50736 matches found
📄 Ghost CMS 6.19.0 SQL Injection
This is a Metasploit auxiliary module targeting a blind, unauthenticated SQL injection vulnerability in the Ghost CMS Content API that affects versions 3.24.0 through 6.19.0...
📄 Dovecot 3.1.0 Authentication Bypass / User Enumeration
This Metasploit auxiliary module targets an LDAP injection vulnerability in Dovecot mail servers that can lead to authentication bypass or user enumeration via IMAP/POP3. Version 3.1.0 is affected...
📄 Dovecot doveadm Timing Attack / Credential Extraction
This Metasploit auxiliary module performs a timing-based side-channel attack against the Dovecot doveadm HTTP interface to extract credentials character by character. ==================================================================================================================================...
📄 Dovecot IMAP NOOP Command Memory Exhaustion Denial of Service
This Metasploit auxiliary module targets a memory exhaustion vulnerability in the Dovecot IMAP service. It opens multiple concurrent TCP connections and sends specially crafted NOOP commands containing deeply nested parentheses to force excessive memory allocation on the server. By sustaining the...
📄 Dovecot ManageSieve Crash Denial of Service
This Metasploit auxiliary module targets a denial of service vulnerability in the Dovecot ManageSieve service, where improper handling of authentication requests can lead to service crashes. Affects Dovecot CE core 2.4.0-2.4.2 and Dovecot Pro core 3.1.0-3.1.2. Fixed in versions 2.4.3 and 3.1.3...
📄 Dovecot OTP Replay Attack
This Metasploit auxiliary module targets a vulnerability in Dovecot's OTP One-Time Password authentication system that allows potential replay attacks when authentication caching is enabled and username handling is improperly managed...
📄 esiclivre 0.2.2 SQL Injection
The password reset functionality in esiclivre is affected by multiple vulnerabilities. The cpfcnpj parameter is vulnerable to Blind SQL injection due to improper input handling. Additionally, the endpoint lacks CSRF protection, input validation, and rate limiting, enabling attackers to perform us...
📄 Dovecot passwd-file Path Traversal
This Metasploit auxiliary module targets a path traversal vulnerability in Dovecot's passwd-file authentication backend when per-domain configuration is enabled. ================================================================================================================================== |...
📄 Eclipse Che WebSocket Machine-Exec Remote Code Execution
This Python script is a WebSocket-based client designed to interact with an Eclipse Che / DevSpaces machine-exec service and test for an unauthenticated remote code execution vulnerability...
📄 WebDAV PHP Upload
This Metasploit module exploits WebDAV which also has PHP enabled, such as found on XAMPP servers. It can use do by using any supplied credentials to upload via WebDAV, a PHP payload and then execute it. This module requires Metasploit: https://metasploit.com/download Current source:...
📄 WordPress Highlight and Share 5.2.0 Missing Authentication
WordPress Highlight and Share plugin versions 5.2.0 and below suffers from a missing authentication vulnerability. Exploit Title: WordPress Plugin 5.2.0 - Broken Access Control Date: 2025-09-20 Exploit Author: Zeeshan Haider Vendor Homepage: https://wordpress.org/plugins/ Software Link:...
📄 Dovecot MIME Parameter CPU Exhaustion
This Metasploit module targets a denial of service vulnerability in the Dovecot LMTP service caused by excessive CPU consumption. ================================================================================================================================== | Title : Dovecot MIME Parameter CPU...
📄 Throttlestop Kernel Driver 3.0.0.0 Privilege Escalation
Throttlestop Kernel Driver version 3.0.0.0 suffers from a privilege escalation vulnerability. Exploit Title: Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation Exploit Details: https://xavibel.com/2025/12/22/using-vulnerable-drivers-in-red-team-exercises/ Date: 8/12/2025...
📄 ASP.net 8.0.10 Core Kestrel HTTP Request Smuggling
This Metasploit auxiliary module targets a critical HTTP request smuggling vulnerability in ASP.NET Core Kestrel caused by improper parsing of malformed chunked transfer encoding notably LF-only line handling and case-variant headers like chUnKEd...
📄 Below Symlink Privilege Escalation
This Python script demonstrates a potential privilege escalation technique related to CVE-2025-27591, leveraging symbolic link symlink manipulation in a logging directory used by the below utility. Versions prior to 0.9.0 are affected...
📄 Below Log File Symlink Privilege Escalation
This Metasploit module exploits a local privilege escalation vulnerability in the below utility when executed with sudo. This affects versions prior to 0.9.0. ================================================================================================================================== | Title...
📄 Trojan-Spy.Win32.Small MVID-2026-0705 Remote Command Execution
Trojan-Spy.Win32.Small malware opens a listener on TCP port 65535, allowing unauthenticated remote attackers with network access to execute arbitrary operating system commands on the infected host. Discovery / credits: Malvuln John Page aka hyp3rlinx c 2026 Original source:...
📄 7-Zip Directory Traversal / Remote Code Execution
This Metasploit local Windows exploit module targets a directory traversal vulnerability in 7-Zip versions prior to 25.00 that can be abused through a malicious ZIP archive to achieve arbitrary code execution when the archive is extracted...
📄 Bludit CMS 3.18.2 Shell Upload
This Metasploit module targets a vulnerability in Bludit CMS version 3.18.2 targeting the API file upload mechanism which allows authenticated users with a valid API token to upload arbitrary files without proper validation. This can result in a shell upload...
📄 Remote Sunrise Helper for Windows 2026.14 Live Screen Capture
Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated live screen capture vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Live Screen Capture Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...
📄 OpenEMR 8.0.0.2 SQL Injection
This Metasploit auxiliary module targets a potential SQL injection vulnerability in OpenEMR version 8.0.0.2. ================================================================================================================================== | Title : OpenEMR 8.0.0.2 Exploitation Tool | | Author :...
📄 openDCIM 25.01 SQL Injection
openDCIM version 25.01 remote SQL injection exploit that can be leveraged to execute arbitrary code. ================================================================================================================================== | Title : openDCIM 25.01 Python Exploit – Authenticated &...
📄 Remote Sunrise Helper for Windows 2026.14 File Upload
Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated file upload vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File Upload Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...
📄 Remote Sunrise Helper for Windows 2026.14 UDP Injection
Remote Sunrise Helper for Windows version 2026.14 suffers from UDP injection that can allow for remote code execution. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated UDP Input Injection RCE Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...
📄 dcontrol 1.0.9 Local File Inclusion
dcontrol version 1.0.9 suffers from an unauthenticated local file inclusion vulnerability via a path traversal. Exploit Title: dcontrol v1.0.9 - Unauthenticated Local File Inclusion LFI Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/dhjz/dcontrol Software Link...
📄 Remote Sunrise Helper for Windows 2026.14 Directory Creation
Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated directory creation vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Directory Creation Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...
📄 dcontrol 1.0.9 Arbitrary File Upload
dcontrol version 1.0.9 suffers from an unauthenticated arbitrary file upload vulnerability. Exploit Title: dcontrol v1.0.9 - Unauthenticated Arbitrary File Upload Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/dhjz/dcontrol Software Link:...
📄 Remote Sunrise Helper for Windows 2026.14 Screenshot Capture
Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated screenshot capture vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Screenshot Capture Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...
📄 dwol 1.0.0 Command Injection
dwol version 1.0.0 suffers from an unauthenticated command injection vulnerability in the host parameter of the /api/machines endpoint. Exploit Title: dwol v1.0.0 - Unauthenticated Command Injection Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/dhjz/dwol...
📄 Remote Sunrise Helper for Windows 2026.14 Remote Code Execution
Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated remote code execution vulnerability. Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Remote Code Execution Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...
📄 openDCIM 25.01 SQL Injection / Remote Code Execution
openDCIM version 25.01 remote SQL injection exploit that achieves remote code execution. ================================================================================================================================== | Title : openDCIM 25.01 SQL Injection Leading to Remote Code Execution | |...
📄 Remote Sunrise Helper for Windows 2026.14 File / Folder Deletion
Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated file / folder deletion vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Folder Delete Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...
📄 OpenEMR 8.0.0.2 Remote Code Execution
This Metasploit exploit module targets a potential remote code execution vulnerability in OpenEMR systems identified as CVE-2026-32238. The module combines authentication handling, HTTP request manipulation, and command injection capabilities to achieve remote command execution on vulnerable...
📄 WordPress Kali Forms 2.4.9 Remote Code Execution
WordPress Kali Forms plugin version 2.4.9 suffers from a remote code execution vulnerability. ================================================================================================================================== | Title : WordPress Kali Forms 2.4.9 Remote Code Execution Assessment | ...
📄 Remote Sunrise Helper for Windows 2026.14 UAC Bypass
Remote Sunrise Helper for Windows version 2026.14 suffers from a local UAC bypass vulnerability via the Icon Import dialog. Exploit Title: Remote Sunrise Helper for Windows 2026.14 - UAC Bypass via Icon Import Dialog Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...
📄 dcontrol 1.0.9 Remote Code Execution
dcontrol version 1.0.9 suffers from an unauthenticated remote code execution vulnerability via the /control-api/monitor/open endpoint. Exploit Title: dcontrol v1.0.9 - Unauthenticated Remote Code Execution RCE Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage:...
📄 dcontrol 1.0.9 Remote Screen Capture
dcontrol version 1.0.9 suffers from an unauthenticated remote screen capture vulnerability via the WebSocket endpoint at /ws. The application allows any client to connect to the WebSocket without authentication and request screenshots of the target system's display by sending a "screen" message...
📄 dwatch 0.0.2 Server-Side Request Forgery
dwatch version 0.0.2 allows unauthenticated users to create monitoring tasks via the /api/task/save endpoint. The url parameter accepts arbitrary URLs and makes HTTP requests to them. Exploit Title: dwatch 0.0.2 - Unauthenticated SSRF via Task URL Date: 2026-04-18 Exploit Author: Chokri Hammedi...
📄 dmonitor 1.0.3 Server-Side Request Forgery
dmonitor version 1.0.3 suffers from an unauthenticated server-side request forgery vulnerability that can allow for data exfiltration. Exploit Title: dmonitor v1.0.3 - Unauthenticated SSRF Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/dhjz/dmonitor Software...
📄 dcontrol 1.0.9 Keyboard Injection Remote Code Execution
dcontrol version 1.0.9 is vulnerable to an unauthenticated remote code execution via keyboard input injection. The /control-api/monitor/sendkey and /control-api/monitor/sendtext endpoints allow an unauthenticated attacker to simulate keyboard input on the target system. By chaining these endpoint...
📄 Remote Sunrise Helper for Windows 2026.14 Directory Listing
Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated file / directory listing vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing Date: 2026-04-20 Exploit Author: Chokri Hammedi Softwar...
📄 Remote Sunrise Helper for Windows 2026.14 Arbitrary File Read
Remote Sunrise Helper for Windows 2026.14 suffers from an unauthenticated file read vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File Read Date: 2026-04-20 Exploit Author: Chokri Hammedi Software: https://rs.ltd/latest.php?os=win...
📄 Remote Sunrise Helper for Windows 2026.14 UAC Bypass
Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated UAC bypass vulnerability that enables remote code execution via /api/executeScript. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated UAC Bypass Elevated CMD Date:...
📄 dcontrol 1.0.9 Arbitrary File Delete
dcontrol version 1.0.9 suffers from an unauthenticated arbitrary file deletion vulnerability via path traversal in the /control-api/file/delete endpoint. Exploit Title: dcontrol v1.0.9 - Unauthenticated Arbitrary File Delete Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage:...
📄 EspoCRM 9.3.3 Remote Code Execution
This Metasploit module targets an authenticated remote code execution vulnerability in EspoCRM versions 9.3.3 and below. ================================================================================================================================== | Title : EspoCRM ≤ 9.3.3 Authenticated RCE...
📄 MCPJam Inspector 1.4.2 Remote Code Execution
This Metasploit auxiliary module targets a remote code execution vulnerability in MCPJam Inspector version 1.4.2. The flaw exists in the /api/mcp/connect endpoint, where user-controlled input is improperly passed to a backend execution mechanism...
📄 PCLink 4.1.1 Authentication Bypass / Code Execution
PCLink version 4.1.1 trusts localhost requests with the "X-Internal-Auth: true" header, bypassing all authentication. Combined with unrestricted extension installation, this allows arbitrary code execution. Exploit Title: PCLink v4.1.1 - Authentication Bypass Leading to Remote Code Execution Date...
📄 Activitypub-federation-rust 0.7.1 Server-Side Request Forgery
This is a server-side request forgery scanner for Activitypub-federation-rust version 0.7.1. ================================================================================================================================== | Title : Activitypub-federation-rust 0.7.1 Lemmy ActivityPub SSRF Scanne...
📄 ddev ZipSlip Path Traversal
A ZipSlip path traversal vulnerability exists in the ddev/ddev project, affecting archive extraction routines. The issue allows a crafted ZIP archive to write files outside the intended extraction directory, potentially leading to arbitrary file overwrite on the host system...
📄 V8 Sandbox Bypass: BigInt Division Memory Corruption
This is a variant of crbug.com/474041332. The issue there was that MultiplyFFT, an optimized version of integer multiplication for very large inputs, is not robust against concurrent modification of its input buffers, but was called from ProcessorImpl::FromStringLarge with a temporary buffer insi...