📄 ABB Cylon Aspect Studio 3.08.03 CylonLicence.dll Binary Planting

A DLL hijacking vulnerability exists in Aspect-Studio version 3.08.03, where the application attempts to load a library named CylonLicence via System.loadLibrary"CylonLicence" without a full path, falling back to the standard library search order. If an attacker can plant a malicious...

📄 ABB Cylon Aspect 3.08.03 Remote Code Execution

ABB Cylon Aspect version 3.08.03 BMS/BAS is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate...

📄 ABB Cylon Aspect 3.08.03 Remote Code Execution

ABB Cylon Aspect version 3.08.03 BMS/BAS is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate...

📄 ABB Cylon Aspect 3.08.03 productRemovalUpdate.php Remote Code Execution

The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'instance' HTTP POST parameter called by the productRemovalUpdate.php script. The token key POST param needs to be se...

📄 ABB Cylon Aspect 3.08.03 Time Manipulation

ABB Cylon Aspect MIX's NTPServlet allows NTP config changes via the Host: 127.0.0.1 bypass, writing attacker-controlled hosts to NTPTickers and syncing the system clock. A malicious NTP server can manipulate time, enabling DoS or time-based attacks. Version 3.08.03 is affected. ABB Cylon Aspect...

📄 ABB Cylon Aspect 3.08.03 projectUpdateBSXFileProcess.php Remote Guest2Root

The ABB BMS/BAS controller is vulnerable to code execution and sudo misconfiguration flaws. An authenticated remote code execution vulnerability in the firmware update mechanism allows an attacker with valid credentials to escalate privileges and execute commands as root. The process involves...

📄 Invision Community 5.0.6 CustomCss Remote Code Execution

Invision Community versions 5.0.6 and below contain a remote code execution vulnerability in the theme editors customCss endpoint. By crafting a specially formatted content parameter with a expression="…" construct, arbitrary PHP can be evaluated. This Metasploit module leverages that flaw to...

📄 Clinic's Patient Management System 1.0 SQL Injection / Remote Code Execution

This Metasploit module exploits an SQL injection vulnerability in the login portal, allowing an attacker to log in as an admin. Next, it allows the attacker to upload malicious files through user modification to achieve remote code execution. This module requires Metasploit:...

📄 WordPress Motors 5.6.67 Privilege Escalation

WordPress Motors theme versions 5.6.67 and below suffer from a privilege escalation vulnerability that allows for account takeover. 🔐 CVE-2025-4322 – Motors = 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover 📌 Plugin Information - Plugin: Motors = 5.6.67 -...

📄 Remote for Windows 2024.15 Desktop Stream Disclosure

Remote for Windows version 2024.15 has a vulnerability that allows any unauthenticated attacker to access a real-time H.264 stream of the victim’s Windows/Mac desktop. This is achieved by querying the /api/getVersion endpoint to retrieve the liveview.port, and then opening a TCP connection to tha...

📄 Remote for Windows 2024.15 Local Privilege Escalation

Remote for Windows version 2024.15 suffers from a local privilege escalation vulnerability. Exploit Title: Remote for Windows 2024.15 - Local Privilege Escalation Date: 2025-05-19 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link: https://rs.ltd/latest.php?os=win Versio...

📄 ABB Cylon FLXeon 9.3.5 variant.js Information Disclosure

The ABB Cylon FLXeon BACnet controller's /api/variant endpoint exposes sensitive system information, including the internal IP address, MAC address, device model, and build type, without requiring authentication. The get function gathers network interface data using the os.networkInterfaces API a...

📄 Remote for Windows 2024.15 Unauthenticated Desktop Screenshot Capture

Remote for Windows version 2024.15 suffers from a missing authentication vulnerability that allows for the disclosure of desktop screenshots. Exploit Title: Remote for Windows 2024.15 - Unauthenticated Desktop Screenshot Capture Date: 2025-05-19 Exploit Author: Chokri Hammedi Vendor Homepage:...

📄 Remote for Windows 2024.15 Remote Code Execution

Remote for Windows version 2024.15 suffers from multiple remote code execution vulnerabilities. Exploit Title: Remote for Windows 2024.15 - RCE Date: 2025-05-19 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link: https://rs.ltd/latest.php?os=win Version: 2024.15 Tested o...

📄 Cubecart 6.5.9 Cross Site Scripting

Cubecart version 6.5.9 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS in "Description" Functionality - cubecartv6.5.9 Date: 05/2025 Exploit Author: Andrey Stoykov Version: 6.5.9 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Stored XSS 1: Step...

📄 ABB Cylon FLXeon 9.3.5 uukl.js Predictable Salt / Weak Hashing Algorithm

The ABB Cylon FLXeon BACnet controller's /api/uukl.js module implements password verification and update mechanisms using the insecure MD5 hash function alongside weak salt generation via Math.random. This constitutes a cryptographic vulnerability where password hashes are susceptible to collisio...

📄 Ibn Al Haithm 1.0 Insecure Direct Object Reference

Ibn Al Haithm version 1.0 suffers from an insecure direct object reference vulnerability. Exploit Title: Ibn Al Haithm intlaqcit.com - Multiple Vulnerabilities Date: May 19, 2025 Exploit Author: wa03 Telegram: @wa03 Vendor Homepage: intlaqcit.com Version: 1.0 CVE: N/A Google Dork: intxt: Ibn Al...

📄 ABB Cylon FLXeon 9.3.5 bbmdList.js Authenticated Configuration Poisoning

The ABB Cylon FLXeon BACnet controller suffers from a configuration poisoning vulnerability in the put function of bbmdList.js, where the writeFile function is invoked to persist user-controlled data req.body.bipList and req.body.natList directly into sensitive configuration files /etc/bdt.txt an...

📄 Tiiwee X1 Alarm System Replay Attack

The Tiiwee X1 Alarm System suffers from a replay attack using a Flipper Zero. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2025-006 Product: Tiiwee X1 Alarm System Manufacturer: Tiiwee B.V. Affected Versions: TWX1HAKV2 Tested Versions: TWX1HAKV2 Vulnerability Type:...

📄 Ivanti Endpoint Manager DLL Hijacking / Privilege Escalation

The EPM Security Scan Vulscan Self Update is vulnerable to DLL hijacking. When it is installed on a client machine, by default, it creates a scheduled task as SYSTEM that when run, tries to load non-existent ZIP files from ProgramData. A malicious DLL can be inserted into one of the ZIP files whi...

📄 WordPress PSW Front-end Login Registration 1.12 Privilege Escalation

WordPress PSW Front-end Login Registration plugin versions 1.12 and below suffer from a privilege escalation vulnerability. 🔐 CVE-2025-47646 – PSW Front-end Login & Registration = 1.12 📌 Plugin Information - Plugin: PSW Front-end Login & Registration - Vulnerable Version: = 1.12 - CVE:...

📄 CrushFTP 11.3.1 Authentication Bypass / Race Condition

CrushFTP versions prior to 10.8.4 and 11.3.1 suffer from an authentication bypass vulnerability via a race condition and header parsing logic flaw in the AWS4-HMAC authorization mechanism. Exploit Title: CrushFTP 11.3.1 - Authentication Bypass Date: 2025-05-15 Exploit Author: @İbrahimsql Exploit...

📄 HP Sure Access Enterprise / Sure Click Enterprise Missing Authentication

SEC Consult conducted penetration tests on Sure Access in 2022 and on Sure Click in 2023 and established a contact with HP afterwards. After several rounds of emails and meetings with the product development team, the scope and limitations of Sure Access and Sure Click were made clear. This...

📄 RSI Queue Management System 3.0 SQL Injection

An unauthenticated blind SQL injection vulnerability exists in RSI Queue Management System version 3.0 within the TaskID parameter of the get request handler. Attackers can remotely inject time-delayed SQL payloads to induce server response delays, enabling time-based inference and iterative...

📄 ABB Cylon FLXeon 9.3.5 siteGuide.js Authenticated Root Remote Code Execution

The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated remote root code execution via the /api/siteGuide endpoint. An attacker with valid credentials can inject arbitrary system commands by manipulating the filename and/or originalname parameters. The issue arises due to improper...

📄 ABB Cylon FLXeon 9.3.5 siteGuide.js Authenticated Directory Traversal

The ABB Cylon FLXeon BACnet controller is vulnerable to authenticated file traversal via the /api/siteGuide endpoint. An attacker with valid credentials can manipulate the filename parameter to move and access or overwrite arbitrary files. The issue arises due to improper input validation in...

📄 Samsung MagicINFO 9 Server Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Samsung MagicINFO 9 Server versions less than or equal to 21.1050.0. Remote code execution can be obtained by exploiting the path traversal vulnerability CVE-2024-7399 in the SWUpdateFileUploader servlet, which can be querie...

📄 Economizzer 0.9-beta1 Session Invalidation

Economizzer version 0.9-beta1 fails to properly invalidate user sessions. A session management vulnerability exists in gugoan's Economizzer v.0.9-beta1. The application fails to properly invalidate user sessions upon logout or other session termination events. As a result, a valid session remains...

📄 Magnolia DX Core 6.3.8 Command Injection

Magnolia DX Core version 6.3.8 suffers from a remote command injection vulnerability. Exploit Title: Magnolia DX Core 6.3.8 - Command Injection Date: 05/16/2025 Exploit Author: tmrswrr Version: 6.3.8 Vendor home page: https://docs.magnolia-cms.com/home/ Product:...

📄 Economizzer 0.9-beta1 Cross Site Scripting

Economizzer version 0.9-beta1 suffers from multiple persistent cross site scripting vulnerabilities. A persistent cross-site scripting XSS vulnerability exists in gugoan's Economizzer v.0.9-beta1 The application fails to properly sanitize user-supplied input when creating a new cash book entry vi...

📄 Automic Automation Agent Unix Privilege Escalation

An agent configured to run in privileged mode using the SetUID-Bit can be used to escalate privileges, by supplying an ini file with the "authentication" option set to "PAM" and the "libName" option set to a shared object file controlled by the attacker. The shared object will be loaded in an...

📄 Honeywell MB-Secure Command Injection

Honeywell MB-Secure versions 11.04 and up to 12.53 and PRO versions from 01.06 to 03.09 suffer from an authenticated command injection vulnerability. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Comman...

📄 Remote Keyboard Desktop 1.0.1 Remote Code Execution

Remote Keyboard Desktop version 1.0.1 suffers from a remote code execution vulnerability. Exploit Title: Remote Keyboard Desktop 1.0.1 Remote Code Execution Date: 05/17/2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://remotecontrolio.web.app/ Software Link:...

📄 ABB Cylon FLXeon 9.3.5 capture.js Authenticated File Disclosure / Deletion

The ABB Cylon FLXeon BACnet controller is vulnerable to a path traversal flaw in its capture.js endpoint due to unsanitized user input being directly concatenated into a filesystem path. An attacker can exploit this by supplying crafted file names to access arbitrary files outside the intended va...

📄 Ivanti Connect Secure 22.7R2.5 Remote Code Execution

This Metasploit module exploits a stack-based buffer overflow vulnerability in Ivanti Connect Secure to achieve remote code execution CVE-2025-22457. Versions 22.7R2.5 and earlier are vulnerable. Note that Ivanti Pulse Connect Secure, Ivanti Policy Secure and ZTA gateways are also vulnerable but...

📄 Nextcloud Workflows Remote Code Execution

This Metasploit module adds workflows as an authenticated user which can only be created by administrators by design. If the app "Nextcloud Workflow Script" is installed it is possible to generate a workflow that executes commands. This module requires Metasploit: https://metasploit.com/download...

📄 WordPress User Registration and Membership Privilege Escalation

WordPress User Registration and Membership plugin versions prior to 4.1.2 remote privilege escalation exploit that executes a PHP payload. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WP Use...

📄 Invision Community 5.0.6 Remote Code Execution

Invision Community versions 5.0.0 through 5.0.6 suffer from a customCss related remote code execution vulnerability. --------------------------------------------------------------------------- Invision Community = 5.0.6 customCss Remote Code Execution Vulnerability...

📄 Car Rental System 1.0 Shell Upload

This Metasploit module exploits an authenticated remote code execution vulnerability in the Online Car Rental System 1.0 via the changeimage1.php endpoint. An authenticated attacker can upload malicious PHP scripts without proper validation, enabling arbitrary code execution on the server. This...

📄 WordPress SureTriggers 1.0.78 Authentication Bypass / Remote Code Execution

This Metasploit module exploits an authorization bypass in the WordPress SureTriggers plugin versions 1.0.78 and below to create an administrator account and then uploads and executes a PHP payload. This module requires Metasploit: https://metasploit.com/download Current source:...

📄 LINQPad Insecure Deserialization

This Metasploit module exploits a bug in LINQPad up to version 5.48.00. The bug is only exploitable in paid version of software. The core of a bug is cache file containing deserialized data, which attacker can overwrite with malicious payload. The data gets deserialized every time the app restart...

📄 WordPress Frontend Login and Registration Blocks 1.0.7 Privilege Escalation

WordPress Frontend Login and Registration Blocks plugin versions 1.0.7 and below suffer from a privilege escalation vulnerability. Exploit Title: WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation Google Dork:...

📄 Kentico Xperience 13.0.178 Cross Site Scripting

Kentico Xperience version 13.0.178 suffers from a cross site scripting vulnerability. Exploit Title: Kentico Xperience 13.0.178 - Cross Site Scripting XSS Date: 2025-05-09 Version: Kentico Xperience before 13.0.178 Exploit Author: Alex Messham Contact: [email protected] Source:...

📄 TP-Link VN020-F3v(T) DHCP Stack Buffer Overflow

TP-Link VN020-F3vT suffers from a DHCP stack buffer overflow vulnerability. / Exploit Title: TP-Link VN020 F3vT TTV6.2.1021 - DHCP Stack Buffer Overflow Date: 10/20/2024 Exploit Author: Mohamed Maatallah Vendor Homepage: https://www.tp-link.com Version: TTV6.2.1021 VN020-F3vT Tested on: VN020-F3v...

📄 DiskBoss Enterprise 7.4.28 Remtoe Buffer Overflow

DiskBoss Enterprise version 7.4.28 GET remote buffer overflow SEH exploit with egghunter shellcode. Exploit Title: DiskBoss Enterprise 7.4.28 - 'GET' Remote Buffer Overflow SEH - Egghunter Date: 2025-05-05 Exploit Author: Fernando Mengali Linkedin:...

📄 RDPGuard 9.9.9 Privilege Escalation

RDPGuard version 9.9.9 suffers from a privilege escalation vulnerability. Exploit Title: RDPGuard 9.9.9 - Privilege Escalation SYSTEM Discovered by: Ahmet Ümit BAYRAM Discovered Date: 09.05.2025 Vendor Homepage: https://rdpguard.com Software Link: https://rdpguard.com/download.aspx Tested Version...

📄 Feng Office 3.5.1.5 SQL Injection

Feng Office version 3.5.1.5 suffers from a remote SQL injection vulnerability. Titles: fengoffice3.5.1.5 - SQLi Author: nu11secur1ty Date: 05/11/2025 Vendor: https://www.fengoffice.com/ Software: https://trials.fengoffice.com/register?edition=starter Reference:...

📄 VirtualBox 7.0.16 Privilege Escalation

VirtualBox version 7.0.16 suffers from a privilege escalation vulnerability. Exploit Title: VirtualBox 7.0.16 - Local Privilege Escalation Date: 2025-05-06 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Tested on: Win x64...

📄 Microsoft Windows 11 Pro 23H2 Privilege Escalation

Microsoft Windows version 11 Pro 23H2 Ancillary Function Driver for WinSock privilege escalation exploit. Exploit Title: Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Elevation of Privilege Date: 2025-05-05 Exploit Author: Milad Karimi Ex3ptionaL Contact:...

📄 Easy!Appointments 1.5.1 Denial of Service

Easy!Appointments version 1.5.1 suffers from a denial of service vulnerability due to a logic flaw. CVE-2025-29448 Description booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by...