50738 matches found
Adobe Reader 11.0.10 CoolType Out-Of-Bounds Read
Adobe Reader version 11.0.10 proof of concept exploit that demonstrates an out-of-bounds read found in 2015. ============================================================================================================================================= | Title : Adobe Reader 11.0.10 CoolType...
ImageX Image Converter Cross Site Request Forgery
ImageX Image Converter suffers from a cross site request forgery vulnerability that allows you to add an administrator. This software does not list a version but was reported as of March 03, 2025 to be vulnerable. Exploit Title: ImageX - Image Converter - Cross Site Request Forgery CSRF Add Admin...
Apache ActiveMQ 5.3.2 Source Code Disclosure
Apache ActiveMQ version 5.3.2 source code disclosure proof of concept exploit that demonstrates an issue discovered in 2010. ============================================================================================================================================= | Title : Apache ActiveMQ 5.3....
WordPress 4.2.4 XMLRPC GHOST Vulnerability Scanner
WordPress version 4.2.4 XMLRPC GHOST vulnerability scanning script that checks to see if an instance is vulnerable. ============================================================================================================================================= | Title : WordPress 4.2.4 XMLRPC GHOST...
OpenPanel 0.3.4 Directory Traversal / Arbitrary File Read
OpenPanel version 0.3.4 suffers from a directory traversal vulnerability in the fix permission functionality. This can be leveraged to change permissions on files unaccessible to userland and make them accessible to attackers. Exploit Title: OpenPanel 0.3.4 - Insecure Permission Modification via...
WordPress Custom Contact Form 5.1.0.3 CSRF / SQL Injection
WordPress Custom Contact Form plugin version 5.1.0.3 suffers from cross site request forgery and remote SQL injection vulnerabilities. ============================================================================================================================================= | Title : WordPress...
Advantech WebAccess 7.1 SQL Injection
Advantech WebAccess version 7.1 proof of concept exploit that demonstrates a SQL injection vulnerability original discovered in 2014. ============================================================================================================================================= | Title : Advantech...
Drupal 7.2 XML Injection
Drupal version 7.2 XML external entity injection proof of concept exploit that demonstrates a vulnerability distributed in 2012. ============================================================================================================================================= | Title : Drupal 7.2 via...
Zontal Arcade HTML 5 Game Portal PHP Script SQL Injection
Zontal Arcade HTML 5 Game Portal PHP Script suffers from a remote SQL injection vulnerability. This software does not list a version but was reported as of March 05, 2025 to be vulnerable. Exploit Title: Zontal Arcade HTML 5 Game Portal PHP Script - SQL Injection Date: 05-03-2025 Exploit Author:...
Webmin 2.202 Remote Command Execution
Webmin version 2.202 remote command execution exploit that provides a reverse shell. ============================================================================================================================================= | Title : Webmin 2.202 Reverse Shell attack | | Author : indoushka | |...
Axigen 8.10 Directory Traversal
Axigen version 8.10 directory traversal exploit that demonstrates a flaw discovered in 2012. ============================================================================================================================================= | Title : Axigen 8.10 WebAdmin interface Directory Traversal...
D Tale 3.10.0 Remote Command Execution
D Tale version 3.10.0 proof of concept remote command execution exploit. ============================================================================================================================================= | Title : D Tale v3.10.0 PHP code execution vulnerability | | Author : indoushka |...
Android SPF Memory Issues
SPF in AOSP version 5.10 and 5.15 kernels can create dangling TLB entries by misdirecting TLB flushes on race with mremap. The AOSP 5.10/5.15 kernels contain a non-upstream memory management optimization called "Speculative Page Fault" SPF. There have been a series of issues in this before, see...
Precurio Intranet Portal 4.4 Remote Command Execution
Precurio Intranet Portal version 4.4 suffers from a remote command execution vulnerability. Exploit Title: Precurio Intranet Portal 4.4 - Remote Command Execution Discovered by: Ahmet Ümit BAYRAM Discovered Date: 05.03.2024 Vendor Homepage: https://www.precurio.com Software Link:...
Ghostscript 9.21 Arbitrary Command Execution
Ghostscript version 9.21 exploit that leverages a flaw from 2017 to execute arbitrary commands and provides a reverse shell. ============================================================================================================================================= | Title : Ghostscript versions...
Zabbix 6.4.17rc1 Remote Code Execution
Zabbix server version 6.4.17rc1 remote code execution exploit that provides a reverse shell. ============================================================================================================================================= | Title : Zabbix server v 6.4.17rc1 PHP Code Injection...
Plikli CMS 4.1.5 SQL Injection
Plikli CMS version 4.1.5 suffers from a remote SQL injection vulnerability. Exploit Title: Plikli CMS 4.1.5 - 'randkey' SQL Injection Discovered by: Ahmet Ümit BAYRAM Discovered Date: 05.03.2024 Vendor Homepage: https://github.com/kkumar326/plikli Software Link:...
HP Intelligent Management Center 5.1 E0202 Shell Upload
HP Intelligent Management Center version 5.1 E0202 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : HP Intelligent Management Center 5.1 E0202...
OpenAdmin 0.3.4 Cross Site Request Forgery
Cross site request forgery in the Users and Change Root Password functions in OpenAdmin version 0.3.4 allows remote attackers to perform attacks enabling unauthorized actions that could lead to privilege escalation. Exploit Title: OpenAdmin 0.3.4 - Multiple CSRF Vulnerabilities Date: Nov 8, 2024...
Microsoft SRV2.SYS SMB 2 Remote Code Execution
Microsoft SRV2.SYS SMB version 2 remote code execution exploit that leverages a flaw from 2009. ============================================================================================================================================= | Title : Microsoft SRV2.SYS SMB v2 RCE Vulnerability | |...
CZS CMS 1.3.0 Cross Site Request Forgery
CZS CMS version 1.3.0 suffers from a cross site request forgery vulnerability. Exploit Title: CZS CMS 1.3.0 - Cross Site Request Forgery CSRF Add Admin Date: 2024-05-03 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.cszcms.com Software Link:...
Supermicro X9 Buffer Overflow Scanner
Supermicro X9 generation motherboards before SMT X9 317 overflow scanner that checks for two flaws that date back to 2013 related to IPMI. ============================================================================================================================================= | Title :...
UniRide Vehicle Booking Management System 1.0 Insecure Direct Object Reference
UniRide Vehicle Booking Management System version 1.0 suffers from an insecure direct object reference vulnerability. ============================================================================================================================================= | Title : UniRide Vehicle Booking...
WordPress W3 Total Cache 0.9.2.4 SQL Injection / Hash Disclosure
WordPress W3 Total Cache plugin version 0.9.2.4 remote exploit that leverages SQL injection to extract a user's name and password hash. ============================================================================================================================================= | Title : WordPress...
Poko Arcade HTML 5 Game Portal PHP Script 1.0 SQL Injection
Poko Arcade HTML 5 Game Portal PHP Script version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: Poko Arcade HTML 5 Game Portal PHP Script v1.0 - SQL Injection Date: 05-03-2025 Exploit Author: Buğra Enis Dönmez Vendor:...
Wazuh 4.9.1 Remote Code Execution
Wazuh version 4.9.1 proof of concept remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : Wazuh v 4.9.1 PHP Code Injection Vulnerability | | Autho...
WordPress Pingback Checker Server-Side Request Forgery
WordPress versions prior to 3.5.1 have a server-side request forgery issue that can be leveraged by the pingback checker tool. ============================================================================================================================================= | Title : WordPress before...
Hestia Control Panel 1.9.3 Remote Code Execution
Hestia Control Panel version 1.9.3 suffers from a remote command execution vulnerability. Exploit Title: Hestia Control Panel Remote Code Execution Google Dork: N/A Date: 05-03-2025 Exploit Author: Buğra Enis Dönmez n3c1 Vendor Homepage: https://hestiacp.com/ Software Link: https://hestiacp.com/...
Monstra CMS 3.0.4 Remote Command Execution
Monstra CMS version 3.0.4 proof of concept remote command execution exploit. Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution Date: 05.03.2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested...
Microsoft SRV2.SYS SMB 2 Denial of Service
Microsoft SRV2.SYS SMB version 2 remote denial of service exploit that leverages a flaw from 2009. ============================================================================================================================================= | Title : Microsoft SRV2.SYS SMB v2 Denial of Service...
ZENworks Configuration Management 11.1 Shell Upload
ZENworks Configuration Management version 11.1 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : ZENworks Configuration Management 11.1 PHP Code...
ABB Cylon Aspect 3.08.01 caldavUpload.php Funkalicious Exploit
Yo, check it - the ABB BMS/BAS system's got a slick little weakness in them caldavInstall.php, caldavInstallAgendav.php, and caldavUpload.php files. All you gotta do is drop that skipChecksum beat in the POST vibe, and bam, the system skips all that MD5 checksum nonsense, no EXPERTMODE needed to...
Zabbix 7.0.1rc1 Remote Code Execution
Zabbix server version 7.0.1rc1 remote code execution exploit that provides a reverse shell. ============================================================================================================================================= | Title : Zabbix server v 7.0.1rc1 PHP Code Injection...
IdoDesigns 1.0 XSS / CSRF / File Upload / File Deletion / SQL Injection
IdoDesigns version 1.0 suffers from cross site request forgery, cross site scripting, arbitrary file upload, arbitrary file deletion, and remote SQL injection vulnerabilities. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title IdoDesigns - Multiple Vulnerabiliti...
UniRide Vehicle Booking Management System 1.0 Insecure Settings
UniRide Vehicle Booking Management System version 1.0 suffers from an ignored default credential vulnerability. ============================================================================================================================================= | Title : UniRide Vehicle Booking Managemen...
OpenPanel 0.3.4 Remote Code Execution
OpenPanel version 0.3.4 suffers from a remote code execution vulnerability via /fix-permissions. Exploit Title: OpenPanel 0.3.4 - Remote Code Execution via Fix Permission Date: Nov 7, 2024 Exploit Author: Punthat Siriwan, Korn Chaisuwan, Pongtorn Angsuchotmetee Vendor Homepage:...
Teachers Record Management System 2.1 Cross Site Scripting
Teachers Record Management System version 2.1 suffers from a cross site scripting vulnerability. Exploit Title: Teachers Record Management System v2.1 | Unauthenticated Cross-Site Scripting XSS Date: 2025-03-04 Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor:...
HEXAGreen CMS SQL Injection
HEXAGreen CMS suffers from a remote SQL injection vulnerability. This software does not offer any version associated with it. Title: HEXAGreen CMS - Authenticated SQLi Description: HEXAGreen CMS authenticated error-based sql injection Source URL: http://ezcode.pt/tests/hexagreen/admin/ Source...
Resto - Single Vendor Online Food Ordering Shell Upload
Resto - Single Vendor Online Food Ordering suffers from a remote shell upload vulnerability. This software does not provide a version number. Title: Resto - Single Vendor Online Food Ordering - Authenticated RCE Description: Resto Single Vendor Online Source URL: https://res.newmedilife.in/admin...
Employee Leaves Management System 2.1 Insecure Direct Object Reference
Employee Leaves Management System version 2.1 suffers from an insecure direct object reference vulnerability. Exploit Title: Employee Leaves Management System ELMS v2.1 - Authenticated Insecure Direct Object References IDOR Date: 2025-03-04 Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor:...
TYPO 3.16.0 SQL Injection
TYPO version 3.16.0 suffers from a remote SQL injection vulnerability. ============================================================================================================================================= | Title : TYPO 3.16.0 Code Injection Vulnerability | | Author : indoushka | | Tested...
Jasmin Ransomware SQL Injection / Authenticaton Bypass
Jasmin Ransomware suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: Jasmin Ransomware SQL Injection Login Bypass Google Dork: N/A Date: 05-03-2025 Exploit Author: Buğra Enis Dönmez n3c1 Vendor Homepage:...
Wazuh 4.4.0 Remote Code Execution
Wazuh version 4.4.0 proof of concept remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : Wazuh v4.4.0 PHP Code Injection Vulnerability | | Author...
Webmin 2.202 Remote Code Execution
Webmin version 2.202 suffers from a remote code execution vulnerability. Exploit Title: Webmin RCE Leading to Privilege Escalation Google Dork: N/A Date: 05-03-2025 Exploit Author: Buğra Enis Dönmez Vendor Homepage: https://webmin.com/ Software Link: https://webmin.com/ Version: 2.202 Tested on:...
ZENworks Configuration Management 11.1a Shell Upload
ZENworks Configuration Management version 11.1a suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : ZENworks Configuration Management 11.1a PHP Cod...
WordPress ACF City Selector 1.14.0 Shell Upload
WordPress ACF City Selector plugin version 1.14.0 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : WordPress ACF City Selector plugin versions...
WP Load Gallery 2.1.6 Shell Upload
WordPress WP Load Gallery plugin version 2.1.6 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : WP Load Gallery plugin v2.1.6 Code Injection...
vBulletin 5.6.1 SQL Injection
vBulletin version 5.6.1 proof of concept remote SQL injection exploit that dumps the user table. ============================================================================================================================================= | Title : vbulletin 5.6.1 Code Injection Vulnerability | |...
Hospital Management System SQL Injection / Authentication Bypass
Hospital Management System suffers from a remote SQL injection vulnerability that allows for authentication bypass. This particular software does not have a version associated with it. Title: Hospital Management System - Authentication Bypass With SQLi Description: HMS with MYSQL authentication...
Control iD iDSecure 4.7.43.0 Add Administrator / Authentication Bypass
Control iD iDSecure version 4.7.43.0 exploit that adds an administrator. ============================================================================================================================================= | Title : Control iD iDSecure v4.7.43.0 PHP Code Injection Vulnerability | | Autho...