Publicly Disclosed
PoC Exploits

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

A use-after-free vulnerability in the Linux kernel's bridge subsystem can be exploited during router port configuration when multicast snooping is enabled. The glitch arises when a multicast router port gets re-added to the global list, despite being removed from it. This leads to memory manageme...

An easily exploitable vulnerability in the Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in may allow unauthenticated attackers to gain access via HTTP. Attackers can compromise the server and potentially impact data integrity and confidentiality. This vulnerability can lead to unautho...

A path traversal vulnerability has been identified in TMS Management Console, specifically in the 'Download Template' function within the profile dashboard. This flaw arises due to the application's failure to properly sanitize input received through the filePath parameter, allowing authenticated...

The wsftprm.sys kernel driver version 2.0.0.0 associated with Topaz Antifraud contains a security flaw that enables low-privileged attackers to terminate any Protected Process Light process. This exploitation occurs through specific IOCTL commands, potentially allowing unauthorized control over p...

An easily exploitable vulnerability in the Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in may allow unauthenticated attackers to gain access via HTTP. Attackers can compromise the server and potentially impact data integrity and confidentiality. This vulnerability can lead to unautho...

Hikvision network camera devices suffer from an improper authentication vulnerability, which arises when the system fails to adequately authenticate users. This deficiency could enable an attacker to escalate privileges and obtain sensitive information, risking the integrity and confidentiality o...

The SMBv1 server in multiple Microsoft Windows operating systems is susceptible to a vulnerability that allows remote attackers to execute arbitrary code through specially crafted packets. This issue affects a wide range of Windows versions, creating potential security risks if not addressed. Adm...

The n8n workflow automation platform has a vulnerability in versions ranging from 1.65.0 to just below 1.121.0, which allows potential attackers to exploit specific form-based workflows. This flaw can enable unauthorized remote access to sensitive files on the underlying server, posing a signific...

An identified vulnerability in the Windows TCP/IP stack permits an unauthorized attacker to execute arbitrary code on vulnerable systems. By sending specially crafted packets, an assailant can gain control over the affected system, enabling potential unauthorized access, data theft, or further sy...

A command injection vulnerability exists in the web server of certain Hikvision products. This vulnerability arises from inadequate validation of user inputs, allowing attackers to execute arbitrary commands. By sending specially crafted messages that include malicious commands, an attacker can e...

The GNU Inetutils telnet daemon (telnetd) is vulnerable to a remote authentication bypass that can occur when an attacker manipulates the USER environment variable by specifying a '-f root' value. This flaw allows unauthorized users to gain access without proper authentication. Affected users sho...

A vulnerability in the file session storage mechanism of React Router and Remix allows potential attackers to manipulate session data if an unsigned cookie is utilized with createFileSessionStorage(). This could lead to unauthorized attempts to read or write session data from locations outside th...

The My SMTP Contact Plugin version 1.1.2 of GetSimple CMS is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using the htmlspecialchars() function; however, attackers can bypass this protection by submitting malicious characters in the ...

The GetSimple CMS Custom JS 0.1 plugin is vulnerable to Cross-Site Request Forgery, enabling attackers to exploit the system by injecting arbitrary client-side code into the browsers of authenticated administrators. When an administrator visits a specially crafted malicious webpage, this vulnerab...

The GetSimple CMS Custom JS 0.1 plugin is vulnerable to Cross-Site Request Forgery, enabling attackers to exploit the system by injecting arbitrary client-side code into the browsers of authenticated administrators. When an administrator visits a specially crafted malicious webpage, this vulnerab...

The GetSimple CMS Custom JS 0.1 plugin is vulnerable to Cross-Site Request Forgery, enabling attackers to exploit the system by injecting arbitrary client-side code into the browsers of authenticated administrators. When an administrator visits a specially crafted malicious webpage, this vulnerab...

OKI Print Job Accounting version 4.4.10 presents an unquoted service path vulnerability in the OkiJaSvc service. This security flaw allows local attackers to potentially execute arbitrary code by exploiting the unquoted service path located at 'C:\Program Files\Okidata\Print Job Accounting\'. By ...

The OKI Configuration Tool version 1.6.53 contains an unquoted service path vulnerability in its Local Port Manager service. This flaw allows local attackers to potentially execute arbitrary code by exploiting an unquoted path at 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe'. Successfu...

Pingzapper version 2.3.1 is susceptible to an unquoted service path vulnerability in the PingzapperSvc service. This flaw allows local attackers to leverage the unquoted path located in 'C:\Program Files (x86)\Pingzapper\PZService.exe' to inject malicious executables. Successful exploitation may ...

The unquoted service path vulnerability in Sandboxie Plus 0.7.2 allows local attackers to leverage the SbieSvc service. By exploiting this vulnerability, malicious actors can inject harmful executables into an unquoted service path, leading to code execution with LocalSystem privileges when the s...

FreeLAN 2.2 is affected by an unquoted service path vulnerability in its Windows service configuration, allowing local attackers to execute arbitrary code. This security flaw enables malicious executables to be injected via unquoted binary paths, facilitating execution with elevated LocalSystem p...

The eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability within the eBeam Stylus Driver service. This flaw allows local users to potentially execute arbitrary code with elevated privileges. By exploiting the unquoted path located at C:\Program Files (x86)\Luidia\eBeam Stylu...

The Realtek Wireless LAN Utility version 700.1631 contains a vulnerability stemming from an unquoted service path issue. This flaw allows local users to potentially execute arbitrary code with elevated system privileges by manipulating the service execution path. If a malicious actor inserts harm...

GeoGebra Graphing Calculator version 6.0.631.0 is susceptible to a denial of service vulnerability that can be exploited by attackers. By inputting an oversized buffer featuring 8000 repeated characters, an attacker can overwhelm the application’s input field, leading to application crashes and m...

eBeam Education Suite version 2.5.0.9 is impacted by an unquoted service path vulnerability within the eBeam Device Service. This flaw enables local users to execute arbitrary code with elevated privileges. By exploiting the incorrect quoting in the service configuration, attackers may inject mal...

GeoGebra CAS Calculator version 6.0.631.0 is vulnerable to a denial of service due to an improper handling of input, which allows attackers to craft a payload consisting of 8000 repeated characters. When this payload is inputted into the calculator, it triggers a buffer overflow that leads to an ...

GeoGebra Classic 5.0.631.0-d is susceptible to a denial of service vulnerability due to its handling of oversized input in the application. An attacker can exploit this vulnerability by pasting an excessively large buffer, consisting of 800,000 repeated characters, into the 'Entrada:' input field...

VestaCP versions before 0.9.8-25 are prone to a cross-site scripting vulnerability that impacts the IP interface configuration. Attackers may exploit this vulnerability by crafting a malicious POST request to the add/ip/ endpoint with a specific stored XSS payload targeting the 'v_interface' para...

The VFS for Git 1.0.21014.1 contains a vulnerability in the GVFS.Service Windows service due to an unquoted binary path. This security flaw allows local attackers to exploit the service during startup or system reboot, potentially executing arbitrary code with elevated privileges. By injecting ma...

SEO Panel prior to version 4.9.0 is susceptible to a blind SQL injection flaw found in the archive.php file. This vulnerability allows authenticated users to craft specially crafted database queries via the 'order_col' parameter. By using tools like sqlmap, attackers can exploit this weakness to ...

The Hestia Control Panel version 1.3.2 is susceptible to an arbitrary file write vulnerability that can be exploited by authenticated attackers. This security flaw allows attackers to leverage the API index.php endpoint via the v-make-tmp-file command to write files to arbitrary locations on the ...

The BRAdmin Professional 3.75 software from Brother includes a vulnerability in the BRA_Scheduler service that allows local users to execute arbitrary code. By placing a malicious executable file named 'BRAdmin' in the C:\Program Files (x86)\Brother\ directory, attackers can exploit this flaw to ...

WIN-PACK PRO 4.8 is susceptible to an unquoted service path vulnerability within the WPCommandFileService component. This flaw enables local users to execute arbitrary code with elevated privileges due to the improper handling of the service path located in C:\Program Files (x86)\WINPAKPRO\WPComm...

The WIN-PACK PRO version 4.8 application contains an unquoted service path vulnerability in the ScheduleService component. This flaw could allow local users to execute arbitrary code with elevated privileges by exploiting the unquoted path in the service executable located at 'C:\Program Files (x...

The WIN-PACK PRO 4.8 software contains a significant vulnerability related to an unquoted service path in the GuardTourService. This flaw enables local users to potentially execute arbitrary code with elevated system privileges during the service startup phase. By exploiting this vulnerability, a...

ProFTPD version 1.3.7a is susceptible to a denial of service vulnerability that enables malicious actors to disrupt server functionality. By triggering multiple simultaneous FTP connections, attackers can exploit threading mechanisms, leading to an exhaustion of server connection limits, which in...

The OSAS Traverse Extension 11 features an unquoted service path vulnerability in the TravExtensionHostSvc service, which operates with LocalSystem privileges. This flaw allows attackers to exploit the unquoted service path, enabling them to inject and execute malicious code by placing malicious ...

MacPaw Encrypto version 1.0.1 has a vulnerability stemming from an unquoted service path in its Encrypto Service configuration. This weakness allows local attackers to potentially execute arbitrary code by exploiting the unquoted path located in 'C:\Program Files\Encrypto\'. Attackers can leverag...

The Hi-Rez Studios 5.1.6.3 version contains a significant unquoted service path vulnerability in the HiPatchService. This flaw allows local attackers to exploit the service during system startup or reboot, potentially injecting and executing malicious code with elevated LocalSystem privileges. Su...

Event Log Explorer version 4.9.3 is affected by an unquoted service path vulnerability, which can allow local users to gain elevated system privileges. An attacker can exploit this flaw by placing malicious executables in specific directories. When the service restarts, these executables may run ...

The Genexis Platinum-4410 P4410-V2-1.31A is susceptible to a stored cross-site scripting vulnerability in the 'start_addr' parameter within its Security Management interface. This flaw allows attackers to inject malicious scripts through the start source address field. These scripts can persist a...

ActivIdentity 8.2 contains a vulnerability in the 'ac.sharedstore' service due to an unquoted service path. This oversight allows local attackers to potentially execute arbitrary code by injecting malicious executables into the unquoted binary path located in C:\Program Files\Common Files\ActivId...

Moodle version 3.10.3 is susceptible to a persistent cross-site scripting vulnerability in the calendar event subtitle field. This flaw permits malicious users to inject JavaScript code through crafted calendar events. When victim users view these events, the injected scripts can execute, potenti...

OpenLiteSpeed version 1.7.9 contains a vulnerability in the dashboard's Notes parameter that enables stored cross-site scripting (XSS) attacks. This weakness allows attackers to inject malicious scripts through the Notes field during listener configuration. When an administrator interacts with th...

The vulnerability in DD-WRT version 45723 arises from a buffer overflow in the UPNP network discovery service. This flaw allows remote attackers to send specially crafted M-SEARCH packets containing oversized UUID payloads, potentially enabling the execution of arbitrary code on the affected devi...

phpPgAdmin 7.13.0 is affected by a remote command execution vulnerability that enables authenticated attackers to execute arbitrary system commands. This is achieved through SQL query manipulation, where attackers can create custom tables, upload malicious .txt files, and leverage the COPY FROM P...

The Rockstar Games Launcher version 1.0.37.349 is susceptible to a privilege escalation vulnerability that permits authenticated users to alter the service executable due to weak file permissions. This allows attackers to replace the legitimate RockstarService.exe with a malicious binary, effecti...

The Mini Mouse Remote Control version 9.2.0 is susceptible to a path traversal vulnerability. This flaw enables remote attackers to craft HTTP requests that expose arbitrary system files and directories. By manipulating file and path parameters, attackers can gain access to sensitive files, such ...