PowerVR has an issue with missing tracking of multiple sparse mappings in DevmemIntChangeSparse2() that leads to a dangling page table entry.
426fb16d93d8096a50bbd9d26c9fe783fb082dc59ace42d221957b371d7eaae7
XenForo versions 2.2.15 and below suffer from a remote code execution vulnerability in the Template system.
141922e324fd21737d323eaed2f53c7bc972900273dfc3e19ea72c0648544233
XenForo versions 2.2.15 and below suffer from a cross site request forgery vulnerability in Widget::actionSave.
a2e0e2c93fd20ac00f325a1d77c282bae74c903affae30dd55518d5333641874
Hospital Management System Project in ASP.Net MVC version 1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
a527f71217d32274beae028c4fd49e504ec99bf57f1991e46fa931328924f372
Bonjour Service version 3,0,0,10 suffers from an unquoted service path vulnerability.
96a6358909e31beb0326289a4ff7dfcc87a50626a1d66ff21c7c3a1445bf8796
GeoServer is an open-source software server written in Java that provides the ability to view, edit, and share geospatial data. It is designed to be a flexible, efficient solution for distributing geospatial data from a variety of sources such as Geographic Information System (GIS) databases, web-based data, and personal datasets. In the GeoServer versions before 2.23.6, greater than or equal to 2.24.0, before 2.24.4 and greater than equal to 2.25.0, and before 2.25.1, multiple OGC request parameters allow remote code execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. An attacker can abuse this by sending a POST request with a malicious xpath expression to execute arbitrary commands as root on the system.
60f349aa901f9dae2286ae790ca0dc4f7e03fb5120fbbaa6cd6f79d5a14fe921
WordPress PZ Frontend Manager plugin versions 1.0.5 and below suffer from a cross site request forgery vulnerability in the change user profile picture functionality.
71b1a540c9b3265fc977fa30c1fda5b93cf9333b67a049926eee9138c3fa55c1
Havoc C2 version 0.7 suffers from an unauthenticated server-side request forgery vulnerability.
230b2481f9d45d3d95942d6366c578a7c8ca2b796c5c8c16549416644fe40531
Atlassian Confluence suffers from a template injection vulnerability that leads to remote code execution. This repository has three go-exploit implementations of CVE-2023-22527 that execute their payload without touching disk.
efe9acf218872fcb2aaad8260c6fdae6e0f538f783ac6624c299f3a0e4254f94
This Metasploit module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will authenticate, validate user privileges, extract the underlying host OS information, then trigger remote code execution. All versions of Confluence prior to 7.17 are affected, as are many versions up to 8.9.0.
b198d9755cf50ac9c6b86be9526d83c12bdaeab6e989721de64dd0ef6781f8d3
LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in XsltResultControllerHtml.jsp.
44811fffdad55f59cab99ee680cea0158c35b26606a7a72215c8b74fff752970
LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in UrlAccessibilityEvaluation.jsp.
62722fa4e4796c8ac819f4f74bff3b88e4c3207619569dd0af373cca85ccd325
LumisXP versions 15.0.x through 16.1.x suffer from a cross site scripting vulnerability in main.jsp
6b2f2821d4c2d0424a401ff4ad365da2713d18f6c494dadd54e7fce8dfe51786
LumisXP versions 15.0.x through 16.1.x have a hardcoded privileged identifier that allows attackers to bypass authentication and access internal pages and other sensitive information.
507655a40fa21c33f270fff3ee33944627b6c9719d3c667e8ec61677948d5b35
WordPress Poll Maker plugin version 5.3.2 suffers from a remote SQL injection vulnerability.
412661be72a0f1455977b2bc649510ea25f659ce8916ac1617c93065fb279cc6
ESET NOD32 Antivirus version 17.2.7.0 suffers from an unquoted service path vulnerability.
15433b833752badf84eb655e3ab8d18cc641b65960b6406504c020083f4be3fb
This archive contains three proof of concepts exploit for multiple Microsoft SharePoint remote code execution vulnerabilities.
d80ffcbe99aa73f58e248f00ca3af5b3281e817bc026be01942991e895b4530a
Ivanti Endpoint Manager (EPM) 2022 SU5 and prior versions are susceptible to an unauthenticated SQL injection vulnerability which can be leveraged to achieve unauthenticated remote code execution.
afbe87d39c043c81d0f93f3553319f8d3bdf71f4fb0e22d349d23f26beab2503
WordPress Poll plugin version 2.3.6 suffers from a remote SQL injection vulnerability.
89404e7e10cdbc8b7c46d87e4fc6a716578fba5b7b12062e8f9a7fdefcad5d93
VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This is a proof of concept exploit.
c714227bbfea1d4fec4126f79c54dfdd4ec91c95a6e8c0ffc7b795b17b7901ee
Veeam Backup Enterprise Manager authentication bypass proof of concept exploit. Versions prior to 12.1.2.172 are vulnerable.
31fb3b66c17ab7cbfde346b10334c22f95eded003360d0eab92157d99cefd29c
Veeam Recovery Orchestrator authentication bypass proof of concept exploit.
c7b976542137634b6839638c2c6a072b32e8cf78c61435488fcde8c526101303
Telerik Report Server deserialization and authentication bypass exploit chain that makes use of the vulnerabilities noted in CVE-2024-4358 and CVE-2024-1800.
973c92a0a0da78a80793a389527088eee6855414a151fa24deb8c5bd767aaa68
Progress WhatsUp Gold WriteDatafile unauthenticated remote code execution proof of concept exploit.
8555b3fc19ed4287c691eed2de41c35a867aa34e1477c6e4b70035490dca6662
Progress WhatsUp Gold GetFileWithoutZip unauthenticated remote code execution proof of concept exploit.
645be8b10a258029fe6ad8527b1a56a51a5c0b7d9500967dd05deb6a107887f2