50738 matches found
📄 Traccar GPS Tracking System 6.11.1 Cross-Site WebSocket Hijacking
Traccar GPS Tracking System version 6.11.1 cross-site websocket hijacking proof of concept exploit. Exploit Title: Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking CSWSH Date: 2026-02-26 Exploit Author: Hazar Taspinar Vendor Homepage: https://www.traccar.org/ Software Link:...
📄 cPanel Authentication Manipulation / Session Injection
This Python script attempts to an authentication bypass against a cPanel login endpoint by crafting a modified login request and manipulating session-related data. Versions after 11.40 are affected...
📄 UltimatePOS 4.8 Cross Site Scripting
The administrative panel in UltimatePOS version 4.8 suffers from a persistent cross site scripting vulnerability. CVE-2025-60503 — Stored Cross-Site Scripting XSS in UltimatePOS UltimateFosters v4.8 Publication date: 2025-10-30 CVE ID: CVE-2025-60503 RESERVED Researcher: Vivien Lebas Vendor:...
📄 cPanel / WHM Authentication Bypass / CRLF Injection
A critical authentication bypass vulnerability exists in the cPanel/WHM cpsrvd daemon due to improper neutralization of line delimiters CRLF in the whostmgrsession cookie and Authorization headers. An unauthenticated remote attacker can leverage this flaw to inject malicious session parameters...
📄 LiteLLM 1.83.0 Insecure Direct Object Reference
LiteLLM exposes a /config/update API endpoint that allows administrators to make configuration changes to the instance. Due to a missing authorization check, low-privileged users can access this endpoint without restriction. An attacker with a low-privileged account can exploit this to exfiltrate...
📄 GoAnywhere MFT 7.9.1 HTML Injection
GoAnywhere MFT versions prior to 7.10.0 are affected by an HTML injection vulnerability in the email templating functionality. If an attacker is able to influence the content of a template variable, malicious HTML can be embedded into outgoing emails generated by the application. As these message...
📄 DeskTime Time Tracking App 1.3.671 Missing Certificate / Remote Code Execution
DeskTime Time Tracking App version 1.3.671 has an issue where due to missing TLS certificate validation, attackers, who can inject themselves into the network path between the client and the DeskTime update servers, can return a malicious executable in response to an update request and achieve...
📄 EfficientLab Controlio DLL Hijacking
EfficientLab Controlio versions prior to 1.3.95 suffer from dll hijacking vulnerabilities. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: DLL Hijacking product: EfficientLab Controlio cloud-based employee monitoring...
📄 SAP HANA Cockpit / Database Explorer Private Key Disclosure
SAP HANA Cockpit and SAP HANA Database Explorer expose the private key of their X.509 certificate. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Exposed Private Key of X.509 Certificate product: SAP HANA...
📄 SolarEdge 3.0-2021 Cross Site Request Forgery / Out-Of-Bounds Access
SolarEdge version 3.0-2021 suffers from cross site request forgery and out-of-band injection vulnerabilities. Titles: solaredge-CSRF-OOB-Injection 3.0-2021 web portal Author: nu11secur1ty Date: 2026-04-26 Vendor: SolarEdge Technologies Ltd. Software: SolarEdge Monitoring Platform - Framework...
📄 School Management System PHP 1.0.0 Cross Site Scripting
School Management System PHP version 1.0.0 suffers from a persistent cross site scripting vulnerability that can lead to administrative account takeover. ==================================================== School Management System PHP - Stored XSS leading to Admin Account Takeover...
📄 Pizzafy Ecommerce System 1.0 SQL Injection
The admin/vieworder.php endpoint in Pizzafy Ecommerce System version 1.0 fails to properly sanitize the id GET parameter before passing it to a MySQL query. An authenticated administrator can manipulate this parameter to inject arbitrary SQL, leading to full database compromise. SQL Injection in...
📄 OpenNebula 6.10.0.1 Cross Site Scripting
OpenNebula version 6.10.0.1 suffers from multiple persistent cross site scripting vulnerabilities. OpenNebula-CVE-2025-56537 Exploit Title : OpenNebula 6.10.0.1 - Stored XSS Cross-site Scripting in virtual network template Exploit Author : Mark Artamonov Vendor Homepage : https://opennebula.io/...
📄 Pizzafy Ecommerce System 1.0 Shell Upload
The savemenu function in Pizzafy Ecommerce System version 1.0 handles image uploads for menu items without performing any file type validation. The application retrieves the file extension using pathinfo but never actually checks or restricts the allowed file types before moving the uploaded file...
📄 Coaching Management System 1.0 Cross Site Scripting
Coaching Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Stored Cross-Site Scripting XSS in Coaching Management System Leads to Account Takeover --- Product Coaching Management System in PHP Code-Projects.org...
📄 ESP-RFID-Tool V2 PRO Traversal / XSS / Bypass / Enumeration
ESP-RFID-Tool V2 PRO suffers from bypass, cross site request forgery, cross site scripting, information leakage, path traversal, and multiple other vulnerabilities. The vendor has seemingly taken a hostile approach to responding to these findings and is uncooperative. Security Advisory:...
📄 Microsoft Windows TBroker Registry Symlink Information Disclosure
This code demonstrates a proof of concept attack targeting Windows ATBroker Assistive Technology Broker to achieve sensitive information disclosure through unsafe Registry handling...
📄 Microsoft WinLogon Registry Deletion / Privilege Escalation
This code represents a highly destructive proof of concept targeting Windows WinLogon and Registry access control mechanisms to achieve privilege escalation and system integrity compromise. The exploit is built around abusing Registry symbolic links and session-based Accessibility paths to redire...
📄 thumbler 1.1.2 Command Injection
The thumbler package through version 1.1.2 contains a critical command injection vulnerability in the thumbnail function. User-supplied input parameters input, output, time, size are concatenated into a single ffmpeg command string and executed via childprocess.exec without proper sanitization. A...
📄 SQLite 3.50.1 winsqlite3.dll Heap Overflow
This Metasploit local exploit module targets a heap overflow vulnerability in winsqlite3.dll in SQLite versions prior to 3.50.2 on Windows systems. It first attempts to detect the installed SQLite version, then generates a specially crafted database and SQL workload containing an excessive number...
📄 Sequelize 6.37.7 SQL Injection
A remote SQL injection vulnerability exists Sequelize versions 6.37.7 and below in the JSON/JSONB where clause processing. When Sequelize parses a JSON path key containing ::, the value after :: is treated as a SQL cast type and is inserted into the generated SQL without proper validation. If an...
📄 OSK Registry-Based Privilege Escalation / Symlink Attack
The provided code is a conceptual Windows privilege escalation exploit targeting the On-Screen Keyboard osk.exe and Accessibility AT registry infrastructure. It attempts to abuse weak trust boundaries between user-level registry configuration and system-level execution paths...
📄 SolarEdge 3.0-2021 Cross Site Request Forgery / OOB Injection
SolarEdge version 3.0-2021 suffers from a cross site request forgery vulnerability in the /solaredge-web/p/initClient that can lead to a remote command injection vulnerability. Titles: solaredge-CSRF-OOB-Injection 3.0-2021 web portal Author: nu11secur1tyAI Date: 2026-04-26 Vendor: SolarEdge...
📄 textract 2.5.0 Command Injection
In textract version 2.5.0, a security vulnerability allows OS command injection when untrusted file paths are processed by the library. ================================================================================================================================== | Title : textract 2.5.0 OS...
📄 Vienna Assistant 1.2.542 macOS Privilege Escalation
A macOS helper service interface implemented via NSXPC was observed exposing methods that may allow privileged operations such as file writing and command execution through a remote proxy connection...
📄 OWASP CRS 3.3.9 / 4.25.x LTS / 4.8.x File Upload Bypass
This proof of concept demonstrating a weakness in some web applications protected by OWASP Core Rule Set CRS or similar filters, where file upload validation can be bypassed using ambiguous filename formatting...
📄 V8 BigInt String Conversion Stress Test Conceptual Sandbox
This is a V8 Sandbox Escape vulnerability in BigInt::Allocate where buffers are shuffled outside the sandbox. The vulnerability allows for writes outside the boundaries of the allocated buffer within the sandbox outbound write by manipulating data during the MultiplyFFT process...
📄 pdf-image 2.0.0 Command Injection
In pdf-image version 2.0.0, a security issue allows OS command injection when untrusted input is passed to the PDFImage constructor and later processed by methods such as getInfo...
📄 Windows Cloud Files Tiering Engine Local Privilege Escalation
his Metasploit local exploit module models a Windows privilege escalation scenario involving Cloud Files, NTFS reparse points, named pipes, and service interaction. The workflow simulates abusing file system operations and cloud sync mechanisms by creating controlled directories, placeholder file...
📄 node-tesseract-ocr 2.2.1 Command Injection
In node-tesseract-ocr version 2.2.1, a security vulnerability allows OS command injection when attacker-controlled image paths are passed to the OCR function. ================================================================================================================================== | Title...
📄 WebADM 2.4.17-1 Password Hash Disclosure
WebADM version 2.4.17-1 contains an authenticated information disclosure vulnerability in the LDAP search functionality. The display parameter in search.php accepts any LDAP attribute without server-side validation. A low-privileged admin can retrieve SSHA password hashes for all LDAP users...
📄 Microsoft MMC (.MSC) File Execution Abuse Leading / Admin Creation
This Metasploit local Windows exploit module abuses the way Microsoft Management Console MMC processes specially crafted .msc files to achieve arbitrary PowerShell execution when a user opens the file. The payload is designed to create a new local administrator account or execute a custom command...
📄 NocoBase 2.0.27 Sandbox Escape / Remote Code Execution
This code is a Metasploit Auxiliary module designed to exploit a remote code execution vulnerability in NocoBase versions 2.0.27 and below. It targets a flaw in the server-side script execution engine flownodes that allows breaking out of the JavaScript sandbox...
📄 Open WebUI 0.8.11 Information Disclosure
A potential access control issue was identified in Open WebUI where the Tools API and associated “valves” endpoints may expose sensitive configuration data when accessed with valid authentication tokens. The affected endpoints allow retrieval of tool metadata and configuration structures that may...
📄 LuaJIT 2.1.1774638290 FFI Remote Code Execution / Lua Injection
This script is a LuaJIT exploitation tool that attempts to abuse the LuaJIT FFI Foreign Function Interface to execute system commands or arbitrary shellcode on a remote Lua runtime exposed over a TCP socket. It connects to a target service, injects Lua code dynamically, and leverages unsafe FFI...
📄 MetInfo CMS 8.1 Shell Upload Mass Exploiter
This Python module is a mass exploitation framework designed to automate the testing and exploitation of multiple MetInfo CMS targets potentially affected by CVE-2026-29014...
📄 OpenClaw 2026.3.13 MEDIA Protocol File Disclosure
This Python script is a security exploitation tool targeting the OpenClaw system integrated with Discord. It attempts to exfiltrate sensitive files from a victim environment by abusing a MEDIA: prompt injection mechanism...
📄 Microsoft SQL Server 2022/2025 Privilege Escalation
This Python script demonstrates a privilege escalation technique targeting Microsoft SQL Server, associated with CVE-2025-24999. The exploit abuses improper permission controls on system stored procedures in the msdb database to elevate a low-privileged account to SYSADMIN...
📄 lollms-webui Server-Side Request Forgery
lollms-webui suffers from a server-side request forgery vulnerability. ================================================================================================================================== | Title : lollms-webui SSRF for Cloud Metadata Leakage and Internal Network Pivoting | | Author...
📄 MISP 2.5.27 Workflow Engine Cross Site Scripting
This Metasploit auxiliary module targets a potential stored cross site scripting vulnerability in the MISP Workflow Engine. It is designed to interact with the MISP API, create workflows, and inject malicious payloads into workflow data fields...
📄 NLTK 3.9.2 Path Traversal / File Disclosure
NLTK version 3.9.2 suffers from a path traversal vulnerability that allows for file disclosure. ================================================================================================================================== | Title : NLTK 3.9.2 Path Traversal - File Disclosure Exploit | | Auth...
📄 MetInfo CMS 8.1 PHP Code Injection
This Python script is a full remote code execution exploit suite targeting a vulnerability in MetInfo CMS versions 8.1 and below. The flaw resides in the weixin module handling logic, where improperly sanitized input allows PHP code injection via crafted XML and HTTP parameters/headers...
📄 Keras 3.13.0 Malicious ML Model Server HDF5 Shape Bomb
This script is a Flask-based web server that distributes .keras machine learning model files, but it is designed in a malicious way for security research/testing scenarios. The main idea is a denial of service via memory exhaustion, where generated Keras models contain artificially declared...
📄 SocialEngine 7.8.0 Server-Side Request Forgery
SocialEngine versions 7.8.0 and below suffer from a blind server-side request forgery vulnerability. User input passed through the uri request parameter to the /core/link/preview endpoint is not properly sanitized before being used as URL to send an HTTP request from the web server...
📄 Langflow 1.8.4 Traversal / Remote Code Execution
This Metasploit module targets a path traversal vulnerability in Langflow versions 1.8.4 and below that allows attackers to write arbitrary files on the system through the /api/v2/files endpoint...
📄 SocialEngine 7.8.0 SQL Injection
SocialEngine versions 7.8.0 and below suffer from a remote SQL injection vulnerability. User input passed through the text request parameter to the /activity/index/get-memberall endpoint is not properly sanitized before being used to construct an SQL query...
📄 Hoverfly 1.11.3 Remote Command Execution
This Python script is an exploitation tool targeting a vulnerable Hoverfly API endpoint, specifically the /api/v2/hoverfly/middleware functionality, which allows execution of user-supplied input through a backend binary...
📄 Grav CMS 1.7.49.5 Shell Upload
This script targets a Grav CMS administrative panel by first authenticating, then checking version information to estimate vulnerability exposure. If conditions are met, it generates a malicious PHP plugin containing a base64-encoded payload and uploads it as a ZIP package through the “direct...
📄 Langflow Remote Code Execution
The CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes the LangChains Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full remote code execution. This module...
📄 FortiWeb 8.0.1 Authentication Bypass / Code Execution
This Metasploit module targets a critical remote code execution vulnerability in FortiWeb's management interface by chaining multiple weaknesses. It goes from authentication bypass to path traversal to arbitrary file upload to remote code execution...