50630 matches found
📄 ezPortal 5.6 SQL Injection
ezPortal version 5.6 for Simple Machines Forum suffers from a SQL injection issue that may be exploitable. Exploit Title: ezportal Advisory Portal Mod for SMF Local SQL injection Google Dork: inurl:index.php?action=ezportal Date: 2025-05-08 Exploit Author: Emiliano Febbi Vendor Homepage:...
📄 BeyondTrust Privileged Remote Access 24.3 Takeover
BeyondTrust Privileged Remote Access PRA version 24.3 suffers a privileged login takeover vulnerability due to a passwordless ssh tunnel. === Details ======================================================== Vendor: BeyondTrust Product: Privileged Remote Access PRA Subject: PRA connection takeover...
📄 WordPress ConvertPlus 3.5.30 Denial of Service
The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the cpdismissnotice AJAX endpoint in all versions up to, and including, 3.5.30. CVE-2024-13800 Popup Plugin For WordPress - ConvertPlus...
📄 WordPress OttoKit 1.0.82 Privilege Escalation
WordPress OttoKit plugin versions 1.0.82 and below suffer from a privilege escalation vulnerability. This plugin used to be called SureTriggers. CVE-2025-27007: OttoKit SureTriggers Privilege Escalation Vulnerability Exploitation of CVE-2025-27007, a critical vulnerability in unauthorized privile...
📄 Grokability Snipe-IT 8.0.4 Insecure Direct Object Reference
Grokability Snipe-IT versions 8.0.4 and below suffer from an insecure direct object reference vulnerability. Exploit Title: Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference IDOR Google Dork: N/A Date: 2025-05-02 Exploit Author: Sn1p3r-H4ck3r Siripong Jintung Vendor Homepage:...
📄 Casdoor 1.901.0 Cross Site Request Forgery
Casdoor version 1.901.0 suffers from a cross site request forgery vulnerability. Exploit Title: Casdoor 1.901.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: 1.901.0 Date: 03/07/2024 Exploit Author: Van Lam Nguyen Vendor Homepage: https://casdoor.org/ Software Link:...
📄 ERPNext 14.82.1 Cross Site Request Forgery
ERPNext versions 14.82.1 and below suffer from a cross site request forgery vulnerability. Exploit Title: ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery CSRF Google Dork: inurl:"/api/method/frappe" Date: 2025-04-29 Exploit Author: Ahmed Thaiban Thvt0ne Vendor Homepage:...
📄 Erlang-Based SSH OTP Pre-Authentication Remote Code Execution
This Metasploit module detect and exploits CVE-2025-32433, a pre-authentication vulnerability in Erlang-based SSH servers that allows remote command execution. By sending crafted SSH packets, it executes a payload to establish a reverse shell on the target system. The exploit leverages a flaw in...
📄 ZTE ZXV10 H201L Remote Code Execution
ZTE ZXV10 H201L suffers from a remote code execution vulnerability that can be leveraged via an authentication bypass. Exploit Title: ZTE ZXV10 H201L - RCE via authentication bypass Exploit Author: l34n tasos meletlidis https://i0.rs/blog/finding-0click-rce-on-two-zte-routers/ import http.client,...
📄 Craft CMS Image Transform Pre-Authenticaton Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability in Craft CMS versions 3.x, 4.x, and 5.x prior to 5.6.17 via the image transform endpoint. It injects a PHP Meterpreter payload into the Craft session, then triggers its execution by abusing the Yii behavior...
📄 Microsoft Windows XRM-MS NTLM Hash Disclosure
Microsoft Windows suffers from another NTLM hash disclosure vulnerability. This time it is related to the xrm-ms file type. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MicrosoftWindowsxrm-msFileNTLM-HashDisclosure.tx...
📄 WonderCMS 3.x Remote Code Execution
This Metasploit module exploits CVE-2023-41425, an authenticated file upload vulnerability affecting WonderCMS versions between 3.2.0 and 3.4.2. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class...
📄 unzip-stream 0.3.1 Arbitrary File Write
unzip-stream version 0.3.1 suffers from an arbitrary file write vulnerability. Exploit Title: unzip-stream 0.3.1 - Arbitrary File Write Date: 18th April, 2024 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/mhr3/unzip-stream Version: unzip-stream 0.3.1 Tested on: Ubunt...
📄 Daikin Security Gateway 214 Remote Password Reset
The Daikin Security Gateway exposes a critical vulnerability in its password reset API endpoint. Due to an insecure direct object reference IDOR flaw, an unauthenticated attacker can send a crafted POST request to this endpoint, bypassing authentication mechanisms. Successful exploitation resets...
📄 Inedo ProGet 2024.22 Denial of Service / Information Disclosure / CSRF
Inedo ProGet version 2024.22 suffers from cross site request forgery, denial of service, and information disclosure vulnerabilities. Inedo ProGet 2024.22 and below are vulnerable to unauthenticated denial of service and information disclosure attacks among other things because the information...
📄 Ruby on Rails Cross Site Request Forgery
Ruby on Rails appears to include a one time pad for cross site request forgery protections to the user, making it possible to forge valid tokens. Good morning. All current versions and all versions since the 2022/2023 "fix" to the Rails cross-site request forgery CSRF protections continue to be...
📄 AlegroCart 1.2.9 Cross Site Scripting
AlegroCart version 1.2.9 suffers from persistent and reflective cross site scripting vulnerabilities. Exploit Title: XSS via SVG Image Upload - alegrocartv1.2.9 Date: 04/2025 Exploit Author: Andrey Stoykov Version: 1.2.9 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ XSS via SVG Imag...
📄 AlegroCart 1.2.9 Logic Flaw
AlegroCart version 1.2.9 suffers from a business logic flaw that allows for price manipulation. Exploit Title: Business Logic Flaw: Price Manipulation - alegrocartv1.2.9 Date: 04/2025 Exploit Author: Andrey Stoykov Version: 1.2.9 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Busines...
📄 Online Shopping System Advanced 1.0 Shell Upload / SQL Injection
Online Shopping System Advanced version 1.0 suffers from remote shell upload and remote SQL injection vulnerabilities. Exploit Title: Online Shopping System Advanced - Remote Code Execution Date: 2025-03-11 Exploit Author: bRpsd Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=bRpsd...
📄 BentoML Runner Server Remote Code Execution
There was an insecure deserialization in BentoML's runner server prior to version 1.4.8. By setting specific headers and parameters in the POST request, it is possible to execute unauthorized arbitrary code in the context of the user running the server, which will grant initial access and...
📄 Zyxel uOS 1.31 Privilege Escalation
The USG FLEX H Series with the operating system Zyxel uOS version 1.31 suffers from a local privilege escalation vulnerability via the setuid binary fermion-wrapper. -- HNS-2025-10 - HN Security Advisory - https://security.humanativaspa.it/ Title: Local privilege escalation via Zyxel...
📄 Online Exam Mastering System 1.0 Cross Site Scripting
Online Exam Mastering System version 1.0 suffers from a cross site scripting vulnerability. Exploit Title: code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting XSS Google Dork: inurl:/exam/feedback.php Date: 2025-04-19 Exploit Author: Pruthu Raut Vendor Homepage:...
📄 tar-fs 3.0.0 Arbitrary File Write
tar-fs version 3.0.0 suffers from an arbitrary file write vulnerability. Exploit Title: tar-fs 3.0.0 - Arbitrary File Write/Overwrite Date: 17th April, 2024 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/mafintosh/tar-fs Version: tar-fs 3.0.0 Tested on: Ubuntu CVE:...
📄 Microsoft Windows 11 23h2 Privilege Escalation
Microsoft Windows 11 23h2 CLFS.sys proof of concept privilege escalation exploit. Exploit Title:Microsoft Windows 11 23h2 - 'CLFS.sys' Elevation of Privilege Vulnerability Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H:...
📄 Microsoft Windows 11 Kernel Privilege Escalation
Microsoft Windows 11 suffers from a privilege escalation vulnerability. Exploit Title: Microsoft Windows 11 - Kernel Privilege Escalation Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Tested on: Win,...
📄 OpenSSH 9.8p1 Race Condition
Proof of concept race condition exploit for OpenSSH server version 9.8p1. Exploit Title : OpenSSH server sshd 9.8p1 - Race Condition Author : Milad Karimi Ex3ptionaL Date : 2025-04-16 Description: Targets a signal handler race condition in OpenSSH's server sshd on glibc-based Linux systems. It...
📄 Clothing Store Management System 1.0 SQL Injection
Clothing Store Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Titles: Clothing Store Management System-1.0 SQLi Bypass Authentication Author: nu11secur1ty Date: 04/22/2025 Vendor: https://github.com/oretnom23 Software:...
📄 Android 13 Local Privilege Escalation
Android version 13 local privilege escalation proof of concept exploit. Exploit Title: Android 13 - Local Privilege Escalation Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Version: = 13 Tested on: Win,...
📄 WordPress 123pan Cloud Storage 1.0 File Deletion / Shell Upload / Injection
WordPress 123pan Cloud Storage plugin version 1.0 suffers from token handling, remote shell upload, file deletion, and HTTP header injection vulnerabilities. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title WordPress 123pan Cloud Storage Plugin - Multiple...
📄 Joomla 3.7.1 SQL Injection
Joomla version 3.7.1 proof of concept remote SQL injection exploit. Exploit Title: Joomla 3.7.1 - Sql Injection Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H:...
📄 WonderCMS 3.4.2 Cross Site Scripting / Code Execution
WonderCMS version 3.4.2 proof of concept cross site scripting to code execution exploit. Exploit Title: WonderCMS v3.4.2 XSS to RCE Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H:...
📄 GitLab 16.7.2 Account Takeover
GitLab version 16.7.2 proof of concept account takeover via password reset exploit. Exploit Title: GitLab 16.7.2 - Account Takeover via Password Reset without user interactions Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H:...
📄 WordPress Easy Restaurant Manager 1.0 XSS / SQL Injection / IDOR
WordPress Easy Restaurant Manager plugin version 1.0 suffers from persistent cross site scripting, insecure direct object reference, a missing access control, and remote SQL injection vulnerabilities. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title WordPress...
📄 Drupal 11.x-dev Path Disclosure
Drupal version 11.x-dev suffers from a path disclosure vulnerability. !/usr/bin/env python Exploit Title: Drupal 11.x-dev - Full Path Disclosure Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H:...
📄 Tatsu 3.3.11 Remote Code Execution
Tatsu versions 3.3.11 and below pre-authentication proof of concept remote code execution exploit. !/usr/bin/python3 coding: utf-8 Exploit Title:Tatsu = 3.3.11 pre-auth RCE exploit Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H:...
📄 compop.ca 3.5.3 Arbitrary Code Execution
compop.ca version 3.5.3 suffers from an arbitrary code execution vulnerability. Exploit Title: compop.ca 3.5.3 - Arbitrary code Execution Google Dork: Terms of Use inurl:compop.vip Date: 22/12/2024 Exploit Author: dmlino Vendor Homepage: https://www.compop.ca/ Version: 3.5.3 CVE : CVE-2024-48445...
📄 WordPress MapSVG Lite 8.5.34 Shell Upload
WordPress MapSVG Lite plugin versions 8.5.34 and below suffer from a remote shell upload vulnerability. 🐚 CVE-2025-32682 - Arbitrary File Upload in MapSVG Lite = 8.5.34 📌 Plugin Details - Name: MapSVG Lite - Affected Version: = 8.5.34 - Vulnerability Type: Arbitrary File Upload - CVE ID:...
📄 Apache Commons Text 1.10.0 Remote Code Execution
Apache Commons Text version 1.10.0 suffers from a remote code execution vulnerability. Exploit Title: Apache Commons Text 1.10.0 - Remote Code Execution Text4Shell - POST-based Date: 2025-04-17 Exploit Author: Arjun Chaudhary Vendor Homepage: https://commons.apache.org/proper/commons-text/ Softwa...
📄 Blood Bank and Donor Management System 2.4 Cross Site Request Forgery
Blood Bank and Donor Management System version 2.4 suffers from a cross site request forgery vulnerability. Exploit Title: Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation Google Dork: N/A Date: 2024-12-26 Exploit Author: Kwangyun Keum Vendor Homepage:...
📄 UJCMS 9.6.3 Insecure Direct Object Reference
UJCMS version 9.6.3 suffers from an insecure direct object reference vulnerability that enables user enumeration. Exploit Title: UJCMS 9.6.3 User Enumeration via IDOR Exploit Author: Cyd Tseng Date: 11 Dec 2024 Category: Web application Vendor Homepage: https://dromara.org/ Software Link:...
📄 TP-Link VN020 F3v(T) TT_V6.2.1021 Buffer Overflow
TP-Link VN020 F3vT version TTV6.2.1021 suffers from a buffer overflow vulnerability. Exploit Title: TP-Link VN020 F3vT TTV6.2.1021 - Buffer Overflow Memory Corruption Date: 11/24/2024 Exploit Author: Mohamed Maatallah Vendor Homepage: https://www.tp-link.com Version: TTV6.2.1021 VN020-F3vT Tested...
📄 TP-Link VN020 F3v(T) TT_V6.2.1021 Denial of Service
TP-Link VN020 F3vT version TTV6.2.1021 suffers from a denial of service vulnerability. Exploit Title: TP-Link VN020 F3vT TTV6.2.1021 - Denial Of Service DOS Date: 10/22/2024 Exploit Author: Mohamed Maatallah Vendor Homepage: https://www.tp-link.com Version: TTV6.2.1021 VN020-F3vT Tested on:...
📄 Meshtastic Buffer Overflow
A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not require authentication or user interaction, as long as...
📄 Smart Manager 8.27.0 SQL Injection
Smart Manager version 8.27.0 suffers from a remote SQL injection vulnerability. Exploit Title: Smart Manager 8.27.0 - Post-Authenticated SQL Injection Date: 2024-01-18 Exploit Author: Ivan Spiridonov - xbz0n Vendor Homepage: https://www.storeapps.org/ Software Link:...
📄 Zabbix 7.0.0 SQL Injection
Zabbix version 7.0.0 suffers from a remote SQL injection vulnerability. Exploit Title: Zabbix 7.0.0 - SQL Injection Date: 06/12/2024 Exploit Author: Leandro Dias Barata @m4nb4 Vendor Homepage: https://www.zabbix.com/ Software Link: https://support.zabbix.com/browse/ZBX-25623 Version: 6.0.0 - 6.0....
📄 phpMyFAQ 3.1.7 Cross Site Scripting
phpMyFAQ version 3.1.7 suffers from a cross site scripting vulnerability. Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpMyFAQ Software Link: https://github.com/thorsten/phpMyFAQ Versio...
📄 NagVis 1.9.33 Arbitrary File Read
NagVis version 1.9.33 suffers from an arbitrary file read vulnerability. Exploit Title: NagVis 1.9.33 - Arbitrary File Read Date: 03/12/2024 Exploit Author: David Rodríguez a.k.a. xerosec Vendor Homepage: https://www.nagvis.org/ Software Link: https://www.nagvis.org/downloads/archive Version:...
📄 Teedy 1.11 Cross Site Scripting
Teedy version 1.11 suffers from a persistent cross site scripting vulnerability. Exploit Title: Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting XSS Exploit Author: Ayato Shitomi @ Fore-Z co.ltd Demo Video: https://www.youtube.com/watch?v=udQgVogsmhA Vendor Homepage: https://teedy.io...
📄 Hugging Face Transformers MobileViTV2 4.41.1 Remote Code Execution
Hugging Face Transformers MobileViTV2 version 4.41.1 suffers from a remote code execution vulnerability. Exploit Title: Hugging Face Transformers MobileViTV2 RCE Date: 29-11-2024 Exploit Author: The Kernel Panic Vendor Homepage: https://huggingface.co/ Software Link:...
📄 phpMyFAQ 3.2.10 Unintended File Download
phpMyFAQ version 3.2.10 suffers from an unintended file download vulnerability. Exploit Title: phpMyFAQ v3.2.10 - Unintended File Download Triggered by Embedded Frames Date: 13 Dec 2024 Exploit Author: George Chen Vendor Homepage: https://github.com/thorsten/phpMyFAQ/ Software Link:...