMSsiam version 2 suffers from a remote SQL injection vulnerability that allows for login bypass. ================================================================================================================================== | Title : CMSsiam v2 Auth by pass | | Author : indoushka | | Tested ...
📄 CMS SINDEHOTÉIS 1.2.4 Cross Site Request Forgery
CMS SINDEHOT�IS version 1.2.4 suffers from a cross site request forgery vulnerability. ================================================================================================================================== | Title : CMS SINDEHOTÉIS 1.2.4 CSRF | | Author : indoushka | | Tested on :...
📄 dedoc/scramble 0.13.2 Remote Code Execution
This is a Metasploit exploit module for CVE-2026-44262, an unauthenticated remote code execution vulnerability in the Laravel-based tool dedoc/scramble. ================================================================================================================================== | Title :...
📄 NTLM Relay to Self (HTTP to LDAP) Post Exploitation
This Metasploit module performs an NTLM relay-to-self privilege escalation attack. It starts an HTTP-to-LDAP relay server on the compromised host, then triggers the WebClient service via an ETW event allowing a low-privilege user to start it, and coerces the local machine account to authenticate...
📄 Discuz! X5.0 Local File Inclusion
This is a Metasploit auxiliary module targeting a local file inclusion vulnerability in Discuz! X5.0. ================================================================================================================================== | Title : Discuz! X5.0 LFI Metasploit Module | | Author :...
📄 Discuz! X5.0 Chained Remote Code Execution
This Metasploit module uses race condition and local file inclusion vulnerabilities in Discuz! X5.0 in order to achieve remote code execution. ================================================================================================================================== | Title : Discuz! X5.0...
📄 EspoCRM 9.3.3 Server-Side Request Forgery
This Metasploit module exploits an authenticated server-side request forgery vulnerability in EspoCRM versions up to 9.3.3. The vulnerability exists in the Attachment/fromImageUrl API endpoint which allows users to fetch images from remote URLs. By using alternative IPv4 notations octal, hex,...
📄 EternalBlue MS17-010 SMB Remote Code Execution
This Metasploit module exploits the SMBv1 vulnerability in Microsoft Windows MS17-010 known as EternalBlue. ================================================================================================================================== | Title : EternalBlue MS17-010 SMB Remote Code Execution |...
📄 Bloodbank CMS 1.0 SQL Injection
Bloodbank CMS version 1.0 suffers from a remote SQL injection vulnerability. ================================================================================================================================== | Title : bloodbank cms v1.0 sql injection vulnerability | | Author : indoushka | | Teste...
📄 Casdoor 3.54.1 Arbitrary File Write / Shell Upload
This Python3 script exploits a path traversal flaw in Casdoor version 3.54.1 that allows an authenticated attacker to write files anywhere on the server via a misconfigured storage provider. If written to an executable location, a shell can be minted...
📄 AnyDesk 9.7.5 Unquoted Service Path
AnyDesk version 9.7.5 unquoted service path privilege escalation to SYSTEM exploit. ================================================================================================================================== | Title : AnyDesk v9.7.5 Unquoted Service Path Privilege Escalation to SYSTEM | |...
📄 HotelDruid 3.0.x Credential Exposure / Stress Tester
Proof of concept denial of service and credential disclosure exploit for HotelDruid versions 3.0.0 and 3.0.7. ================================================================================================================================== | Title : HotelDruid 3.0.x Credential Exposure & Stress...
📄 nginx 1.27.4 Insecure TLS Session Reuse / SSL Certificate Validation Bypass
Proof of concept exploit for nginx version 1.27.4 that demonstrates insecure TLS session reuse leading to certification validation bypass. ================================================================================================================================== | Title : nginx 1.27.4...
📄 BookStack Denial of Service
This Metasploit auxiliary module targets a denial of service vulnerability in BookStack versions prior to 25.12.1 by abusing the search system. ================================================================================================================================== | Title : BookStack...
📄 Apache Flink Kubernetes Operator 1.14.0 Server-Side Request Forgery
This ia proof of concept Metasploit module for the Apache Flink Kubernetes Operator version 1.14.0 server-side request forgery vulnerability that also provides metadata extraction...
📄 Casdoor 3.54.1 Path Traversal / Arbitrary File Write
This Metasploit module exploits a path traversal vulnerability in the storage provider management component of Casdoor versions prior to 3.54.1. By creating a Local File System provider with a manipulated pathPrefix, an authenticated administrator can bypass the storage sandbox to write, overwrit...
📄 Wertheim SafeController Software for VAULT ROOMS Traversal / Bypass / Broken Controls
Wertheim SafeController Software for VAULT ROOMS with AssemblyVersion 6.15.8328.28014 suffer from violation of least privilege, broken websocket authorization, broken access control, IP restriction bypass, path traversal, upload restriction bypass, unauthenticated access, hardcoded secret,...
📄 Apache 2.4.66 HTTP/2 mod_http2 Double-Free Denial of Service
This script is a multi-mode security tool that triggers a denial of service against Apache HTTP Server version 2.4.66 related to a double-free condition in HTTP/2 handling...
📄 Xerte Online Toolkits 3.15 Shell Upload
This Metasploit module bypasses authentication failure, extension blacklist, and path traversal vulnerabilities in the /editor/elfinder/php/connector.php endpoint to upload and execute a shell in Xerte Online Toolkits versions 3.15 commit 4e40f8030a2e3267267db7ce03e0ff57270be6f5 as there are no...
📄 YAMCS 5.12.6 LdapAuthModule LDAP Injection / Authentication Bypass
This Metasploit module exploits an LDAP injection vulnerability in the YAMCS LdapAuthModule. The username parameter is inserted directly into LDAP search filters without RFC 4515 escaping, allowing an attacker to bypass authentication. By crafting a malicious username containing LDAP special...
📄 Apache Flink Kubernetes Operator 1.14.0 Server-Side Request Forgery
This is a Metasploit auxiliary module to demonstrate a service-side request forgery vulnerability in Apache Flink Kubernetes Operator version 1.14.0. ================================================================================================================================== | Title : Apache...
📄 Waves Central 16.6.0 Local Privilege Escalation
Waves Central versions 13.0.8 through 16.6.0 suffer from multiple local privilege escalation vulnerabilities. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Local Privilege Escalation Vulnerabilities product:...
📄 BookStack Denial of Service
This Python3 script demonstrates a denial of service condition against a BookStack search endpoint by generating extremely large search queries and sending them with high levels of concurrency. Versions prior to 25.12.1 are affected...
📄 Google Chrome V8 Type Confusion
This Metasploit module exploits a type confusion vulnerability in Google Chrome's V8 JavaScript engine versions prior to 149.0.7827.103. The vulnerability is triggered by a specific pattern that causes type confusion between internal V8 objects, leading to out-of-bounds memory access. Successful...
📄 Google Chrome V8 Type Confusion
This JavaScript exploit targets a type confusion vulnerability in the V8 engine of Google Chrome versions prior to 149.0.7827.103. It runs inside the browser and attempts to trigger a JIT optimization flaw using repeated object construction patterns...
📄 FreeType SHZ 2.14.3 Heap Buffer Overflow
This Python proof of concept framework is designed for security research into a reported heap buffer overflow condition affecting the FreeType TrueType bytecode interpreter. The code constructs specially crafted font structures intended to exercise the SHZ instruction path, generates malformed...
📄 FreePBX SQL Injection / Shell Upload / Remote Root
This Python3 script exploits a remote SQL injection vulnerability in FreePBX and adds a remote shell that achieves root privileges. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3...
📄 InnoShop 0.8.2 File Manager File Deletion / Path Traversal
This Metasploit module exploits a path traversal vulnerability in the InnoShop version 0.8.2's File Manager API. The destroyFiles endpoint does not properly validate file paths, allowing an authenticated administrator to escape the intended media/storage sandbox using ../ sequences...
📄 FreeType Font Rendering Overflow Test Harness / Crash Detection
This C program is a testing harness built around the FreeType font rendering library to detect potential memory corruption issues such as heap buffer overflows when loading malicious or malformed TrueType font files...
📄 Netis N5VN AC1200 1.0.1.1742 Buffer Overflow / Denial of Service
A buffer overflow vulnerability in the Netis N5VN AC1200 router allows an attacker to crash the web server by sending a crafted request. Version 1.0.1.1742 is affected. Exploit Title: Netis N5VN AC1200 - Buffer Overflow DOS Denial of Service Application: Netis N5VN AC1200 Router Version:...
📄 HTTP/2 Multi-Server HPACK Exhaustion
This code implements a multi-target HTTP/2 resource exhaustion framework designed to stress or overwhelm server implementations through protocol-level amplification techniques. It includes server-specific payload generation for multiple platforms, automated connection orchestration, stream scalin...
📄 Paperclip AI Remote Code Execution
Paperclip is the operating system for your AI company. You set the goals, hire AI agents as employees, and watch them plan and execute work. Prior to version 2026.410.0, Paperclip allows for unauthenticated remote code execution on any network-accessible instance running in authenticated mode wit...
📄 AnyDesk 9.7.5 Unquoted Service Path
AnyDesk version 9.7.5 suffers from an unquoted service path vulnerability. Exploit Title: AnyDesk v9.7.5 - Unquoted Service Path Date: 2026-06-06 Exploit Author: Milad Karimi Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor Homepage: http://anydesk.com...
📄 Palo Alto GlobalProtect Authentication Bypass
This Metasploit module exploits an authentication bypass vulnerability in Palo Alto Networks PAN-OS GlobalProtect portal and gateway components. The vulnerability stems from CWE-565: Reliance on Cookies without Validation and Integrity Checking. An unauthenticated remote attacker can forge...
📄 BIRD 2.18 Stack Buffer Overflow / Denial of Service Scanner
This Metasploit auxiliary module is designed to assess a vulnerability in the BGP implementation of the BIRD Internet Routing Daemon. The module establishes a BGP session with a target router, performs standard protocol negotiation, and then sends a specially crafted BGP UPDATE message containing...
📄 WordPress Gravity Forms 2.10.0.1 File Deletion / Path Traversal
This Metasploit module exploits a vulnerability in the Gravity Forms WordPress plugin versions 2.10.0.1 and below where file URLs stored in form entries are not properly validated. An attacker can inject a crafted entry containing path traversal sequences ../ to reference files outside the intend...
📄 FortiSandbox 4.4.7 Authentication Bypass / Command Injection
This Metasploit auxiliary scanner module is designed to collect system and environment information from vulnerable FortiSandbox instances by leveraging two disclosed vulnerabilities: an authentication bypass and a command injection flaw. The module supports multiple collection modes, including...
📄 Check Point VPN IKE Logic Flaw
This is a Python script attempting to exploit a vulnerability in Check Point VPN by sending a malformed IKESAINIT packet to UDP port 500, detecting whether the target responds as an indicator of exploitability, then executing a MITM attack to intercept IKE packets between a victim and a VPN...
📄 Gogs 0.14.2 Argument Injection
Proof of concept exploit for an argument injection vulnerability in Gogs versions 0.14.2 and below and versions 0.15.0+dev and below. ================================================================================================================================== | Title : Gogs Git Rebase Argume...
📄 FIFOFox: Windows Named-Pipe Weak Permission and Access Control Validation
This C-based framework analyzes Windows named pipes for insecure permission configurations and weak access controls that could introduce privilege boundary issues. The code collects metadata about target pipes, inspects security descriptors and DACL configurations, checks for potentially unsafe...
📄 Drupal core 10.5.5 JSON:API PostgreSQL Error-Based SQL Injection
This code demonstrates a research-oriented implementation targeting a reported SQL injection condition in Drupal JSON:API endpoints backed by PostgreSQL. ================================================================================================================================== | Title :...
📄 MEmu Android Emulator 9.2.7.0 Privilege Escalation
MEmu Android Emulator version 9.2.7.0 suffers from a local privilege escalation vulnerability via insecure permissions. CVE-2026-36213 CVE-2026-36213 | Local Privilege Escalation in MEmu Android Emulator 9.2.7.0 via Insecure Service Binary Permissions | Patched in 9.3.2 CVE-2026-36213 — MEmu...
📄 Craft CMS 5.9.5 Missing Authorization / Authentication Bypass
This script is an assessment and exploitation framework targeting a missing authorization vulnerability in affected versions of Craft CMS that may permit unauthorized access to privileged migration functionality. Versions 5.9.5 and below are affected...
📄 Chatwoot 4.11.1 SQL Injection
This Metasploit module targets an authenticated SQL injection vulnerability in the conversation filtering functionality of Chatwoot instances up to version 4.11.1. ================================================================================================================================== |...
📄 IO-Compress 2.219 Eval Injection
An eval injection vulnerability in File::GlobMapper::getFiles allows any attacker who can control the output fileglob argument passed to IO::Compress::Gzip::gzip, IO::Compress::Zip::zip, or any sibling function to execute arbitrary Perl code in the context of the running process. Summary An eval...