50738 matches found
WordPress Munk Sites 1.0.7 Cross Site Request Forgery
WordPress Munk Sites plugin versions 1.0.7 and below suffer from a cross site request forgery vulnerability that allows an adversary to trick an admin into installing arbitrary plugins. 🚀 CVE-2025-25101 - WordPress Munk Sites Plugin = 1.0.7 - CSRF to Arbitrary Plugin Installation 📌 Overview...
Application Accounts Manager 1.0 Cross Site Scripting
Application Accounts Manager version 1.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS on application-accounts-manager 1.0 Date: 03.14.2025 Exploit Author: Ümit AYAZ Vendor Homepage: www.sourcecodester.com Software Link:...
Fortra FileCatalyst Workflow 5.1.6 Build 135 SQL Injection
Fortra FileCatalyst Workflow version 5.1.6 build 135 remote SQL injection exploit. ============================================================================================================================================= | Title : Fortra FileCatalyst Workflow v5.1.6 Build 135 PHP Code Injecti...
Loaded Commerce 6.6 Client-Side Template Injection
Loaded Commerce version 6.6 suffers from a client-side template injection vulnerability. Exploit Title: Loaded Commerce 6.6 Client-Side Template InjectionCSTI AngularJS Date: 03/13/2025 Exploit Author: tmrswrr Vendor Homepage: https://loadedcommerce.com/ Version: 6.6 Tested on:...
GE Proficy Cimplicity 7.5 Directory Traversal
GE Proficy Cimplicity version 7.5 proof of concept directory traversal vulnerability that takes advantage of a flaw discovered in 2013. ============================================================================================================================================= | Title : GE Profic...
General Device Manager 2.5.2.2 Buffer Overflow
General Device Manager version 2.5.2.2 remote buffer overflow exploit that provides a reverse shell. Based on a discovery made in 2024 by Ahmet Ümit Bayram. ============================================================================================================================================...
Backdrop CMS 1.27.1 Remote Command Execution
Backdrop CMS version 1.27.1 proof of concept remote command execution exploit for a vulnerability discovered in 2024. ============================================================================================================================================= | Title : Backdrop CMS 1.27.1 PHP COd...
Cyber Panel 2.3.x Remote Command Execution
Cyber Panel version 2.3.x proof of concept remote command execution exploit that leverages three vulnerabilities discovered in 2024. ============================================================================================================================================= | Title : Cyber Panel...
WordPress Really Simple SSL 9.0.0 Authentication Bypass
WordPress Really Simple SSL plugin version 9.0.0 proof of concept 2FA bypass that allows the uploading of a malicious plugin. ============================================================================================================================================= | Title : WordPress Really...
Dotclear 2.29 Shell Upload
Dotclear version 2.29 proof of concept remote shell upload exploit that leverages a previously discovered vulnerability from 2024. ============================================================================================================================================= | Title : Dotclear 2.29...
Craft CMS 3.9.14 Remote Command Execution
Craft CMS version 3.9.14 proof of concept remote command execution exploit that leverages a vulnerability discovered in 2024. ============================================================================================================================================= | Title : Craft CMS 3.9.14...
Apache NiFi 1.21.0 Remote Code Execution
Apache NiFi version 1.21.0 proof of concept remote code execution exploit that takes advantage of a flaw discovered in 2023. ============================================================================================================================================= | Title : Apache NiFi 1.21.0 R...
appRain CMF 4.0.5 Shell Upload
appRain CMF version 4.0.5 proof of concept shell upload exploit that leverages a vulnerability originally found in 2024. ============================================================================================================================================= | Title : appRain CMF 4.0.5 shell...
Drupal 7.15 XML Injection
Drupal version 7.15 proof of concept XML external entity injection exploit that leverages a vulnerability originally discovered in 2012. ============================================================================================================================================= | Title : Drupal...
D Tale 3.15.1 Remote Command Execution
D Tale version 3.15.1 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : D Tale v3.15.1 PHP code execution vulnerability | | Author : indoushka |...
VICIdial 2.14-917 Remote Command Execution
VICIdial version 2.14-917 proof of concept remote command execution exploit that takes advantage of a flaw originally found in 2024. ============================================================================================================================================= | Title : VICIdial v...
UniRide Vehicle Booking Management System 1.0 Shell Upload
UniRide Vehicle Booking Management System version 1.0 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : UniRide Vehicle Booking Management System...
TFTP Server NetDecision 4.2 Directory Traversal
TFTP Server NetDecision version 4.2 proof of concept directory traversal exploit that leverages a vulnerability from 2009. ============================================================================================================================================= | Title : TFTP Server NetDecisio...
vBulletin 5.0.0 Beta 28 SQL Injection
vBulletin version 5.0.0 Beta 28 proof of concept remote SQL injection exploit that leverages a vulnerability discovered in 2013. ============================================================================================================================================= | Title : vBulletin 5.0.0...
vBulletin 4.5 Add Administrator
vBulletin version 4.5 proof of concept add administrator exploit that leverages a vulnerability from 2013. ============================================================================================================================================= | Title : vBulletin 4.5 create new administrator...
WordPress Bit File Manager 6.5.5 Race Condition / Code Injection
WordPress Bit File Manager plugin version 6.5.5 proof of concept race condition exploit that achieves remote code execution. ============================================================================================================================================= | Title : WordPress Bit File...
asteval 1.06 Arbitrary Code Execution / Sandbox Escape
An attacker who can pass input to the asteval library, when this is used with numpy functions in the symbol table the default setting, can bypass restrictions and execute arbitrary code as the user who ran the python process. Versions 1.06 and below are affected. CVE pending Sandboxing Python is...
Webmin 1.580 Directory Traversal
Webmin version 1.580 proof of concept directory traversal exploit that leverages a vulnerability from 2012. ============================================================================================================================================= | Title : Webmin 1.580 Directory Traversal...
TextPad 9.3.0 Command Injection
TextPad version 9.3.0 suffers from a remote command injection vulnerability when it opens a batch file. Exploit Title: TextPad v9.3.0 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 17.09.2023 Vendor Homepage: https://www.textpad.com Software Link:...
Wp2Fac 1.0 Code Injection
Wp2Fac version 1.0 proof of concept code injection exploit that takes advantage of a flaw originally discovered by Ahmet Ümit Bayram in 2023. ============================================================================================================================================= | Title :...
WP Time Capsule 1.22.21 Shell Upload
WordPress WP Time Capsule plugin version 1.22.21 remote shell upload proof of concept exploit that takes advantage of a flaw discovered in 2024 by Rein Daelman...
WinTr Scada 5.5.9 Command Injection
WinTr Scada version 5.5.9 suffers from a command injection vulnerability. Exploit Title: WinTr Scada v5.5.9 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 17.04.2024 Vendor Homepage: http://www.wintr.com.tr Software Link:...
SuperScan 4.1 Buffer Overflow
SuperScan version 4.1 suffers from a local buffer overflow vulnerability. Exploit Title: SuperScan v4.1 - Stack Buffer Overflow PoC Discovered by: Ahmet Ümit BAYRAM Discovered Date: 18.09.2023 Vendor: Foundstone Inc Software Link: https://delivery2.filecroco.com/kits6/superscan-4.1.zip Tested...
War-FTPD 1.65 Denial of Service
War-FTPD version 1.65 proof of concept denial of service exploit that leverages a vulnerability originally discovered in 2024 by Fernando Mengali. ============================================================================================================================================= | Title ...
WordPress XMLRPC 3.9.2 Denial of Service
WordPress version 3.9.2 XMLRPC proof of concept denial of service exploit that leverages a vulnerability from 2014 and was originally discovered by Nir Goldshlager...
Apache NiFi 1.17.0 Remote Code Execution
Apache NiFi version 1.17.0 proof of concept remote code execution exploit that takes advantage of a flaw discovered in 2023. ============================================================================================================================================= | Title : Apache NiFi 1.17.0 R...
WS FTP Server 5.0.5 Denial of Service
WS FTP Server version 5.0.5 proof of concept denial of service exploit that leverages a flaw found by Fernando Mengali in 2024. ============================================================================================================================================= | Title : WS FTP Server 5.0...
BulletProof FTP Client 2010.74 Buffer Overflow
BulletProof FTP Client version 2010.74 suffers from a buffer overflow vulnerability. Exploit Title: BulletProof FTP Client v2010.74 - Buffer Overflow PoC Discovered by: Ahmet Ümit BAYRAM Discovered Date: 14.09.2023 Vendor Homepage: http://www.bpftp.com Software Link:...
RDK 5.3 Buffer Overflow
RDK version 5.3 suffers from a local buffer overflow vulnerability. Exploit Title: RDK v5.3 - Buffer Overflow DoS Discovered by: Ahmet Ümit BAYRAM Discovered Date: 17.04.2024 Vendor Homepage: http://www.shenturk.com Software Link: http://www.shenturk.com/downloads/rdk-5.3-setup.rar Tested Version...
ABB Cylon Aspect 3.08.01 Shell Upload
ABB Cylon Aspect version 3.08.01 proof of concept remote shell upload exploit. Original discovery of this issue is attributed to LiquidWorm. ============================================================================================================================================= | Title : ABB...
ZesleCP 3.1.20 Privilege Escalation
ZesleCP version 3.1.20 remote privilege escalation exploit that leverages cron to achieve root level privileges. Exploit Title: ZesleCP v3.1.20 - Privilege Escalation Exploit Author: Ahmet Ümit BAYRAM Date: 09.11.2024 Vendor Homepage: https://zeslecp.com Tested on: Ubuntu 20.04 Privilege Escalati...
Sam Spade 1.14 SEH Overflow / DLL Injection
Sam Spade version 1.14 SEH overflow exploit that leverages DLL injection. Exploit Title: Sam Spade 1.14 - SEH Overflow via Arbitrary DLL Injection Date: 14.03.2024 Software Link: https://www.majorgeeks.com/files/details/samspade.html Exploit Author: Ahmet Ümit BAYRAM Tested Version: 1.14 Tested o...
XMedia Recode 3.5.8.4 Command Injection
XMedia Recode version 3.5.8.4 suffers from a command injection vulnerability. Exploit Title: XMedia Recode v3.5.8.4 - OS Command Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 16.09.2023 Vendor Homepage: https://www.xmedia-recode.de Software Link: https://www.xmedia-recode.de/downloa...
ABB AC500v3 3.7.0.569 Symlink Attack
ABB AC500v3 version 3.7.0.569 proof of concept symlink attack exploit that leverages vulnerabilities previously discovered in 2024 by CyberDanube. ============================================================================================================================================= | Title ...
JUX Real Estate 3.4.0 SQL Injection
JUX Real Estate version 3.4.0 suffers from a remote SQL injection vulnerability. Exploit Title: JUX Real Estate 3.4.0 - SQL Injection Exploit Author: CraCkEr Date: 26/02/2025 Vendor: JoomlaUX Vendor Homepage: https://joomlaux.com/ Software Link:...
Zabbix 6.0.32rc1 PHP Code Injection
Zabbix server version 6.0.32rc1 proof of concept remote code injection exploit. ============================================================================================================================================= | Title : Zabbix server v 6.0.32rc1 PHP Code Injection Vulnerability | |...
Apache NiFi 0.0.2 Remote Code Execution
Apache NiFi version 0.0.2 proof of concept remote code execution exploit that takes advantage of a flaw from 2023. ============================================================================================================================================= | Title : Apache NiFi 0.0.2 RCE...
VMware vCenter Server 8.0.2 Privilege Escalation
VMware vCenter Server version 8.0.2 proof of concept privilege escalation exploit that leverages a vulnerability from 2024. ============================================================================================================================================= | Title : VMware vCenter Server...
vBulletin 4.1 Add Administrator
vBulletin version 4.1 add new administrator remote proof of concept exploit that takes advantage of a flaw from 2013. ============================================================================================================================================= | Title : vBulletin 4.1 create new...
FluxBB 1.5.11 Cross Site Scripting
FluxBB version 1.5.11 suffers from a persistent cross site scripting vulnerability. Exploit Title: FluxBB 1.5.11 Stored xss Date: 3/8/2025 Exploit Author: Chokri Hammedi Vendor Homepage: www.fluxbb.org Software Link: https://www.softaculous.com/apps/forums/FluxBB Version: FluxBB 1.5.11 Tested on:...
JUX Real Estate 3.4.0 Cross Site Scripting
JUX Real Estate version 3.4.0 suffers from a cross site scripting vulnerability. Exploit Title: JUX Real Estate 3.4.0 - Multiple RXSS Exploit Author: CraCkEr Date: 26/02/2025 Vendor: JoomlaUX Vendor Homepage: https://joomlaux.com/ Software Link:...
Yokogawa CENTUM CS 3000 R3.08.50 Buffer Overflow / Denial of Service
Yokogawa CENTUM CS version 3000 R3.08.50 proof of concept exploit that leverages a heap buffer overflow from 2014 and can result in a denial of service condition...
Apache Rave 0.20 User Information Disclosure
Apache Rave version 0.20 proof of concept user information disclosure exploit that leverages a flaw from 2013. ============================================================================================================================================= | Title : Apache Rave 0.20 Disclosure of use...
Cleo LexiCom Harmony 5.8.0.23 CSRF / Command Execution
Cleo LexiCom Harmony version 5.8.0.23 suffers from a remote command execution vulnerability that can be leveraged via a cross site request forgery attack. ============================================================================================================================================= ...
Kerberos 5-1.21.3 Privilege Escalation / Ticket Injection
Kerberos version 5-1.21.3 privilege escalation and ticket injection proof of concept exploit that demonstrates a vulnerability discovered in 2014. ============================================================================================================================================= | Title ...