50738 matches found
📄 freeSSHd 1.0.9 Denial of Service
freeSSHd version 1.0.9 suffers from a denial of service vulnerability. Exploit Title: freeSSHd 1.0.9 - Denial of Service DoS Date: 2024-01-13 Discovery by: Fernando Mengali Linkedin: https://www.linkedin.com/in/fernando-mengali/ Software Link:...
📄 OpenCart 4.1.0.4 Cross Site Scripting
OpenCart versions 4.1.0.4 and below suffer from multiple persistent cross site scripting vulnerabilities. These findings exist in the blog editor and via SVG file uploads. CVE-2025-45892 – Stored XSS via Blog Editor Affected Versions: OpenCart 4.1.0.4 and below Vector: Stored XSS Attack Surface:...
📄 WordPress Tatsu 3.3.11 Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution in the Tatsu WordPress plugin in versions 3.3.11 and below. The module uploads a malicious zip with a PHP payload that gets executed in the second part of exploit. This module requires Metasploit:...
📄 Microsoft Internet Shortcut Malicious URL
This Metasploit module exploits CVE-2025-33053 by generating a malicious .URL file pointing to a trusted LOLBAS binary with parameters designed to trigger unintended behavior. Optionally, a payload is generated and hosted on a specified WebDAV directory. When the victim opens the shortcut, it wil...
📄 Monect PC Remote 7.7.2 Unquoted Service Path
Monect PC Remote version 7.7.2 suffers from an unquoted service path vulnerability in MonectServerService. Exploit Title: Monect PC Remote 7.7.2 - Unquoted path service Date: 25/06/25 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.monect.com/ Software Link:...
📄 CloudClassroom-PHP-Project 1.0 SQL Injection
CloudClassroom-PHP-Project version 1.0 suffers from a remote SQL injection vulnerability that allows for login bypass. 🛡️ CVE Disclosure: CVE-2025-26198 — SQL Injection in CloudClassroom-PHP-Project Disclosure Date: 18 June 2025 CVE ID: CVE-2025-26198 Severity: CRITICAL CVSS 9.8 --- 🧩 Summary A...
📄 Off 2.15.4 Unauthenticated Remote System Control
Off version 2.15.4 exposes a TCP service that accepts remote commands like Shutdown, Restart, Lock, Sleep, and Hibernate without any authentication. Exploit Title: Off 2.15.4 - Unauthenticated Remote System Control Shutdown/Restart/Lock/Sleep/Hibernate Date: 25/06/25 Exploit Author: Chokri Hammed...
📄 libxslt xsltParseStylesheetProcess Use-After-Free
There is a use-after-free issue in libxslt read on a namespace URL stored in exclPrefixTab. The issue was reproduced on the latest Git version. The proof of concept and ASAN log are provided at the end of the report. There is a use-after-free issue in libxslt read on a namespace URL stored in...
📄 Off 2.15 Unauthenticated Remote System Control
Off version 2.15 exposes a TCP service on 1984 port that allows unauthenticated attackers to issue remote system control commands such as Shutdown, Restart, Lock, Sleep, and Hibernate. Exploit Title: Off 2.15 - Unauthenticated Remote System Control Date: 25/06/25 Exploit Author: Chokri Hammedi...
📄 VLC Mobile Remote for Windows 1.3.9.3 Remote Code Execution
VLC Mobile Remote for Windows version 1.3.9.3 allows remote code execution via unauthenticated keystroke injection over TCP, enabling command execution and reverse shell delivery. This is a second version of the original exploit by the same author. Exploit Title: VLC Mobile Remote VMR for Windows...
📄 VLC Mobile Remote for Windows 1.3.9.3 Remote Arbitrary URL Launch
VLC Mobile Remote for Windows version 1.3.9.3 allows an unauthenticated attacker to remotely cause the target system to open any URL in the victim’s default web browser by sending a specially crafted request. This can lead to forced browsing to malicious sites, phishing attacks, or NTLM credentia...
📄 Microsoft Excel LTSC Professional Pilus 2021 Remote Code Execution
Microsoft Excel LTSC Professional Pilus 2021 and Microsoft Word LTSC MSO suffer from a vulnerability. The attacker can trick any user into opening and executing their code by sending a malicious DOCM file via email or a streaming server. Titles: Microsoft Excel LTSC Professional Pilus 2021 -...
📄 Mobile Mouse 3.6.0.4 WebSocket Remote Code Execution
Mobile Mouse version 3.6.0.4 contains a remote code execution vulnerability through its WebSocket interface. Exploit Title: Mobile Mouse 3.6.0.4 WebSocket Remote code execution Date: 06/17/2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://mobilemouse.com/ Software Link:...
📄 Mobile Mouse 3.6.0.4 Clipboard Data Exfiltration
An attacker can intercept clipboard activity from a system running Mobile Mouse version 3.6.0.4. When the user copies text, images, or takes screenshots, the data is transmitted over a WebSocket channel without encryption or authentication, allowing passive exfiltration of sensitive information...
📄 OneTrust SDK 6.33.0 Prototype Pollution / Denial of Service
A vulnerability exists in OneTrust SDK version 6.33.0 that allows an attacker to perform prototype pollution via the misuse of Object.setPrototypeOf and Object.assign. An attacker can inject malicious properties into the prototype chain, potentially causing a denial of service or altering the...
📄 VLC Mobile Remote for Windows 1.3.9.3 Remote Code Execution
VLC Mobile Remote for Windows version 1.3.9.3 allows remote code execution via unauthenticated keystroke injection over TCP, enabling command execution and reverse shell delivery. Exploit Title: VLC Mobile Remote VMR for Windows v1.3.9.3 Remote Code Execution Date: 06/23/2025 Exploit Author: Chok...
📄 Ingress-NGINX 4.11.0 Remote Code Execution
Ingress-NGINX version 4.11.0 remote code execution exploit that sends a crafted AdmissionRequest to the vulnerable Ingress-NGINX webhook and loads shell.so to achieve code execution. Exploit Title: Ingress-NGINX 4.11.0 - Remote Code Execution RCE Google Dork: N/A Date: 2025-06-19 Exploit Author:...
📄 Microsoft Excel LTSC 2024 Remote Code Execution
Microsoft Excel LTSC 2024 suffers from a remote code execution vulnerability. Titles: Microsoft Excel LTSC 2024 - Remote Code Execution RCE Author: nu11secur1ty Date: 06/16/2025 Vendor: Microsoft Software: https://www.microsoft.com/en/microsoft-365/excel?market=af Reference:...
📄 FortiOS SSL-VPN 7.4.4 Insufficient Session Expiration / Cookie Reuse
An insufficient session expiration vulnerability in FortiOS SSL-VPN allows an attacker to reuse stale session cookies after logout, potentially leading to unauthorized access. The SVPNTMPCOOKIE remains valid even after the primary SVPNCOOKIE is invalidated during logout. Versions affected include...
📄 Glass Cage Zero-Click iMessage Exploit Details
Glass Cage, a vulnerability chain discovered on iOS 18.2, enables an attacker to compromise a device silently by sending a single malicious PNG image via iMessage. The exploit bypasses multiple layers of Apple's defenses, including BlastDoor, WebKit sandboxing, and CoreMedia memory protections...
📄 SIMCom SIM7600G Modem Undocumented Root Shell Access
The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands. SEC Consult...
📄 ONLYOFFICE Docs 8.3.1 Cross Site Scripting
ONLYOFFICE Docs versions 8.3.1 and below suffers from a reflective cross site scripting vulnerability. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected Cross-Site Scripting product: ONLYOFFICE Docs...
📄 Freefloat FTP Server 1.0 Remote Buffer Overflow
Freefloat FTP Server version 1.0 suffers from a buffer overflow vulnerability. Exploit Title: Freefloat FTP Server 1.0 - Remote Buffer Overflow Date: 22 may 2025 Notification vendor: No reported Discovery by: Fernando Mengali LinkedIn: https://www.linkedin.com/in/fernando-mengali-273504142/...
📄 Microsoft Windows 11 SMB Client Privilege Escalation / Remote Code Execution
This proof of concept demonstrates a complex attack chain exploiting improper access control in Windows SMB clients, leading to elevation of privilege through DNS record injection, NTLM relay attacks using impacket-ntlmrelayx, and coercion of a victim system including Windows 11 to authenticate t...
📄 PCMan FTP Server 2.0.7 Buffer Overflow
PCMan FTP server version 2.0.l7 suffers from a buffer overflow vulnerability. Exploit Title: PCMan FTP Server 2.0.7 - Buffer Overflow Date: 04/17/2025 Exploit Author: Fernando Mengali Vendor Homepage: http://pcman.openfoundry.org/ Software Link:...
📄 Beakon SQL Injection
Beakon versions prior to 5.4.3 suffer from a remote unauthenticated time-based SQL injection vulnerability. Title: Unauthenticated Time Based SQL Injection Vulnerability in Beakon versions prior to 5.4.3 Description: An unauthenticated time-based SQL injection vulnerability exists in the Beakon...
📄 Skyvern 0.1.85 Remtoe Code Execution / SSTI
Skyvern version 0.1.85 suffers from a remote code execution vulnerability via server-side template injection. Exploit Title: Skyvern 0.1.85 - Remote Code Execution RCE via SSTI Date: 2025-06-15 Exploit Author: Cristian Branet Vendor Homepage: https://www.skyvern.com/ Software Link:...
📄 Microsoft Windows 10 WebDAV Remote Code Execution
This exploit leverages the behavior of Windows .URL files to execute a remote binary over a UNC path. When a victim opens or previews the .URL file e.g. from email, the system may automatically reach out to the specified path e.g. WebDAV or SMB share, leading to arbitrary code execution without...
📄 EMQX 5.8.5 Remote Code Execution
A remote code execution vulnerability exists in the EMQX Dashboard component of EMQX, up to and including version 5.8.5. Authenticated users can upload plugins containing arbitrary code, including any kind of Erlang code, which may be executed on the server hosting the web interface. This is...
📄 WAGO Remote Code Execution
WAGO remote code execution exploit that affects multiple products due to allowing an unauthenticated attacker to change the configuration. package main import "bufio" "bytes" "crypto/tls" "encoding/json" "flag" "fmt" "io" "net/http" "os" "regexp" "strings" "sync" "time" const // ANSI color codes...
📄 Mobile Mouse Server 3.6.3 Remote Code Execution
Mobile Mouse Server for macOS exposes a TCP control interface on port 9090, which accepts plaintext commands to simulate keyboard input and launch applications. By default, no authentication is required, allowing a remote attacker to fully control the target system. Version 3.6.3 is affected...
📄 AirKeyboard 1.9.0.0 Integer Overflow / Denial of Service
AirKeyboard version 1.9.0.0 suffers from an integer overflow vulnerability in its TCP request handler. The ReadLength method parses a 4-byte user-supplied length field without bounds checking, allowing attackers to trigger a denial-of-service by sending a malformed packet with an oversized length...
📄 PHP CGI Remote Code Execution
A critical vulnerability in PHP's CGI implementation allows remote attackers to execute arbitrary code through command injection. The vulnerability exists due to improper handling of command-line arguments in PHP CGI, which can be exploited to bypass security restrictions and execute arbitrary...
📄 AirKeyboard iOS App 1.0.5 Remote Input Injection
The AirKeyboard iOS application version 1.0.5 exposes a WebSocket server on port 8888 which accepts arbitrary input injection messages from any client. No authentication or pairing process is required. This allows any attacker to type arbitrary keystrokes directly into the victim’s iOS device in...
📄 Palo Alto PAN-OS CLI Crash
This Metasploit module triggers a denial-of-service condition in the CLI of Palo Alto PAN-OS by sending an overly long input after authentication. This module requires Metasploit Framework and compatible Ruby. require 'msf/core' require 'net/ssh' class MetasploitModule 'Palo Alto PAN-OS CLI Crash...
📄 Remote for Windows 2024.15 Insecure Direct Object Reference
Remote for Windows Helper version 2024.15 contains an insecure direct object reference IDOR vulnerability. Attackers can access privileged API functions by reusing any "Allowed" client token from clients.json without authentication, leading to full system compromise. Exploit Title: Remote for...
📄 Remote for Windows 2024.15 Helper Remote Code Execution
Remote for Windows version 2024.15 proof of concept remote code execution exploit that works when the "ask to grant access for unknown iOS devices" in settings is unchecked. Exploit Title: Remote for Windows 2024.15 helper - RCE V2 Date: 2025-06-13 Exploit Author: Chokri Hammedi Vendor Homepage:...
📄 Mongoose HTTP Denial of Service
Mongoose HTTP versions prior to 7.14 appear to suffer from a basic resource exhaustion denial of service vulnerability. Exploit Title: Mongoose HTTP 7.14 DDOS Stack-Based Free Discovered by: Yehia Elghaly Discovered Date: 2025-06-11 Vendor Homepage: https://mongoose.ws/ Software Link :...
📄 Microsoft Excel Remote Code Execution
Microsoft Excel appears to suffer from a remote code execution vulnerability via a malicious macro. Titles: Microsoft Excel Local Code Execution Vulnerability Author: nu11secur1ty Date: 06/09/2025 Vendor: Microsoft Software: https://www.microsoft.com/en/microsoft-365/excel?market=af Reference:...
📄 WordPress Likes and Dislikes 1.0.0 SQL Injection
The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the post parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
📄 Litespeed Cache 6.4.0.1 Privilege Escalation
Litespeed Cache version 6.4.0.1 suffers from a privilege escalation vulnerability. Exploit Title: Litespeed Cache 6.4.0.1 - Privilege Escalation Date: 2025-06-10 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Country:...
📄 WordPress HyperComments 1.2.2 Privilege Escalation
The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hcrequesthandler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to...
📄 Roundcube 1.6.10 Remote Code Execution
Roundcube Webmail versions prior to 1.5.10 and versions 1.6.x prior to 1.6.11 allow remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP object deserialization. An attacker can execute arbitrary...
📄 WordPress RealHomes Theme 4.4.0 Privilege Escalation
WordPress RealHomes Theme versions 4.4.0 and below suffer from a privilege escalation vulnerability. CVE-2025-4601 - WordPress RealHomes Theme = 4.4.0 - Privilege Escalation 🔥 Vulnerability Summary The WordPress theme RealHomes versions = 4.4.0 is vulnerable to a privilege escalation vulnerabilit...
📄 DokuWiki 2025-05-14a Shell Upload
DokuWiki version 2025-05-14a suffers from a remote shell upload vulnerability. Exploit Title: DokuWiki 2025-05-14a Remote Code Execution via File Upload Authenticated Exploit Author: tmrswrr Vendor Homepage: https://www.dokuwiki.org/dokuwiki Software Link:...
📄 INDAMED - MEDICAL OFFICE Demo Version Privilege Escalation / Default Credentials
INDAMED - MEDICAL OFFICE demo version revision 18544 II/20224 suffers from local privilege escalation and default credential vulnerabilities. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation a...
📄 FUDForum 3.2.0 Cross Site Scripting
FUDForum version 3.2.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: FUDForum 3.2.0 Stored XSS Authenticated Exploit Author: tmrswrr Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.2.0.zip/download Versi...
📄 FUDForum 3.2.0 Command Injection
FUDForum version 3.2.0 suffers from a code injection vulnerability. Exploit Title: FUDForum 3.2.0 Command Injection Authenticated Exploit Author: tmrswrr Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.2.0.zip/download Version : 3.2.0...
📄 vBulletin 4.x movepm PHP Object Injection
In vBulletin 4.x, a flawed security patch from 2014 has introduced a new post-auth PHP object injection vector by replacing serialize with jsonencode — ironically making it possible to get vBulletin to sign attacker-controlled base64-encoded payloads, potentially allowing users to perform remote...
📄 SDiagnostics 10.0.22621.3527 UAC Bypass
SDiagnostics versions 10.0.22621.3527 and below suffer from a UAC bypass vulnerability. Exploit name: UAC Bypass SDiagnostic.exe Troubleshooter Exploit author: Juan Sacco https://exploitpack.com Description: SDiagnostics version 10.0.22621.3527 and prior is vulnerable to an UAC User Account Contr...