50637 matches found
WordPress Munk Sites 1.0.7 Cross Site Request Forgery
WordPress Munk Sites plugin versions 1.0.7 and below suffer from a cross site request forgery vulnerability that allows an adversary to trick an admin into installing arbitrary plugins. 🚀 CVE-2025-25101 - WordPress Munk Sites Plugin = 1.0.7 - CSRF to Arbitrary Plugin Installation 📌 Overview...
Fortra FileCatalyst Workflow 5.1.6 Build 135 SQL Injection
Fortra FileCatalyst Workflow version 5.1.6 build 135 remote SQL injection exploit. ============================================================================================================================================= | Title : Fortra FileCatalyst Workflow v5.1.6 Build 135 PHP Code Injecti...
General Device Manager 2.5.2.2 Buffer Overflow
General Device Manager version 2.5.2.2 remote buffer overflow exploit that provides a reverse shell. Based on a discovery made in 2024 by Ahmet Ümit Bayram. ============================================================================================================================================...
GE Proficy Cimplicity 7.5 Directory Traversal
GE Proficy Cimplicity version 7.5 proof of concept directory traversal vulnerability that takes advantage of a flaw discovered in 2013. ============================================================================================================================================= | Title : GE Profic...
Loaded Commerce 6.6 Client-Side Template Injection
Loaded Commerce version 6.6 suffers from a client-side template injection vulnerability. Exploit Title: Loaded Commerce 6.6 Client-Side Template InjectionCSTI AngularJS Date: 03/13/2025 Exploit Author: tmrswrr Vendor Homepage: https://loadedcommerce.com/ Version: 6.6 Tested on:...
Drupal 7.15 XML Injection
Drupal version 7.15 proof of concept XML external entity injection exploit that leverages a vulnerability originally discovered in 2012. ============================================================================================================================================= | Title : Drupal...
Cyber Panel 2.3.x Remote Command Execution
Cyber Panel version 2.3.x proof of concept remote command execution exploit that leverages three vulnerabilities discovered in 2024. ============================================================================================================================================= | Title : Cyber Panel...
Dotclear 2.29 Shell Upload
Dotclear version 2.29 proof of concept remote shell upload exploit that leverages a previously discovered vulnerability from 2024. ============================================================================================================================================= | Title : Dotclear 2.29...
Backdrop CMS 1.27.1 Remote Command Execution
Backdrop CMS version 1.27.1 proof of concept remote command execution exploit for a vulnerability discovered in 2024. ============================================================================================================================================= | Title : Backdrop CMS 1.27.1 PHP COd...
D Tale 3.15.1 Remote Command Execution
D Tale version 3.15.1 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : D Tale v3.15.1 PHP code execution vulnerability | | Author : indoushka |...
WordPress Really Simple SSL 9.0.0 Authentication Bypass
WordPress Really Simple SSL plugin version 9.0.0 proof of concept 2FA bypass that allows the uploading of a malicious plugin. ============================================================================================================================================= | Title : WordPress Really...
Craft CMS 3.9.14 Remote Command Execution
Craft CMS version 3.9.14 proof of concept remote command execution exploit that leverages a vulnerability discovered in 2024. ============================================================================================================================================= | Title : Craft CMS 3.9.14...
appRain CMF 4.0.5 Shell Upload
appRain CMF version 4.0.5 proof of concept shell upload exploit that leverages a vulnerability originally found in 2024. ============================================================================================================================================= | Title : appRain CMF 4.0.5 shell...
Apache NiFi 1.21.0 Remote Code Execution
Apache NiFi version 1.21.0 proof of concept remote code execution exploit that takes advantage of a flaw discovered in 2023. ============================================================================================================================================= | Title : Apache NiFi 1.21.0 R...
vBulletin 5.0.0 Beta 28 SQL Injection
vBulletin version 5.0.0 Beta 28 proof of concept remote SQL injection exploit that leverages a vulnerability discovered in 2013. ============================================================================================================================================= | Title : vBulletin 5.0.0...
VICIdial 2.14-917 Remote Command Execution
VICIdial version 2.14-917 proof of concept remote command execution exploit that takes advantage of a flaw originally found in 2024. ============================================================================================================================================= | Title : VICIdial v...
UniRide Vehicle Booking Management System 1.0 Shell Upload
UniRide Vehicle Booking Management System version 1.0 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : UniRide Vehicle Booking Management System...
vBulletin 4.5 Add Administrator
vBulletin version 4.5 proof of concept add administrator exploit that leverages a vulnerability from 2013. ============================================================================================================================================= | Title : vBulletin 4.5 create new administrator...
Webmin 1.580 Directory Traversal
Webmin version 1.580 proof of concept directory traversal exploit that leverages a vulnerability from 2012. ============================================================================================================================================= | Title : Webmin 1.580 Directory Traversal...
TFTP Server NetDecision 4.2 Directory Traversal
TFTP Server NetDecision version 4.2 proof of concept directory traversal exploit that leverages a vulnerability from 2009. ============================================================================================================================================= | Title : TFTP Server NetDecisio...
WordPress Bit File Manager 6.5.5 Race Condition / Code Injection
WordPress Bit File Manager plugin version 6.5.5 proof of concept race condition exploit that achieves remote code execution. ============================================================================================================================================= | Title : WordPress Bit File...
asteval 1.06 Arbitrary Code Execution / Sandbox Escape
An attacker who can pass input to the asteval library, when this is used with numpy functions in the symbol table the default setting, can bypass restrictions and execute arbitrary code as the user who ran the python process. Versions 1.06 and below are affected. CVE pending Sandboxing Python is...
WinTr Scada 5.5.9 Command Injection
WinTr Scada version 5.5.9 suffers from a command injection vulnerability. Exploit Title: WinTr Scada v5.5.9 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 17.04.2024 Vendor Homepage: http://www.wintr.com.tr Software Link:...
WP Time Capsule 1.22.21 Shell Upload
WordPress WP Time Capsule plugin version 1.22.21 remote shell upload proof of concept exploit that takes advantage of a flaw discovered in 2024 by Rein Daelman...
Wp2Fac 1.0 Code Injection
Wp2Fac version 1.0 proof of concept code injection exploit that takes advantage of a flaw originally discovered by Ahmet Ümit Bayram in 2023. ============================================================================================================================================= | Title :...
War-FTPD 1.65 Denial of Service
War-FTPD version 1.65 proof of concept denial of service exploit that leverages a vulnerability originally discovered in 2024 by Fernando Mengali. ============================================================================================================================================= | Title ...
SuperScan 4.1 Buffer Overflow
SuperScan version 4.1 suffers from a local buffer overflow vulnerability. Exploit Title: SuperScan v4.1 - Stack Buffer Overflow PoC Discovered by: Ahmet Ümit BAYRAM Discovered Date: 18.09.2023 Vendor: Foundstone Inc Software Link: https://delivery2.filecroco.com/kits6/superscan-4.1.zip Tested...
ABB AC500v3 3.7.0.569 Symlink Attack
ABB AC500v3 version 3.7.0.569 proof of concept symlink attack exploit that leverages vulnerabilities previously discovered in 2024 by CyberDanube. ============================================================================================================================================= | Title ...
WS FTP Server 5.0.5 Denial of Service
WS FTP Server version 5.0.5 proof of concept denial of service exploit that leverages a flaw found by Fernando Mengali in 2024. ============================================================================================================================================= | Title : WS FTP Server 5.0...
RDK 5.3 Buffer Overflow
RDK version 5.3 suffers from a local buffer overflow vulnerability. Exploit Title: RDK v5.3 - Buffer Overflow DoS Discovered by: Ahmet Ümit BAYRAM Discovered Date: 17.04.2024 Vendor Homepage: http://www.shenturk.com Software Link: http://www.shenturk.com/downloads/rdk-5.3-setup.rar Tested Version...
BulletProof FTP Client 2010.74 Buffer Overflow
BulletProof FTP Client version 2010.74 suffers from a buffer overflow vulnerability. Exploit Title: BulletProof FTP Client v2010.74 - Buffer Overflow PoC Discovered by: Ahmet Ümit BAYRAM Discovered Date: 14.09.2023 Vendor Homepage: http://www.bpftp.com Software Link:...
Apache NiFi 1.17.0 Remote Code Execution
Apache NiFi version 1.17.0 proof of concept remote code execution exploit that takes advantage of a flaw discovered in 2023. ============================================================================================================================================= | Title : Apache NiFi 1.17.0 R...
Sam Spade 1.14 SEH Overflow / DLL Injection
Sam Spade version 1.14 SEH overflow exploit that leverages DLL injection. Exploit Title: Sam Spade 1.14 - SEH Overflow via Arbitrary DLL Injection Date: 14.03.2024 Software Link: https://www.majorgeeks.com/files/details/samspade.html Exploit Author: Ahmet Ümit BAYRAM Tested Version: 1.14 Tested o...
ABB Cylon Aspect 3.08.01 Shell Upload
ABB Cylon Aspect version 3.08.01 proof of concept remote shell upload exploit. Original discovery of this issue is attributed to LiquidWorm. ============================================================================================================================================= | Title : ABB...
WordPress XMLRPC 3.9.2 Denial of Service
WordPress version 3.9.2 XMLRPC proof of concept denial of service exploit that leverages a vulnerability from 2014 and was originally discovered by Nir Goldshlager...
XMedia Recode 3.5.8.4 Command Injection
XMedia Recode version 3.5.8.4 suffers from a command injection vulnerability. Exploit Title: XMedia Recode v3.5.8.4 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 16.09.2023 Vendor Homepage: https://www.xmedia-recode.de Software Link: https://www.xmedia-recode.de/downloa...
TextPad 9.3.0 Command Injection
TextPad version 9.3.0 suffers from a remote command injection vulnerability when it opens a batch file. Exploit Title: TextPad v9.3.0 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 17.09.2023 Vendor Homepage: https://www.textpad.com Software Link:...
ZesleCP 3.1.20 Privilege Escalation
ZesleCP version 3.1.20 remote privilege escalation exploit that leverages cron to achieve root level privileges. Exploit Title: ZesleCP v3.1.20 - Privilege Escalation Exploit Author: Ahmet Ümit BAYRAM Date: 09.11.2024 Vendor Homepage: https://zeslecp.com Tested on: Ubuntu 20.04 Privilege Escalati...
JUX Real Estate 3.4.0 SQL Injection
JUX Real Estate version 3.4.0 suffers from a remote SQL injection vulnerability. Exploit Title: JUX Real Estate 3.4.0 - SQL Injection Exploit Author: CraCkEr Date: 26/02/2025 Vendor: JoomlaUX Vendor Homepage: https://joomlaux.com/ Software Link:...
Zabbix 6.0.32rc1 PHP Code Injection
Zabbix server version 6.0.32rc1 proof of concept remote code injection exploit. ============================================================================================================================================= | Title : Zabbix server v 6.0.32rc1 PHP Code Injection Vulnerability | |...
Yokogawa CENTUM CS 3000 R3.08.50 Buffer Overflow / Denial of Service
Yokogawa CENTUM CS version 3000 R3.08.50 proof of concept exploit that leverages a heap buffer overflow from 2014 and can result in a denial of service condition...
Apache NiFi 0.0.2 Remote Code Execution
Apache NiFi version 0.0.2 proof of concept remote code execution exploit that takes advantage of a flaw from 2023. ============================================================================================================================================= | Title : Apache NiFi 0.0.2 RCE...
FluxBB 1.5.11 Cross Site Scripting
FluxBB version 1.5.11 suffers from a persistent cross site scripting vulnerability. Exploit Title: FluxBB 1.5.11 Stored xss Date: 3/8/2025 Exploit Author: Chokri Hammedi Vendor Homepage: www.fluxbb.org Software Link: https://www.softaculous.com/apps/forums/FluxBB Version: FluxBB 1.5.11 Tested on:...
JUX Real Estate 3.4.0 Cross Site Scripting
JUX Real Estate version 3.4.0 suffers from a cross site scripting vulnerability. Exploit Title: JUX Real Estate 3.4.0 - Multiple RXSS Exploit Author: CraCkEr Date: 26/02/2025 Vendor: JoomlaUX Vendor Homepage: https://joomlaux.com/ Software Link:...
VMware vCenter Server 8.0.2 Privilege Escalation
VMware vCenter Server version 8.0.2 proof of concept privilege escalation exploit that leverages a vulnerability from 2024. ============================================================================================================================================= | Title : VMware vCenter Server...
vBulletin 4.1 Add Administrator
vBulletin version 4.1 add new administrator remote proof of concept exploit that takes advantage of a flaw from 2013. ============================================================================================================================================= | Title : vBulletin 4.1 create new...
Apache ActiveMQ 5.3.2 Source Code Disclosure
Apache ActiveMQ version 5.3.2 source code disclosure proof of concept exploit that demonstrates an issue discovered in 2010. ============================================================================================================================================= | Title : Apache ActiveMQ 5.3....
Kerberos 5-1.21.3 Privilege Escalation / Ticket Injection
Kerberos version 5-1.21.3 privilege escalation and ticket injection proof of concept exploit that demonstrates a vulnerability discovered in 2014. ============================================================================================================================================= | Title ...
WordPress Custom Contact Form 5.1.0.3 CSRF / SQL Injection
WordPress Custom Contact Form plugin version 5.1.0.3 suffers from cross site request forgery and remote SQL injection vulnerabilities. ============================================================================================================================================= | Title : WordPress...
Apache Rave 0.20 User Information Disclosure
Apache Rave version 0.20 proof of concept user information disclosure exploit that leverages a flaw from 2013. ============================================================================================================================================= | Title : Apache Rave 0.20 Disclosure of use...