POC Viewer

Description: CVE-2025-48799 exposes a critical flaw in Apache Tomcat’s header parser, allowing remote code execution via malformed X-Forwarded headers. This post...CVE-2025-48799 exposes a critical flaw in Apache Tomcat’s header parser, allowing remote code execution via malformed X-Forwarded headers. This post models the threat, explores proxy chaining risks, and outlines defense tactics for edge service hardening.Show Full

Description: (CVE-2018-9995) Get DVR Credentials

Description: 🛠️ Exploit the NTLM reflection SMB flaw with this PoC tool for Kali Linux, enhancing your understanding of CVE-2025-33073 through practical appli...🛠️ Exploit the NTLM reflection SMB flaw with this PoC tool for Kali Linux, enhancing your understanding of CVE-2025-33073 through practical application.Show Full

Description: Exploit Path Traversal in esm-dev

Description: This repository includes two PoC scripts for CVE-2025-57819 in FreePBX: one to create a new admin user (poc_admin.py), and another to extract credenti...This repository includes two PoC scripts for CVE-2025-57819 in FreePBX: one to create a new admin user (poc_admin.py), and another to extract credentials using sqlmap (poc_auto_get_username_pass.py). For educational and authorized use only.Show Full

Description: test

Description: There are Exploit for Magnus Billing v7 system get root privilages

Description: Information Disclosure in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to access user information via inspecting sent pac...Information Disclosure in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to access user information via inspecting sent packages by user.Show Full

Description: WinRAR漏洞CVE-2025-8088的payload一键生成工具

Description: This tiny lab simulates the core idea behind CVE-2025-29306: unsafe use of `unserialize()` on attacker-controlled input leading to remote code executi...This tiny lab simulates the core idea behind CVE-2025-29306: unsafe use of `unserialize()` on attacker-controlled input leading to remote code execution.Show Full

Description: Ghostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938)

Description: A hands-on forensic walkthrough of CVE-2025-59359, a critical OS command injection flaw in Chaos-Mesh. Learn how attackers hijack Kubernetes clusters ...A hands-on forensic walkthrough of CVE-2025-59359, a critical OS command injection flaw in Chaos-Mesh. Learn how attackers hijack Kubernetes clusters via GraphQL mutations, and how to detect, analyze, and report the breach using ELK.Show Full

Description: NtCopyFileChunk stack buffer overflow POC

Description: During analysis of the ecodotempo.com.br website, a Stored Cross-Site Scripting (XSS) vulnerability was discovered. This vulnerability allows an attac...During analysis of the ecodotempo.com.br website, a Stored Cross-Site Scripting (XSS) vulnerability was discovered. This vulnerability allows an attacker to inject malicious scripts into fields that are subsequently rendered to other users without proper sanitization, specifically on the home page of the unauthenticated (disconnected) area.Show Full

Description: During the analysis of the website ecodotempo.com.br, a Stored Cross-Site Scripting (XSS) vulnerability was discovered. This vulnerability allows an a...During the analysis of the website ecodotempo.com.br, a Stored Cross-Site Scripting (XSS) vulnerability was discovered. This vulnerability allows an attacker to inject malicious scripts into fields that are later rendered to other users without proper sanitization, specifically on the main page of the unauthenticated (logged-out) area.Show Full

Description: CVE-2024-28397 - Remote Code Execution From Vulnerable JS2PY

Description: 📝 Writeup completo de la máquina IDE de TryHackMe | Explotación de Codiad CVE-2018-14009 | Escalada de privilegios mediante sudo misconfiguration

Description: PoC for achieving RCE in Langflow versions <1.3.0

Description: Python tool for CVE-2010-1240 research - generates malicious PDFs exploiting Adobe Reader Launch Actions

Description: Chaining Havoc C2 SSRF with RCE to get reverse shell on Havoc C2 Server.

Description: do not use. vulnerable

Description: Proof-Of-Concept to check privileges of af_packet.c for validating the privileges acquired by any hacker upon successful exploitation of CVE-2021-2260...Proof-Of-Concept to check privileges of af_packet.c for validating the privileges acquired by any hacker upon successful exploitation of CVE-2021-22600Show Full

Description: This repository contains a Proof of Concept (PoC) for CVE-2024-28397, a vulnerability in the js2py library allowing a sandbox escape to achieve remote...This repository contains a Proof of Concept (PoC) for CVE-2024-28397, a vulnerability in the js2py library allowing a sandbox escape to achieve remote code execution.Show Full

Description: Simulated exploitation and mitigation of CVE-2025-54918 (Windows NTLM flaw). Includes detection scripts, Ansible patching, and CI/CD hardening. Demons...Simulated exploitation and mitigation of CVE-2025-54918 (Windows NTLM flaw). Includes detection scripts, Ansible patching, and CI/CD hardening. Demonstrates privilege escalation from low-level access to SYSTEM in hybrid cloud environments.Show Full

Description: A Python script designed to scan a list of WordPress sites to identify those with WooCommerce installed and check if they are vulnerable to CVE-2024-4...A Python script designed to scan a list of WordPress sites to identify those with WooCommerce installed and check if they are vulnerable to CVE-2024-45712.Show Full

Description: A Python tool to check & exploit CVE-2024-1708 & CVE-2024-1709 in ConnectWise ScreenConnect

Description: StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.4.0 - Authenticated (Subscriber+) ...StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.4.0 - Authenticated (Subscriber+) Arbitrary File DownloadShow Full

Description: StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.4.0 - Authenticated (Subscriber+) ...StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.4.0 - Authenticated (Subscriber+) Arbitrary File UploadShow Full

Description: A Rust implementation of the CVE-2014-6287 exploit targeting Rejetto HTTP File Server (HFS) versions 2.3x before 2.3c.

Description: Nmap NSE to check for CVE-2023-5612

Description: Tools for detecting and assessing systems vulnerable to CVE-2025-53770 (CWE-502: Deserialization of Untrusted Data).

Description: Scanner for GLPI CVE-2025-24799 vulnerability

Description: 2 web apps vulnerable to CVE-2025-27210

Description: RedArrow3.2 是一款用于渗透测试ThinkPHP 5.0.23 远程命令执行漏洞(CVE-2018-20062)的图形化工具。

Description: CVE-2019-3396 confluence SSTI RCE

Description: CVE-2025-8088

Description: A critical RCE vulnerability in Windows TCP/IP stack (CVE-2025-26686) leaves sensitive memory unlocked, allowing remote attackers to hijack systems. E...A critical RCE vulnerability in Windows TCP/IP stack (CVE-2025-26686) leaves sensitive memory unlocked, allowing remote attackers to hijack systems. Exploitable over the network, it risks full compromise. Patch nowShow Full

Description: Langflow Remote Code Execution

Description: payload txt

Description: [Pending]CVE-2025-59376, CVE-2025-59377

Description: This repository contains some python scripts implementation for the MS08-067 Windows Server Service vulnerability (CVE-2008-4250). This is a classic r...This repository contains some python scripts implementation for the MS08-067 Windows Server Service vulnerability (CVE-2008-4250). This is a classic remote code execution vulnerability affecting older Windows systems.Show Full

Description: This repository contains a Metasploit module implementation for the MS08-067 Windows Server Service vulnerability (CVE-2008-4250). This is a classic r...This repository contains a Metasploit module implementation for the MS08-067 Windows Server Service vulnerability (CVE-2008-4250). This is a classic remote code execution vulnerability affecting older Windows systems.Show Full

Description: CVE-2025-38501, KSMBDrain

Description: Authentication bypass vulnerability in versions of the CrushFTP server.

Description: This playbook outlines detection, containment, and remediation strategies for CVE-2025-55234, a critical Windows SMB privilege escalation flaw.

Description: Exploit development targets vulnerabilities like CVE-2025-44228, often using tools like silent exploit builders. Office documents, including DOC files...Exploit development targets vulnerabilities like CVE-2025-44228, often using tools like silent exploit builders. Office documents, including DOC files, are exploited through malware payloads and CVE exploits, impacting platforms like Office 365.Show Full

Description: Exploit development targets vulnerabilities using tools like exploitation frameworks. CVE databases list risks, while CVE-2025-44228 is an example of ...Exploit development targets vulnerabilities using tools like exploitation frameworks. CVE databases list risks, while CVE-2025-44228 is an example of a flaw. AnyDesk exploits highlight security gaps.Show Full

Description: Exploit development involves tools like exploitation frameworks and CVE databases. LNK exploits, such as LNK builder or LNK payload techniques, levera...Exploit development involves tools like exploitation frameworks and CVE databases. LNK exploits, such as LNK builder or LNK payload techniques, leverage vulnerabilities like CVE-2025-44228 for silent RCE execution through shortcut files.Show Full

Description: Example PoC for CVE-2025-24813 (Tomcat RCE)

Description: PoC exploit for CVE-2025-48543 in C++

Description: Proof of concept source code and misc files for my CVE-2025-21692 exploit, kernel version 6.6.75

Description: Safe, read-only SQL Injection checker for FreePBX (CVE-2025-57819), using error/boolean/time-based techniques with per-parameter verdicts and JSON rep...Safe, read-only SQL Injection checker for FreePBX (CVE-2025-57819), using error/boolean/time-based techniques with per-parameter verdicts and JSON reporting.Show Full

Description: Documented CVE-2021-41773 (Apache HTTP Server path traversal, CVSS 9.8) — produced CVSS breakdown, impact assessment, and a mitigation plan (patch t...Documented CVE-2021-41773 (Apache HTTP Server path traversal, CVSS 9.8) — produced CVSS breakdown, impact assessment, and a mitigation plan (patch to 2.4.51+, CGI disable, firewall) and published the analysis on GitHub.Show Full

Description: Authenticated 0-click RCE against Linux 6.1.45 for CVE-2023-52440 and CVE-2023-4130

Description: A proof-of-concept exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower. This tool creates a malicious RAR archive that ...A proof-of-concept exploit for WinRAR vulnerability (CVE-2025-8088) affecting versions 7.12 and lower. This tool creates a malicious RAR archive that embeds payloads in Alternate Data Streams (ADS) with path traversal, potentially leading to arbitrary code execution.Show Full

Description: A penetration test of Ubuntu Touch 16.04 that identified 7 vulnerabilities, including a critical kernel exploit (CVE-2021-3493) allowing root access. ...A penetration test of Ubuntu Touch 16.04 that identified 7 vulnerabilities, including a critical kernel exploit (CVE-2021-3493) allowing root access. This report provides findings and actionable hardening recommendations.Show Full

Description: CVE-2025-8088 path traversal tool

Description: Proof-of-concept exploit for CVE-2022-30190 (Follina)

Description: CVE-2025-9776 — CatFolders WordPress Plugin: Authenticated SQL Injection via CSV Import | POC + Walkthrough

Description: Hands-on pentest project using Kali Linux vs Metasploitable2. Includes full workflow: Nmap scanning, enumeration, Metasploit exploitation (Samba CVE-2...Hands-on pentest project using Kali Linux vs Metasploitable2. Includes full workflow: Nmap scanning, enumeration, Metasploit exploitation (Samba CVE-2007-2447), post-exploitation validation, and mitigation steps. Repo contains commands, outputs, and report showing both offensive techniques and defensive recommendations.Show Full

Description: CVE-2025-53770 实验环境

Description: Python PoC script for pgAdmin4 Query Tool Authenticated RCE (CVE-2025-2945)

Description: Grafana SQL Expressions → DuckDB LFI (CVE-2024-9264)

Description: This report is for CVE-2025-56019 reserved for Easytouch+product for BLE authentication vulnerability assigned to Discoverer Yashodhan Vivek Mandke. P...This report is for CVE-2025-56019 reserved for Easytouch+product for BLE authentication vulnerability assigned to Discoverer Yashodhan Vivek Mandke. Please download the report pdf in this repositoyShow Full

Description: GIT vulnerability | Carriage Return and RCE on cloning

Description: CVE-2025-48384-submodule

Description: login bypass vulnerability in Liferay Portal (versions 7.3.0–7.4.3.132) and Liferay DXP (various versions from 2024.Q1 to 2025.Q1.6)

Description: This vulnerability allows attackers to perform relay attacks against the SMB (Server Message Block) protocol. If successful, it can lead to Elevation ...This vulnerability allows attackers to perform relay attacks against the SMB (Server Message Block) protocol. If successful, it can lead to Elevation of Privilege (EoP) essentially allowing unauthorized users to gain higher-level access on a systemShow Full

Description: CVE-2024-6387 Exploit mit Reverse/Bind-Shell Support.

Description: Improper Certificate Chain Validation in EagleEyes Lite Android Application

Description: Cleartext Transmission of Sensitive Information in EagleEyes Lite Android Application

Description: Improper Hostname Verification in EagleEyes Lite Android Application

Description: might delete later

Description: will delete later

Description: FreePBX versions 15, 16, and 17 contain a Remote Code Execution (RCE) vulnerability caused by insufficient sanitization of user-supplied data in endpo...FreePBX versions 15, 16, and 17 contain a Remote Code Execution (RCE) vulnerability caused by insufficient sanitization of user-supplied data in endpoints.Show Full

Description: CVE-2025-8571

Description: BeyondCart Connector <= 2.1.0 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation 🚨 BeyondCart Connector <= 2.1.0 -...BeyondCart Connector <= 2.1.0 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation 🚨 BeyondCart Connector <= 2.1.0 - JWT Privilege Escalation (CVE-2025-8570)Show Full

Description: Lab project analyzing Hyper-V kernel crash behavior (CVE-2025-21333) using WinDbg and Windows internals

Description: Lab project analyzing Hyper-V kernel crash behavior (CVE-2025-21333) using WinDbg and Windows internals.

Description: Exploitation scripts for the CrushFTP CVE-2025-54309: vulnerability

Description: Grafana CVE-2025-4123-POC

Description: Public writeup for CVE-2025-55996 (Viber Desktop HTML Injection)

Description: CVE-2025-3248

Description: CVE-2024-3094 exposed a backdoor in the XZ compression library, allowing remote SSH access by bypassing authentication. It’s a major supply chain at...CVE-2024-3094 exposed a backdoor in the XZ compression library, allowing remote SSH access by bypassing authentication. It’s a major supply chain attack affecting Linux systems, highlighting risks in trusted open-source components.Show Full

Description: This repository contains **research and analysis** related to CVE-2025-29927. It demonstrates safe, controlled testing approaches for a path travers...This repository contains **research and analysis** related to CVE-2025-29927. It demonstrates safe, controlled testing approaches for a path traversal/middleware misconfiguration vulnerability in web applications.Show Full

Description: For CTF's and Safe Environments.... CVE-2021-4034 Local PrivEsc.

Description: exploit of CVE-2022-0847 which directly remove password of the root account

Description: In-depth study of CVE-2019-18935 affecting Telerik UI for ASP.NET AJAX. Covers .NET deserialization vulnerability, RadAsyncUpload handler, gadget chai...In-depth study of CVE-2019-18935 affecting Telerik UI for ASP.NET AJAX. Covers .NET deserialization vulnerability, RadAsyncUpload handler, gadget chains, mixed-mode assembly exploitation, and mitigation strategies.Show Full

Description: BeyondCart Connector <= 2.1.0 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation

Description: A hands-on simulation of CVE-2017-5638 (Apache Struts2 RCE), showcasing exploit reproduction, OS-level command execution, and mitigations such as inpu...A hands-on simulation of CVE-2017-5638 (Apache Struts2 RCE), showcasing exploit reproduction, OS-level command execution, and mitigations such as input sanitization and endpoint monitoring. Built in Python/Flask with Jupyter notebook demosShow Full

Description: CVE-2018-6574

Description: Detection for CVE-2025-42944

Description: 🔓 Explore CVE-2025-31258 with this PoC demonstrating partial sandbox escape using RemoteViewServices for practical 1-day security practice.

Description: Advanced network penetration testing toolkit with SSH vulnerability assessment, CVE-2018-15473 exploitation, stealth brute force capabilities, and fai...Advanced network penetration testing toolkit with SSH vulnerability assessment, CVE-2018-15473 exploitation, stealth brute force capabilities, and fail2ban evasion techniques. Professional-grade security testing framework for authorized penetration testing engagements.Show Full

Description: Netdata ndsudo Privilege Escalation PoC

Description: Ptlabs exploit

Description: CVE-2017-12865 exploit

Description: CVE-2025-24893 RCE exploit for XWiki with reverse shell capability

Description: Nexus Repository 3 Path Traversal (CVE-2024-4956)