6819 matches found
The Riskiest Connected Devices of 2025
Since 2020, Forescout Research - Vedere Labs has been monitoring the riskiest devices in organizational networks, leveraging data sourced directly from the devices themselves. This marks their fifth report in six years...
CrushFTP 10 / 11 Authentication Bypass
This proof of concept will exploit the authentication bypass vulnerability in CrushFTP versions 10 before 10.8.4 and 11 before 11.3.1. It will create a new user account with administrative level permissions. It requires the username of an existing user as the target and the default is set to...
FASTRPC_ATTR_KEEP_MAP Use-After-Free
A FASTRPCATTRKEEPMAP logic bug allows fastrpcinternalmunmapfd to concurrently free in-use mappings leading to a use-after-free condition...
WordPress Bricks Builder 1.9.6 Remote Code Execution
WordPress Bricks Builder plugin versions 1.9.6 and below unauthenticated remote code execution exploit...
WordPress Motors 1.4.64 Arbitrary Plugin Installation
WordPress Motors plugin versions 1.4.64 and below suffer from an arbitrary plugin installation vulnerability...
Next.js Middleware 15.2.2 Authorization Bypass
Next.js Middleware authorization bypass proof of concept exploit. Versions affected include 13.0.0 through 13.5.8, 14.0.0 through 14.2.24, 15.0.0 through 15.2.2, and 11.1.4 through 12.3...
OpenSCAP Libraries 1.3.12
The openscap project is a set of open source libraries that support the SCAP Security Content Automation Protocol set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF...
AIDE 0.19
AIDE Advanced Intrusion Detection Environment is a free replacement for Tripwiretm. It generates a database that can be used to check the integrity of files on server. It uses regular expressions for determining which files get added to the database. You can use several message digest algorithms ...
WordPress RomethemeKit for Elementor 1.5.4 Arbitrary Plugin Installation
WordPress RomethemeKit For Elementor plugin versions 1.5.4 and below suffer from an authenticated arbitrary plugin installation and activation vulnerability that can lead to remote code execution...
Firefox xslt/txNodeSorter Out-Of-Bounds Access
An inconsistent comparator in xslt/txNodeSorter leads to out-of-bounds access in Firefox...
Apple Security Advisory 03-31-2025-2
Apple Security Advisory 03-31-2025-2 - Xcode 16.3 addresses issues where a malicious app could access private information or overwrite arbitrary files...
Apple Security Advisory 03-31-2025-5
Apple Security Advisory 03-31-2025-5 - iOS 16.7.11 and iPadOS 16.7.11 addresses an out of bounds write vulnerability...
Apple Security Advisory 03-31-2025-6
Apple Security Advisory 03-31-2025-6 - iOS 15.8.4 and iPadOS 15.8.4 addresses an out of bounds write vulnerabilities...
Apple Security Advisory 03-31-2025-8
Apple Security Advisory 03-31-2025-8 - macOS Sonoma 14.7.5 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities...
Apple Security Advisory 03-31-2025-9
Apple Security Advisory 03-31-2025-9 - macOS Ventura 13.7.5 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities...
Apple Security Advisory 03-31-2025-4
Apple Security Advisory 03-31-2025-4 - iPadOS 17.7.6 addresses buffer overflow, out of bounds read, spoofing, and use-after-free vulnerabilities...
Apple Security Advisory 03-31-2025-10
Apple Security Advisory 03-31-2025-10 - tvOS 18.4 addresses buffer overflow, out of bounds read, and use-after-free vulnerabilities...
Apple Security Advisory 03-31-2025-11
Apple Security Advisory 03-31-2025-11 - visionOS 2.4 addresses buffer overflow, bypass, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities...
Apple Security Advisory 04-01-2025-1
Apple Security Advisory 04-01-2025-1 - watchOS 11.4 addresses buffer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities...
Apple Security Advisory 03-31-2025-1
Apple Security Advisory 03-31-2025-1 - Safari 18.4 addresses buffer overflow, cross site scripting, spoofing, and use-after-free vulnerabilities...
Apple Security Advisory 03-31-2025-3
Apple Security Advisory 03-31-2025-3 - iOS 18.4 and iPadOS 18.4 addresses buffer overflow, bypass, cross site scripting, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities...
Apple Security Advisory 03-31-2025-7
Apple Security Advisory 03-31-2025-7 - macOS Sequoia 15.4 addresses buffer overflow, bypass, code execution, format string, heap corruption, integer overflow, out of bounds read, out of bounds write, spoofing, and use-after-free vulnerabilities...
Wazuh 4.11.2
Wazuh is a free and open source security platform that unifies XDR and SIEM capabilities. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. This is the source code release...
WordPress Front-End Users 3.2.32 Shell Upload
WordPress Front-End Users plugin versions 3.2.32 and below suffer from a remote shell upload vulnerability...
Advanced XSS Exploitation - Capturing User Local Storage Data
In this paper, the author teaches advanced persistent cross site scripting techniques that can be used to capture data from the client's local storage and send it to an external server. The paper is primarily focusing on a pentesting perspective but also discusses mitigations. Written in Brazilia...
WordPress Newscrunch Theme 1.8.4.1 Shell Upload
WordPress Newscrunch theme version 1.8.4.1 suffers from a remote shell upload vulnerability...
WordPress SoJ SoundSlides 1.2.2 Shell Upload
WordPress SoJ SoundSlides plugin versions 1.2.2 and below suffer from a remote shell upload vulnerability...
Packet Storm New Exploits for March, 2025
This archive contains all of the 223 exploits added to Packet Storm in March, 2025...
WordPress Datasets Manager 1.5 Shell Upload
WordPress Datasets Manager plugin versions 1.5 and below suffer from a remote shell upload vulnerability...
WordPress Verbalize WP 1.0 Shell Upload
WordPress Verbalize WP plugin versions 1.0 and below suffer from a remote shell upload vulnerability...
Advanced XSS Exploitation - How to Record User Audio
In this paper, the author teaches advanced persistent cross site scripting techniques that can be used to record client audio conversations and send them to an external server. The paper is primarily focusing on a pentesting perspective but also discusses mitigations. Written in Brazilian...
Advanced XSS Exploitation - User Screenshot
In this paper, the author teaches advanced persistent cross site scripting techniques that can be used to take screenshots of the client's screen and send them to an external server. The paper is primarily focusing on a pentesting perspective but also discusses mitigations. Written in Brazilian...
WordPress Newscrunch Theme 1.8.4.1 Cross Site Request Forgery
WordPress Newscrunch theme version 1.8.4 suffers from a cross site request forgery vulnerability...
WordPress Checkout Mestres do WP for WooCommerce 8.7.5 Missing Authentication
WordPress Checkout Mestres do WP for WooCommerce plugin versions 8.6.5 through 8.7.5 suffer from a missing authentication vulnerability that allows you to update options...
WordPress the Novel Design Store Directory 4.3.0 Shell Upload
WordPress The Novel Design Store Directory plugin versions 4.3.0 and below suffer from a remote shell upload vulnerability...
Advanced XSS Exploitation - How to Create Keylogger and Get Password
In this paper, the author teaches advanced persistent cross site scripting techniques that can be used to create keyloggers and send the content typed by the client to an external server, where the attacker will have access to messages, passwords, etc. The paper is primarily focusing on a...
WordPress WPC Smart Upsell Funnel for WooCommerce 3.0.4 Privilege Escalation
A missing authorization vulnerability in the WPC Smart Upsell Funnel for WooCommerce plugin versions through 3.0.4 allows authenticated users with minimal privileges e.g., subscriber to escalate their privileges by modifying arbitrary WordPress options via a vulnerable AJAX endpoint...
WordPress Kubio AI Page Builder 2.5.1 Local File Inclusion
The Kubio AI Page Builder plugin for WordPress is vulnerable to a local file inclusion vulnerability in all versions up to, and including, 2.5.1 via the kubiohybridthemeloadtemplate function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server...
Horde IMP 6.2.27 Cross Site Scripting / Account Takeover
Proof of concept exploit that demonstrates a cross site scripting vulnerability in Horde IMP versions 6.2.27 and below...
Advanced XSS Exploitation - How to Capture Session Cookies
In this paper, the author teaches advanced cross site scripting techniques that can be used to capture user session cookies and send them to an external server. Although this paper primarily focuses on attack methodology, it also touches on cross site scripting mitigations. Written in Brazilian...
TeamViewer Improper Signature Verification
Proof of concept code for a flaw in TeamViewer that enables an unprivileged user to load an arbitrary kernel driver into the system. This is a python implementation of the original exploit produced by Peter Gabaldon...
IngressNightmare Proof of Concepts
This is an archive of IngressNightmare proof of concept exploits meant to help researchers understand the exploitation and vulnerability prerequisites. IngressNightmare is a series of unauthenticated remote code execution vulnerabilities in ingress NGINX controllers for Kubernetes...
Next.js Authorization Bypass
Proof of concept exploit for a critical security vulnerability affecting Next.js, a popular React framework for building full-stack web applications. This flaw allows attackers to bypass authorization checks implemented in Next.js middleware, potentially granting unauthorized access to sensitive...
Buffer Overflow - How to Create an Exploit for a Web Server
In this paper, the author demonstrates how to identify a vanilla buffer overflow and how to create an exploit in Perl to exploit a vulnerability in the well-known web server MiniHttp. Written in Brazilian Portuguese...
WordPress SEO LAT Auto Post 2.2.1 Remote Code Execution
WordPress SEO LAT Auto Post plugin versions 2.2.1 and below suffer from a remote code execution vulnerability...
Microsoft Windows Runtime Broker ClipboardBroker Privilege Escalation
The Runtime Broker’s Clipboard Broker allows any low IL/AppContainer such as Edge or IE EPM to get access to an OOP IStorage object through the ClipboardBroker leading to a sandbox escape...
Zed Attack Proxy 2.16.1 Cross Platform Package
The Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testin...
WordPress ScottCart 1.1 Remote Code Execution
WordPress ScottCart plugin versions 1.1 and below suffer from a remote code execution vulnerability...
How to Create a Scan in Perl to Identify Vulnerable Telnet Servers
This paper, written in Brazilian Portuguese, explains how to create a Perl script to identify vulnerable telnet servers. In the context of application security, the author provides mitigation recommendations...
How to Create a Scan in Perl to Identify Vulnerable SSH Servers
This paper, written in Brazilian Portuguese, explains how to create a Perl script to identify vulnerable SSH servers. In the context of application security, the author provides mitigation recommendations...