50621 matches found
📄 Starlink DNS Rebinding
This Metasploit auxiliary module implements a DNS rebinding attack targeting Starlink infrastructure CVE-2023-52235. The module operates by running a malicious DNS server that dynamically switches responses from a public IP to internal network targets, enabling access to internal services. It als...
📄 AVideo Command Injection
The Metasploit exploit module targets a command injection vulnerability in AVideo. This module exploits a base64-encoded command injection flaw in AVideo Encoder's image processing endpoint, turning a simple URL parameter into remote code execution with multiple payload strategies. Versions prior...
📄 MailEnable 10.54 Cross Site Scripting
MailEnable versions 10.54 and below suffer from multiple cross site scripting vulnerabilities. --------------------------------------------------------------------------- MailEnable = 10.54 Multiple Reflected Cross-Site Scripting Vulnerabilities...
📄 Cursor IDE MCP Deeplink Remote Code Execution
This Metasploit module exploits the MCP deeplink functionality in Cursor IDE through social engineering. The cursor:// protocol handler can be abused when a user accepts an installation prompt, leading to arbitrary command execution...
📄 DSpace 7.6.6-next Cross Site Scripting
The Discovery Search REST API in DSpace version 7.6.6-next suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : DSpace 7.6.6-next Discovery API...
📄 Starlink DNS Rebinding
This python script implements a DNS rebinding attack targeting Starlink infrastructure CVE-2023-52235. ================================================================================================================================== | Title : Starlink DNS Rebinding Exploit | | Author : indoushka...
📄 PEGA Infinity Brute Force / Insecure Direct Object Reference
PEGA Infinity suffers from brute forcing and insecure direct object reference vulnerabilities. Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by the brute force issue. Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by the idor issue. SEC Consult Vulnerability Lab...
📄 OpenEMR Remote Code Execution
OpenEMR versions prior to 8.0.0.1 contain multiples command injection vulnerabilities in the backup functionality that can be exploited by authenticated attackers. CVE-2026-32238 - Remote Code Execution in OpenEMR Weakness CWE-78 : Improper Neutralization of Special Elements used in an OS Command...
📄 Casdoor 2.359.0 Cross Site Request Forgery
Casdoor version 2.359.0 suffers from a cross site request forgery vulnerability. This is an older vulnerability originally discovered in 2023 that they still have not addressed in later versions. Exploit Title: Casdoor 2.359.0 2026-03-18 - Cross-Site Request Forgery CSRF Application: Casdoor...
📄 Arturia Software Center MacOS 2.12.0.3157 Privilege Escalation
Arturia Software Center MacOS version 2.12.0.3157 suffers from privilege escalation vulnerabilities. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Privilege Escalation Vulnerabilities product: Arturia Softwa...
📄 AVideo getImage.php Unauthenticated Command Injection
This Metasploit module exploits an unauthenticated OS command injection vulnerability in the AVideo encoder getImage.php endpoint. This affects versions prior to 7.0. The base64Url GET parameter is base64-decoded and injected directly into an ffmpeg shell command within double quotes, without any...
📄 FreePBX Filestore Command Injection
This script targets a potential remote command execution vector in the FreePBX Filestore module by leveraging a valid PHP session cookie PHPSESSID to access administrative AJAX endpoints. The exploit attempts to abuse the testconnection function within the filestore module to inject and execute...
📄 WordPress WPvivid 0.9.123 Arbitrary File Write
This Metasploit module exploits an unauthenticated arbitrary file write vulnerability in the WPvivid Backup plugin used in WordPress websites. The vulnerability allows an attacker to send a specially crafted encrypted payload to the vulnerable endpoint using the parameter wpvividaction=sendtosite...
📄 WordPress WWLC 2.0.3.1 File Upload Scanner
This Python tool is a multi‑threaded scanner designed to detect an arbitrary file upload vulnerability in the WWLC WordPress plugin version 2.0.3.1. The script loads a list of target websites from a file and attempts to upload a crafted PHP payload through the vulnerable admin-ajax.php endpoint...
📄 Libjxl Integer Overflow
This Python script generates malicious JPEG XL JXL image files designed to test a potential integer overflow vulnerability in libjxl. The tool creates specially crafted JXL images with extremely large dimensions and manipulated headers that can trigger memory miscalculations when processed by...
📄 WordPress WWLC 2.0.3.1 File Upload Metasploit Scanner
This Metasploit auxiliary module scans WordPress websites for an arbitrary file upload vulnerability in the WWLC plugin version 2.0.3.1. The module attempts to upload a crafted PHP file through the vulnerable AJAX endpoint admin-ajax.php using the wwlcfileuploadhandler action. If the upload is...
📄 FreePBX Filestore Authenticated Command Injection
This Metasploit module exploits an authenticated command injection vulnerability in the FreePBX filestore module. The filestore module allows administrators to configure remote file storage backends SSH, FTP, etc. for backup and file management purposes. The vulnerability exists in the SSH driver...
📄 Microsoft Windows Server 2025 jscript.dll Use-After-Free
The exploit targets a use-After-free vulnerability in the JScript engine component jscript.dll of Internet Explorer 11 on Windows Server 2025. ============================================================================================================================================= | Title :...
📄 WordPress Canto 3.0.4 Remote File Inclusion
This is a Metasploit module that exploits a remote file inclusion vulnerability in WordPress Canto plugin versions 3.0.4 and below. ============================================================================================================================================= | Title : WordPress Can...
📄 Microsoft Windows 11 Race Condition / Privilege Escalation
This Metasploit module exploits CVE-2025-62215, a race condition combined with a double-free vulnerability in the Windows Kernel. It allows local privilege escalation from low-privileged users to SYSTEM by exploiting improper synchronization in kernel object handling...
📄 Microsoft Windows LNK File Remote Code Execution
This PHP script is a proof of concept exploit that demonstrates how to create a Windows LNK shortcut file that executes a PowerShell command in this example, launches calc.exe...
📄 Microsoft Windows Cloud Files Mini Filter Driver Local Privilege Escalation
Proof of concept exploit for a heap-based buffer overflow vulnerability in the Windows Cloud Files Mini Filter Driver cldflt.sys that allows local attackers to escalate privileges from user-level to SYSTEM-level access on affected Windows systems. The vulnerability exists in the Cloud Files Mini...
📄 SPIP CMS Analysis Scanner Script
This is an exploitation tool designed for websites running the SPIP CMS versions 5.4.0 through 5.11.0. The tool performs automated detection and enumeration of SPIP installations, identifies installed plugins, attempts to determine plugin versions, and searches for forms using the saisies plugin...
📄 Alipay Open Redirect / API Attacker Payload Insertion
A single crafted URL enables a complete attack chain against Alipay mobile application users that can allow for data exfiltration. As the vendor has stated this is normal behavior with no apparent plans to address the problem, this is being published to make users aware. Alipay Mobile App -...
📄 Microsoft Windows 11 SMB Local Privilege Escalation
Proof of concept for CVE‑2025‑33073, a Microsoft Windows SMB privilege escalation vulnerability that abuses local NTLM reflection behavior within the SMB stack...
📄 BuptLab DNS Relay Server 1.0 Denial of Service
A remote denial of service vulnerability exists in BuptLab DNS Relay Server version 1.0 due to improper validation of DNS label length during query parsing. An attacker can send a specially crafted DNS request containing an invalid label length field that exceeds the actual payload size. When the...
📄 WatchGuard Firebox Default SSH Credentials
This is a python script to detect whether or not WatchGuard Firebox devices allow unauthorized access via default credentials admin:readwrite on port 4118. =============================================================================================================================================...
📄 Vvveb CMS 1.0.5 Command Injection
Proof of concept exploit for a remote command injection vulnerability in Vvveb CMS version 1.0.5 via configuration files. Upon further analysis, the researcher has also discovered that this affects version 1.0.7.3...
📄 FreeFloat FTP Server 1.0 Buffer Overflow
Proof of concept exploit for a buffer overflow vulnerability in FreeFloat FTP Server version 1.0. The exploit works by sending an overly long payload through the NOOP FTP command, which overflows the server's buffer and allows control of the EIP Extended Instruction Pointer...
📄 Easy Grade Pro 4.1 Malformed .EGP File Denial of Service
This Python script generates a malformed .EGP gradebook file designed to trigger a crash in Easy Grade Pro 4.1 by corrupting data at a specific offset within the file...
📄 BuptLab DNS Relay Server 1.0 Buffer Underflow
This is a proof of concept exploit that leverages a remote heap buffer underflow denial of service vulnerability in BuptLab DNS Relay Server version 1.0.0 that was recently discovered by Antonius...
📄 Nginx UI 2.3.3 Unauthenticated Backup Disclosure / Decryption
This Python proof‑of‑concept demonstrates an unauthenticated information disclosure vulnerability in Nginx UI tracked as CVE-2026-27944. The vulnerability allows a remote attacker to access the /api/backup endpoint without authentication and retrieve a backup archive of the server configuration...
📄 Nginx UI 2.3.3 Backup Decryption Mass Scanner
This Python tool is a multi‑threaded scanner and exploitation utility designed to identify and validate the vulnerability CVE-2026-27944 affecting Nginx UI versions 2.3.2 and below. The script supports scanning single hosts, CIDR ranges, or target lists, and checks multiple common web service...
📄 WBCE CMS 1.6.5 LFI / Config Disclosure / Cross Site Scripting
The WBCE CMS frontend loader includes template files without sanitization. This allows local file inclusion, reading configuration files, and persistent cross site scripting via crafted templates. Version 1.6.5 is affected...
📄 Vivotek Camera Firmware OS 0125c Command Injection
Vivotek Camera Firmware OS versions 0100a through 0125c suffer from a command injection vulnerability. The issue resides in the CGI binary uploadmap.cgi, which operates under the Boa Webserver environment. The vulnerability occurs because the application improperly processes the POSTFILENAME...
📄 SPIP Saisies 5.11.0 Remote Code Execution
This Metasploit module exploits an unauthenticated PHP code injection in the SPIP Saisies plugin. The anciennesvaleurs form parameter is interpolated unsanitized into a hidden field rendered with interdirescripts=false, allowing direct PHP code execution via template eval. Exploitation requires a...
📄 GLib Memory Exhaustion
The gbase64decode function in the GLib library fails to enforce input size limits, allowing attackers to input extremely large Base64-encrypted data, resulting in uncontrolled memory allocation. This vulnerability can be exploited by providing a specially crafted, but syntactically correct, Base6...
📄 Router Fingerprint / Command Injection Scanner
This Python tool is designed to automatically identify the vendor of IoT routers through HTTP fingerprinting and attempt command-injection testing using vendor-specific payloads. The scanner analyzes HTTP headers and response bodies to detect device signatures from common manufacturers such as...
📄 usbmuxd 1.1.1-1 Path Traversal / Arbitrary File Write
A path traversal vulnerability exists in usbmuxd, a system daemon responsible for multiplexing USB connections to mobile devices. Due to insufficient validation and sanitization of file path inputs processed through its message-handling interface, a local attacker with access to the usbmuxd UNIX...
📄 VirtualBox 7.0.16 Local Privilege Escalation / Race Condition
VirtualBox version 7.0.16 proof of concept local privilege escalation exploit that leverages a race condition vulnerability. ============================================================================================================================================= | Title : VirtualBox 7.0.16...
📄 Web‑Check 1 Command Injection
A command injection vulnerability was identified in the Web‑Check application's /api/screenshot endpoint. The issue stems from the backend function that spawns a Chromium screenshot process using childprocess.exec with user‑controlled input passed via the url query parameter. Because the input wa...
📄 WatchGuard IKEv2 Detection Scanner
This Metasploit module checks for potential vulnerability to CVE-2022-23176 in WatchGuard Firmware IKEv2 service by analyzing malformed IKESAINIT responses. ============================================================================================================================================...
📄 Tutor LMS 2.6.2 Missing Authorization / Privilege Escalation
Proof of concept for a missing authorization vulnerability in the Tutor LMS WordPress plugin versions 2.6.2 and below. ============================================================================================================================================= | Title : Tutor LMS 2.6.2 Missing...
📄 Router Fingerprint / Command Injection Scanner
This Metasploit module targets multiple IoT routers by automatically fingerprinting the device vendor and attempting to exploit command injection vulnerabilities. The module sends an HTTP request to identify the router manufacturer by analyzing response headers and page content. Once the vendor i...
📄 Vvveb CMS 1.0.5 Insecure Direct Object Reference
A one liner of details for how to leverage the insecure direct object reference vulnerability in Vvveb CMS version 1.0.5. The research later discovered this also affects version 1.0.7.3...
📄 ASUS Router Multi-Stage Command Injection
A multi‑stage command injection vulnerability allows an attacker to achieve remote command execution on a vulnerable ASUS router by abusing the SETROOTCERTIFICATE and APPLYAPP HTTP methods. In the first stage, a malicious shell script is uploaded to the target system disguised as a certificate fi...
📄 Universal‑Ctags V Language 6.2.1 Parser Uncontrolled Recursion
A denial of service issue has been discovered in Universal‑Ctags versions 6.2.1 and below affecting the V language parser component. ============================================================================================================================================= | Title :...
📄 Vertex AI Experiments 1.132.x Predictable Bucket Naming
A vulnerability identified as CVE-2026-2473 affected Google Cloud Vertex AI, specifically the Vertex AI Experiments component, in versions 1.21.0 through 1.132.x fixed in 1.133.0 and later. The issue stemmed from predictable Cloud Storage bucket naming patterns, enabling a class of attack known a...
📄 Voyager 1.8.0 Arbitrary File Upload
Voyager version 1.8.0 has an issue where an attacker with minimal privileges any role allowed to upload images in a Rich Text Box can upload a polyglot file masquerading as an image while embedding server-side executable code...
📄 Vite 6.2.2 Arbitrary File Read
Proof of concept exploit for an arbitrary file read in Vite version 6.2.2. ============================================================================================================================================= | Title : Vite 6.2.2 Arbitrary File Read – PHP Exploit | | Author : indoushka | ...