📄 FullControl: Remote for Mac 4.0.5 Remote Code Execution

FullControl: Remote for Mac version 4.0.5 for macOS is vulnerable to unauthenticated remote code execution via TCP port 2846. An attacker on the same network can inject simulated keyboard input, allowing arbitrary command execution without user interaction or authentication. Exploit Title:...

📄 Remote Mouse 3.303 Unauthenticated Remote System Control

Remote Mouse version 3.303 for macOS is vulnerable to unauthenticated remote power control due to weak access restrictions on UDP port 1978. An attacker on the same local network can send crafted packets to remotely shut down, restart, or log off the target system without requiring authentication...

📄 Malicious Windows Registration Entries (.reg) File

This Metasploit module creates a Windows Registration Entries .reg file which adds the specified payload to the Windows Registry. The payload runs upon Windows login for the current user. If the user has elevated privileges when opening the file, the payload will run upon login when any user logs...

📄 SharePoint Remote Code Execution

This payload is an HTTP request example of the SharePoint remote code execution vulnerability being exploited in the wild. POST /layouts/15/ToolPane.aspx?DisplayMode=Edit&a=/ToolPane.aspx HTTP/1.1 Host: x.x.x.x User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:120.0 Gecko/20100101...

📄 Computer Mouse: Remote Control 1.1.6 Remote Code Execution

Computer Mouse: Remote Control version 1.1.6 for macOS is vulnerable to unauthenticated remote code execution via TCP port 9999. An attacker on the same network can inject simulated keyboard input, allowing arbitrary command execution without user interaction or authentication. Exploit Title:...

📄 Invision Community 4.7.20 SQL Injection

Invision Community versions 4.7.20 and below have a vulnerability located within the /applications/calendar/modules/front/calendar/view.php script. Specifically, in the IPS\calendar\modules\front\calendar\view::search method: user input passed through the location request parameter is not properl...

📄 Invision Community 5.0.7 Cross Site Scripting

Invision Community versions 5.0.7 and below have an issue where user input passed through the state POST parameter to the /oauth/callback/index.php script is not properly sanitized before being used to generate HTML output. This can be exploited by attackers to perform reflected cross site...

📄 Discourse 3.1.1 Unauthenticated Chat Message Access

Proof of concept exploit for Discourse version 3.1.1 that provides unauthenticated chat message access. !/usr/bin/env ruby Title : Discourse 3.1.1 - Unauthenticated Chat Message Access CVE-2023-45131 CVSS: 7.5 High Affected: Discourse 3.1.1 stable, 3.2.0.beta2 Author ibrahimsql @...

📄 Joomla JS Jobs 1.4.2 SQL Injection

Joomla JS Jobs plugin version 1.4.2 suffers from a remote SQL injection vulnerability. Exploit Title: Joomla JS Jobs plugin 1.4.2 - SQL injection Google Dork: n/a Date: 07/07/2025 Exploit Author: Adam Wallwork Vendor Homepage: https://joomsky.com/ Demo: https://demo.joomsky.com/js-jobs/jm/free/...

📄 Tenda FH451 1.0.0.9 Buffer Overflow

Tenda FH451 routers version 1.0.0.9 suffer from a stack-based buffer overflow vulnerability. / Title : Tenda FH451 1.0.0.9 Router - Stack-based Buffer Overflow Author : Byte Reaper Telegram : @ByteReaper0 CVE : CVE-2025-7795 Vulnerability : Buffer Overflow Description : A buffer overflow...

📄 Microsoft Edge Cross Site Scripting Filter Bypass

Microsoft Edge cross site scripting filter bypass proof of concept exploit. Titles: Microsoft Edge XSS Filter Bypass PoC Author: nu11secur1ty Date: 2025-07-18 Vendor: Microsoft Software: Microsoft Edge Browser Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6176 Description Thi...

📄 WordPress Simple File List 4.2.2 Shell Upload

WordPress Simple File List plugin versions 4.2.2 and below proof of concept remote shell upload exploit. Exploit Title: Simple File List WordPress Plugin 4.2.2 - File Upload to RCE Google Dork: inurl:/wp-content/plugins/simple-file-list/ Date: 2025-07-15 Exploit Author: Md Amanat Ullah xSwads...

📄 Xorcom CompletePBX Authenticated Command Injection Via Task Scheduler

This Metasploit module exploits an authenticated command injection vulnerability in Xorcom CompletePBX versions less than or equal to 5.2.35. The issue resides in the task scheduler functionality, where user-controlled input is improperly sanitized, allowing arbitrary command execution with web...

📄 WordPress Pie Register 3.7.1.4 Shell Upload

WordPress Pie Register plugin versions 3.7.1.4 and below suffer from a bypass vulnerability that enables an attacker to upload a shell. Exploit Title: Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE Google Dork: inurl:/wp-content/plugins/pie-register/ Date: 2025-07-09 Exploit...

📄 Wifi Mouse 1.9.0.8 Unauthenticated Remote System Control

Wifi Mouse version 1.9.0.8 exposes a TCP control interface on port 1978 that allows remote execution of power commands shutdown, restart, sleep, logoff via unauthenticated commands. An attacker on the same network can exploit this to disrupt the system remotely without user interaction. Exploit...

📄 LiveHelperChat 4.6.1 Cross Site Scripting

LiveHelperChat versions 4.61 and below suffer from multiple persistent cross site scripting vulnerabilities. Exploit Title: LiveHelperChat Live Help Configuration Telegram Bot. 3. In the Bot Username field, enter the following payload: " 4. Save the settings. 5. Revisit the Telegram configuration...

📄 Mouse Agent Server 3.1 Remote Code Execution

Mouse Agent Server version 3.1 is vulnerable to unauthenticated remote code execution by simulating mouse/keyboard inputs to force the target to execute a PowerShell reverse shell. It works against default configurations by sending GUI automation commands through port 8088. Exploit Title: Mouse...

📄 Mouse Agent Server 3.1 Unauthenticated Remote System Control

Mouse Agent Server version 3.1 exposes a TCP control interface on port 8088 that allows remote execution of power commands shutdown, restart, sleep, logoff via unauthenticated commands. An attacker on the same network can exploit this to disrupt the system remotely without user interaction. Explo...

📄 Remote Mouse 3.303 Remote Code Execution

Remote Mouse version 3.303 macOS contains an unauthenticated remote code execution vulnerability. By sending crafted TCP packets that simulate keyboard input, an attacker can remotely open a terminal and execute arbitrary commands, enabling full system compromise. Exploit Title: Remote Mouse 3.30...

📄 Wifi Mouse 1.9.0.8 Remote Code Execution

WiFi Mouse Server version 1.9.0.8 allows unauthenticated remote code execution by simulating keyboard input over TCP port 1978. This exploit connects to the server and simulates a keystroke to delivery a reverse shell. Exploit Title: Wifi Mouse version 1.9.0.8 - Remote Code Execution Date:...

📄 BarbarBaba 1.0 SQL Injection

BarbarBaba version 1.0 suffers from a remote SQL injection vulnerability. Titles: BarbarBaba-1.0 Copyright©2025-Multiple-SQLi Author: nu11secur1ty Date: 07/21/2025 Vendor: https://www.mayurik.com/ Software:...

📄 Intelbras RX 1500 2.2.9 / RX 3000 1.0.11 IDOR / XSS

Intelbras routers RX 1500 version 2.2.9 and RX 3000 version 1.0.11 suffer from multiple cross site scripting and insecure direct object reference vulnerabilities. =====Tempest Security Intelligence========================================== Multiple vulnerabilities in the web management interface ...

📄 PandoraFMS Netflow Authenticated Remote Code Execution

This Metasploit module exploits a command injection vulnerability in Netflow component of PandoraFMS. The module requires a set of user credentials to modify Netflow settings. Also, Netflow binaries have to be present on the system. This module requires Metasploit: https://metasploit.com/download...

📄 White Star Software Protop 4.4.2-2024-11-27 Local File Inclusion

A local file inclusion vulnerability exists in White Star Software Protop version 4.4.2. An unauthenticated remote attacker can retrieve arbitrary files via URL-encoded traversal sequences in the /pt3upd/ endpoint. Exploit Title: White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion...

📄 WordPress WP Publications 1.2 Cross Site Scripting

WordPress WP Publication plugin version 1.2 suffers from a persistent cross site scripting vulnerability. Exploit Title: WP Publications WordPress Plugin 1.2 - Stored XSS Google Dork: inurl:/wp-content/plugins/wp-publications/ Date: 2025-07-15 Exploit Author: Zeynalxan Quliyev Vendor Homepage:...

📄 Langflow 1.2.x Remote Code Execution

Langflow exposes a vulnerable endpoint /api/v1/validate/code that improperly evaluates arbitrary Python code via the exec function. An unauthenticated remote attacker can execute arbitrary system commands. Versions 1.2.x and below are affected. !/usr/bin/env python3 Exploit Title: Langflow 1.2.x ...

📄 Keras 2.15 Remote Code Execution

This exploit abuses insecure deserialization in Keras model loading. By embedding a malicious "function" object inside a .keras file or config.json, an attacker can execute arbitrary system commands as soon as the model is loaded using keras.models.loadmodel or modelfromjson. This proof of concep...

📄 PivotX 3.0.0 RC3 Remote Code Execution / Cross Site Scripting

PivotX version 3.0.0 RC3 suffers from a persistent cross site scripting vulnerability that can assist an attacker in achieving remote code execution once privileges are escalated. Exploit Title: PivotX v3.0.0 RC3 - Stored XSS to Remote Code Execution RCE Date: July 2025 Exploit Author: HayToN...

📄 Beakon Cross Site Scripting / Open Redirection

Beakon versions prior to 5.4.3 suffer from cross site scripting and open redirection vulnerabilities. I am submitting a news article for publishing my recent Zero day vulnerability. I have already contacted MITRE and have CVE-2025-46102 reserved now. Please find below details: Title: Unsensitized...

📄 MikroTik RouterOS 7.19.1 Cross Site Scripting

MikroTik RouterOS versions 7.19.1 and below suffer from a cross site scripting vulnerability. Exploit Title: MikroTik RouterOS 7.19.1 - Reflected XSS Google Dork: inurl:/login?dst= Date: 2025-07-15 Exploit Author: Prak Sokchea Vendor Homepage: https://mikrotik.com Software Link:...

📄 Remote Mouse 4.601 Unauthenticated Remote System Control

Remote Mouse version 4.601 for Windows is vulnerable to unauthenticated remote power control due to improper access controls on UDP port 1978. An attacker on the same network can send specially crafted packets to force shutdown, restart, or log off the target system without authentication. Exploi...

📄 Remote Mouse 4.601 Privilege Escalation

Remote Mouse version 4.601 for Windows listens on UDP port 1978 and allows privilege escalation. An attacker on the same network can spawn a SYSTEM-level powershell.exe, resulting in full privilege escalation without authentication or user interaction. Exploit Title: Remote Mouse 4.601 - Local...

📄 Remote Mouse 4.601 Remote Command Execution

This exploit targets Remote Mouse version 4.6.0.1 by injecting malicious UDP packets that simulate keyboard input to execute arbitrary PowerShell commands. The vulnerability exists in the way Remote Mouse processes unauthenticated UDP commands on port 1978 by sending specially crafted packets...

📄 SugarCRM 14.0.0 Code Injection / SSRF / File Read

SugarCRM versions 14.0.0 and below suffer from a LESS code injection vulnerability. User input passed through GET parameters to the /css/preview REST API endpoint is not properly sanitized before parsing it as LESS code. This can be exploited by remote, unauthenticated attackers to inject and...

📄 WordPress File Provider 1.2.3 SQL Injection

WordPress File Provider plugin versions 1.2.3 and below suffer from an unauthenticated remote SQL injection vulnerability. CVE-2025-4578 File Provider = 1.2.3 - Unauthenticated SQL Injection Description The File Provider plugin for WordPress is vulnerable to SQL Injection via the 'fileId' paramet...

📄 SAP NetWeaver S/4HANA ABAP Code Execution

During nullFaktor security research into internal SAP code in SAP S/4HANA, they identified that the function module WRITEANDCALLDBPROG in function group SDB2 exposes dangerous functionality that allows users to execute arbitrary Native SQL. nullFaktor Security Advisory...

📄 The Language Sloth Web Application 1.0 Cross Site Scripting

The Language Sloth Web Application version 1.0 suffers from a cross site scripting vulnerability. CVE-2025-45778 CVE-2025-45778: Authenticated Stored XSS. An authenticated stored cross-site scripting XSS vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrar...

📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Server-Side Request Forgery

Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below insecurely forward HTTP requests based on user-controlled values, enabling an unauthenticated user to coerce the web application into sending data to arbitrary locations, such as the SMTP service listening on localhost...

📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Root Password Discovery

Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below use logic contained within a JAR file and the MAC address to compute a "random" password for the root account. With access to the JAR file and knowledge of the MAC address, it is possible to determine the root password...

📄 WordPress Events Manager 7.0.3 SQL Injection

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Privilege Escalation

Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below contain a Charon executable that can be used by a low-privileged attacker to obtain root privileges. The Charon executable and configuration appears to be a local method for adding and removing services that run within th...

📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Remote Command Execution

Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below have a configuration modification issue where sufficient input sanitization is not performed on the value provided for the hostname of the appliance. The hostname variable can include a command terminator and subsequent...

📄 libxslt xmlFreeID Use-After-Free

libxslt suffers from a heap use-after-free vulnerability in xmlFreeID caused by atype corruption. Vulnerability details In xsltutils.c: int xsltSetSourceNodeFlagsxsltTransformContextPtr ctxt, xmlNodePtr node, int flags if node-doc == ctxt-initialContextDoc ctxt-sourceDocDirty = 1; switch node-typ...

📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Remote Code Execution

Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below lacks authorization controls and allows anyone to masquerade as a NetBotz camera. A path traversal vulnerability enables an attacker to create a malicious folder name capable of injecting arguments into specific shell...

📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 XML Injection

Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below has a DataExchange route that allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhel...

📄 TouchServer 2.0.0 Remote Code Execution

TouchServer version 2.0.0 has a vulnerability that allows remote attackers to execute arbitrary commands by sending specially crafted UDP packets. This exploit delivers a PowerShell reverse shell by emulating keyboard input to trigger its download and execution. Exploit Title: TouchServer 2.0.0 -...

📄 Sudo chroot 1.9.17 Privilege Escalation

Sudo versions 1.9.14 through 1.9.17 suffer from a local privilege escalation vulnerability in the chroot functionality. Exploit Title: Sudo chroot 1.9.17 - Local Privilege Escalation Google Dork: not aplicable Date: Mon, 30 Jun 2025 Exploit Author: Stratascale Vendor...

📄 Discourse 3.2.x Anonymous Cache Poisoning

Discourse versions 3.1.x and 3.2.x suffer from an anonymous cache poisoning vulnerability. !/usr/bin/env python3 """ Exploit Title: Discourse 3.2.x - Anonymous Cache Poisoning Date: 2024-10-15 Exploit Author: ibrahimsql Github: : https://github.com/ibrahmsql Vendor Homepage: https://discourse.org...

📄 Microsoft Defender for Endpoint Privilege Escalation

Proof of concept exploit that demonstrates a privilege escalation vulnerability in Microsoft Defender for Endpoint MDE. !/bin/bash Exploit Title: Microsoft Defender for Endpoint MDE - Elevation of Privilege Date: 2025-05-27 Exploit Author: Rich Mirch Vendor Homepage:...

📄 Sudo 1.9.17 Privilege Escalation

Sudo versions 1.9.17 and below suffers from a local privilege escalation vulnerability via the Host option. Exploit Title: Sudo 1.9.17 Host Option - Elevation of Privilege Date: 2025-06-30 Exploit Author: Rich Mirch Vendor Homepage: https://www.sudo.ws Software Link:...