50738 matches found
📄 CodeIgniter CMS 4.2.0 SQL Injection
Proof of concept exploit for the CodeIgniter CMS version 4.2.0 remote SQL injection vulnerability. ============================================================================================================================================= | Title : CodeIgniter CMS 4.2.0 SQL Injection Exploit | ...
📄 FortiWeb 8.0.1 Authentication Bypass
A critical authentication bypass vulnerability exists in FortiWeb web application firewalls that allows unauthenticated attackers to create administrative users via path traversal in the API endpoint. Version 8.0.1 is affected...
📄 Monsta FTP DownloadFile Remote Code Execution
This Metasploit module exploits a pre-authenticated remote code execution vulnerability in Monsta FTP versions prior to 2.11.3. The vulnerability exists in the downloadFile action which allows an attacker to connect to a malicious FTP or SFTP server and download arbitrary files to arbitrary...
📄 Microsoft Windows 10 21H2 / 22H2 Kernel Race Condition / Privilege Escalation
Proof of concept exploit for a kernel race condition in Microsoft Windows 10 versions 21H2 and 22H2. Combined with a double-free memory corrupt issue, it allows for privilege escalation...
📄 Flowise 3.0.4 Code Injection
Flowise versions 3.0.4 and below suffer from a remote command injection vulnerability. ============================================================================================================================================= | Title : Flowise 3.0.4 php code injection | | Author : indoushka | ...
📄 Laravel 11 Cross Site Scripting Scanner
This is a script to scan Laravel version 11 instances to identify known cross site scripting vulnerabilities. ============================================================================================================================================= | Title : Laravel v11 XSS Vulnerability Scann...
📄 Cisco ISE API 3.0 Command Injection
Proof of concept exploit for a command injection vulnerability in Cisco ISE API version 3.0. ============================================================================================================================================= | Title : Cisco ISE API 3.0 command injection Exploits | |...
📄 Check Point Security Gateway R80.30 Arbitrary File Read
Proof of concept exploit for an unauthenticated arbitrary file read vulnerability in Check Point Security Gateway version R80.30. ============================================================================================================================================= | Title : Check Point...
📄 sudo 1.9.17 Local Privilege Escalation
sudo version 1.9.17 local privilege escalation proof of concept exploit that leverages NSS module loading. ============================================================================================================================================= | Title : sudo 1.9.17 local Privilege Escalation...
📄 HP Intelligent Management 5.1 E0201 Account Creation
Proof of concept for an old bypass vulnerability in HP Intelligent Management version 5.1 E0201 that allows for account creation. ============================================================================================================================================= | Title : HP Intelligent...
📄 Notepad++ 8.8.7 DLL Hijacking
Notepad++ version 8.8.7 DLL hijacking proof of concept exploit. ============================================================================================================================================= | Title : Notepad++ 8.8.7 Unsafe Plugin Persistence AutoLoad | | Author : indoushka | |...
📄 YesWiki Directory Traversal
YesWiki versions prior to 4.5.2 are vulnerable to an unauthenticated path traversal vulnerability through the squelette parameter. A remote attacker can leverage this flaw to read arbitrary files on the target system...
📄 Apache Tomcat 11.0.3 Remote Session Injection
A vulnerability in Apache Tomcat version 11.0.3 allows attackers to upload a .session file containing a malicious Java serialized payload and then trigger it through a forged JSESSIONID cookie...
📄 Fortinet FortiWeb Unauthenticated Remote Code Execution
This Metasploit module exploits an authentication bypass via a path traversal vulnerability in the Fortinet FortiWeb management interface to create a new local administrator user account. From there a command injection vulnerability is leveraged to achieve remote code execution with root...
📄 Brocade Fabric OS Weak Crypto / Key Compromise
This analysis focuses on some older flaws with Brocade Fabric OS versions prior to 9.2.2 related to man-in-the-middle, weak cryptography, and hardcoded key compromise vulnerabilities...
📄 Zimbra Collaboration Suite Postjournal 8.8.15 Remote Code Execution
Zimbra Collaboration Suite Postjournal version 8.8.15 unauthenticated proof of concept remote code execution exploit that leverages SMTP injection. ============================================================================================================================================= | Title...
📄 XWiki Platform 15.10.10 Remote Command Execution
XWiki Platform version 15.10.10 suffers from a critical unauthenticated remote command execution vulnerability through the SolrSearch endpoint. The issue is patched in versions 15.10.11, 16.4.1, and 16.5.0RC1...
📄 7-Zip 25.00 Zip Slip Directory Traversal
7-Zip version 25.00 suffers from a symlink directory traversal vulnerability. This write up provides analysis with a proof of concept. ============================================================================================================================================= | Title : 7-Zip 25.0...
📄 Microsoft Sharepoint Authentication Bypass
This is a proof of concept exploit for a Microsoft Sharepoint authentication bypass vulnerability discovered in 2023. ============================================================================================================================================= | Title : SharePoint Authentication...
📄 IGEL OS Privilege Escalation
This Metasploit module escalates privileges for IGEL OS Workspace Edition sessions by modifying network-manager.service using setupcmd SUID and network and then restarting the service. This module requires Metasploit: https://metasploit.com/download Current source:...
📄 Confluence 8.x Privilege Escalation
Metasploit module proof of concept exploit that demonstrates an authentication bypass vulnerability Confluence version 8.x. ============================================================================================================================================= | Title : Confluence 8.x...
📄 Craft CMS 5.0 Authentication Session Path Exposure
Proof of concept exploit that demonstrates an authentication session path exposure vulnerability in Craft CMS version 5.0. ============================================================================================================================================= | Title : Craft CMS 5.0...
📄 vBulletin 6.0.3 replaceAdTemplate Expression Injection
Proof of concept exploit for vBulletin versions 5.0.0 through 6.0.3 for the replaceAdTemplate expression injection vulnerability. ============================================================================================================================================= | Title : vBulletin 5.0.0...
📄 CAREL Boss / Boss Mini 1.4.0 Path Traversal
Proof of concept for an older vulnerability in 2023 where CAREL Boss and Boss Mini version 1.4.0 suffer from a path traversal vulnerability. ============================================================================================================================================= | Title : Boss...
📄 WordPress Backup Migration 1.2.8 Remote Code Execution
WordPress Backup Migration plugin version 1.2.8 proof of concept code injection exploit for an older vulnerability from 2023. ============================================================================================================================================= | Title : WordPress Backup...
📄 Classroomio LMS 0.1.13 Insecure Direct Object Reference
Classroomio LMS version 0.1.13 suffers from multiple insecure direct object reference vulnerabilities. CVE-2025-65670 An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in...
📄 B2B Hospitality Travel CMS 1.11 Shell Upload
B2B Hospitality Travel CMS version 1.11 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : B2B Hospitality Travel CMS 1.11 Remote File Upload...
📄 CZS CMS 1.3.0 Cross Site Request Forgery
This proof of concept leverages a known cross site request forgery vulnerability in CZS CMS version 1.3.0 to add an administrator. ============================================================================================================================================= | Title : CZS CMS v 1.3....
📄 Citrix Bleed 2 PHP Mass Scanner
This is a high-speed mass-scanner written in PHP designed to test for data leakage through the CitrixBleed2 InitialValue extraction issue. The tool reproduces the functionality of the original Bash/Parallel scanner but works in restricted PHP environments...
📄 Classroomio LMS 0.1.13 Cross Site Scripting
Classroomio LMS version 0.1.13 suffers from multiple persistent cross site scripting vulnerabilities via uploaded SVG files. CVE-2025-65676 Stored Cross site scripting XSS vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images...
📄 macOS 18.3.2 VM_BEHAVIOR_ZERO_WIRED_PAGES Handling
A vulnerability exists in the way macOS handles VMBEHAVIORZEROWIREDPAGES combined with mmap + mlock + vmdeallocate on a read-only mapped file. A local attacker may trigger abnormal kernel behavior depending on system conditions. This proof of concept is purely academic and demonstrates a controll...
📄 Flowise Custom MCP Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Flowise versions greater than or equal to 2.2.7-patch.1 and less than 3.0.1. The vulnerability exists in the customMCP endpoint /api/v1/node-load-method/customMCP located in...
📄 Flowise JS Injection Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Flowise versions greater than or equal to 2.2.7-patch.1 and less than 3.0.6. The vulnerability exists in the customMCP endpoint /api/v1/node-load-method/customMCP located in...
📄 Ruckus Unleashed 200.13.6.1.319 Cross Site Scripting
Ruckus Unleashed version 200.13.6.1.319 suffers from a cross site scripting vulnerability. CVE-2025-63735 – Reflected XSS in Ruckus Unleashed 200.13.6.1.319 Summary A reflected cross-site scripting XSS vulnerability exists in Ruckus Unleashed 200.13.6.1.319 via the name parameter to the...
📄 eGovFramework 4.3.1 Arbitrary File Upload
eGovFramework version 4.3.1 proof of concept exploit that demonstrates an arbitrary file upload vulnerability. ============================================================================================================================================= | Title : eGovFramework 4.3.1 Unauthenticate...
📄 eGovFramework 4.3.1 File Upload / Unauthenticated Encryption Oracle
eGovFramework versions 4.3.1 and below suffer from unauthenticated file upload and encryption oracle vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 2 vulnerabilities in Egovframe Advisory URL: https://pierrekim.github.io/advisories/2025-egovframe.txt...
📄 AudioCodes Fax/IVR Appliance 2.6.23 File Upload / Code Execution / Privilege Escalation
AudioCodes Fax/IVR Appliance versions 2.6.23 and below suffer from multiple code execution and command injection vulnerabilities as well as privilege escalation, file upload, and file read vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory Information Title: 8 vulnerabiliti...
📄 Fortinet FortiWeb 8.0.0 Authentication Bypass
Analysis write up of the Fortinet FortiWeb version 8.0.0 authentication bypass vulnerability that can be leveraged for remote code execution. Titles: Fortinet FortiWeb Auth-8.0.0 Bypass CVE-2025-64446 Author: nu11secur1ty Date: 11/17/2025 Vendor: https://www.fortinet.com/ Software: v8.0.0...
📄 Snipe-IT 8.3.4 Cross Site Scripting
Snipe-IT version 8.3.4 suffers from a cross site scripting vulnerability. Product Info Snipe-IT is a free and open-source IT asset management system FOSS built on Laravel. It provides hardware asset tracking, software license management, accessories, and consumables inventory features for IT...
📄 Grocery Store Management System 1.0 SQL Injection
Grocery Store Management System version 1.0 appears to suffer from a remote SQL injection vulnerability in searchproducts.php. CVE-2025-63943 — SQL Injection in Grocery Store Management System 1.0 Overview A high-severity SQL Injection vulnerability was identified in the searchproducts.php...
📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Authenticated Remote Command Injection
Ilevia EVE X1/X5 Server version 4.7.18.0.eden suffers from multiple authenticated OS command injection vulnerabilities. This can be exploited to inject and execute arbitrary shell commands through multiple scripts affecting multiple parameters. Ilevia EVE X1/X5 Server 4.7.18.0.eden Authenticated...
📄 Logitech Streamlabs Desktop 1.19.6 CPU Exhaustion
Logitech Streamlabs Desktop version 1.19.6 has a vulnerability where importing a crafted .overlay file can cause uncontrolled CPU consumption, leading to a denial-of-service condition. The .overlay file is an archive containing a config.json configuration. By inserting an excessively large string...
📄 Patients Waiting Area Queue Management System 1.0 SQL Injection
Patients Waiting Area Queue Management System version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: Patients Waiting Area Queue Management System v1.0 - SQL Injection Exploit Author: Deva Parekh pr0f Date: October 23, 2025 Vendor Homepage:...
📄 Windows Server Update Service Deserialization Remote Code Execution
This Metasploit module exploits a deserialization vulnerability in the legacy serialization mechanism in Windows Server Update Services WSUS. The vulnerability allows an unauthenticated attacker to create a specially crafted event, which triggers an unsafe deserialization upon server...
📄 LINQPad File Overwrite
This Metasploit module exploits a bug in LINQPad up to version 5.48.00. The bug is only exploitable in the paid version of software. The core of the bug is a cache file containing deserialized data, which an attacker can overwrite with a malicious payload. The data gets deserialized every time th...
📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation
Ilevia EVE X1/X5 Server version 4.7.18.0.eden has a misconfiguration in the sudoers file that permits passwordless execution of specific Bash shell scripts via sudo, exposing a critical privilege escalation vulnerability. When such scripts are writable by a web-facing user www-data or accessible...
📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Insecure Hashing Algorithm
Ilevia EVE X1/X5 Server version 4.7.18.0.eden stores user passwords in the database using the MD5 hashing algorithm, which is considered cryptographically insecure due to its vulnerability to collision and brute-force attacks. MD5 lacks modern protections such as salting and computational hardnes...
📄 moew.government.bg Cross Site Scripting
moew.government.bg suffers from a cross site scripting vulnerability. It is unclear what vulnerable code base is being used or if it's custom, however, the researcher has not heard a response from the administrators for a year and they have not addressed the issue, putting their users at risk, so...
📄 Centreon Broker Engine Reload Parameter Command Injection
Centreon is a platform designed to monitor your cloud and on-premises infrastructure. This Metasploit module exploits a command injection vulnerability using the broker engine reload setting on the poller configuration page of the Centreon web application. Injecting a malicious payload at the...
📄 WatchGuard Firebox Default Credentials / SSH Access
The default configuration of WatchGuard Firebox devices through 2025-09-10 allows administrative access via SSH on port 4118 using the default credentials. This configuration exposes the device to remote attackers who can gain full administrative access without prior authentication. CVE-2025-5939...