WordPress GPX Viewer 2.2.8 Arbitrary File Creation Exploit

import argparse import requests from requests.sessions import Session import time banner = """ ██████╗██╗ ██╗███████╗ ██████╗ ██████╗ ██████╗ ██╗ ██╗ ██╗ ██████╗ ██████╗ ██████╗ █████╗ ██╔════╝██║ ██║██╔════╝ ╚════██╗██╔═████╗╚════██╗██║ ██║ ███║██╔═████╗██╔════╝ ╚════██╗██╔══██╗ ██║ ██║...

WordPress Th Shop Mania Theme 1.4.9 Missing Authorization Exploit

import requests import argparse import re import time By Nxploit | Khaled alenazi, Function to check if the site is vulnerable def checkvulnerabilityurl: versionurl = f"url/wp-content/themes/th-shop-mania/readme.txt" try: response = requests.getversionurl, timeout=5 if response.statuscode == 200:...

WordPress NextMove Lite 2.17.0 Missing Authorization Exploit

import requests import argparse Exploit script for CVE-2024-25092 By Nxploit Khaled Alenazi. def loginsession, url, username, password, useragent: loginurl = url + '/wp-login.php' response = session.postloginurl, verify=False, data= 'log': username, 'pwd': password, 'rememberme': 'forever',...

asteval 1.06 Arbitrary Code Execution / Sandbox Escape Vulnerabilities

An attacker who can pass input to the asteval library, when this is used with numpy functions in the symbol table the default setting, can bypass restrictions and execute arbitrary code as the user who ran the python process. Versions 1.06 and below are affected. CVE pending Sandboxing Python is...

WordPress Elementor Pro Animation Addon 1.6 Missing Authorization Exploit

import argparse import requests from bs4 import BeautifulSoup import re Exploit By Nxploit Khaled ALenazi def loginsession, url, username, password, useragent: loginurl = url + '/wp-login.php' response = session.postloginurl, verify=False, data= 'log': username, 'pwd': password, 'rememberme':...

WordPress Top Store Theme 1.5.4 Privilege Escalation Exploit

import requests import argparse import re import json By Nxploit | Khaled Alenazi def disablesslverification: requests.packages.urllib3.disablewarnings session.verify = False Ignore SSL verification def loginurl, username, password: loginurl = f"url/wp-login.php" logindata = "log": username, "pwd...

WordPress ThemeEgg ToolKit 1.2.9 Shell Upload Exploit

import argparse import re import time import requests from bs4 import BeautifulSoup by Nxploit | Khaled Alenazi requests.packages.urllib3.disablewarnings session = requests.Session session.verify = False def displaybanner: banner = """...

IdoDesigns 1.0 XSS / CSRF / File Upload / File Deletion / SQL Injection Vulnerabilities

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title IdoDesigns - Multiple Vulnerabilities .:. Google Dorks .:. "Design by www.idodesigns.in" "Web Design by : www.idodesigns.in" "Design by : I DO Designs" You may use the dorks followed by inurl:?id= like "Design b...

OpenPanel 0.3.4 Remote Code Execution Vulnerability

Exploit Title: OpenPanel 0.3.4 - Remote Code Execution via Fix Permission Exploit Author: Punthat Siriwan, Korn Chaisuwan, Pongtorn Angsuchotmetee Vendor Homepage: https://openpanel.com/ Software Link: https://openpanel.com/ Version: 0.3.4 Tested on: macOS CVE : CVE-2025-25872 POST /fix-permissio...

Resto - Single Vendor Online Food Ordering Shell Upload Vulnerability

Title: Resto - Single Vendor Online Food Ordering - Authenticated RCE Description: Resto Single Vendor Online Source URL: https://res.newmedilife.in/admin Source Name/Email: Mehmet Can Kadıoğlu a.k.a mao7un CVEs: N/A Software URL:...

Jasmin Ransomware SQL Injection / Authenticaton Bypass Vulnerability

Exploit Title: Jasmin Ransomware SQL Injection Login Bypass Exploit Author: Buğra Enis Dönmez n3c1 Vendor Homepage: https://github.com/codesiddhant/Jasmin-Ransomware Software Link: https://github.com/codesiddhant/Jasmin-Ransomware Version: N/A Tested on: Windows How to exploit : -- Open Admin Pan...

Teachers Record Management System 2.1 Cross Site Scripting Vulnerability

Exploit Title: Teachers Record Management System v2.1 | Unauthenticated Cross-Site Scripting XSS Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/ Demo Site:...

Hospital Management System SQL Injection / Authentication Bypass Vulnerabilities

Title: Hospital Management System - Authentication Bypass With SQLi Description: HMS with MYSQL authentication bypass Source URL: https://kj5.scriptsterraa.com/hms/admin/ Source Name/Email: Mehmet Can Kadıoğlu a.k.a mao7un CVEs: N/A Software URL:...

HEXAGreen CMS SQL Injection Vulnerability

Title: HEXAGreen CMS - Authenticated SQLi Description: HEXAGreen CMS authenticated error-based sql injection Source URL: http://ezcode.pt/tests/hexagreen/admin/ Source Name/Email: Mehmet Can Kadıoğlu a.k.a mao7un CVEs: N/A Software URL: https://www.codester.com/items/36507/hexagreen-website-cms...

Teachers Record Management System 2.1 SQL Injection Vulnerability

Exploit Title: Teachers Record Management System v2.1 | Authenticated Time-Based SQLi Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor: https://phpgurukul.com/teachers-record-management-system-using-php-and-mysql/ Demo Site: https://phpgurukul.com/?sdmprocessdownload=1&downloadid=10739...

Invoice Ninja 5.10.10 Insecure Deserialization / Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Invoice Ninja unauthenticated PHP Deserialization Vulnerability', 'Description' = %q Invoice Ninja is a free invoicing software for small...

Exim 4.98 SQL Injection Vulnerability

Exim versions 4.98 before 4.98.1 suffer from a remote SQL injection vulnerability. CVE 2025-26794 - Sat, 08 Feb 2025 21:14:37 +0100: reported - by: "Oscar Bataille" - to: email protected - Sun, 9 Feb 2025 00:00:05 +0100: report confirmed - Tue, 11 Feb 2025 00:23:34 +0100: issue confirmed - Tue, 1...

acp2sev 7.2.2 Cross Site Scripting Vulnerability

Exploit Title: Self Stored XSS - acp2sev7.2.2 Date: 02/2025 Exploit Author: Andrey Stoykov Version: 7.2.2 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2025/02/friday-fun-pentest-series-19-self.html Self Stored XSS 1: Steps to Reproduce: 1. Visit...

Linux io_uring Use-After-Free Exploit

The Linux kernel suffers from a use-after-free of struct ioevfd because ioeventfddosignal frees an object when the refcount reaches zero without waiting for the required grace period. Summary UAF of struct ioevfd because ioeventfddosignal frees an object when the refcount reaches zero without...

RaspberryMatic 3.73.9.20240130 Remote Code Execution Exploit

RaspberryMatic / OCCU contains a unauthenticated remote code execution vulnerability, caused by multiple issues within the Java based HMIPServer.jar component. The webui allows for Firmware uploads which can be reached through the URL /pages/jpages/system/DeviceFirmware/addFirmware. This allows a...

Ollama 0.5.11 Denial of Service Exploit

Ollama supports importing and parsing user-uploaded customized GGUF models via the network request by default. This functionality can be manipulated to cause an out-of-memory denial of service attack. Title: The malicious gguf model can lead to DoS due to out of memory killed via network in ollam...

InvokeAI Remote Code Execution Exploit

InvokeAI has a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This functionality...

LTL Freight Quotes – ABF Freight Edition 3.3.7 SQL Injection Vulnerability

CVE-2024-13485 LTL Freight Quotes – ABF Freight Edition = 5.6 AND error-bas...

LTL Freight Quotes – Estes Edition 3.3.7 SQL Injection Vulnerability

CVE-2024-13488 LTL Freight Quotes – Estes Edition = 5.6 AND error-based - WHERE, HAVING...

LTL Freight Quotes – SAIA Edition 2.2.10 SQL Injection Vulnerability

CVE-2024-13483 LTL Freight Quotes – SAIA Edition = 5.6 AND error-based - WHERE, HAVING...

LTL Freight Quotes – TForce Edition 3.6.4 SQL Injection Vulnerability

CVE-2024-13478 LTL Freight Quotes – TForce Edition = 5.6 AND error-based - WHERE, HAVING...

LTL Freight Quotes – Old Dominion Edition 4.2.10 SQL Injection Vulnerability

CVE-2024-13489 LTL Freight Quotes – Old Dominion Edition = 5.6 AND error-bas...

BeyondTrust Remote Code Execution Exploit

This exploit achieves unauthenticated remote code execution against BeyondTrust Privileged Remote Access PRA and Remote Support RS, with the privileges of the site user of the targeted BeyondTrust product site. This exploit targets PRA and RS versions 24.3.1 and below. This module requires...

OpenSSH 9.9p1 Denial of Service / Man-In-The-Middle Vulnerability

OpenSSH versions 6.8p1 to 9.9p1 contain a logic error that allow an on-path attacker a.k.a man-in-the-middle to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. OpenSSH versions 9.5p1 to 9.9p1 are vulnerable to a memory/CPU denial of service relat...

WordPress A/B Image Optimizer 3.3 Plugin Arbitrary File Download Vulnerability

WordPress Plugin A/B Image Optimizer plugin versions 3.3 and below suffers from an arbitrary file download vulnerability. CVE-2025-25163 Plugin A/B Image Optimizer = 3.3 - Authenticated Subscriber+ Arbitrary File Download Description The Plugin A/B Image Optimizer plugin for WordPress is vulnerab...

Netgear C7800 Missing Transport Encryption Vulnerability

Netgear C7800 suffers from a man-in-the-middle vulnerability...

ABB Cylon FLXeon 9.3.4 Unauthenticated Dashboard Access Vulnerability

ABB Cylon FLXeon version 9.3.4 allows unauthenticated access to the Building Management System BMS or Building Automation System BAS dashboard. This exposes sensitive information, including system status, events, and alarms related to HVAC operations. Additionally, an attacker could manipulate...

ABB Cylon FLXeon 9.3.4 app.js Insecure CORS Configuration Vulnerability

ABB Cylon FLXeon version 9.3.4 suffers from an insecure CORS configuration. !-- ABB Cylon FLXeon 9.3.4 app.js Insecure CORS Configuration Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi Series, FBVi Series CBX Series FLX Series CBT Serie...

ABB Cylon FLXeon 9.3.4 Insecure Backup Sensitive Data Exposure Vulnerability

ABB Cylon FLXeon version 9.3.4 has backups that contain sensitive system files, including main.db, SSL/TLS certificates and keys, the system shadow file with hashed passwords, and the license key. ABB Cylon FLXeon 9.3.4 Insecure Backup Sensitive Data Exposure Vendor: ABB Ltd. Product web page:...

ABB Cylon FLXeon 9.3.4 Default Credentials Vulnerability

ABB Cylon FLXeon version 9.3.4 uses a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system. ABB Cylon FLXeon 9.3.4 Default Credentials Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon...

ABB Cylon FLXeon 9.3.4 Session Persistence Vulnerability

ABB Cylon FLXeon version 9.3.4 has an issue where user sessions on controllers remain active for up to seven days, even after a client-side logout. ABB Cylon FLXeon 9.3.4 Session Persistence Vulnerability Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FB...

ABB Cylon FLXeon 9.3.4 cert.js System Logs Information Disclosure Vulnerability

ABB Cylon FLXeon version 9.3.4 has an issue where an authenticated attacker can access sensitive information via the system logs page of ABB Cylon FLXeon controllers. The logs expose critical data, including the OpenSSL password for stored certificates. This information can be leveraged for furth...

ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack Exploit

ABB Cylon FLXeon version 9.3.4 has a timing attack vulnerability in the authentication process due to an improper comparison of password hashes in login.js and uukl.js. !/usr/bin/env python3 ABB Cylon FLXeon 9.3.4 login.js Node Timing Attack Vendor: ABB Ltd. Product web page: https://www.global.a...

ABB Cylon FLXeon 9.3.4 serialConfig.js Denial of Service Exploit

ABB Cylon FLXeon version 9.3.4 is vulnerable to an authenticated JSON flooding attack, leading to uncontrolled resource consumption and a denial-of-service DoS condition. The /api/serialConfig endpoint allows an authenticated attacker to abuse an unrestricted loop to create a large number of JSON...

ABB Cylon Aspect 3.08.02 PHP Session Fixation Vulnerability

ABB Cylon Aspect version 3.08.02 is vulnerable to session fixation, allowing an attacker to set a predefined PHPSESSID value. An attacker can leverage an unauthenticated reflected cross site scripting vulnerability in jsonProxy.php to inject a crafted request, forcing the victim to adopt a fixate...

ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account Vulnerability

ABB Cylon FLXeon version 9.3.4 has a hidden administrative account cxpro that has write access permissions to the device. ABB Cylon FLXeon 9.3.4 runtimeSetup.sh Hidden Backdoor Account Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: FLXeon Series FBXi Series, FBTi...

ABB Cylon FLXeon 9.3.4 wsConnect.js WebSocket Command Spawning Exploit

ABB Cylon FLXeon version 9.3.4 is vulnerable to an unauthenticated WebSocket implementation that allows an attacker to execute the tcpdump command. This command captures network traffic and filters it on serial ports 4855 and 4851, which are relevant to the device's services. The vulnerability ca...

Gleamtech FileVista 9.2.0.0 Directory Traversal Vulnerability

Exploit Title: Gleamtech FileVista 9.2.0.0 - Directory Traversal Leading to Unrestricted File Upload Date: Feb 6, 2025 Exploit Author: Suthiwat Thepsorn , Theerachai Chanwiroon , Pongtorn Angsuchotmetee , Manich Koomsusi Vendor Homepage: https://www.gleamtech.com/ Software Link:...

Gleamtech FileVista 9.2.0.0 Missing Authorization Vulnerability

A vulnerability exists in Gleamtech FileVista version 9.2.0.0 that allows unauthorized access to image files, even after the HTTP cookie associated with the session is deleted. The issue arises due to insufficient validation of session or authentication tokens on the server side. Exploit Title:...

WebFileSys 2.31.0 Directory Traversal Vulnerability

An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing...

dhtmlxFileExplorer 8.4.6 Local File Inclusion / Traversal Vulnerabilities

Exploit Title: dhtmlxFileExplorer 8.4.6 - Local File Inclusion in the Download Function of File Explorer Exploit Author: Nutchaya Augkanavitayakul, Nattachai Wanmak, Pongtorn Angsuchotmetee Vendor Homepage: https://dhtmlx.com Software Link: https://dhtmlx.com Version: 8.4.6 Tested on: macOS CVE :...

dhtmlxFileExplorer 8.4.6 Directory Traversal Vulnerability

Exploit Title: dhtmlxFileExplorer 8.4.6 - Access Sensitive Floder via Directory Traversal in DHX File Exlploer Exploit Author: Nutchaya Augkanavitayakul, Nattachai Wanmak, Pongtorn Angsuchotmetee Vendor Homepage: https://dhtmlx.com Software Link: https://dhtmlx.com Version: 8.4.6 Tested on: macOS...

PHPJabbers Cinema Booking System 2.0 Cross Site Scripting Vulnerability

CVE-2024-57428 A stored cross-site scripting XSS vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields eventimg, seatmaps and seat number configurations numbernewX in pjActionCreate. Attackers can inject persistent JavaScript, leading to...

PHPJabbers Cinema Booking System 2.0 SQL Injection Vulnerability

CVE-2024-57430 An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw can lead to unauthorized information disclosure, privilege escalation, or database...

Checkmk 2.3.0p2 / NagVis 1.9.40 Shell Upload Vulnerability

Title: Checkmk NagVis Remote Code Execution Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2025-002.txt 1. Vulnerability Details Affected Vendor: Checkmk Affected Product: Checkmk/NagVis Affected Version: Checkmk 2.3.0p2, NagVis 1.9.40 Platform: GNU/Linux CWE Classification:...