50738 matches found
📄 WordPress Frontend Login and Registration Blocks 1.0.7 Privilege Escalation
WordPress Frontend Login and Registration Blocks plugin versions 1.0.7 and below suffer from a privilege escalation vulnerability. Exploit Title: WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation Google Dork:...
📄 Kentico Xperience 13.0.178 Cross Site Scripting
Kentico Xperience version 13.0.178 suffers from a cross site scripting vulnerability. Exploit Title: Kentico Xperience 13.0.178 - Cross Site Scripting XSS Date: 2025-05-09 Version: Kentico Xperience before 13.0.178 Exploit Author: Alex Messham Contact: [email protected] Source:...
📄 RDPGuard 9.9.9 Privilege Escalation
RDPGuard version 9.9.9 suffers from a privilege escalation vulnerability. Exploit Title: RDPGuard 9.9.9 - Privilege Escalation SYSTEM Discovered by: Ahmet Ümit BAYRAM Discovered Date: 09.05.2025 Vendor Homepage: https://rdpguard.com Software Link: https://rdpguard.com/download.aspx Tested Version...
📄 DiskBoss Enterprise 7.4.28 Remtoe Buffer Overflow
DiskBoss Enterprise version 7.4.28 GET remote buffer overflow SEH exploit with egghunter shellcode. Exploit Title: DiskBoss Enterprise 7.4.28 - 'GET' Remote Buffer Overflow SEH - Egghunter Date: 2025-05-05 Exploit Author: Fernando Mengali Linkedin:...
📄 Feng Office 3.5.1.5 SQL Injection
Feng Office version 3.5.1.5 suffers from a remote SQL injection vulnerability. Titles: fengoffice3.5.1.5 - SQLi Author: nu11secur1ty Date: 05/11/2025 Vendor: https://www.fengoffice.com/ Software: https://trials.fengoffice.com/register?edition=starter Reference:...
📄 Microsoft Windows 11 Pro 23H2 Privilege Escalation
Microsoft Windows version 11 Pro 23H2 Ancillary Function Driver for WinSock privilege escalation exploit. Exploit Title: Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Elevation of Privilege Date: 2025-05-05 Exploit Author: Milad Karimi Ex3ptionaL Contact:...
📄 VirtualBox 7.0.16 Privilege Escalation
VirtualBox version 7.0.16 suffers from a privilege escalation vulnerability. Exploit Title: VirtualBox 7.0.16 - Local Privilege Escalation Date: 2025-05-06 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Tested on: Win x64...
📄 Easy!Appointments 1.5.1 Denial of Service
Easy!Appointments version 1.5.1 suffers from a denial of service vulnerability due to a logic flaw. CVE-2025-29448 Description booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by...
📄 ezPortal 5.6 SQL Injection
ezPortal version 5.6 for Simple Machines Forum suffers from a SQL injection issue that may be exploitable. Exploit Title: ezportal Advisory Portal Mod for SMF Local SQL injection Google Dork: inurl:index.php?action=ezportal Date: 2025-05-08 Exploit Author: Emiliano Febbi Vendor Homepage:...
📄 WordPress ConvertPlus 3.5.30 Denial of Service
The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the cpdismissnotice AJAX endpoint in all versions up to, and including, 3.5.30. CVE-2024-13800 Popup Plugin For WordPress - ConvertPlus...
📄 BeyondTrust Privileged Remote Access 24.3 Takeover
BeyondTrust Privileged Remote Access PRA version 24.3 suffers a privileged login takeover vulnerability due to a passwordless ssh tunnel. === Details ======================================================== Vendor: BeyondTrust Product: Privileged Remote Access PRA Subject: PRA connection takeover...
📄 WordPress OttoKit 1.0.82 Privilege Escalation
WordPress OttoKit plugin versions 1.0.82 and below suffer from a privilege escalation vulnerability. This plugin used to be called SureTriggers. CVE-2025-27007: OttoKit SureTriggers Privilege Escalation Vulnerability Exploitation of CVE-2025-27007, a critical vulnerability in unauthorized privile...
📄 Grokability Snipe-IT 8.0.4 Insecure Direct Object Reference
Grokability Snipe-IT versions 8.0.4 and below suffer from an insecure direct object reference vulnerability. Exploit Title: Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference IDOR Google Dork: N/A Date: 2025-05-02 Exploit Author: Sn1p3r-H4ck3r Siripong Jintung Vendor Homepage:...
📄 ERPNext 14.82.1 Cross Site Request Forgery
ERPNext versions 14.82.1 and below suffer from a cross site request forgery vulnerability. Exploit Title: ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery CSRF Google Dork: inurl:"/api/method/frappe" Date: 2025-04-29 Exploit Author: Ahmed Thaiban Thvt0ne Vendor Homepage:...
📄 Casdoor 1.901.0 Cross Site Request Forgery
Casdoor version 1.901.0 suffers from a cross site request forgery vulnerability. Exploit Title: Casdoor 1.901.0 - Cross-Site Request Forgery CSRF Application: Casdoor Version: 1.901.0 Date: 03/07/2024 Exploit Author: Van Lam Nguyen Vendor Homepage: https://casdoor.org/ Software Link:...
📄 Erlang-Based SSH OTP Pre-Authentication Remote Code Execution
This Metasploit module detect and exploits CVE-2025-32433, a pre-authentication vulnerability in Erlang-based SSH servers that allows remote command execution. By sending crafted SSH packets, it executes a payload to establish a reverse shell on the target system. The exploit leverages a flaw in...
📄 ZTE ZXV10 H201L Remote Code Execution
ZTE ZXV10 H201L suffers from a remote code execution vulnerability that can be leveraged via an authentication bypass. Exploit Title: ZTE ZXV10 H201L - RCE via authentication bypass Exploit Author: l34n tasos meletlidis https://i0.rs/blog/finding-0click-rce-on-two-zte-routers/ import http.client,...
📄 WonderCMS 3.x Remote Code Execution
This Metasploit module exploits CVE-2023-41425, an authenticated file upload vulnerability affecting WonderCMS versions between 3.2.0 and 3.4.2. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class...
📄 Craft CMS Image Transform Pre-Authenticaton Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability in Craft CMS versions 3.x, 4.x, and 5.x prior to 5.6.17 via the image transform endpoint. It injects a PHP Meterpreter payload into the Craft session, then triggers its execution by abusing the Yii behavior...
📄 Microsoft Windows XRM-MS NTLM Hash Disclosure
Microsoft Windows suffers from another NTLM hash disclosure vulnerability. This time it is related to the xrm-ms file type. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MicrosoftWindowsxrm-msFileNTLM-HashDisclosure.tx...
📄 unzip-stream 0.3.1 Arbitrary File Write
unzip-stream version 0.3.1 suffers from an arbitrary file write vulnerability. Exploit Title: unzip-stream 0.3.1 - Arbitrary File Write Date: 18th April, 2024 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/mhr3/unzip-stream Version: unzip-stream 0.3.1 Tested on: Ubunt...
📄 Daikin Security Gateway 214 Remote Password Reset
The Daikin Security Gateway exposes a critical vulnerability in its password reset API endpoint. Due to an insecure direct object reference IDOR flaw, an unauthenticated attacker can send a crafted POST request to this endpoint, bypassing authentication mechanisms. Successful exploitation resets...
📄 Inedo ProGet 2024.22 Denial of Service / Information Disclosure / CSRF
Inedo ProGet version 2024.22 suffers from cross site request forgery, denial of service, and information disclosure vulnerabilities. Inedo ProGet 2024.22 and below are vulnerable to unauthenticated denial of service and information disclosure attacks among other things because the information...
📄 Ruby on Rails Cross Site Request Forgery
Ruby on Rails appears to include a one time pad for cross site request forgery protections to the user, making it possible to forge valid tokens. Good morning. All current versions and all versions since the 2022/2023 "fix" to the Rails cross-site request forgery CSRF protections continue to be...
📄 AlegroCart 1.2.9 Logic Flaw
AlegroCart version 1.2.9 suffers from a business logic flaw that allows for price manipulation. Exploit Title: Business Logic Flaw: Price Manipulation - alegrocartv1.2.9 Date: 04/2025 Exploit Author: Andrey Stoykov Version: 1.2.9 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Busines...
📄 AlegroCart 1.2.9 Cross Site Scripting
AlegroCart version 1.2.9 suffers from persistent and reflective cross site scripting vulnerabilities. Exploit Title: XSS via SVG Image Upload - alegrocartv1.2.9 Date: 04/2025 Exploit Author: Andrey Stoykov Version: 1.2.9 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ XSS via SVG Imag...
📄 BentoML Runner Server Remote Code Execution
There was an insecure deserialization in BentoML's runner server prior to version 1.4.8. By setting specific headers and parameters in the POST request, it is possible to execute unauthorized arbitrary code in the context of the user running the server, which will grant initial access and...
📄 Online Shopping System Advanced 1.0 Shell Upload / SQL Injection
Online Shopping System Advanced version 1.0 suffers from remote shell upload and remote SQL injection vulnerabilities. Exploit Title: Online Shopping System Advanced - Remote Code Execution Date: 2025-03-11 Exploit Author: bRpsd Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=bRpsd...
📄 Zyxel uOS 1.31 Privilege Escalation
The USG FLEX H Series with the operating system Zyxel uOS version 1.31 suffers from a local privilege escalation vulnerability via the setuid binary fermion-wrapper. -- HNS-2025-10 - HN Security Advisory - https://security.humanativaspa.it/ Title: Local privilege escalation via Zyxel...
📄 OpenSSH 9.8p1 Race Condition
Proof of concept race condition exploit for OpenSSH server version 9.8p1. Exploit Title : OpenSSH server sshd 9.8p1 - Race Condition Author : Milad Karimi Ex3ptionaL Date : 2025-04-16 Description: Targets a signal handler race condition in OpenSSH's server sshd on glibc-based Linux systems. It...
📄 Microsoft Windows 11 Kernel Privilege Escalation
Microsoft Windows 11 suffers from a privilege escalation vulnerability. Exploit Title: Microsoft Windows 11 - Kernel Privilege Escalation Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Tested on: Win,...
📄 Microsoft Windows 11 23h2 Privilege Escalation
Microsoft Windows 11 23h2 CLFS.sys proof of concept privilege escalation exploit. Exploit Title:Microsoft Windows 11 23h2 - 'CLFS.sys' Elevation of Privilege Vulnerability Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H:...
📄 Clothing Store Management System 1.0 SQL Injection
Clothing Store Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Titles: Clothing Store Management System-1.0 SQLi Bypass Authentication Author: nu11secur1ty Date: 04/22/2025 Vendor: https://github.com/oretnom23 Software:...
📄 tar-fs 3.0.0 Arbitrary File Write
tar-fs version 3.0.0 suffers from an arbitrary file write vulnerability. Exploit Title: tar-fs 3.0.0 - Arbitrary File Write/Overwrite Date: 17th April, 2024 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/mafintosh/tar-fs Version: tar-fs 3.0.0 Tested on: Ubuntu CVE:...
📄 Online Exam Mastering System 1.0 Cross Site Scripting
Online Exam Mastering System version 1.0 suffers from a cross site scripting vulnerability. Exploit Title: code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting XSS Google Dork: inurl:/exam/feedback.php Date: 2025-04-19 Exploit Author: Pruthu Raut Vendor Homepage:...
📄 Android 13 Local Privilege Escalation
Android version 13 local privilege escalation proof of concept exploit. Exploit Title: Android 13 - Local Privilege Escalation Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Version: = 13 Tested on: Win,...
📄 WordPress 123pan Cloud Storage 1.0 File Deletion / Shell Upload / Injection
WordPress 123pan Cloud Storage plugin version 1.0 suffers from token handling, remote shell upload, file deletion, and HTTP header injection vulnerabilities. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title WordPress 123pan Cloud Storage Plugin - Multiple...
📄 WonderCMS 3.4.2 Cross Site Scripting / Code Execution
WonderCMS version 3.4.2 proof of concept cross site scripting to code execution exploit. Exploit Title: WonderCMS v3.4.2 XSS to RCE Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H:...
📄 Joomla 3.7.1 SQL Injection
Joomla version 3.7.1 proof of concept remote SQL injection exploit. Exploit Title: Joomla 3.7.1 - Sql Injection Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H:...
📄 WordPress Easy Restaurant Manager 1.0 XSS / SQL Injection / IDOR
WordPress Easy Restaurant Manager plugin version 1.0 suffers from persistent cross site scripting, insecure direct object reference, a missing access control, and remote SQL injection vulnerabilities. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title WordPress...
📄 GitLab 16.7.2 Account Takeover
GitLab version 16.7.2 proof of concept account takeover via password reset exploit. Exploit Title: GitLab 16.7.2 - Account Takeover via Password Reset without user interactions Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H:...
📄 Drupal 11.x-dev Path Disclosure
Drupal version 11.x-dev suffers from a path disclosure vulnerability. !/usr/bin/env python Exploit Title: Drupal 11.x-dev - Full Path Disclosure Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H:...
📄 compop.ca 3.5.3 Arbitrary Code Execution
compop.ca version 3.5.3 suffers from an arbitrary code execution vulnerability. Exploit Title: compop.ca 3.5.3 - Arbitrary code Execution Google Dork: Terms of Use inurl:compop.vip Date: 22/12/2024 Exploit Author: dmlino Vendor Homepage: https://www.compop.ca/ Version: 3.5.3 CVE : CVE-2024-48445...
📄 WordPress MapSVG Lite 8.5.34 Shell Upload
WordPress MapSVG Lite plugin versions 8.5.34 and below suffer from a remote shell upload vulnerability. 🐚 CVE-2025-32682 - Arbitrary File Upload in MapSVG Lite = 8.5.34 📌 Plugin Details - Name: MapSVG Lite - Affected Version: = 8.5.34 - Vulnerability Type: Arbitrary File Upload - CVE ID:...
📄 Tatsu 3.3.11 Remote Code Execution
Tatsu versions 3.3.11 and below pre-authentication proof of concept remote code execution exploit. !/usr/bin/python3 coding: utf-8 Exploit Title:Tatsu = 3.3.11 pre-auth RCE exploit Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H:...
📄 UJCMS 9.6.3 Insecure Direct Object Reference
UJCMS version 9.6.3 suffers from an insecure direct object reference vulnerability that enables user enumeration. Exploit Title: UJCMS 9.6.3 User Enumeration via IDOR Exploit Author: Cyd Tseng Date: 11 Dec 2024 Category: Web application Vendor Homepage: https://dromara.org/ Software Link:...
📄 Apache Commons Text 1.10.0 Remote Code Execution
Apache Commons Text version 1.10.0 suffers from a remote code execution vulnerability. Exploit Title: Apache Commons Text 1.10.0 - Remote Code Execution Text4Shell - POST-based Date: 2025-04-17 Exploit Author: Arjun Chaudhary Vendor Homepage: https://commons.apache.org/proper/commons-text/ Softwa...
📄 Blood Bank and Donor Management System 2.4 Cross Site Request Forgery
Blood Bank and Donor Management System version 2.4 suffers from a cross site request forgery vulnerability. Exploit Title: Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation Google Dork: N/A Date: 2024-12-26 Exploit Author: Kwangyun Keum Vendor Homepage:...
📄 TP-Link VN020 F3v(T) TT_V6.2.1021 Denial of Service
TP-Link VN020 F3vT version TTV6.2.1021 suffers from a denial of service vulnerability. Exploit Title: TP-Link VN020 F3vT TTV6.2.1021 - Denial Of Service DOS Date: 10/22/2024 Exploit Author: Mohamed Maatallah Vendor Homepage: https://www.tp-link.com Version: TTV6.2.1021 VN020-F3vT Tested on:...
📄 Meshtastic Buffer Overflow
A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not require authentication or user interaction, as long as...