📄 HP Intelligent Management 5.1 E0201 Account Creation

Proof of concept for an old bypass vulnerability in HP Intelligent Management version 5.1 E0201 that allows for account creation. ============================================================================================================================================= | Title : HP Intelligent...

📄 sudo 1.9.17 Local Privilege Escalation

sudo version 1.9.17 local privilege escalation proof of concept exploit that leverages NSS module loading. ============================================================================================================================================= | Title : sudo 1.9.17 local Privilege Escalation...

📄 Flowise 3.0.4 Code Injection

Flowise versions 3.0.4 and below suffer from a remote command injection vulnerability. ============================================================================================================================================= | Title : Flowise 3.0.4 php code injection | | Author : indoushka | ...

📄 7-Zip 25.00 Zip Slip Directory Traversal

7-Zip version 25.00 suffers from a symlink directory traversal vulnerability. This write up provides analysis with a proof of concept. ============================================================================================================================================= | Title : 7-Zip 25.0...

📄 Brocade Fabric OS Weak Crypto / Key Compromise

This analysis focuses on some older flaws with Brocade Fabric OS versions prior to 9.2.2 related to man-in-the-middle, weak cryptography, and hardcoded key compromise vulnerabilities...

📄 Microsoft Sharepoint Authentication Bypass

This is a proof of concept exploit for a Microsoft Sharepoint authentication bypass vulnerability discovered in 2023. ============================================================================================================================================= | Title : SharePoint Authentication...

📄 XWiki Platform 15.10.10 Remote Command Execution

XWiki Platform version 15.10.10 suffers from a critical unauthenticated remote command execution vulnerability through the SolrSearch endpoint. The issue is patched in versions 15.10.11, 16.4.1, and 16.5.0RC1...

📄 CAREL Boss / Boss Mini 1.4.0 Path Traversal

Proof of concept for an older vulnerability in 2023 where CAREL Boss and Boss Mini version 1.4.0 suffer from a path traversal vulnerability. ============================================================================================================================================= | Title : Boss...

📄 IGEL OS Privilege Escalation

This Metasploit module escalates privileges for IGEL OS Workspace Edition sessions by modifying network-manager.service using setupcmd SUID and network and then restarting the service. This module requires Metasploit: https://metasploit.com/download Current source:...

📄 Confluence 8.x Privilege Escalation

Metasploit module proof of concept exploit that demonstrates an authentication bypass vulnerability Confluence version 8.x. ============================================================================================================================================= | Title : Confluence 8.x...

📄 Apache Tomcat 11.0.3 Remote Session Injection

A vulnerability in Apache Tomcat version 11.0.3 allows attackers to upload a .session file containing a malicious Java serialized payload and then trigger it through a forged JSESSIONID cookie...

📄 Craft CMS 5.0 Authentication Session Path Exposure

Proof of concept exploit that demonstrates an authentication session path exposure vulnerability in Craft CMS version 5.0. ============================================================================================================================================= | Title : Craft CMS 5.0...

📄 Zimbra Collaboration Suite Postjournal 8.8.15 Remote Code Execution

Zimbra Collaboration Suite Postjournal version 8.8.15 unauthenticated proof of concept remote code execution exploit that leverages SMTP injection. ============================================================================================================================================= | Title...

📄 Fortinet FortiWeb Unauthenticated Remote Code Execution

This Metasploit module exploits an authentication bypass via a path traversal vulnerability in the Fortinet FortiWeb management interface to create a new local administrator user account. From there a command injection vulnerability is leveraged to achieve remote code execution with root...

📄 YesWiki Directory Traversal

YesWiki versions prior to 4.5.2 are vulnerable to an unauthenticated path traversal vulnerability through the squelette parameter. A remote attacker can leverage this flaw to read arbitrary files on the target system...

📄 vBulletin 6.0.3 replaceAdTemplate Expression Injection

Proof of concept exploit for vBulletin versions 5.0.0 through 6.0.3 for the replaceAdTemplate expression injection vulnerability. ============================================================================================================================================= | Title : vBulletin 5.0.0...

📄 Classroomio LMS 0.1.13 Insecure Direct Object Reference

Classroomio LMS version 0.1.13 suffers from multiple insecure direct object reference vulnerabilities. CVE-2025-65670 An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in...

📄 B2B Hospitality Travel CMS 1.11 Shell Upload

B2B Hospitality Travel CMS version 1.11 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : B2B Hospitality Travel CMS 1.11 Remote File Upload...

📄 Classroomio LMS 0.1.13 Cross Site Scripting

Classroomio LMS version 0.1.13 suffers from multiple persistent cross site scripting vulnerabilities via uploaded SVG files. CVE-2025-65676 Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images...

📄 WordPress Backup Migration 1.2.8 Remote Code Execution

WordPress Backup Migration plugin version 1.2.8 proof of concept code injection exploit for an older vulnerability from 2023. ============================================================================================================================================= | Title : WordPress Backup...

📄 CZS CMS 1.3.0 Cross Site Request Forgery

This proof of concept leverages a known cross site request forgery vulnerability in CZS CMS version 1.3.0 to add an administrator. ============================================================================================================================================= | Title : CZS CMS v 1.3....

📄 Citrix Bleed 2 PHP Mass Scanner

This is a high-speed mass-scanner written in PHP designed to test for data leakage through the CitrixBleed2 InitialValue extraction issue. The tool reproduces the functionality of the original Bash/Parallel scanner but works in restricted PHP environments...

📄 macOS 18.3.2 VM_BEHAVIOR_ZERO_WIRED_PAGES Handling

A vulnerability exists in the way macOS handles VMBEHAVIORZEROWIREDPAGES combined with mmap + mlock + vmdeallocate on a read-only mapped file. A local attacker may trigger abnormal kernel behavior depending on system conditions. This proof of concept is purely academic and demonstrates a controll...

📄 Flowise Custom MCP Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Flowise versions greater than or equal to 2.2.7-patch.1 and less than 3.0.1. The vulnerability exists in the customMCP endpoint /api/v1/node-load-method/customMCP located in...

📄 Flowise JS Injection Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Flowise versions greater than or equal to 2.2.7-patch.1 and less than 3.0.6. The vulnerability exists in the customMCP endpoint /api/v1/node-load-method/customMCP located in...

📄 Ruckus Unleashed 200.13.6.1.319 Cross Site Scripting

Ruckus Unleashed version 200.13.6.1.319 suffers from a cross site scripting vulnerability. CVE-2025-63735 – Reflected XSS in Ruckus Unleashed 200.13.6.1.319 Summary A reflected cross-site scripting XSS vulnerability exists in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the...

📄 eGovFramework 4.3.1 Arbitrary File Upload

eGovFramework version 4.3.1 proof of concept exploit that demonstrates an arbitrary file upload vulnerability. ============================================================================================================================================= | Title : eGovFramework 4.3.1 Unauthenticate...

📄 eGovFramework 4.3.1 File Upload / Unauthenticated Encryption Oracle

eGovFramework versions 4.3.1 and below suffer from unauthenticated file upload and encryption oracle vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 2 vulnerabilities in Egovframe Advisory URL: https://pierrekim.github.io/advisories/2025-egovframe.txt...

📄 AudioCodes Fax/IVR Appliance 2.6.23 File Upload / Code Execution / Privilege Escalation

AudioCodes Fax/IVR Appliance versions 2.6.23 and below suffer from multiple code execution and command injection vulnerabilities as well as privilege escalation, file upload, and file read vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 8 vulnerabiliti...

📄 Fortinet FortiWeb 8.0.0 Authentication Bypass

Analysis write up of the Fortinet FortiWeb version 8.0.0 authentication bypass vulnerability that can be leveraged for remote code execution. Titles: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446 Author: nu11secur1ty Date: 11/17/2025 Vendor: https://www.fortinet.com/ Software: v8.0.0...

📄 Snipe-IT 8.3.4 Cross Site Scripting

Snipe-IT version 8.3.4 suffers from a cross site scripting vulnerability. Product Info Snipe-IT is a free and open-source IT asset management system FOSS built on Laravel. It provides hardware asset tracking, software license management, accessories, and consumables inventory features for IT...

📄 Grocery Store Management System 1.0 SQL Injection

Grocery Store Management System version 1.0 appears to suffer from a remote SQL injection vulnerability in searchproducts.php. CVE-2025-63943 — SQL Injection in Grocery Store Management System 1.0 Overview A high-severity SQL Injection vulnerability was identified in the searchproducts.php...

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Authenticated Remote Command Injection

Ilevia EVE X1/X5 Server version 4.7.18.0.eden suffers from multiple authenticated OS command injection vulnerabilities. This can be exploited to inject and execute arbitrary shell commands through multiple scripts affecting multiple parameters. Ilevia EVE X1/X5 Server 4.7.18.0.eden Authenticated...

📄 Patients Waiting Area Queue Management System 1.0 SQL Injection

Patients Waiting Area Queue Management System version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: Patients Waiting Area Queue Management System v1.0 - SQL Injection Exploit Author: Deva Parekh pr0f Date: October 23, 2025 Vendor Homepage:...

📄 Logitech Streamlabs Desktop 1.19.6 CPU Exhaustion

Logitech Streamlabs Desktop version 1.19.6 has a vulnerability where importing a crafted .overlay file can cause uncontrolled CPU consumption, leading to a denial-of-service condition. The .overlay file is an archive containing a config.json configuration. By inserting an excessively large string...

📄 Windows Server Update Service Deserialization Remote Code Execution

This Metasploit module exploits a deserialization vulnerability in the legacy serialization mechanism in Windows Server Update Services WSUS. The vulnerability allows an unauthenticated attacker to create a specially crafted event, which triggers an unsafe deserialization upon server...

📄 LINQPad File Overwrite

This Metasploit module exploits a bug in LINQPad up to version 5.48.00. The bug is only exploitable in the paid version of software. The core of the bug is a cache file containing deserialized data, which an attacker can overwrite with a malicious payload. The data gets deserialized every time th...

📄 moew.government.bg Cross Site Scripting

moew.government.bg suffers from a cross site scripting vulnerability. It is unclear what vulnerable code base is being used or if it's custom, however, the researcher has not heard a response from the administrators for a year and they have not addressed the issue, putting their users at risk, so...

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm

Ilevia EVE X1/X5 Server version 4.7.18.0.eden stores user passwords in the database using the MD5 hashing algorithm, which is considered cryptographically insecure due to its vulnerability to collision and brute-force attacks. MD5 lacks modern protections such as salting and computational hardnes...

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation

Ilevia EVE X1/X5 Server version 4.7.18.0.eden has a misconfiguration in the sudoers file that permits passwordless execution of specific Bash shell scripts via sudo, exposing a critical privilege escalation vulnerability. When such scripts are writable by a web-facing user www-data or accessible...

📄 Centreon Broker Engine Reload Parameter Command Injection

Centreon is a platform designed to monitor your cloud and on-premises infrastructure. This Metasploit module exploits a command injection vulnerability using the broker engine reload setting on the poller configuration page of the Centreon web application. Injecting a malicious payload at the...

📄 ClipBucket 5.5.0 Shell Upload

ClipBucket versions 5.5.0 and below suffer from a remote shell upload vulnerability. Exploit Title: ClipBucket 5.5.0 - Arbitrary File Upload Google Dork: N/A Date: 2025-09-11 Exploit Author: Mukundsinh Solanki r00td3str0y3r Vendor Homepage: https://clipbucket.com Software Link:...

📄 Flowise 3.0.4 Remote Command Execution

Flowise versions prior to 3.0.5 suffer from a remote command execution vulnerability. Exploit Title: Flowise 3.0.4 - Remote Code Execution RCE Date: 10/11/2025 Exploit Author: nltt0 https://github.com/nltt-br Vendor Homepage: https://flowiseai.com/ Software Link:...

📄 dotCMS 25.07.02-1 SQL Injection

dotCMS version 25.07.02-1 suffers from an authenticated remote blind SQL injection vulnerability. !/usr/bin/env python3 Exploit Title: dotCMS 25.07.02-1 - Authenticated Blind SQL Injection Google Dork: N/A Date: 2025-09-09 Exploit Author: Matan Sandori OSCP, OSEP, OSWE Vendor...

📄 HTTP/2 2.0 Denial of Service

This is a testing script for the HTTP/2 Rapid Reset vulnerability as described in CVE-2023-44487. !/usr/bin/env python3 """ Exploit Title: HTTP/2 2.0 - Denial Of Service DOS Google Dork: -NA- Date: 29th August 2025 Exploit Author: Madhusudhan Rajappa Vendor Homepage: -NA- Software Link: -NA-...

📄 Casdoor 2.95.0 Cross Site Request Forgery

Casdoor version 2.55.0 suffers from a cross site request forgery vulnerability. Exploit Title: Casdoor 2.95.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: v2.95.0 2025-10-22 Date: 2025-10-23 Exploit Author: Van Lam Nguyen Vendor Homepage: https://casdoor.org/ Software Link:...

📄 HTMLDOC 1.9.13 Stack Buffer Overflow

HTMLDOC versions 1.9.13 and below proof of concept exploit that demonstrates a stack buffer overflow vulnerability. !/usr/bin/env python3 Exploit Title: HTMLDOC 1.9.13 - Stack Buffer Overflow Google Dork: N/A Date: 2025-08-26 Exploit Author: wulfgarpro Vendor Homepage:...

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Default Credentials

Ilevia EVE X1/X5 Server version 4.7.18.0.eden uses a weak set of default administrative credentials that can be found and used to gain full control of the system. Ilevia EVE X1/X5 Server 4.7.18.0.eden Default Credentials Vendor: Ilevia Srl. Product web page: https://www.ilevia.com Affected versio...

📄 Casdoor 2.55.0 Cross Site Request Forgery

Casdoor version 2.55.0 suffers from a cross site request forgery vulnerability. Exploit Title: Casdoor 2.55.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: 2.55.0 Date: 09/10/2025 Exploit Author: Van Lam Nguyen Facebook: vanlam1412 Vendor Homepage: https://casdoor.org/ Software...

📄 Hop.bg Cross Site Scripting

Hop.bg appears to suffer from a cross site scripting vulnerability. It is unclear what vulnerable code base is being used or if it's custom, however, the researcher has not heard a response from the vendor and they have not addressed the issue, putting their users at risk, so this is being...