50621 matches found
📄 Jinja 2 1.4.0 Tactical RMM SSTI Detection
This proof of concept script detects potential server-side template injection vulnerabilities in web applications using template engines such as Jinja. The script sends a dynamically generated mathematical expression within a template payload to a target URL parameter. If the server evaluates the...
📄 tracker-extract 3.8.2 / tracker-miners 3.x Crash
Proof of concept exploit for tracker-extract version 3.8.2 and tracker-miners version 3.x that demonstrates a crash when parsing oversized or malformed frames from MP3/APEv2 tags...
📄 dr_libs 0.14.4 Heap Buffer Overflow
A heap buffer overflow exists in the function drwavreadsmpltometadataobj when processing WAV files with a crafted smpl chunk. The vulnerability arises due to a mismatch between sampleLoopCount validation in pass 1 and unconditional processing in pass 2, allowing 36 bytes of attacker-controlled da...
📄 F5 BIG-IP TMUI Unauthenticated Remote Code Execution
This Metasploit module exploits a directory traversal vulnerability in the F5 BIG-IP TMUI interface that allows unauthenticated attackers to execute arbitrary system commands via tmshCmd.jsp...
📄 libbiosig 3.9.2 Buffer Overflow
A specially crafted Intan CLP file can trigger a heap buffer overflow in applications that parse the CLP format without properly validating the HeadLen field. The vulnerable parser allocates memory based on the value of HeadLen but continues reading additional data from the file without enforcing...
📄 Ubuntu 25.10 Containerd Insecure Directory Permissions
This proof of concept exploit demonstrates and detects CVE-2024-25621, a security vulnerability in containerd caused by insecure permissions on critical runtime and data directories. Affected versions may expose container metadata and runtime artifacts due to directories being readable or writabl...
📄 DOMPurify 3.13 Cross Site Scripting
A mutation cross site scripting vulnerability exists in DOMPurify versions 3.1.3 and below when the SAFEFORXML configuration is enabled. ============================================================================================================================================= | Title : DOMPurif...
📄 Ipswitch WhatsUp Gold 1.0.0.24 Directory Traversal
Proof of concept exploit for a 2011 finding where Ipswitch WhatsUp Gold version 1.0.0.24 had a directory traversal in the included TFTP server. ============================================================================================================================================= | Title :...
📄 Splunk Enterprise 9.1.5 / 9.2.2 Remote Code Execution
This PHP script is a proof of concept exploit for CVE-2024-36985, an authenticated Remote Code Execution vulnerability affecting Splunk instances where the splunkarchiver app is installed and enabled. It is a conversion of a Metasploit module into PHP...
📄 tpAdmin 1.3.12 Shell Upload
tpAdmin versions 1.3.12 and below suffer from a remote shell upload vulnerability due to improper validation of file uploads within the preview.php component under /admin/lib/webuploader/0.1.5/server/...
📄 ThreatFire System Monitor 4.7.0.53 Kernel‑Mode Arbitrary Process Termination
This Metasploit module terminates the Windows Defender process MsMpEng.exe by sending a specific IOCTL to the TfSysMon driver. ============================================================================================================================================= | Title : ThreatFire System...
📄 OpenBabel 3.1.1 Heap Buffer Overflow
This project is a local exploitation research and crash detection framework designed to evaluate memory-safety weaknesses in Open Babel version 3.1.1 under controlled laboratory conditions...
📄 minimatch Denial of Service
minimatch suffers from a regular expression denial of service vulnerability. Versions prior to 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 are affected...
📄 OpenEXR Integer Overflow
Proof of concept exploit for a potential integer overflow condition when processing specially crafted multi‑part DeepScanLine EXR files with OpenEXR. The program generates a malicious .exr file containing 86 parts, where each pixel is assigned 50,000,000 samples. When these values are summed...
📄 joserfc JWE PBES2 1.6.2 Denial of Service
A denial of service condition can occur in applications using the joserfc library when processing malicious JSON Web Encryption tokens that use the PBES2-HS256+A128KW algorithm...
📄 Siklu EtherHaul Series EH-8010 / EH-1200 File Upload
PHP proof of concept for a critical vulnerability that exists in Siklu EtherHaul EH-8010 and EH-1200 devices running firmware versions 7.4.0 through 10.7.3. The rfpiped service exposed on TCP port 555 uses hardcoded AES-256-CBC encryption parameters static key and IV and lacks any authentication...
📄 c3p0 Insecure Deserialization
A critical vulnerability in c3p0 prior to version 0.12.0 allows attackers to achieve remote code execution through insecure handling of the userOverridesAsString property in several ConnectionPoolDataSource implementations...
📄 basic-ftp Path Traversal / Arbitrary File Write
basic-ftp versions prior to 5.2.0 proof of concept that demonstrates an arbitrary file write using a path traversal. ============================================================================================================================================= | Title : basic-ftp prior to version...
📄 MajorDoMo Remote Code Execution
A critical vulnerability in the MajorDoMo web console allows unauthenticated remote attackers to execute arbitrary system commands on the target server. By sending crafted requests to the /admin.php endpoint with manipulated console parameters, an attacker can inject and execute PHP code remotely...
📄 psd-tools Denial of Service
When a specially crafted PSD file contains malformed RLE-compressed image data for example, a literal run extending beyond the expected row size, the internal decoderle function raises a ValueError in psd-tools, resulting in a denial of service condition...
📄 OpenStack Remote Code Execution
A remote code execution vulnerability exists in the query parser of OpenStack Vitrage prior to versions 12.0.1, 13.0.0, 14.0.0, and 15.0.0.The issue resides in the createqueryfunction method...
📄 pypdf Memory Exhaustion / Denial of Service
pypdf versions prior to 6.7.3 were vulnerable to a denial of service condition caused by uncontrolled memory allocation during decompression of XFA streams. An attacker could craft a malicious PDF file containing a highly compressed stream using /FlateDecode...
📄 Splunk Enterprise 9.1.5 / 9.2.2 Remote Code Execution
Proof of concept exploit for a critical authenticated remote code execution vulnerability that affects multiple versions of Splunk Enterprise when the splunkarchiver application is enabled...
📄 Apache Artemis / ActiveMQ Artemis Missing Authentication
Proof of concept exploit for CVE-2026-27446 targeting Apache Artemis versions 2.50.0 through 2.51.0 and Apache ActiveMQ Artemis versions 2.11.0 through 2.44.0...
📄 Wireshark Dissector Crash Denial of Service
A vulnerability in the RF4CE Profile protocol dissector of Wireshark versions 4.6.0 through 4.6.3 and 4.4.0 through 4.4.13 allows an attacker to trigger a denial of service condition by supplying a specially crafted IEEE 802.15.4 packet capture file. The flaw exists in the handling of malformed...
📄 dottie 2.0.6 Prototype Pollution Bypass
CVE-2026-27837 describes an incomplete patch in dottie versions 2.0.4 through 2.0.6, following the original CVE-2023-26132 fix attempt. The protection added in commit 7d3aee1 validates only the first segment of a dot-separated property path against dangerous keys such as proto. However, the...
📄 Tactical RMM Jinja2 SSTI Remote Code Execution
This Metasploit module exploits a Server-Side Template Injection SSTI vulnerability in Tactical RMM versions prior to 1.4.0 CVE-2025-69516. The reporting template preview endpoint passes user-controlled Jinja2 template content to Environment.fromstring without sandboxing, allowing arbitrary Pytho...
📄 Windows SMB Client Privilege Escalation
This Metasploit module exploits CVE-2025-33073 in Windows SMB clients through a complex attack chain involving DNS record injection, NTLM relay attacks, and RPC coercion. The vulnerability allows privilege escalation and remote code execution on affected Windows systems including Windows 11,...
📄 Juniper JunosEvolved Remote Command Execution
This Metasploit module exploits an unauthenticated command injection vulnerability in the Juniper JunosEvolved API. The exploit workflow involves creating a custom command entity, mapping it to a Directed Acyclic Graph DAG, and triggering an execution instance. The module uses a non-destructive...
📄 basic-ftp downloadToDir() Path Traversal
basic-ftp versions prior to 5.2.0 suffer from a path traversal vulnerability in downloadToDir. ============================================================================================================================================= | Title : basic-ftp prior to version 5.2.0 Path Traversal in...
📄 Adobe DNG SDK 1.7.1 2410 Integer Overflow
A potential security issue may arise when processing DNG Digital Negative files that embed JPEG XL JXL compressed image streams if image dimensions are not properly validated before memory allocation. In this scenario, specially crafted width and height values are embedded inside the JPEG XL stre...
📄 Adobe SDK 1.7.1 2410 Integer Overflow / Denial of Service
A logic flaw in the processing of the ProfileHueSatMapDims 0xC6F5 tag within the Adobe DNG SDK can lead to an integer overflow condition when parsing crafted DNG files. By supplying excessively large dimension values e.g., 0x15555554 in the Hue/Saturation map metadata, an attacker can trigger...
📄 Cisco Catalyst SD-WAN Controller Authentication Bypass / Arbitrary WAR Upload
A critical security vulnerability chain was identified involving an authentication bypass through exposed configuration data, followed by an arbitrary file upload via path traversal. Successful exploitation may allow an attacker to deploy a malicious WAR archive into the application server's...
📄 Honeywell Trend IQ4 Unauthenticated Add Admin
This Metasploit module exploits an insecure default configuration in Honeywell Trend IQ4 controllers. By default, these devices do not enforce authentication, allowing a remote user to enable the User Module and create a new administrative account. Note: This action permanently changes the device...
📄 Wireshark USB HID Protocol Dissector Memory Exhaustion
CVE-2026-3201 is a denial of service vulnerability affecting the USB HID protocol dissector in Wireshark versions 4.6.0 through 4.6.3 and 4.4.0 through 4.4.13. The vulnerability is triggered when Wireshark parses a specially crafted USB HID Report Descriptor containing an excessively large...
📄 WordPress AI Engine 3.0.0 Shell Upload
This Metasploit module exploits an unauthenticated file upload vulnerability in the WordPress AI Engine plugin versions prior to 3.0.0. The plugin's REST API endpoint /wp-json/mwai-ui/v1/files/upload fails to properly validate authentication, allowing attackers to upload arbitrary files including...
📄 WonderCMS 3.4.2 Shell Upload
Proof of concept exploit for an authentication shell upload vulnerability in WonderCMS version 3.4.2. ============================================================================================================================================= | Title : WonderCMS 3.4.2 Authenticated file upload...
📄 WordPress AI Buddy 1.8.5 Shell Upload
Proof of concept exploit for a shell upload vulnerability in WordPress AI Buddy plugin versions 1.8.5 and below. This exploit is written in PHP. ============================================================================================================================================= | Title :...
📄 Splunk Enterprise 9.1.5 / 9.2.2 Vulnerability Scanner
This PHP script is a defensive vulnerability checker for CVE-2024-36985 affecting Splunk Enterprise. It authenticates to a Splunk instance using provided credentials, retrieves the installed Splunk version, and determines whether it falls within the vulnerable ranges. The script then enumerates...
📄 WordPress AI Engine: ChatGPT Chatbot 1.9.98 Shell Upload
This is a proof of concept that demonstrates the CVE-2023-51409 vulnerability in the WordPress AI Engine plugin in a controlled, safe, and non-destructive manner. It detects the plugin, tests unauthenticated access to the vulnerable endpoint, performs safe file uploads with non-executable content...
📄 WordPress AI Feeds 1.0.11 Shell Upload
Proof of concept exploit for an unauthenticated arbitrary file upload vulnerability in the AI Feeds plugin for WordPress versions 1.0.11 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP webshells, by exploiting the GitHub integration...
📄 WordPress AMGT 44.0 Shell Upload
A vulnerability in the WordPress AMGT plugin version 44.0 membership registration form allows an attacker to upload arbitrary files via the "amgtuseravatar" parameter. The uploaded file is stored with a timestamp-based filename that can be guessed, allowing remote code execution...
📄 WordPress Real Estate 7 3.5.2 Privilege Escalation
This Metasploit auxiliary scanner module targets a privilege escalation vulnerability in WordPress Real Estate 7 plugin version 3.5.2. The flaw allows unauthenticated attackers to register a new user account with administrator privileges by abusing the ctaddnewmember AJAX action...
📄 WordPress ACF 0.9.1.1 Remote Code Execution
WordPress ACF plugin version 0.9.1.1 unauthenticated remote code execution proof of concept exploit. ============================================================================================================================================= | Title : WordPress ACF 0.9.1.1 unauthenticated Remote...
📄 WordPress Cibeles AI 1.10.8 Shell Upload
An unauthenticated arbitrary file upload vulnerability exists in the Cibeles AI plugin for WordPress versions 1.10.8 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary files, including PHP webshells, by exploiting the GitHub integration functionality, leading to...
📄 WordPress AI Engine 3.1.3 Mass Enumeration
This advisory documents a fully automated PHP-based exploitation framework designed to perform mass enumeration, plugin detection, token extraction, and automated account creation targeting vulnerable WordPress MCP-related REST API endpoints...
📄 WordPress Bricks 1.9.6 Remote Code Execution
Proof of concept exploit for a critical vulnerability in WordPress Bricks Builder plugin version 1.9.6 that allows unauthenticated attackers to execute arbitrary PHP code through the Bricks REST API. The attack targets the renderelement endpoint, injecting malicious instructions in the Query Edit...
📄 WordPress AI Engine 3.1.3 Add Admin / Shell Upload
The AI Engine WordPress plugin version 3.1.3 exposes an MCP JSON RPC endpoint allowing unauthenticated calls to administrative functions. An attacker can remotely create an administrator account then upload a malicious plugin or payload to obtain full remote code execution on the WordPress Server...
📄 WordPress AI Bud 1.8.5 Shell Upload
WordPress AI Bud plugin version 1.8.5 suffers from an unauthenticated shell upload vulnerability. The vulnerability exists in the actualizadorgit.php file which provides unauthenticated access to download and execute files from arbitrary GitHub repositories without proper security controls...
📄 Easy File Sharing Web Server 7.2 Buffer Overflow
Easy File Sharing Web Server version 7.2 suffers from a buffer overflow vulnerability. Exploit title: Easy File Sharing Web Server v7.2 - Buffer Overflow Date: 16/10/2025 Exploit Author: Donwor X: @realDonwor Discord: Donwor Website: https://github.com/D0nw0r Software Link:...