50736 matches found
📄 Python-Multipart Path Traversal / Arbitrary File Write
Proof of concept that leverages a path traversal vulnerability in Python-Multipart versions prior to 0.0.22 to achieve an arbitrary file write. ================================================================================================================================== | Title :...
📄 SAP NetWeaver ABAP / SAP_BASIS 918 Cryptographic Weakness
SAML response validation in NetWeaver's SAML Service Provider is susceptible to XML Signature wrapping attacks, specifically through Signature/Object tags. This allows an attacker to manipulate SAML assertion data returned by the identity provider, therefore enabling logging in as an arbitrary...
📄 phpVMS 7.0.5 Unauthenticated Import Endpoint Bypass
Proof of concept targeting phpVMS versions 7.0.5 and below. It scans multiple importer-related endpoints, attempts POST-based actions that simulate or trigger destructive operations such as import, delete, and database wipe behaviors, and classifies a target as vulnerable based on HTTP responses...
📄 Meta AI Information Disclosure
Meta AI has publicly accessible hosted files generated through the upload workflow that expose unsanitized object metadata through response headers. The exposed metadata contains uploader-associated information including public IP addresses and additional internal object properties. The issue...
📄 WordPress Contest Gallery 28.1.4 Blind SQL Injection
This Metasploit module targets a remote blind SQL injection vulnerability in WordPress Contest Gallery plugin versions 28.1.4 and earlier. ================================================================================================================================== | Title : WordPress Contest...
📄 Python-Multipart Path Traversal
This code bundle contains two separate components related to the path traversal vulnerability affecting Python-Multipart versions prior to 0.0.22. ================================================================================================================================== | Title :...
📄 WordPress ARMember Premium 7.3.1 SQL Injection
WordPress ARMember Premium plugin version 7.3.1 remote SQL injection and account takeover exploit. ================================================================================================================================== | Title : WordPress ARMember Premium 7.3.1 SQL Injection and Accoun...
📄 ProjeQtor 12.4.3 SQL Injection
This Python script automates exploitation of an SQL injection vulnerability in a ProjeQtor login interface. Version 12.4.3 is affected. ================================================================================================================================== | Title : ProjeQtor 12.4.3...
📄 Computer Laboratory Management System 1.0 Cross Site Scripting
Computer Laboratory Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Stored Cross-Site Scripting XSS in Computer Laboratory Management System v1.0 Summary A Stored Cross-Site Scripting XSS vulnerability exists in Computer Laboratory Management System v1....
📄 WordPress Burst Statistics 3.4.1.1 Authentication Bypass
WordPress Burst Statistics plugin versions 3.4.0 through 3.4.1.1 authentication bypass to administrative takeover exploitation framework. ================================================================================================================================== | Title : WordPress 3.4.1.1...
📄 OpenEMR 7.0.2 Arbitrary File Read
OpenEMR version 7.0.2 suffers from an arbitrary file read vulnerability. Exploit Title: OpenEMR 7.0.2 - Arbitrary File Read Google Dork: intitle:"OpenEMR" inurl:"interface/login/login.php" Date: 2026-06-06 Exploit Author: doany1 Vendor Homepage: https://www.open-emr.org/ Software Link:...
📄 Computer Laboratory Management System 1.0 SQL Injection
A remote SQL Injection vulnerability exists in Computer Laboratory Management System Using PHP and MySQL LMS version 1.0. The application fails to properly validate and sanitize user-supplied input provided through the id parameter, allowing an authenticated attacker to manipulate backend SQL...
📄 Revive Adserver 6.0.6 XSS / SQL Injection / Code Execution
Revive Adserver versions 6.0.6 and below exploitation framework that targets cross site scripting, remote SQL injection, remote code execution, and various other vulnerabilities...
📄 Wazuh Cluster Remote Code Execution / Insecure Deserialization
This is a Metasploit Framework exploit module targeting a critical remote code execution vulnerability in Wazuh cluster mode identified as CVE-2026-25769. The flaw is described as an insecure deserialization issue in the cluster synchronization mechanism, where the master node improperly processe...
📄 ProjeQtor 12.4.3 SQL Injection
This Metasploit auxiliary module targets an unauthenticated SQL injection vulnerability in ProjeQtor login functionality and is structured as a scanner-style module with multiple operational modes. Version 12.4.3 is affected...
📄 Lyrion Music Server 9.2.0 server.log Persistent Cross Site Scripting
The log viewer in Lyrion Music Server version 9.2.0 reflects request parameters and raw log content into HTML with no escaping. Any attacker-provided value that gets logged a crafted URL, User-Agent, stream title, player name becomes persistent cross site scripting. Lyrion Music Server 9.2.0...
📄 Lyrion Music Server 9.2.0 metadata Persistent Cross Site Scripting
Lyrion Music Server version 9.2.0 stores media file metadata tags such as GENRE, ARTIST, and ALBUM exactly as written in the file and later renders them in its web interface without HTML-encoding, resulting in persistent cross site scripting. An attacker who gets a file with a malicious tag into...
📄 Lyrion Music Server 9.2.0 Path Traversal / File Read
Lyrion Music Server version 9.2.0 suffers from a directory traversal vulnerability. Exploiting this issue will allow an unauthenticated attacker to view arbitrary files within the context of the web server. Lyrion Music Server 9.2.0 Path Traversal File Read Vendor: LMS Community Product web page:...
📄 WordPress Contest Gallery 28.1.4 SQL Injection
WordPress Contest Gallery plugin versions 28.1.4 and below suffer from a remote SQL injection vulnerability. Exploit Title: WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection Tested on: Docker - PHP 8.2/Apache + MariaDB WordPress Environment CVE: 2026-3180 """ Description A...
📄 Lyrion Music Server 9.2.0 search Cross Site Scripting
Lyrion Music Server version 9.2.0 has advanced search parameters that are stuffed back into the page so the form keeps its values. Several free-text fields do not apply filtering, resulting in reflected cross site scripting. Lyrion Music Server 9.2.0 search. Multiple Script Insertions Vendor: LMS...
📄 Lyrion Music Server 9.2.0 server.log Reflected Cross Site Scripting
Lyrion Music Server version 9.2.0 suffers from an unauthenticated reflected cross site scripting vulnerability through server.log endpoint abusing the search GET parameter. Input is not properly sanitized before being returned to the user, allowing the execution of arbitrary HTML/JS code in a use...
📄 Craft CMS 5.9.5 Missing Authorization / Denial of Service
Craft CMS versions 5.9.5 and below suffer from a missing authorization vulnerability that can trigger an unwanted migration. CVE-2026-31266 - Craft CMS Missing Authorization CVE Information | Field | Value | |-------|-------| | CVE ID | CVE-2026-31266 | | Vendor | Pixel & Tonic | | Product | Craf...
📄 Lyrion Music Server 9.2.0 Arbitrary Directory Listing
Lyrion Music Server version 9.2.0 exposes a readdirectory query through both its CLI service TCP port 9090 and its HTTP JSON-RPC endpoint /jsonrpc.js that takes a folder parameter and lists its contents with no restriction to the configured media directories and no authentication in the default...
📄 WordPress ARMember Premium 7.3.1 Insecure Password Reset
WordPress ARMember Premium plugin versions 7.3.1 and below suffer from an insecure password reset mechanism that allows for administrative account takeover. ☠️ CVE-2026-5076 ARMember Premium --- 📋 Informasi Kerentanan | Item | Detail | |---|---| | CVE ID | CVE-2026-5076 | | Plugin | ARMember –...
📄 Gogs Git Rebase Argument Injection / Remote Code Execution
This Metasploit module exploits an argument injection vulnerability in the pull request merge flow of Gogs versions less than or equal to 0.14.2 and less than or equal to 0.15.0+dev. frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source:...
📄 MCPJam Inspector 1.4.2 Command Injection
This is an advanced Python proof of concept for CVE-2026-23744 demonstrating command injection through a vulnerable MCP API endpoint, leading to remote code execution and reverse shell access. The script supports multiple payload types, endpoint discovery, listener management, and several...
📄 Samba Print Command Injection
This Python proof of concept framework analyzes Samba printing configurations for unsafe print command usage involving the %J variable and demonstrates how command injection conditions could arise in vulnerable setups. It's written to target versions 4.22.10, 4.23.8 and 4.24.3...
📄 WebRemoteControl Unauthenticated Remote Filesystem Access
Proof of concept tool that demonstrates how WebRemoteControl suffers from unauthenticated remote filesystem access and potential remote code execution. ================================================================================================================================== | Title :...
📄 WordPress OrderConvo 13.5 Path Traversal
Proof of concept exploit that demonstrates a path traversal vulnerability in WordPress OrderConvo plugin version 13.5. Exploit Title: WordPress OrderConvo 14 - Path Traversal Date: 05-31-2026 Exploit Author: Diamorphine Vendor Homepage: https://www.najeebmedia.com/ Software Link:...
📄 dcontrol 1.0.9 Screen Capture
The script is a fully featured remote screen-capture client targeting an exposed WebSocket service /ws associated with a dcontrol deployment. It includes capabilities that move beyond diagnostic or administrative testing into active surveillance and unauthorized access workflows. Version 1.0.9 is...
📄 Drupal core 10.5.5 SQL Injection
This proof of concept demonstrates an error-based remote SQL injection vulnerability in Drupal core version 10.5.5 PostgreSQL. User-controlled JSON:API filter array keys influence SQL query construction, allowing database information disclosure through SQL error messages. Exploit Title: Drupal Co...
📄 Samba SMB Printer Queue Command Injection / Remote Task Delivery
This Python script is a structured exploitation framework targeting Samba print services exposed over SMB port 445. It focuses on printer-share interaction, payload delivery testing, and command execution workflows through manipulated print job submissions. It's written to target versions 4.22.10...
📄 Mennekes Amtron Series and Smart-T PnC 5.22.3 Authentication Bypass / Privilege Escalation
Mennekes Amtron Series and Smart-T PnC version 5.22.3 suffers from authentication bypass and privilege escalation vulnerabilities. CyberDanube Security Research 20260528-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product|...
📄 dwol 1.0.0 Command Injection
This Python script is a security auditing tool designed to assess a potential unauthenticated command injection vulnerability in dwol. It interacts with the target application's API to register test machines and inject controlled payloads into the host parameter to determine whether arbitrary...
📄 Espanso 2.3.0 Configuration Injection
This Python script is a configuration manipulation tool for Espanso version 2.3.0 that modifies its YAML configuration file base.yml to add new text triggers capable of executing system commands via shell or script extensions...
📄 dmonitor 1.0.3 Server-Side Request Forgery / Redis Enumeration
Proof of concept demonstration exploit for dmonitor version 1.0.3 that leverages an unauthenticated server-side request forgery vulnerability to demonstrate redis access and data enumeration...
📄 MATLAB R2024a Arbitrary Local System Information Disclosure
This proof of concept tool demonstrates arbitrary local system information disclosure via MATLAB using system/fileread primitives. ================================================================================================================================== | Title : MATLAB R2024a Full...
📄 Apache ActiveMQ Jolokia Remote Code Execution
This is a proof of concept security research tool that evaluates a potential authenticated remote code execution pathway through the Jolokia management interface exposed by Apache ActiveMQ. The tool authenticates to the broker, discovers configuration details, interacts with JMX operations expose...
📄 Notepad++ 8.9.6 Arbitrary Code Execution
Notepad++ versions 8.9.6 and below proof of concept arbitrary code execution exploit. Exploit Title: Notepad++ 8.9.6 - Arbitrary Code Execution Date: 2026-05-30 Exploit Author: Kavin Jindal Avyukt Security https://www.linkedin.com/in/kavin-jindal/ Vendor Homepage: https://notepad-plus-plus.org...
📄 dwatch 0.0.2 SSRF Boundary and Network Isolation Audit Tool
This is an auditing tool to analyze server-side request forgery vulnerabilities in dwatch version 0.0.2. ================================================================================================================================== | Title : dwatch 0.0.2 SSRF Boundary and Network Isolation...
📄 Lightweight Music Server 3.76.0 Cross Site Scripting
Lightweight Music Server version 3.76.0 suffers from a persistent cross site scripting vulnerability. LMS stores media file metadata tags such as GENRE, ARTIST, and ALBUM exactly as written in the file and later renders them in its web interface without HTML-encoding. An attacker who gets a file...
📄 MikroORM 7.0.13 SQL Injection
MikroORM version 7.0.13 suffers from a remote SQL injection vulnerability. Exploit Title: MikroORM 7.0.13 - SQL Injection Google Dork: N/A Date: 2026-05-27 Exploit Author: cardosource Vendor Homepage: https://mikro-orm.io/ Software Link: https://github.com/mikro-orm/mikro-orm Version:...
📄 MeiG Smart FORGE_SLT711 Command Injection
MeiG Smart FORGESLT711 proof of concept remote command injection exploit. Exploit Title: MeiG Smart FORGESLT711 - OS Command Injection Date: 2026-05-03 Exploit Author: Daniil Gordeev Vendor Homepage: http://www.meigsmart.com Software Link: N/A firmware distributed via carrier channels Version:...
📄 Apache ActiveMQ Jolokia AddNetworkConnector Remote Code Execution
Apache ActiveMQ exposes a Jolokia JMX-over-HTTP API at /api/jolokia/. An authenticated attacker can invoke the addNetworkConnector MBean operation with a crafted URI that causes the broker to fetch a remote Spring XML configuration over HTTP. The Spring XML instantiates a ProcessBuilder bean that...
📄 Grav CMS Shell Upload
The Grav CMS Direct Install feature in the Admin plugin allows administrators to upload plugins as ZIP files. The system failed to adequately validate the contents of the ZIP archive or prevent path traversal Zip Slip during extraction. By crafting a malicious plugin that hooks into Grav events...
📄 strongSwan 5.9.13 Denial of Service
strongSwan version 5.9.13 suffers from a denial of service vulnerability. Exploit Title: strongSwan 5.9.13 - DoS Date: 2026-05-13 Exploit Author: Lukas Johannes Moeller Vendor Homepage: https://www.strongswan.org/ Software Link: https://download.strongswan.org/strongswan-5.9.13.tar.bz2 Version:...
📄 Wing FTP Server 8.1.3 Remote Code Execution
Wing FTP Server version 8.1.2 contains a remote code execution vulnerability in the session serialization mechanism. An authenticated administrator can inject arbitrary Lua code through the domain admin mydirectory basefolder field, which gets executed server-side via loadfile. Exploit Title: Win...
📄 Apache HTTP Server 2.4.66 Denial of Service
Apache HTTP Server version 2.4.66 modhttp2 double-free denial of service proof of concept exploit. Exploit Title: Apache HTTP Server 2.4.66 - 'modhttp2' Double-Free Denial of Service Google Dork: intext:"Apache/2.4.66" "HTTP/2" Date: 2026-05-06 Exploit Author: xeloxa https://github.com/xeloxa/...
📄 MixPHP Framework 2.2.17 Deserialization / Arbitrary Code Execution
MixPHP Framework versions 2.x through 2.2.17 suffer from an insecure deserialization vulnerability that allows for remote code execution. Exploit Title: MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution Date: 2026-05-14 Exploit Author: cardosource Vendor Homepage:...
📄 WordPress Prodigy Commerce 3.2.9 Local File Inclusion
WordPress Prodigy Commerce plugin versions 3.2.9 and below suffer from a local file inclusion vulnerability. Exploit Title: Prodigy Commerce 3.3.0 - Local File Inclusion Date: 23-05-2026 Exploit Author: Diamorphine Vendor Homepage: https://prodigycommerce.com/ Software Link:...