50630 matches found
📄 openSIS Community Edition 8.0 SQL Injection
openSIS Community Edition version 8.0 suffers from a remote SQL injection vulnerability. Exploit Title: openSIS Community Edition 8.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/OS4ED/openSIS-Classic Software Link:...
📄 PluckCMS 4.7.10 Arbitrary File Upload
PluckCMS version 4.7.10 suffers from an arbitrary file upload vulnerability. Exploit Title: PluckCMS 4.7.10 - Unrestricted File Upload Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/pluck-cms/pluck/ Software Link: https://github.com/pluck-cms/pluck/ Version: 4.7.1...
📄 Microsoft Windows 11 Build 10.0.22631.6199 Registry Vulnerability Testing Tool
This is a C/C++ proof-of-concept PoC program designed to test for a specific vulnerability within the Windows Registry handling mechanism, often related to key duplication or improper permission checks during certain API calls like RegCopyTreeW...
📄 MobileDetect 2.8.31 Cross Site Scripting
MobileDetect version 2.8.31 suffers from a cross site scripting vulnerability. Exploit Title: MobileDetect 2.8.31 - Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/serbanghita/Mobile-Detect/ Software Link:...
📄 OpenRepeater 2.1 Command Injection
OpenRepeater version 2.1 suffers from a command injection vulnerability. Exploit Title: OpenRepeater 2.1 - OS Command Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/OpenRepeater/openrepeater Software Link: https://github.com/OpenRepeater/openrepeater...
📄 YOURLS 1.8.2 Cross Site Request Forgery
YOURLS version 1.8.2 suffers from a cross site request forgery vulnerability. Exploit Title: YOURLS 1.8.2 - Cross-Site Request Forgery CSRF Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/yourls/yourls/ Software Link: https://github.com/yourls/yourls/ Version: 1.8....
📄 RosarioSIS 6.7.2 Cross Site Scripting
RosarioSIS version 6.7.2 suffers from multiple cross site scripting vulnerabilities. Exploit Title: RosarioSIS 6.7.2 - Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://gitlab.com/francoisjacquet/rosariosis Software Link:...
📄 Piwigo 13.6.0 SQL Injection
Piwigo version 13.6.0 suffers from a remote SQL injection vulnerability. Exploit Title: Piwigo 13.6.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/Piwigo/Piwigo Software Link: https://github.com/Piwigo/Piwigo Version: 13.6.0 Tested on: Windows CV...
📄 Microsoft Windows 11 Build 10.0.22631.6199 UAC Bypass
Microsoft Windows 11 build 10.0.22631.6199 proof of concept exploit for a UAC bypass vulnerability achieved via DLL injection Windows Hooking. ============================================================================================================================================= | Title :...
📄 AI Plugins 1.10.9 Shell Upload
This Metasploit module exploits unauthenticated arbitrary file upload vulnerabilities in multiple WordPress AI plugins including Cibeles AI, AI Feeds, and AI Buddy. The vulnerabilities allow attackers to upload PHP webshells via GitHub integration functionality...
📄 Microsoft Windows 11 Build 10.0.22631.6199 Advanced Admin Protection Bypass
This enhanced proof of concept exploit demonstrates an advanced method for bypassing Windows Administrator Protection by manipulating registry hives using both WinAPI and NTAPI. The code implements safe smart‑pointer wrappers for handles, secure SID management, deep registry enumeration, privileg...
📄 Cleo LexiCom VLTrader Harmony 5.8.0.23 Unauthenticated Arbitrary File Write
Cleo LexiCom, VLTrader, and Harmony file transfer solutions versions 5.8.0.23 and below contain an unauthenticated remote code execution vulnerability that allows attackers to write arbitrary files to the system and execute commands through the software's autorun functionality. The vulnerability...
📄 phpIPAM 1.5.1 SQL Injection
phpIPAM version 1.5.1 suffers from a remote SQL injection vulnerability. Exploit Title: phpIPAM 1.5.1 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam/ Software Link: https://github.com/phpipam/phpipam/ Version: 1.5.1 Tested on: Windo...
📄 phpMyFAQ 3.1.7 Cross Site Scripting
phpMyFAQ version 3.1.7 suffers from a cross site scripting vulnerability. This one is similar to the finding posted in April of this year but is an older issue identified in 2022. Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor...
📄 phpIPAM 1.4 SQL Injection
phpIPAM version 1.4 suffers from a remote SQL injection vulnerability in order.php. This version is also known to suffer from other vectors of attack for the same issue. Exploit Title: phpIPAM 1.4 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage:...
📄 Microsoft Windows 11 build 10.0.22631.6199 Privilege Escalation
Microsoft Windows 11 build 10.0.22631.6199 proof of concept tool that implements a notorious local privilege escalation technique on Windows. The code implements a task scheduler/DLL sideloading attack to achieve UAC bypass / privilege escalation by forcing the trusted SilentCleanup task to load...
📄 phpMyAdmin 5.0.0 SQL Injection
phpMyAdmin version 5.0.0 suffers from a remote SQL injection vulnerability. Exploit Title: phpMyAdmin 5.0.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpmyadmin/phpmyadmin/ Software Link: https://github.com/phpmyadmin/phpmyadmin/ Version: 5.0....
📄 Adobe DNG SDK 1.4 Out-Of-Bounds Read
A vulnerability exists in Adobe DNG SDK the fork used by Android due to improper validation of the fAreaSpec fields inside the dngopcodeDeltaPerRow::ProcessArea function. If an attacker supplies a crafted DNG file with an empty or malformed fAreaSpec, the SDK performs arithmetic that results in...
📄 phpIPAM 1.6 Cross Site Scripting
phpIPAM version 1.6 suffers from multiple cross site scripting vulnerabilities. Exploit Title: phpIPAM 1.6 - Reflected Cross-Site Scripting XSS Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam/ Software Link: https://github.com/phpipam/phpipam/...
📄 Microsoft Windows 11 build 10.0.22631.6199 Dual-Path Privilege Escalation
Proof of concept exploit for a Microsoft Windows 11 build 10.0.22631.6199 dual-path elevation of privilege vulnerability in undocumented RPC and debugging objects...
📄 macOS Sonoma 14.5 Denial of Service
macOS Sonoma version 14.5 has a vulnerability in the AV1Syntax::ParseHeader function that can allow for a kernel crash. ============================================================================================================================================= | Title : macOS Sonoma 14.5 potenti...
📄 Microsoft Windows 10 Famille 10.0.19045.5487 DLL Hijacking
Microsoft Windows 10 Famille version 10.0.19045.5487 suffers from a DLL hijacking vulnerability that enables privilege escalation. ============================================================================================================================================= | Title : Microsoft...
📄 Language Sloth Directory Traversal
The Language Sloth Discord bot has been found susceptible to a directory traversal vulnerability. CVE-2025-65321 The Language Sloth Discord bot is vulnerable to Directory Traversal in the gif and png functions. The functions build file paths using unsanitized user input for the 'name' parameter,...
📄 Microsoft PowerPoint 2019 Use-After-Free
This Metasploit module exploits a use-after-free vulnerability in Microsoft PowerPoint that allows remote code execution when a user opens a specially crafted PPTX file. The vulnerability is triggered through manipulated shape objects in the PowerPoint presentation...
📄 libxml2 2.9.14 (2022) Heap Buffer Overflow
libxml2 version 2.9.14 2022 proof of concept exploit for a heap buffer overflow in the xmlRegEpxFromParse function in xmlregexp.c. ============================================================================================================================================= | Title : libxml2 2.9.14...
📄 Android 13 Quram DNG Codec Memory Corruption
An out-of-bounds read/write vulnerability in Samsung's Quram image codec library libimagecodec.quram.so is triggered when the library processes a maliciously crafted image file, causing memory access outside the intended buffer boundaries...
📄 Microsoft Windows 10 Famille 10.0.19045.5487 Privilege Escalation
Microsoft Windows 10 Famille version 10.0.19045.5487 suffers from a parent PID spoofing privilege escalation vulnerability. ============================================================================================================================================= | Title : Microsoft Windows 10...
📄 PX4 Military UAV Autopilot 1.12.3 Denial of Service
This proof of concept exploits a stack-based buffer overflow vulnerability in PX4 Military UAV Autopilot versions up to 1.12.3, allowing an attacker to send a poorly formatted MAVLink message that causes a denial of service condition...
📄 WhatsApp Android Contact Gating Bypass
WhatsApp Android has a contact gating bypass in groups that leads to interaction-less media download. Background To prevent security issues and spam, WhatsApp for Android requires some form of user interaction to automatically download files from non-contacts: a. After adding someone as a contact...
📄 libxslt Key Data Storage 1.1.38 Use-After-Free / Memory Corruption
libxslt Key Data Storage version 1.1.38 suffers from an improper handling of Result Value Trees RVTs when evaluating XSLT keys that can result in memory corruption...
📄 Microsoft SharePoint Server ToolPane Authentication Bypass / Unsafe Deserialization
Proof of concept exploit for Microsoft SharePoint server that chains authentication bypass with unsafe deserialization to achieve complete system compromise without authentication...
📄 Microsoft Windows 10 Famille 10.0.19045.5487 (rundll32) Privilege Escalation
Microsoft Windows 10 Famille version 10.0.19045.5487 suffers from a rundll32 related privilege escalation vulnerability. ============================================================================================================================================= | Title : Microsoft Windows 10...
📄 macOS 18.3.2 Kernel Privilege Escalation
macOS version 18.3.2 proof of concept exploit for an old kernel related privilege escalation vulnerability. A critical memory management vulnerability exists within the macOS XNU kernel's handling of the VMBEHAVIORZEROWIREDPAGES behavior flag. The issue arises from improper sequence validation wh...
📄 LG Simple Editor 3.21.0 Remote Command Injection
LG Simple Editor version 3.21.0 proof of concept remote command injection exploit. ============================================================================================================================================= | Title : LG Simple Editor 3.21.0 PHP Code Injection Vulnerability | |...
📄 Exclusive Addons for Elementor 2.6.9 Cross Site Scripting
Exclusive Addons for Elementor versions 2.6.9 and below proof of concept that demonstrates a stored cross site scripting vulnerability. ============================================================================================================================================= | Title : Exclusive...
📄 Commvault CLI 11.36.60 Remote Code Execution
Proof of concept exploit for the Commvault CLI version 11.36.60 remote code execution vulnerability. ============================================================================================================================================= | Title : Commvault CLI 11.36.60 RCE PHP Implementatio...
📄 Fortra FileCatalyst Workflow 5.1.6 Build 135 SQL Injection
Fortra FileCatalyst Workflow version 5.1.6 Build 135 remote SQL injection proof of concept exploit. ============================================================================================================================================= | Title : Fortra FileCatalyst Workflow v5.1.6 Build 135...
📄 GuppY CMS 6.00.10 Shell Upload
Proof of concept exploit demonstrating a remote shell upload vulnerability in GuppY CMS version 6.00.10. ============================================================================================================================================= | Title : GuppY CMS 6.00.10 php Code Execution...
📄 WinRAR 6.22 Malicious ZIP Creation
This Metasploit module exploits a logical flaw in WinRAR versions before 6.23. The vulnerability allows attackers to create specially crafted ZIP archives that, when opened, execute arbitrary code by exploiting the file extraction logic when a user double-clicks on a file within the archive that...
📄 CodeIgniter CMS 4.2.0 SQL Injection
Proof of concept exploit for the CodeIgniter CMS version 4.2.0 remote SQL injection vulnerability. ============================================================================================================================================= | Title : CodeIgniter CMS 4.2.0 SQL Injection Exploit | ...
📄 FreePBX 17.0.3 SQL Injection
FreePBX version 17.0.3 proof of concept unauthenticated remote SQL injection exploit that leverages ajax.php. ============================================================================================================================================= | Title : FreePBX 17.0.3 Unauthenticated SQL...
📄 Microsoft Windows 10.0.17763.5458 Kernel IOCTL Access Control
Microsoft Windows version 10.0.17763.5458 Kernel IOCTL access control proof of concept Metasploit module. ============================================================================================================================================= | Title : Windows 10.0.17763.5458 Kernel IOCTL...
📄 Wing FTP Server 8.0.7 Remote Code Execution
A NULL-byte truncation vulnerability in Wing FTP Server allows bypassing an authentication prefix check, allowing the payload to reach Lua execution contexts. Version 8.0.7 is affected...
📄 Monsta FTP DownloadFile Remote Code Execution
This Metasploit module exploits a pre-authenticated remote code execution vulnerability in Monsta FTP versions prior to 2.11.3. The vulnerability exists in the downloadFile action which allows an attacker to connect to a malicious FTP or SFTP server and download arbitrary files to arbitrary...
📄 FortiWeb 8.0.1 Authentication Bypass
A critical authentication bypass vulnerability exists in FortiWeb web application firewalls that allows unauthenticated attackers to create administrative users via path traversal in the API endpoint. Version 8.0.1 is affected...
📄 Laravel 11 Cross Site Scripting Scanner
This is a script to scan Laravel version 11 instances to identify known cross site scripting vulnerabilities. ============================================================================================================================================= | Title : Laravel v11 XSS Vulnerability Scann...
📄 Notepad++ 8.8.7 DLL Hijacking
Notepad++ version 8.8.7 DLL hijacking proof of concept exploit. ============================================================================================================================================= | Title : Notepad++ 8.8.7 Unsafe Plugin Persistence AutoLoad | | Author : indoushka | |...
📄 Check Point Security Gateway R80.30 Arbitrary File Read
Proof of concept exploit for an unauthenticated arbitrary file read vulnerability in Check Point Security Gateway version R80.30. ============================================================================================================================================= | Title : Check Point...
📄 Cisco ISE API 3.0 Command Injection
Proof of concept exploit for a command injection vulnerability in Cisco ISE API version 3.0. ============================================================================================================================================= | Title : Cisco ISE API 3.0 command injection Exploits | |...
📄 Microsoft Windows 10 21H2 / 22H2 Kernel Race Condition / Privilege Escalation
Proof of concept exploit for a kernel race condition in Microsoft Windows 10 versions 21H2 and 22H2. Combined with a double-free memory corrupt issue, it allows for privilege escalation...