50738 matches found
📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Remote Code Execution
Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below lacks authorization controls and allows anyone to masquerade as a NetBotz camera. A path traversal vulnerability enables an attacker to create a malicious folder name capable of injecting arguments into specific shell...
📄 WordPress Events Manager 7.0.3 SQL Injection
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 7.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Root Password Discovery
Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below use logic contained within a JAR file and the MAC address to compute a "random" password for the root account. With access to the JAR file and knowledge of the MAC address, it is possible to determine the root password...
📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 XML Injection
Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below has a DataExchange route that allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhel...
📄 Sudo chroot 1.9.17 Privilege Escalation
Sudo versions 1.9.14 through 1.9.17 suffer from a local privilege escalation vulnerability in the chroot functionality. Exploit Title: Sudo chroot 1.9.17 - Local Privilege Escalation Google Dork: not aplicable Date: Mon, 30 Jun 2025 Exploit Author: Stratascale Vendor...
📄 Discourse 3.2.x Anonymous Cache Poisoning
Discourse versions 3.1.x and 3.2.x suffer from an anonymous cache poisoning vulnerability. !/usr/bin/env python3 """ Exploit Title: Discourse 3.2.x - Anonymous Cache Poisoning Date: 2024-10-15 Exploit Author: ibrahimsql Github: : https://github.com/ibrahmsql Vendor Homepage: https://discourse.org...
📄 Sudo 1.9.17 Privilege Escalation
Sudo versions 1.9.17 and below suffers from a local privilege escalation vulnerability via the Host option. Exploit Title: Sudo 1.9.17 Host Option - Elevation of Privilege Date: 2025-06-30 Exploit Author: Rich Mirch Vendor Homepage: https://www.sudo.ws Software Link:...
📄 Microsoft PowerPoint 2019 Remote Code Execution
This exploit leverages a use-after-free vulnerability in Microsoft PowerPoint allowing an attacker to execute arbitrary code by tricking a user into opening a specially crafted PPTX file. This proof of concept generates such a malicious PPTX file designed to trigger the use-after-free condition...
📄 Stacks Mobile App Builder 5.2.3 Authentication Bypass
Stacks Mobile App Builder versions 5.2.3 and below suffer from an authentication bypass vulnerability via account takeover. Exploit Title: Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover Date: October 25, 2024 Exploit Author: stealthcopter Vendor Homepage:...
📄 ISPConfig language_edit.php PHP Code Injection
This Metasploit module exploits a PHP code injection vulnerability in the ISPConfig languageedit.php file. The vulnerability occurs when the adminallowlangedit setting is enabled, allowing authenticated administrators to inject arbitrary PHP code through the language editor interface. This...
📄 Microsoft Defender for Endpoint Privilege Escalation
Proof of concept exploit that demonstrates a privilege escalation vulnerability in Microsoft Defender for Endpoint MDE. !/bin/bash Exploit Title: Microsoft Defender for Endpoint MDE - Elevation of Privilege Date: 2025-05-27 Exploit Author: Rich Mirch Vendor Homepage:...
📄 MikroTik RouterOS Cross Site Scripting
A reflected cross site scripting vulnerability exists in MikroTik RouterOS versions prior to version 7, specifically in the UserManager web interface. This flaw can be exploited by unauthenticated attackers, allowing JavaScript injection via a specially crafted URL without requiring a valid login...
📄 bludit 3.16.2 Directory Traversal
bludit version 3.16.2 suffers from a directory traversal vulnerability. Exploit Title: Directory Traversal "Site Title" - bluditv3.16.2 Date: 07/2025 Exploit Author: Andrey Stoykov Version: 3.16.2 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Directory Traversal "Site Title" 1: Step...
📄 bludit 3.16.2 Persistent Cross Site Scripting
bludit version 3.16.2 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS "Add New Content" Functionality - bluditv3.16.2 Date: 07/2025 Exploit Author: Andrey Stoykov Version: 3.16.2 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Stored XSS "Add Ne...
📄 bludit 3.16.2 Session Fixation
bludit version 3.16.2 suffers from a session fixation vulnerability. Exploit Title: Session Fixation - bluditv3.16.2 Date: 07/2025 Exploit Author: Andrey Stoykov Version: 3.16.2 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Session Fixation 1: Steps to Reproduce: Visit the login pag...
📄 bludit 3.16.2 Cross Site Scripting
bludit version 3.16.2 suffers from a cross site scripting vulnerability that leverages an SVG file upload. Exploit Title: XSS via SVG File Upload - bluditv3.16.2 Date: 07/2025 Exploit Author: Andrey Stoykov Version: 3.16.2 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ XSS via SVG Fi...
📄 Oracle 23ai / 21c / 19c Privilege Escalation
Oracle versions 23ai, 21c, and 19c suffer from a privilege escalation vulnerability that allows DBA access. Title: Oracle 23ai Privilege Escalation From GRANT ANY ROLE To DBA Role Vendor: Oracle Product: Oracle database system Affected Versions: 23ai , 21c , 19c Risk Level: Medium Author of...
📄 Tiki Wiki CMS Groupware 28.3 Server-Side Template Injection
Tiki Wiki CMS Groupware versions 28.3 and below suffer from two server-side template injection vulnerabilities via specially crafted wiki pages. ---------------------------------------------------------------------------------- Tiki Wiki CMS Groupware '" The second vulnerability can be leveraged ...
📄 OpenAM Authentication Bypass
OpenAM versions prior to 14.6.6 proof of concept exploit. / | | |\ \ \ / / \ \ / | | | | / \ / / \ \ \ / / | | \ | Y | | \ / | | / // || \ || || / // || / / / Name: watchtowr-vs-openamauth-impersonation2022-06-16.py Author: Aliz Hammond import json import re import textwrap import...
📄 ScriptCase Remote Command Execution
ScriptCase versions 1.0.003-build-2 Production Environment and 9.12.006 23 ScriptCase are affected by a pre-authenticated remote command execution vulnerability. This is achieved by chaining two vulnerabilities: the first is the ability to reset the administrator password of the prod console unde...
📄 Wing FTP Server NULL-byte Authentication Bypass
Wing FTP Server allows arbitrary Lua code injection via a NULL-byte %00 truncation bug CVE-2025-47812. Supplying %00 as the username makes the C++ authentication routine validate only the prefix, while the full string is written unfiltered into the session file and later executed with root/SYSTEM...
📄 AndroMouse Server 8.0 Unauthenticated Screenshot Exposure
AndroMouse Server version 8.0 listens on TCP/UDP port 8888 and allows unauthenticated retrieval of desktop screenshots. Attackers can abuse this feature by repeatedly requesting screenshots to create a covert live monitoring stream, compromising user privacy without any notification or consent...
📄 Microsoft AutoUpdate Privilege Escalation
Microsoft AutoUpdate MAU suffers from a privilege escalation vulnerability. Titles: CVE-2025-47968-Core-Logic Microsoft AutoUpdate MAU Elevation of Privilege Vulnerability Author: nu11secur1ty Date: 07/03/2025 Vendor: https://www.microsoft.com/en-us Software:...
📄 AndroMouse Server 8.0 Unauthenticated Remote System Control
AndroMouse Server version 8.0 allows attackers to send UDP commands to remotely restart, shutdown, sleep, lock, or log off the target machine without authentication. This leads to unauthorized power state manipulation and potential denial of service. Exploit Title: AndroMouse Server 8.0 –...
📄 AndroMouse Server 8.0 Unauthenticated Directory Enumeration
AndroMouse Server version 8.0 exposes an unauthenticated TCP command interface on port 8888. A remote attacker can send crafted commands to enumerate the contents of arbitrary directories on the host file system, without user interaction or authentication. Exploit Title: AndroMouse Server 8.0 –...
📄 AndroMouse Server 8.0 Remote Code Execution
AndroMouse Server version 8.0 proof of concept that exploits an unauthenticated UDP interface to simulate mouse/keyboard actions and execute malicious commands via certutil. Exploit Title: AndroMouse Server 8.0 - Remote Code Execution Date: 03/07/25 Exploit Author: Chokri Hammedi Vendor Homepage:...
📄 Turn off PC 1.0 Unauthenticated Remote System Control
Turn Off PC version 1.0 exposes an unsecured socket port 8081 allowing complete remote power control shutdown, restart, sleep without authentication, enabling system disruption attacks. Exploit Title: Turn Off PC 1.0 - Unauthenticated Remote System Control Shutdown/Restart/Sleep Date: 02/07/25...
📄 Microsoft SharePoint 2019 NTLM Authentication Information Disclosure
Microsoft SharePoint Central Administration improperly exposes NTLM-authenticated endpoints to low-privileged or even brute-forced domain accounts. Once authenticated, an attacker can access the api/web endpoint, disclosing rich metadata about the SharePoint site, including user group...
📄 Moodle 4.4.0 Remote Code Execution
Moodle version 4.4.0 authenticated remote code execution exploit. Exploit Title: Moodle 4.4.0 - Authenticated Remote Code Execution Exploit Author: Likhith Appalaneni Vendor Homepage: https://moodle.org Software Link: https://github.com/moodle/moodle/releases/tag/v4.4.0 Tested Version: Moodle 4.4...
📄 gogs 0.13.0 Remote Code Execution
gogs version 0.13.0 suffers from a remote code execution vulnerability. Exploit Title: gogs 0.13.0 - Remote Code Execution RCE Date: 27th June, 2025 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/gogs/gogs.git Version: gogs =0.13.0 Tested on: Ubuntu CVE: CVE-2024-3993...
📄 TinyWebGallery 2.7 Shell Upload
TinyWebGallery version 2.7 suffers from an authenticated remote shell upload vulnerability. Exploit Title: TinyWebGallery 2.7 - Authenticated Shell Upload Date: 2025-27-06 Exploit Author: tmrswrr Vendor Homepage: https://www.tinywebgallery.com Version: 2.7 Tested on:...
📄 AnyCommand 1.2.7 Remote Code Execution
AnyCommand version 1.2.7 contains critical vulnerabilities enabling unauthenticated attackers to achieve remote code execution. The exploit bypasses weak 6-digit PIN authentication through bruteforcing, then abuses the command interface to simulate keystrokes for command execution and payload...
📄 Vite Local File Inclusion
Vite suffers from a local file inclusion vulnerability. This issue affected versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. Titles: CVE-2025-30208 - Vite @fs LFI Local File Inclusion Vulnerability Author: nu11secur1ty Date: 01/09/2025 Vendor: https://vite.dev/ Software:...
📄 Saturn Remote Mouse Server V1 Remote Code Execution
Saturn Remote Mouse Server V1 suffers from a remote code execution vulnerability. Exploit Title: Saturn Remote Mouse Server V1 - Remote Code Execution RCE Date: 2025-06-30 Exploit Author: tmrswrr Vendor Homepage: https://www.saturnremote.com/ Software Link:...
📄 Hecate PC Remote Control 1.6.1.0 Remote Code Execution
Hecate PC Remote Control version 1.6.1.0 listens on UDP port 48436 and accepts unauthenticated JSON commands for keyboard and mouse input. This lack of authentication allows a remote attacker to simulate user interaction, open system dialogs, and execute arbitrary commands. Exploit Title: Hecate ...
📄 Hecate PC Remote Control 1.6.1.0 Remote System Control
Hecate PC Remote Control version 1.6.1.0 is vulnerable to unauthenticated system control. An attacker on the same network can send crafted UDP packets to the target without authentication, allowing them to remotely issue system-level commands such as lock, shutdown, restart, and sleep. Exploit...
📄 TinyWebGallery 2.7 Cross Site Scripting
TinyWebGallery version 2.7 suffers from a persistent cross site scripting vulnerability. Exploit Title: TinyWebGallery 2.7 - Authenticated Stored XSS Date: 2025-27-06 Exploit Author: tmrswrr Vendor Homepage: https://www.tinywebgallery.com Version: 2.7 Tested on:...
📄 AnyCommand 1.2.7 Unauthenticated Live Desktop Stream Access
AnyCommand 1.2.7 exposes a live MJPEG screen stream at http://target:8081/stream without access control. Unauthenticated attackers can directly access and view the victim’s live screen feed without triggering any prompts or requiring a valid session. Exploit Title: AnyCommand 1.2.7 -...
📄 Saturn Remote Mouse Server 1.0.4.0 Remote Code Execution
Saturn Remote Mouse Server version 1.0.4.0 exposes an unauthenticated UDP command interface port 27000 allowing remote attackers to inject keystrokes. This proof of concept demonstrates remote code execution by simulating Windows key combinations to spawn cmd.exe and execute malicious PowerShell...
📄 WordPress Social Welfare 3.5.2 Remote Code Execution
WordPress Social Welfare plugin versions 3.5.2 and below suffer from a remote code execution vulnerability. !/usr/bin/env python3 Exploit Title: Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution RCE Date: 25-06-2025 Exploit Author: Huseyin Mardini @housma Original Researcher: Luka Sik...
📄 Skyvern 0.1.84 SSTI Remote Code Execution
This Metasploit module exploits a server-side template injection vulnerability in Skyvern versions 0.1.84 and below. The module requires an API key to deliver requests and upload the malicious workflow. This module requires Metasploit: https://metasploit.com/download Current source:...
📄 Mouselink 5.0.1 Unauthenticated Remote Code Execution
Mouselink version 5.0.1 allows unauthenticated remote code execution due to improper JWT validation, enabling attackers to forge JWT tokens with a known hardcoded secret. Using the forged token, attackers can bypass authentication, connect to the WebSocket interface, and simulate keyboard input t...
📄 Mouselink 5.0.1 Unauthenticated Remote System Control
Mouselink version 5.0.1 is vulnerable to JWT authentication bypass, allowing remote attackers to perform system-level actions such as shutdown, restart, sleep, and logout without valid credentials. Exploit Title: Mouselink 5.0.1 - Unauthenticated Remote System Control Date: 26/06/25 Exploit Autho...
📄 Sitecore 10.4 Remote Code Execution
Sitecore version 10.4 suffers from a remote code execution vulnerability. Exploit Title: Sitecore 10.4 - Remote Code Execution RCE Exploit Author: Yesith Alvarez Vendor Homepage: https://developers.sitecore.com/downloads Version: Sitecore 10.3 - 10.4 CVE : CVE-2025-27218 Link:...
📄 McAfee Agent 5.7.6 Insecure Storage
This script demonstrates the vulnerability in McAfee's Trellix Agent Database where attackers can retrieve and decrypt credentials from the ma.db database file. Version 5.7.6 is affected. Exploit Title: McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information Date: 24 June 2025 Exploit...
📄 Pterodactyl Panel Remote Code Execution
Pterodactyl Panel versions prior to 1.11.11 suffers from a remote code execution vulnerability. Exploit Title: Pterodactyl Panel 1.11.11 - Remote Code Execution RCE Date: 22/06/2025 Exploit Author: Zen-kun04 Vendor Homepage: https://pterodactyl.io/ Software Link:...
📄 Mouselink 5.0.1 Remote System Control
Mouselink version 5.0.1 allows remote attackers to control system functions shutdown, restart, sleep, logout. By default, no password is configured, allowing an attacker to obtain a valid JWT token and invoke privileged /api/PCControl/ endpoints, leading to unauthorized system operations. Exploit...
📄 PX4 Military UAV Autopilot 1.12.3 Denial of Service
A stack-based buffer overflow vulnerability in PX4 Military UAV Autopilot versions 1.12.3 and below is triggered when handling a malformed MAVLink message of type TRAJECTORYREPRESENTATIONWAYPOINTS. An attacker with access to the MAVLink communication channel can send a crafted packet to crash the...
📄 Mouselink 5.0.1 Remote Code Execution
Mouselink version 5.0.1 allows unauthenticated remote attackers to execute arbitrary commands by abusing an exposed login endpoint and insecure WebSocket-based keyboard simulation. With no password per default, an attacker can obtain a JWT token, open a WebSocket session, and simulate keystrokes ...
📄 PiHome MaxAir Smart Thermostat SQL Injection
A security vulnerability has been identified in the PiHome MaxAir Smart Thermostat system that permits an authenticated attacker to execute arbitrary SQL statements against the backend database. Description: A security vulnerability has been identified in the PiHome MaxAir Smart Thermostat system...