50738 matches found
๐ TP-Link VN020 F3v(T) TT_V6.2.1021 Buffer Overflow
TP-Link VN020 F3vT version TTV6.2.1021 suffers from a buffer overflow vulnerability. Exploit Title: TP-Link VN020 F3vT TTV6.2.1021 - Buffer Overflow Memory Corruption Date: 11/24/2024 Exploit Author: Mohamed Maatallah Vendor Homepage: https://www.tp-link.com Version: TTV6.2.1021 VN020-F3vT Tested...
๐ CommScope Ruckus IoT Controller 1.7.1.0 Backdoor Account
CommScope Ruckus IoT Controller version 1.7.1.0 has an undocumented backdoor account. Exploit Title: CommScope Ruckus IoT Controller 1.7.1.0 - Undocumented Account Date: 2021.05.26 Exploit Author: korelogic Vendor Homepage:...
๐ WooCommerce Customers Manager 29.4 SQL Injection
WooCommerce Customers Manager version 29.4 suffers from a remote SQL injection vulnerability. Exploit Title: WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection Date: 2024-03-25 Exploit Author: Ivan Spiridonov - xbz0n Software Link:...
๐ phpMyFAQ 3.2.10 Unintended File Download
phpMyFAQ version 3.2.10 suffers from an unintended file download vulnerability. Exploit Title: phpMyFAQ v3.2.10 - Unintended File Download Triggered by Embedded Frames Date: 13 Dec 2024 Exploit Author: George Chen Vendor Homepage: https://github.com/thorsten/phpMyFAQ/ Software Link:...
๐ BentoML 1.4.2 Remote Code Execution
A remote code execution vulnerability caused by insecure deserialization has been identified in version 1.4.2 of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. This module requires Metasploit: https://metasploit.com/download Current source:...
๐ phpMyFAQ 3.1.7 Cross Site Scripting
phpMyFAQ version 3.1.7 suffers from a cross site scripting vulnerability. Exploit Title: phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting XSS Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/thorsten/phpMyFAQ Software Link: https://github.com/thorsten/phpMyFAQ Versio...
๐ Smart Manager 8.27.0 SQL Injection
Smart Manager version 8.27.0 suffers from a remote SQL injection vulnerability. Exploit Title: Smart Manager 8.27.0 - Post-Authenticated SQL Injection Date: 2024-01-18 Exploit Author: Ivan Spiridonov - xbz0n Vendor Homepage: https://www.storeapps.org/ Software Link:...
๐ NagVis 1.9.33 Arbitrary File Read
NagVis version 1.9.33 suffers from an arbitrary file read vulnerability. Exploit Title: NagVis 1.9.33 - Arbitrary File Read Date: 03/12/2024 Exploit Author: David Rodrรญguez a.k.a. xerosec Vendor Homepage: https://www.nagvis.org/ Software Link: https://www.nagvis.org/downloads/archive Version:...
๐ Teedy 1.11 Cross Site Scripting
Teedy version 1.11 suffers from a persistent cross site scripting vulnerability. Exploit Title: Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting XSS Exploit Author: Ayato Shitomi @ Fore-Z co.ltd Demo Video: https://www.youtube.com/watch?v=udQgVogsmhA Vendor Homepage: https://teedy.io...
๐ WebMethods Integration Server 10.15.0.0000-0092 Access Bypass
WebMethods Integration Server version 10.15.0.0000-0092 has an issue where blank credentials can allow access to the administrative panel. Exploit Title: WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page Date: 25-01-2024 Exploit Author: Rasime Ekici Vendor Homepage:...
๐ Zabbix 7.0.0 SQL Injection
Zabbix version 7.0.0 suffers from a remote SQL injection vulnerability. Exploit Title: Zabbix 7.0.0 - SQL Injection Date: 06/12/2024 Exploit Author: Leandro Dias Barata @m4nb4 Vendor Homepage: https://www.zabbix.com/ Software Link: https://support.zabbix.com/browse/ZBX-25623 Version: 6.0.0 - 6.0....
๐ Dell EMC iDRAC7/iDRAC8 2.52.52.52 Remote Code Execution
Dell EMC iDRAC7/iDRAC8 version 2.52.52.52 suffers from a remote code execution vulnerability. Exploit Title: Dell EMC iDRAC7/iDRAC8 2.52.52.52 - Remote Code Execution RCE via file upload Date: 2024-08-28 Exploit Author: Photubias Vendor Homepage: https://dell.com Vendor Advisory: 1...
๐ Hugging Face Transformers MobileViTV2 4.41.1 Remote Code Execution
Hugging Face Transformers MobileViTV2 version 4.41.1 suffers from a remote code execution vulnerability. Exploit Title: Hugging Face Transformers MobileViTV2 RCE Date: 29-11-2024 Exploit Author: The Kernel Panic Vendor Homepage: https://huggingface.co/ Software Link:...
๐ SilverStripe 5.3.8 Cross Site Scripting
SilverStripe version 5.34.8 suffers from a persistent cross site scripting vulnerability. Exploit Title: SilverStripe 5.3.8 - Stored Cross Site Scripting XSS Authenticated Date: 2025-01-15 Exploit Author: James Nicoll Vendor Homepage: https://www.silverstripe.org/ Software Link:...
๐ Rollback Rx Professional 12.8.0.0 NULL Pointer Dereference
Rollback Rx Professional version 12.8.0.0 suffers from a null pointer dereference in shieldm.sys. Title: Rollback Rx Professional 12.8.0.0 - "shieldm.sys" Null Pointer Dereference Author: Can Burak Dรถnmez Date: 14.04.2025 Vendor: https://horizondatasys.com Affected Version: 12.8.0.0 Tested: Win10...
๐ GestioIP 3.5.7 Cross Site Request Forgery
GestioIP version 3.5.7 suffers from a cross site request forgery vulnerability. Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Cross-Site Request Forgery CSRF Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email : max.cybersecurity a...
๐ Adapt Authoring Tool 0.11.3 Remote Command Execution
Adapt Authoring Tool version 0.11.3 suffers from a remote command execution vulnerability. Exploit Title: Adapt Authoring Tool 0.11.3 - Remote Command Execution RCE Date: 2024-11-24 Exploit Author: Eui Chul Chung Vendor Homepage: https://www.adaptlearning.org/ Software Link:...
๐ GestioIP 3.5.7 Cross Site Scripting
GestioIP version 3.5.7 suffers from reflective and persistent cross site scripting vulnerabilities. Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Cross-Site Scripting XSS Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email...
๐ Spring Boot common-user-management 0.1 Shell Upload
Spring Boot common-user-management version 0.1 suffers from a remote shell upload vulnerability. Exploit Title: Unrestricted File Upload Google Dork: Date: 14/Nov/2024 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link:...
๐ OpenCMS 17.0 Cross Site Scripting
OpenCMS version 17.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: OpenCMS 17.0 - Stored Cross Site Scripting XSS Date: 24-11-2024 Exploit Author: Siddhartha Naik Vendor Homepage: http://www.opencms.org/en/ Software Link:...
๐ Plane 0.23.1 Server-Side Request Forgery
Plane version 0.23.1 suffers from a server-side request forgery vulnerability. Exploit Title: Plane - Server side request forgery SSRF Date: 2024-01-13 Exploit Author: Saud Alenazi Vendor Homepage: https://plane.so Software Link: https://github.com/makeplane/plane/releases/tag/v0.23.1 Version:...
๐ WordPress Really Simple Security 9.1.1.1 Authentication Bypass
WordPress Really Simple Security plugin version 9.1.1.1 authentication bypass proof of concept exploit. !/usr/bin/env python3 Exploit Title: Really Simple Security 9.1.1.1 - Authentication Bypass Date: 2024-11-19 Exploit Author: Antonio Francesco Sardella Vendor Homepage:...
๐ GestioIP 3.5.7 Remote Command Execution
GestioIP version 3.5.7 suffers from a remote command execution vulnerability. Exploit Title: GestioIP 3.5.7 - Remote Command Execution RCE Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email max.cybersecurity at belino.com GitHub disclosure link:...
๐ Cacti 1.2.26 Remote Code Execution
Cacti version 1.2.26 proof of concept remote code execution exploit. Exploit Title: Cacti 1.2.26 - Remote Code Execution RCE Authenticated Date: 06/01/2025 Exploit Author: D3Ext Vendor Homepage: https://cacti.net/ Software Link: https://github.com/Cacti/cacti/archive/refs/tags/release/1.2.26.zip...
๐ Pymatgen 2024.1 Remote Code Execution
Pymatgen version 2024.1 suffers from a remote code execution vulnerability. Exploit Title : Pymatgen 2024.1 - Remote Code Execution RCE Google Dork : not applicable Date : 2024-11-13 Exploit Author : Mohammed Idrees Banyamer Vendor Homepage : https ://pymatgen.org Software Link : https ://pypi.or...
Atlas (Havelsan) Insecure Deserialization
Atlas Havelsan suffers from a BinaryFormatter insecure deserialization vulnerability. Exploit Title: Havelsan Atlas HBYS - Insecure Deserialization RCE Date: 2025-04-14 Exploit Author: Ahmet รmit BAYRAM Vendor: https://github.com/havelsan/atlas Version: latest Tested on: Windows 10 - 64bit CVE: N...
๐ CrushFTP 9.x / 10.8.4 / 11.3.1 Server-Side Request Forgery / Directory Traversal
CrushFTP versions 9.x, 10.x through 10.8.4, and 11.x through 11.3.1 suffer from server-side request forgery and directory traversal vulnerabilities. !-- Exploit Title: Server-Side Request Forgery SSRF in CrushFTP 10.7.1 and 11.1.0 as well as legacy 9.x Date: 2024-10-20 Exploit Author: Rafael...
๐ Langflow AI Remote Code Execution
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. This module requires Metasploit: https://metasploit.com/download Current source:...
๐ RemotePC Remote Code Execution
RemotePC suffers from an unauthenticated remote code execution vulnerability. The release for this on github offers no version information. Exploit Title: RemotePC - Unauthenticated RCE Date: 2025-04-14 Exploit Author: Ahmet รmit BAYRAM Vendor: https://github.com/akoc95/RemotePC Version: latest...
๐ MagnusBilling 6.x / 7.x Command Injection
MagnusBilling versions 6.x and 7.x suffer from an unauthenticated remote command injection vulnerability. Exploit Title: MagnusBilling 6.x and 7.x Unauthenticated Remote Command Injection Vulnerability Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage:...
๐ Netman 204 Authentication Bypass / Remote Code Execution
Netman 204 allows for remote command execution without authentication. Exploit Title: Netman 204 - Remote command with out authentication Date: 2/4/2025 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: netman-204 https://www.riello-ups.com/downloads/25-netman-204 Version: netman-204 Teste...
๐ NEWS-BUZZ 1.0 SQL Injection
NEWS-BUZZ version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: NEWS-BUZZ News Management System - SQL Injection Google Dork: N/A Exploit Author: egsec Date: 2024-11-03 Vendor Homepage: https://code-projects.org Software Link:...
๐ GetSimpleCMS Shell Upload
GetSimple CMS versions prior to 3.3.16 suffer from a remote code execution vulnerability via a PHAR file upload in admin/upload.php. Exploit Title: GetSimpleCMS 2. Write a PHP script to create the .phar file: Use the Phar class in PHP to package the index.php file into a .phar archive. Create a...
๐ phpIPAM 1.6 Cross Site Scripting
phpIPAM version 1.6 suffers from a cross site scripting vulnerability. Exploit Title: phpIPAM 1.6 Reflected XSS via closeClass Parameter in popup.php Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/phpipam/phpipam Software Link: https://github.com/phpipam/phpipam...
๐ WordPress LearnPress 4.2.7 SQL Injection
WordPress LearnPress plugin versions 4.2.7 and below suffer from a remote SQL injection vulnerability. My name: Francisco Moraga BTshell @BTshell https://www.linkedin.com/in/btshell/ Exploit Title: LearnPress WordPress LMS Plugin = 4.2.7 - Unauthenticated SQL Injection via 'conlyfields' Google...
๐ PgAdmin Query Tool Authenticated Remote Code Execution
This Metasploit module exploits a vulnerability in pgAdmin where an authenticated user can establish a connection to the query tool and send a specific payload in the querycommited POST parameter. This payload is directly executed via a Python eval statement, resulting in remote code execution in...
๐ MiniCMS 1.1 Cross Site Scripting
MiniCMS version 1.1 suffers from a cross site scripting vulnerability. Exploit Title: MiniCMS 1.1 Cross-Site Scripting XSS in date Parameter of mc-admin/page.php Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/bg5sbk/MiniCMS Software Link:...
๐ RosarioSIS SQL Injection
RosarioSIS versions prior to 7.6.1 suffer from a remote unauthenticated SQL injection vulnerability. Exploit Title: RosarioSIS $votesarray && if ! empty $votesarray && PortalPollsVote $pollid, $votesarray votes'; CREATE TABLE aaat text --=1...
๐ Roundcube 1.6.6 Cross Site Scripting
Roundcube mail server versions earlier than 1.5.6 and 1.6 through 1.6.6 suffer from a persistent cross site scripting vulnerability. Exploit Title: Roundcube mail server exploit for CVE-2024-37383 Stored XSS Google Dork: Exploit Author: AmirZargham Vendor Homepage: Roundcube - Free and Open Sourc...
๐ Gnuboard5 5.3.2.8 SQL Injection
Gnuboard5 versions 5.3.2.8 and below suffer from a remote SQL injection vulnerability. Exploit Title: Gnuboard5 = 5.3.2.8 SQL Injection via tableprefix Parameter Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/gnuboard/gnuboard5 Software Link:...
๐ Anant Addons for Elementor 1.1.5 CSRF / Arbitrary Plugin Installation
Anant Addons for Elementor versions 1.1.5 and below cross site request forgery proof of concept that allows for arbitrary plugin installation. ๐ก๏ธ Anant Addons for Elementor Anant Addons for Elementor body background-color: 111; color: 0f0; font-family: monospace;...
๐ flatCore Cross Site Request Forgery
flatCore versions prior to 1.5 suffer from a cross site request forgery vulnerability. Exploit Title: flatCore CSRF PoC Replace Your Domain Name...
๐ Cisco Smart Software Manager On-Prem 8-202206 Account Takeover
Cisco Smart Software Manager On-Prem versions 8-202206 and below account takeover proof of concept exploit. Exploit Title: Cisco SSM On-Prem; Account Takeover CVE-2024-20419 Google Dork: N/A Date: 21/07/2024 Exploit Author: Mohammed Adel Vendor Homepage: https://www.cisco.com Software Link:...
๐ Typecho 1.3.0 Race Condition
Typecho versions 1.3.0 and below suffer from a race condition vulnerability. // Exploit Title: Typecho = 1.3.0 Race Condition // Google Dork: intext:"Powered by Typecho" inurl:/index.php // Date: 18/08/2024 // Exploit Author: Michele 'cyberaz0r' Di Bonaventura // Vendor Homepage:...
๐ CodeAstro Online Railway Reservation System 1.0 Cross Site Scripting
CodeAstro Online Railway Reservation System version 1.0 suffers from a cross site scripting vulnerability. Exploit Title: XSS Vulnerability in Online Railway Reservation System 1.0 Date: 2024-08-15 Exploit Author: Raj Nandi Vendor Homepage: https://codeastro.com/ Software Link:...
๐ AquilaCMS 1.409.20 Remote Command Execution
AquilaCMS version 1.409.20 suffers from a remote command execution vulnerability. Exploit Title: AquilaCMS 1.409.20 - Remote Command Execution RCE Unauthenticated Date: 2024-10-25 Exploit Author: Eui Chul Chung Vendor Homepage: https://www.aquila-cms.com/ Software Link:...
๐ WordPress Buddypress Humanity 1.2 Cross Site Request Forgery
WordPress Buddypress Humanity plugin versions 1.2 and below suffer from a cross site request forgery vulnerability. โ ๏ธ CVE-2025-31033 - CSRF in WordPress Buddypress Humanity Plugin...
๐ PandoraFMS 7.0NG.772 SQL Injection
PandoraFMS version 7.0NG.772 proof of concept authenticated remote SQL injection exploit. Exploit Title: PandoraFMS console v7.0NG.772 - SQL Injection Authenticated Date: 21/11/2023 Exploit Author: Osama Yousef Vendor Homepage: https://pandorafms.com/ Software Link:...
๐ Typecho 1.3.0 Cross Site Scripting
Typecho versions 1.3.0 and below suffer from a persistent cross site scripting vulnerability. // Exploit Title: Typecho = 1.3.0 Stored Cross-Site Scripting XSS // Google Dork: intext:"Powered by Typecho" inurl:/index.php // Date: 18/08/2024 // Exploit Author: Michele 'cyberaz0r' Di Bonaventura //...
๐ flatCore 1.5.5 Shell Upload
flatCore version 1.5.5 suffers from a remote shell upload vulnerability. Exploit Title: flatCore Arbitrary .php File Upload via acp/acp.php Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/flatCore/flatCore-CMS Software Link: https://github.com/flatCore/flatCore-CMS...