50738 matches found
📄 Xorux LPAR2RRD 8.04 Information Disclosure
Xorux LPAR2RRD versions 8.04 and below have an API endpoint that should be limited to web application administrators. It is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive...
📄 Xorux LPAR2RRD 8.04 File Upload / Directory Traversal
Xorux LPAR2RRD versions 8.04 and below allow an authenticated, read-only user to upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code...
📄 Xorux XorMon-NG 1.8 Privilege Escalation
Xorux XorMon-NG versions 1.8 and below has an API endpoint that should be limited to web application administrators. It is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control t...
📄 FullControl: Remote for Mac 4.0.5 Unauthenticated Screen Capture
FullControl: Remote for Mac version 4.0.5 is vulnerable to an unauthenticated remote screenshot capture and live screen streaming due to a lack of authentication on TCP port 2846. This exploit allows attackers to silently capture screenshots or continuously stream the victim's screen in real-time...
📄 Malicious Windows Script Host VBScript File
This Metasploit module creates a Windows Script Host WSH VBScript .vbs file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Windows Script Host VBScript .vbs File', 'Description' = %...
📄 Xlight FTP 1.1 Denial of Service
Xlight FTP version 1.1 suffers from a denial of service vulnerability. Exploit Title: Xlight FTP 1.1 - Denial Of Service DOS Google Dork: N/A Date: 22 July 2025 Exploit Author: Fernando Mengali LinkedIn: https://www.linkedin.com/in/fernando-mengali/ Vendor Homepage: https://www.xlightftpd.com...
📄 Malicious Windows Script Host JScript File
This Metasploit module creates a Windows Script Host WSH JScript .js file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Malicious Windows Script Host JScript .js File', 'Description' = %q Th...
📄 Remote Trackpad: Virtual Tool 1.5.7 Remote Code Execution
Remote Trackpad: Virtual Tool version 1.5.7 is vulnerable to unauthenticated remote code execution via TCP port 9999. An attacker on the same network can inject simulated keyboard input, allowing arbitrary command execution without user interaction or authentication. Exploit Title: Remote Trackpa...
📄 FullControl: Remote for Mac 4.0.5 Remote Code Execution
FullControl: Remote for Mac version 4.0.5 for macOS is vulnerable to unauthenticated remote code execution via TCP port 2846. An attacker on the same network can inject simulated keyboard input, allowing arbitrary command execution without user interaction or authentication. Exploit Title:...
📄 SharePoint Remote Code Execution
This payload is an HTTP request example of the SharePoint remote code execution vulnerability being exploited in the wild. POST /layouts/15/ToolPane.aspx?DisplayMode=Edit&a=/ToolPane.aspx HTTP/1.1 Host: x.x.x.x User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:120.0 Gecko/20100101...
📄 Malicious Windows Registration Entries (.reg) File
This Metasploit module creates a Windows Registration Entries .reg file which adds the specified payload to the Windows Registry. The payload runs upon Windows login for the current user. If the user has elevated privileges when opening the file, the payload will run upon login when any user logs...
📄 Computer Mouse: Remote Control 1.1.6 Remote Code Execution
Computer Mouse: Remote Control version 1.1.6 for macOS is vulnerable to unauthenticated remote code execution via TCP port 9999. An attacker on the same network can inject simulated keyboard input, allowing arbitrary command execution without user interaction or authentication. Exploit Title:...
📄 Remote Mouse 3.303 Unauthenticated Remote System Control
Remote Mouse version 3.303 for macOS is vulnerable to unauthenticated remote power control due to weak access restrictions on UDP port 1978. An attacker on the same local network can send crafted packets to remotely shut down, restart, or log off the target system without requiring authentication...
📄 Invision Community 5.0.7 Cross Site Scripting
Invision Community versions 5.0.7 and below have an issue where user input passed through the state POST parameter to the /oauth/callback/index.php script is not properly sanitized before being used to generate HTML output. This can be exploited by attackers to perform reflected cross site...
📄 Invision Community 4.7.20 SQL Injection
Invision Community versions 4.7.20 and below have a vulnerability located within the /applications/calendar/modules/front/calendar/view.php script. Specifically, in the IPS\calendar\modules\front\calendar\view::search method: user input passed through the location request parameter is not properl...
📄 WordPress Pie Register 3.7.1.4 Shell Upload
WordPress Pie Register plugin versions 3.7.1.4 and below suffer from a bypass vulnerability that enables an attacker to upload a shell. Exploit Title: Pie Register WordPress Plugin 3.7.1.4 - Authentication Bypass to RCE Google Dork: inurl:/wp-content/plugins/pie-register/ Date: 2025-07-09 Exploit...
📄 WordPress Simple File List 4.2.2 Shell Upload
WordPress Simple File List plugin versions 4.2.2 and below proof of concept remote shell upload exploit. Exploit Title: Simple File List WordPress Plugin 4.2.2 - File Upload to RCE Google Dork: inurl:/wp-content/plugins/simple-file-list/ Date: 2025-07-15 Exploit Author: Md Amanat Ullah xSwads...
📄 Xorcom CompletePBX Authenticated Command Injection Via Task Scheduler
This Metasploit module exploits an authenticated command injection vulnerability in Xorcom CompletePBX versions less than or equal to 5.2.35. The issue resides in the task scheduler functionality, where user-controlled input is improperly sanitized, allowing arbitrary command execution with web...
📄 Joomla JS Jobs 1.4.2 SQL Injection
Joomla JS Jobs plugin version 1.4.2 suffers from a remote SQL injection vulnerability. Exploit Title: Joomla JS Jobs plugin 1.4.2 - SQL injection Google Dork: n/a Date: 07/07/2025 Exploit Author: Adam Wallwork Vendor Homepage: https://joomsky.com/ Demo: https://demo.joomsky.com/js-jobs/jm/free/...
📄 Tenda FH451 1.0.0.9 Buffer Overflow
Tenda FH451 routers version 1.0.0.9 suffer from a stack-based buffer overflow vulnerability. / Title : Tenda FH451 1.0.0.9 Router - Stack-based Buffer Overflow Author : Byte Reaper Telegram : @ByteReaper0 CVE : CVE-2025-7795 Vulnerability : Buffer Overflow Description : A buffer overflow...
📄 Discourse 3.1.1 Unauthenticated Chat Message Access
Proof of concept exploit for Discourse version 3.1.1 that provides unauthenticated chat message access. !/usr/bin/env ruby Title : Discourse 3.1.1 - Unauthenticated Chat Message Access CVE-2023-45131 CVSS: 7.5 High Affected: Discourse 3.1.1 stable, 3.2.0.beta2 Author ibrahimsql @...
📄 Microsoft Edge Cross Site Scripting Filter Bypass
Microsoft Edge cross site scripting filter bypass proof of concept exploit. Titles: Microsoft Edge XSS Filter Bypass PoC Author: nu11secur1ty Date: 2025-07-18 Vendor: Microsoft Software: Microsoft Edge Browser Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6176 Description Thi...
📄 Remote Mouse 3.303 Remote Code Execution
Remote Mouse version 3.303 macOS contains an unauthenticated remote code execution vulnerability. By sending crafted TCP packets that simulate keyboard input, an attacker can remotely open a terminal and execute arbitrary commands, enabling full system compromise. Exploit Title: Remote Mouse 3.30...
📄 Mouse Agent Server 3.1 Remote Code Execution
Mouse Agent Server version 3.1 is vulnerable to unauthenticated remote code execution by simulating mouse/keyboard inputs to force the target to execute a PowerShell reverse shell. It works against default configurations by sending GUI automation commands through port 8088. Exploit Title: Mouse...
📄 Wifi Mouse 1.9.0.8 Remote Code Execution
WiFi Mouse Server version 1.9.0.8 allows unauthenticated remote code execution by simulating keyboard input over TCP port 1978. This exploit connects to the server and simulates a keystroke to delivery a reverse shell. Exploit Title: Wifi Mouse version 1.9.0.8 - Remote Code Execution Date:...
📄 LiveHelperChat 4.6.1 Cross Site Scripting
LiveHelperChat versions 4.61 and below suffer from multiple persistent cross site scripting vulnerabilities. Exploit Title: LiveHelperChat Live Help Configuration Telegram Bot. 3. In the Bot Username field, enter the following payload: " 4. Save the settings. 5. Revisit the Telegram configuration...
📄 Intelbras RX 1500 2.2.9 / RX 3000 1.0.11 IDOR / XSS
Intelbras routers RX 1500 version 2.2.9 and RX 3000 version 1.0.11 suffer from multiple cross site scripting and insecure direct object reference vulnerabilities. =====Tempest Security Intelligence========================================== Multiple vulnerabilities in the web management interface ...
📄 Mouse Agent Server 3.1 Unauthenticated Remote System Control
Mouse Agent Server version 3.1 exposes a TCP control interface on port 8088 that allows remote execution of power commands shutdown, restart, sleep, logoff via unauthenticated commands. An attacker on the same network can exploit this to disrupt the system remotely without user interaction. Explo...
📄 Wifi Mouse 1.9.0.8 Unauthenticated Remote System Control
Wifi Mouse version 1.9.0.8 exposes a TCP control interface on port 1978 that allows remote execution of power commands shutdown, restart, sleep, logoff via unauthenticated commands. An attacker on the same network can exploit this to disrupt the system remotely without user interaction. Exploit...
📄 BarbarBaba 1.0 SQL Injection
BarbarBaba version 1.0 suffers from a remote SQL injection vulnerability. Titles: BarbarBaba-1.0 Copyright©2025-Multiple-SQLi Author: nu11secur1ty Date: 07/21/2025 Vendor: https://www.mayurik.com/ Software:...
📄 PandoraFMS Netflow Authenticated Remote Code Execution
This Metasploit module exploits a command injection vulnerability in Netflow component of PandoraFMS. The module requires a set of user credentials to modify Netflow settings. Also, Netflow binaries have to be present on the system. This module requires Metasploit: https://metasploit.com/download...
📄 PivotX 3.0.0 RC3 Remote Code Execution / Cross Site Scripting
PivotX version 3.0.0 RC3 suffers from a persistent cross site scripting vulnerability that can assist an attacker in achieving remote code execution once privileges are escalated. Exploit Title: PivotX v3.0.0 RC3 - Stored XSS to Remote Code Execution RCE Date: July 2025 Exploit Author: HayToN...
📄 Keras 2.15 Remote Code Execution
This exploit abuses insecure deserialization in Keras model loading. By embedding a malicious "function" object inside a .keras file or config.json, an attacker can execute arbitrary system commands as soon as the model is loaded using keras.models.loadmodel or modelfromjson. This proof of concep...
📄 MikroTik RouterOS 7.19.1 Cross Site Scripting
MikroTik RouterOS versions 7.19.1 and below suffer from a cross site scripting vulnerability. Exploit Title: MikroTik RouterOS 7.19.1 - Reflected XSS Google Dork: inurl:/login?dst= Date: 2025-07-15 Exploit Author: Prak Sokchea Vendor Homepage: https://mikrotik.com Software Link:...
📄 White Star Software Protop 4.4.2-2024-11-27 Local File Inclusion
A local file inclusion vulnerability exists in White Star Software Protop version 4.4.2. An unauthenticated remote attacker can retrieve arbitrary files via URL-encoded traversal sequences in the /pt3upd/ endpoint. Exploit Title: White Star Software Protop 4.4.2-2024-11-27 - Local File Inclusion...
📄 Beakon Cross Site Scripting / Open Redirection
Beakon versions prior to 5.4.3 suffer from cross site scripting and open redirection vulnerabilities. I am submitting a news article for publishing my recent Zero day vulnerability. I have already contacted MITRE and have CVE-2025-46102 reserved now. Please find below details: Title: Unsensitized...
📄 WordPress WP Publications 1.2 Cross Site Scripting
WordPress WP Publication plugin version 1.2 suffers from a persistent cross site scripting vulnerability. Exploit Title: WP Publications WordPress Plugin 1.2 - Stored XSS Google Dork: inurl:/wp-content/plugins/wp-publications/ Date: 2025-07-15 Exploit Author: Zeynalxan Quliyev Vendor Homepage:...
📄 Langflow 1.2.x Remote Code Execution
Langflow exposes a vulnerable endpoint /api/v1/validate/code that improperly evaluates arbitrary Python code via the exec function. An unauthenticated remote attacker can execute arbitrary system commands. Versions 1.2.x and below are affected. !/usr/bin/env python3 Exploit Title: Langflow 1.2.x ...
📄 Remote Mouse 4.601 Unauthenticated Remote System Control
Remote Mouse version 4.601 for Windows is vulnerable to unauthenticated remote power control due to improper access controls on UDP port 1978. An attacker on the same network can send specially crafted packets to force shutdown, restart, or log off the target system without authentication. Exploi...
📄 Remote Mouse 4.601 Remote Command Execution
This exploit targets Remote Mouse version 4.6.0.1 by injecting malicious UDP packets that simulate keyboard input to execute arbitrary PowerShell commands. The vulnerability exists in the way Remote Mouse processes unauthenticated UDP commands on port 1978 by sending specially crafted packets...
📄 SugarCRM 14.0.0 Code Injection / SSRF / File Read
SugarCRM versions 14.0.0 and below suffer from a LESS code injection vulnerability. User input passed through GET parameters to the /css/preview REST API endpoint is not properly sanitized before parsing it as LESS code. This can be exploited by remote, unauthenticated attackers to inject and...
📄 Remote Mouse 4.601 Privilege Escalation
Remote Mouse version 4.601 for Windows listens on UDP port 1978 and allows privilege escalation. An attacker on the same network can spawn a SYSTEM-level powershell.exe, resulting in full privilege escalation without authentication or user interaction. Exploit Title: Remote Mouse 4.601 - Local...
📄 The Language Sloth Web Application 1.0 Cross Site Scripting
The Language Sloth Web Application version 1.0 suffers from a cross site scripting vulnerability. CVE-2025-45778 CVE-2025-45778: Authenticated Stored XSS. An authenticated stored cross-site scripting XSS vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrar...
📄 SAP NetWeaver S/4HANA ABAP Code Execution
During nullFaktor security research into internal SAP code in SAP S/4HANA, they identified that the function module WRITEANDCALLDBPROG in function group SDB2 exposes dangerous functionality that allows users to execute arbitrary Native SQL. nullFaktor Security Advisory...
📄 WordPress File Provider 1.2.3 SQL Injection
WordPress File Provider plugin versions 1.2.3 and below suffer from an unauthenticated remote SQL injection vulnerability. CVE-2025-4578 File Provider = 1.2.3 - Unauthenticated SQL Injection Description The File Provider plugin for WordPress is vulnerable to SQL Injection via the 'fileId' paramet...
📄 TouchServer 2.0.0 Remote Code Execution
TouchServer version 2.0.0 has a vulnerability that allows remote attackers to execute arbitrary commands by sending specially crafted UDP packets. This exploit delivers a PowerShell reverse shell by emulating keyboard input to trigger its download and execution. Exploit Title: TouchServer 2.0.0 -...
📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Server-Side Request Forgery
Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below insecurely forward HTTP requests based on user-controlled values, enabling an unauthenticated user to coerce the web application into sending data to arbitrary locations, such as the SMTP service listening on localhost...
📄 libxslt xmlFreeID Use-After-Free
libxslt suffers from a heap use-after-free vulnerability in xmlFreeID caused by atype corruption. Vulnerability details In xsltutils.c: int xsltSetSourceNodeFlagsxsltTransformContextPtr ctxt, xmlNodePtr node, int flags if node-doc == ctxt-initialContextDoc ctxt-sourceDocDirty = 1; switch node-typ...
📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Privilege Escalation
Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below contain a Charon executable that can be used by a low-privileged attacker to obtain root privileges. The Charon executable and configuration appears to be a local method for adding and removing services that run within th...
📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Remote Command Execution
Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below have a configuration modification issue where sufficient input sanitization is not performed on the value provided for the hostname of the appliance. The hostname variable can include a command terminator and subsequent...