50738 matches found
📄 macOS 10.12.2 XNU Kernel Privilege Escalation
This proof of concept targets a race‑condition vulnerability in the XNU kernel affecting macOS/iOS. By forcing a use‑after‑free condition on kernel ports, the exploit manipulates freed memory through a controlled spray, allowing a user‑controlled replacement object. Successful exploitation yields...
📄 Litespeed Cache 6.4.0.1 Privilege Escalation
WordPress Litespeed Cache plugin version 6.4.0.1 allows attackers to brute-force authentication hashes and create administrative users without any initial credentials...
📄 LINQPad 5.48.00 Insecure Deserialization
LINQPad versions up to 5.48.00 contain an insecure deserialization vulnerability in the paid version of the software that allows attackers to achieve persistent remote code execution by manipulating cache files containing serialized .NET objects. The vulnerability exists in the AutoRefCache...
📄 MagnusBilling 6 Server-Side Request Forgery / Path Traversal
Proof of concept exploit for MagnusBilling 6 vulnerabilities including server-side request forgery, path traversal, and cryptographic weaknesses. ============================================================================================================================================= | Title :...
📄 HP ProCurve SNAC Domain Controller Shell Upload
This proof of concept exploits a PHP code injection vulnerability in the HP ProCurve SNAC Domain Controller. ============================================================================================================================================= | Title : HP ProCurve SNAC Domain Controller P...
📄 Textpattern 4.9.0 Cross Site Scripting
Textpattern CMS version 4.9.0 contains a persistent cross site scripting vulnerability in the administrative interface. The vulnerability allows authenticated attackers with administrative privileges to inject malicious JavaScript payloads into site preferences under the Site URL field, which is...
📄 Institute Admission Software 2.5 SQL Injection
Institute Admission Software version 2.5 suffers from a remote SQL injection vulnerability. ============================================================================================================================================= | Title : Institute Admission Software 2.5 SQL INjection...
📄 Backdoor.Win32.Poison.jh MVID-2025-0704 Insecure Permissions
Backdoor.Win32.Poison.jh malware creates the directory 28463 under C:\Windows\SysWOW64, granting Full F permissions to the Everyone user group. This allows any local user to modify or replace any dropped files, enabling trivial malware disruption or execution hijacking. This reflects poor...
📄 HP ProCurve 4.00 Credential Disclosure
Proof of concept code that performs a credential dumping attack against vulnerable HP ProCurve SNAC systems. ============================================================================================================================================= | Title : HP ProCurve 4.00 Credential Dumping...
📄 Backdoor.Win32.Netbus.170 MVID-2025-0703 Insecure Credential Storage
Backdoor.Win32.Netbus.170 malware listens on TCP ports 12632 and 12631. The backdoor server password "ecoli" is stored in cleartext in an .INI textfile, stored under "C:\Windows" having the same name as the malware. Third party attackers who have knowledge of the password can login and issue...
📄 PKP-WAL 3.5.0-3 X-Forwarded-Host LESS Code Injection
PKP-WAL versions 3.5.0-3 and below suffer from a LESS X-Forwarded-Host related code injection vulnerability. ----------------------------------------------------------------------- PKP-WAL getBaseUrl method, can be manipulated by unauthenticated attackers through the X-Forwarded-Host HTTP header,...
📄 GALAYOU G2 IP Camera Authentication Bypass
A critical authentication bypass vulnerability exists in the RTSP service of the GALAYOU G2 IP camera. The device exposes multiple RTSP stream endpoints that can be accessed without valid credentials, even when authentication is enabled...
📄 Open Journal Systems 3.5.0-1 Path Traversal
Open Journal Systems versions 3.5.0-1 and below suffer from a path traversal vulnerability in NativeXmlIssueGalleyFilter.php. --------------------------------------------------------------------------------------------- Open Journal Systems issuegalleys - issuegalley - issuefile - filename tag of...
📄 PKP-WAL 3.5.0-1 SQL Injection
PKP-WAL versions 3.5.0-1 and below suffer from a remote SQL injection vulnerability in the Institution Collector. ---------------------------------------------------------------------- PKP-WAL = 3.5.0-1 Institution Collector SQL Injection Vulnerability...
📄 Crafty Controller 4.6.1 Remote Code Execution / Server-Side Template Injection
Crafty Controller version 4.6.1 allows authenticated remote attackers to execute arbitrary system commands on the target server through server-side template injection the webhook configuration feature...
📄 PKP-WAL 3.5.0-1 Cross Site Request Forgery
PKP-WAL versions 3.5.0-1 and below suffer from a cross site request forgery vulnerability. ----------------------------------------------------------------- PKP-WAL = 3.5.0-1 Login Cross-Site Request Forgery Vulnerability ----------------------------------------------------------------- - Softwar...
📄 PKP-WAL 3.5.0-1 baseColour LESS Code Injection
PKP-WAL versions 3.5.0-1 and below suffer from a LESS baseColour related code injection vulnerability. ----------------------------------------------------------------- PKP-WAL = 3.5.0-1 baseColour LESS Code Injection Vulnerability -----------------------------------------------------------------...
📄 Apache mod_ssl TLS 1.3 Client Certificate Authentication Bypass
Apache modssl TLS 1.3 client certificate authentication bypass proof of concept exploit. ============================================================================================================================================= | Title : Apache modssl TLS 1.3 Client Certificate Authentication...
📄 Adobe DNG SDK 1.5 Remote Delivery Integer Overflow
This exploit demonstrates practical real-world exploitation scenarios of the Adobe DNG SDK integer overflow vulnerability CVE-2025-64783 through third-party applications and network-based delivery mechanisms. Version 1.5 is affected...
📄 Adobe DNG SDK 1.5 DNG File Integer Overflow
A critical integer overflow vulnerability exists in Adobe DNG SDK version 1.5 during the parsing of crafted DNG files. The flaw occurs in the handling of OpcodeList processing, specifically within the ScalePerColumn opcode, where insufficient validation of signed and unsigned integer values leads...
📄 Adobe DNG SDK Missing Validation Out-Of-Bounds Read
An out of bounds read vulnerability exists in Adobe DNG SDK versions prior to 1.7.1.2410 due to improper handling of raw images containing exactly two color planes fSrcPlanes = 2. The flaw occurs during image rendering when the SDK assumes a four-plane layout and reads memory beyond the allocated...
📄 Adobe DNG SDK RefBaselineABCDtoRGB Out-Of-Bounds Read
This report details the creation of a specification-compliant, engineering-grade proof of concept file that reliably triggers the out-of-bounds read vulnerability documented as CVE-2025-64893 in Adobe DNG SDK versions 1.7.1 and below...
📄 IGEL OS Workspace Edition 11.10.430 Privilege Escalation
IGEL OS Workspace Edition version 11.10.430 suffers from a privilege escalation vulnerability. This vulnerability demonstrates how architectural trust in custom configuration frameworks can be abused to establish long-term persistence, even on systems designed to be non-persistent and hardened by...
📄 HPE OneView Unauthenticated Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability against Hewlett Packard Enterprise HPE OneView. All versions below 11.00 are vulnerable so long as the vendor supplied hotfix has not been applied, however some VM product versions do not enable the vulnerable...
📄 FortiWeb Fabric Connector 7.6.x SQL Injection / Remote Code Execution
This proof of concept exploit demonstrates a pre-authentication remote SQL injection vulnerability in Fortinet FortiWeb Fabric Connector versions 7.0 through 7.6.x. The flaw allows unauthenticated attackers to achieve remote code execution through malicious SQL queries in the Authorization header...
📄 Adobe DNG SDK 1.5 Integer Overflow / Local Crash
This proof of concept exploit demonstrates a local crash condition caused by an integer overflow vulnerability in the Adobe DNG SDK versions 1.5 through 1.7.0. The provided Bash script dynamically generates a malformed DNG image file containing a crafted opcode list that abuses the ScalePerColumn...
📄 Adobe DNG SDK RefBaselineABCDtoRGB Out-Of-Bounds Read / Information Disclosure
This work presents a technical, research‑grade proof of concept demonstrating CVE‑2025‑64893, an out of bounds read vulnerability in Adobe DNG SDK versions prior to 1.7.1.2410. The vulnerability is caused by a logic flaw in the rendering pipeline where a crafted but specification‑compliant DNG fi...
📄 Adobe DNG SDK Linearize Out-Of-Bounds Read
A memory safety vulnerability exists in Adobe DNG SDK versions prior to 1.7.1.2410 that affects the Linearize image processing routine. When handling trimmed source images, the function erroneously performs operations using full image dimensions, resulting in an out‑of‑bounds read condition. This...
📄 Adobe DNG SDK RefBaselineABCDtoRGB Out-Of-Bounds Read / Information Disclosure
This work presents a technical, research‑grade proof of concept demonstrating CVE‑2025‑64893, an out of bounds read vulnerability in Adobe DNG SDK versions prior to 1.7.1.2410. The vulnerability is caused by a logic flaw in the rendering pipeline where a crafted but specification‑compliant DNG fi...
📄 Headlamp 0.38.0 Unauthenticated Cached Credentials Access
Proof of concept exploit for a flaw in Headlamp Kubernetes dashboard versions 0.38.0 and below that allows unauthenticated users to access sensitive Helm release data, including secrets, tokens, and passwords, due to improper server-side caching...
📄 Adobe DNG SDK Missing Validation Heap Buffer Overflow
A heap buffer overflow vulnerability exists in Adobe's DNG SDK versions 1.7.1 and below due to improper handling of raw images with two color planes fSrcPlanes = 2...
📄 Assistive Technologies Persistence
This Metasploit module achieves persistence by registering a custom Assistive Technology AT in the Windows registry. Then it configures the system to launch the AT executable during user logon or desktop switch such as with an admin privileged program. Requires Windows 8 or higher and...
📄 Adobe DNG SDK 1.5 Web Upload Integer Overflow
Adobe DNG SDK versions 1.5 through 1.7.0 can have an integer overflow triggered via a web upload. If the backend processes the uploaded file with a vulnerable version of the DNG SDK, the malformed opcode data may result in an application crash or unexpected behavior...
📄 HEUR.Backdoor.Win32.Poison.gen MVID-2025-0701 DLL Hijacking
HEUR.Backdoor.Win32.Poison.gen malware looks for and executes a x32-bit "WININET.dll" PE file in its current directory. Therefore, we can hijack the DLL and execute our own c ode to intercept and terminate the malware. It is suggested that RansomLordNG be leveraged for this purpose. Discovery /...
📄 Adobe DNG SDK Image Processing Logic
Proof of concept exploit that demonstrates a heap out-of-bounds read / write leading to memory corruption and potential code execution in the Image Processing Logic of Adobe DNG SDK versions prior to 1.7.1.2410...
📄 Backdoor.Win32.ControlTotal.t MVID-2025-0702 Insecure Credential Storage
Backdoor.Win32.ControlTotal.t malware listens on TCP port 2032 and requires authentication. The password "jdf4df4vdf" is stored in cleartext within the PE file. Discovery / credits: Malvuln John Page aka hyp3rlinx c 2025 Original source:...
📄 Pi-hole 5.18.3 Remote Code Execution
This PHP script is an authenticated remote code execution exploit targeting Pi-hole's web admin interface. It requires valid administrator credentials to log in, obtains a CSRF token, and abuses the adlist management feature by injecting a crafted gopher:// URL. The payload forces the server to...
📄 LibreNMS 24.9.1 Code Injection
LibreNMS version 24.9.1 suffers from a remote command execution vulnerability. ============================================================================================================================================= | Title : LibreNMS 24.9.1 PHP Code Injection Vulnerability | | Author :...
📄 libtransmission 2.93 Integer Overflow
libtransmission versions 2.93 and below suffer from multiple integer overflows. A remote attacker could create a specially crafted .torrent file which may be small when compressed that exploits these overflows when a victim loads it via Transmission or its command-line interface transmission-cli...
📄 Cisco ISE API 3.2 Command Injection
Proof of concept exploit for a command injection vulnerability in Cisco ISE API version 3.2. ============================================================================================================================================= | Title : Cisco ISE API 3.2 command injection Exploits | |...
📄 Institute Admission Software 2.5 Shell Upload
Institute Admission Software version 2.5 fails to properly validate and restrict uploaded files in the gallery upload functionality within the admin panel. =============================================================================================================================================...
📄 Lepton CMS 7.4.0 Cross Site Scripting / Code Execution
Lepton CMS version 7.4.0 has a vulnerability which allows for a persistent cross site scripting payload to escalate into PHP execution through the droplet engine...
📄 WordPress ACF 0.9.1.1 Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Advanced Custom Fields: Extended ACF Extended WordPress plugin versions 0.9.0.5 through 0.9.1.1. The vulnerability exists in the prepareform function of the acfemoduleformfrontrender class, which accepts...
📄 Dahua TPC-AEBF5201 P2P Camera ToolsComplete Security Analysis Suite
This PHP proof-of-concept provides defensive tooling to analyze DH-P2P / Easy4IP behaviors observed during DFIR activities. It includes routines to decrypt Account1SecEData, derive device-specific cryptographic keys, and reproduce authentication code generation logic. The project is intended to...
📄 Kalmia CMS 0.2.0 User Enumeration
Proof of concept exploit that demonstrates a user enumeration vulnerability via the JWT authentication API on Kalmia CMS version 0.2.0. ============================================================================================================================================= | Title : Kalmia CM...
📄 Xiongmai XM530 IP Camera ONVIF Complete Authentication Bypass
There is a complete authentication bypass in the ONVIF implementation of Xiongmai XM530-series IP cameras that allows unauthenticated remote access to sensitive device information, configuration, and video streams. CVE-2025-65856 Xiongmai XM530 IP Camera ONVIF Complete Authentication Bypass ---...
📄 JSONPath Plus Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in JSONPath Plus library versions prior to 10.3.0 The vulnerability allows arbitrary JavaScript code execution through malicious JSONPath expressions...
📄 Xiongmai XM530 IP Camera Hardcoded RTSP Credential Exposure
The GetStreamUri ONVIF endpoint in Xiongmai XM530-series IP cameras exposes RTSP URIs containing hardcoded credentials, enabling direct unauthorized access to live video streams. CVE-2025-65857 Xiongmai XM530 IP Camera Hardcoded RTSP Credentials Exposure --- Summary The GetStreamUri ONVIF endpoin...
📄 C‑Bitrix 25.100.500 Translate Module Arbitrary File Upload
C‑Bitrix version 25.100.500 proof of concept exploit that demonstrates an arbitrary file upload vulnerability in the translate module. ============================================================================================================================================= | Title : C‑Bitrix...
📄 AVAST Antivirus 25.11 Unquoted Service Path
AVAST Antivirus version 25.11 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with...