Publicly Disclosed
PoC Exploits
đź”´ Alway take caution when working with PoC Exploits đź”´
Discovered 57 minutes ago
PoC for CVE-2014-6271
GNU Bash versions up to 4.3 are vulnerable to a code injection flaw due to the mishandling of trailing strings after function definitions in environment variables. This vulnerability enables remote attackers to execute arbitrary code by crafting specific environment variables under various condit...
Discovered 1 hour ago
PoC for CVE-2025-53652
The Jenkins Git Parameter Plugin has an input validation flaw that permits users with Item/Build permission to misuse Git parameters. When submitting a build, the plugin does not ensure that the Git parameter value provided matches one of the predefined options, enabling attackers to potentially ...
Discovered 2 hours ago
PoC for CVE-2025-8171
A significant vulnerability has been identified in the Code-Projects Document Management System 1.0, specifically in the processing of the file `/insert.php`. This vulnerability allows attackers to manipulate the 'uploaded_file' argument, enabling unrestricted file uploads. The consequences of su...
PoC for CVE-2025-8170
A vulnerability exists in the TOTOLINK T6 router, specifically in the MQTT Packet Handler's tcpcheck_net function. This issue arises due to improper handling of the serverIp argument, which can lead to a buffer overflow condition. An attacker can exploit this vulnerability remotely, potentially c...
Discovered 3 hours ago
PoC for CVE-2025-8169
A buffer overflow vulnerability exists in the D-Link DIR-513 router, specifically in the formSetWanPPTPcallback function within the HTTP POST Request Handler. This vulnerability can be exploited remotely by manipulating the curTime argument, potentially allowing attackers to execute arbitrary cod...
PoC for CVE-2025-8168
A vulnerability exists in the D-Link DIR-513 router's software due to improper handling of the argument 'curTime' within the 'websAspInit' function located in the '/goform/formSetWanPPPoE' file. This flaw allows attackers to exploit a buffer overflow condition, potentially leading to unauthorized...
Discovered 4 hours ago
PoC for CVE-2025-8167
A vulnerability has been identified in the Church Donation System 1.0 by Code-Projects, specifically within the /admin/edit_members.php file. This issue arises from inadequate input validation, allowing attackers to manipulate the 'fname' parameter, which can lead to Cross-Site Scripting (XSS) at...
PoC for CVE-2025-8166
A SQL injection vulnerability has been identified in the Church Donation System (version 1.0) developed by Code-Projects. The flaw resides within an unspecified function in the /admin/index.php file that handles HTTP POST requests. Through manipulating the 'Username' parameter, an attacker could ...
Discovered 5 hours ago
PoC for CVE-2025-8165
A significant SQL injection vulnerability has been identified in the Food Review System, specifically within the handling of the file /admin/approve_reservation.php. This flaw arises from improper processing of the 'occasion' parameter, allowing attackers to manipulate SQL queries. The exploitati...
PoC for CVE-2025-8164
A security vulnerability exists in the send_message.php file of the Code-Projects Public Chat Room 1.0 that allows for SQL injection through the manipulation of the ID argument. This issue can be exploited remotely, potentially compromising sensitive data. The vulnerability has been publicly disc...
Discovered 6 hours ago
PoC for CVE-2025-8163
A significant SQL injection vulnerability has been identified in DeerWMS, specifically in the parameter handling of the /system/role/list file. By manipulating the 'params[dataScope]' argument, an attacker can execute remote SQL commands, potentially compromising the confidentiality and integrity...
PoC for CVE-2025-8162
A critical SQL injection vulnerability exists in Deer WMS versions up to 3.3, specifically in the functionality associated with the file /system/dept/list. This security flaw allows an attacker to manipulate the argument params[dataScope], potentially leading to unauthorized access to sensitive d...
Discovered 7 hours ago
PoC for CVE-2025-8161
A security flaw exists in the DeerWMS product, specifically affecting versions up to 3.3. The vulnerability involves the improper handling of the parameters in the file /system/role/export, particularly the params[dataScope] argument. Malicious actors can exploit this vulnerability to perform SQL...
PoC for CVE-2014-125119
A filename spoofing vulnerability exists in WinRAR, where inconsistencies between the Central Directory and Local File Header in ZIP archives can be exploited. When users open specially crafted ZIP files, the file names displayed can differ from the actual files being extracted. This discrepancy ...
PoC for CVE-2014-125119
A filename spoofing vulnerability exists in WinRAR, where inconsistencies between the Central Directory and Local File Header in ZIP archives can be exploited. When users open specially crafted ZIP files, the file names displayed can differ from the actual files being extracted. This discrepancy ...
Discovered 8 hours ago
PoC for CVE-2016-15046
A client-side remote code execution vulnerability can be exploited in Samsung Security Manager versions 1.32 and 1.4 due to improper restrictions on the PUT method provided by the included Apache ActiveMQ instance on port 8161. By leveraging a Cross-Origin Resource Sharing (CORS) bypass along wit...
PoC for CVE-2014-125115
An unauthenticated SQL injection vulnerability exists in Pandora FMS versions prior to 5.0 SP3, specifically within the mobile/index.php endpoint. Attackers can exploit this flaw by manipulating the loginhash_data parameter, which is inadequately sanitized, leading to unauthorized extraction of a...
PoC for CVE-2014-125115
An unauthenticated SQL injection vulnerability exists in Pandora FMS versions prior to 5.0 SP3, specifically within the mobile/index.php endpoint. Attackers can exploit this flaw by manipulating the loginhash_data parameter, which is inadequately sanitized, leading to unauthorized extraction of a...
PoC for CVE-2025-34114
A security misconfiguration vulnerability in the OpenBlow whistleblowing platform arises from the lack of vital HTTP response headers, such as Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, and Cross-Origin-Resource-Policy. This oversight diminishes br...
PoC for CVE-2014-125114
A stack-based buffer overflow vulnerability impacts i-Ftp version 2.20, caused by inadequate handling of the Time attribute in the Schedule.xml file. An attacker can exploit this vulnerability by placing a malicious Schedule.xml file in the application directory, leading to a potential buffer ove...
PoC for CVE-2014-125114
A stack-based buffer overflow vulnerability impacts i-Ftp version 2.20, caused by inadequate handling of the Time attribute in the Schedule.xml file. An attacker can exploit this vulnerability by placing a malicious Schedule.xml file in the application directory, leading to a potential buffer ove...
PoC for CVE-2014-125114
A stack-based buffer overflow vulnerability impacts i-Ftp version 2.20, caused by inadequate handling of the Time attribute in the Schedule.xml file. An attacker can exploit this vulnerability by placing a malicious Schedule.xml file in the application directory, leading to a potential buffer ove...
PoC for CVE-2014-125116
A remote code execution vulnerability has been identified in HybridAuth versions 2.0.9 to 2.2.2 stemming from insecure handling of the install.php script. Post-deployment, this script remains accessible and fails to adequately sanitize input before writing to the application’s configuration file ...
PoC for CVE-2014-125116
A remote code execution vulnerability has been identified in HybridAuth versions 2.0.9 to 2.2.2 stemming from insecure handling of the install.php script. Post-deployment, this script remains accessible and fails to adequately sanitize input before writing to the application’s configuration file ...
PoC for CVE-2014-125116
A remote code execution vulnerability has been identified in HybridAuth versions 2.0.9 to 2.2.2 stemming from insecure handling of the install.php script. Post-deployment, this script remains accessible and fails to adequately sanitize input before writing to the application’s configuration file ...
PoC for CVE-2013-10032
An authenticated remote code execution vulnerability is present in GetSimpleCMS version 3.2.1, allowing authenticated users to upload files without sufficient validation of their MIME types or extensions. By exploiting this weakness, attackers can upload a .pht file that disguises malicious PHP c...
PoC for CVE-2013-10032
An authenticated remote code execution vulnerability is present in GetSimpleCMS version 3.2.1, allowing authenticated users to upload files without sufficient validation of their MIME types or extensions. By exploiting this weakness, attackers can upload a .pht file that disguises malicious PHP c...
PoC for CVE-2014-125118
A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The vulnerability arises due to inadequate sanitation of the 'pass' parameter during login requests to login.php. This flaw permits an authenticated attacker, possessing a valid username, to inject arbitra...
PoC for CVE-2014-125118
A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The vulnerability arises due to inadequate sanitation of the 'pass' parameter during login requests to login.php. This flaw permits an authenticated attacker, possessing a valid username, to inject arbitra...
PoC for CVE-2014-125117
A stack-based buffer overflow has been identified in the my_cgi.cgi component of select D-Link devices, including the DSP-W215 version 1.02. This vulnerability can be exploited through a crafted HTTP POST request directed at the /common/info.cgi endpoint. An attacker without authentication can le...
PoC for CVE-2014-125117
A stack-based buffer overflow has been identified in the my_cgi.cgi component of select D-Link devices, including the DSP-W215 version 1.02. This vulnerability can be exploited through a crafted HTTP POST request directed at the /common/info.cgi endpoint. An attacker without authentication can le...
PoC for CVE-2014-125117
A stack-based buffer overflow has been identified in the my_cgi.cgi component of select D-Link devices, including the DSP-W215 version 1.02. This vulnerability can be exploited through a crafted HTTP POST request directed at the /common/info.cgi endpoint. An attacker without authentication can le...
PoC for CVE-2025-8160
A buffer overflow vulnerability has been identified in the Tenda AC20 router, specifically within the SetSysTimeCfg function of the httpd component. This flaw allows an attacker to manipulate the timeZone argument, leading to a potential remote exploit. The vulnerability affects Tenda AC20 device...
Discovered 9 hours ago
PoC for CVE-2025-8159
A significant vulnerability exists in the D-Link DIR-513 router related to the formLanguageChange function in the HTTP POST Request Handler. The issue arises from improper handling of the curTime argument, leading to a stack-based buffer overflow. This vulnerability enables attackers to execute a...
Discovered 10 hours ago
PoC for CVE-2025-8158
A SQL injection vulnerability exists in the PHPGurukul Login and User Management System 3.3, specifically within the 'yesterday-reg-users.php' file. By manipulating the argument ID, remote attackers can execute unauthorized SQL queries against the database. This flaw can expose sensitive data and...
PoC for CVE-2025-8157
A vulnerability exists in PHPGurukul User Registration & Login and User Management version 3.3, where an SQL injection vulnerability can be exploited through manipulated input in the /admin/lastthirtyays-reg-users.php file. This flaw enables attackers to execute arbitrary SQL queries remotely, po...
Discovered 11 hours ago
PoC for CVE-2025-8156
A SQL injection vulnerability exists in the PHPGurukul User Registration & Login and User Management version 3.3, specifically in the /admin/lastsevendays-reg-users.php file. This vulnerability allows attackers to manipulate the ID parameter, potentially enabling unauthorized access to sensitive ...
PoC for CVE-2025-51411
A reflected cross-site scripting (XSS) vulnerability has been identified in the Institute-of-Current-Students application, specifically affecting version 1.0. This vulnerability arises from improper sanitization of user input in the email parameter of the /postquerypublic endpoint. An attacker ca...
Discovered 14 hours ago
PoC for CVE-2025-8140
A buffer overflow vulnerability has been identified in the TOTOLINK A702R router, specifically within the HTTP POST Request Handler located in the /boafrm/formWlanMultipleAP file. This flaw allows an attacker to manipulate the submit-url argument, potentially enabling remote exploitation. The vul...
Discovered 15 hours ago
PoC for CVE-2025-8139
A buffer overflow vulnerability exists in the HTTP POST Request Handler of the TOTOLINK A702R, specifically related to the manipulation of the 'service_type' parameter in the /boafrm/formPortFw file. This flaw allows an attacker to exploit the system remotely, potentially compromising its integri...
PoC for CVE-2025-8138
The TOTOLINK A702R contains a vulnerability in the HTTP POST request handler, specifically within the formOneKeyAccessButton component. By manipulating the 'submit-url' argument, an attacker may trigger a buffer overflow condition. This can be exploited remotely, posing a significant risk to devi...
Discovered 16 hours ago
PoC for CVE-2025-8137
A buffer overflow vulnerability exists in the HTTP POST Request Handler of the TOTOLINK A702R device. This vulnerability could be exploited remotely through the manipulation of the 'mac' argument in the '/boafrm/formIpQoS' file. If successfully exploited, this issue allows attackers to execute ar...
PoC for CVE-2025-8136
A buffer overflow vulnerability exists in the TOTOLINK A702R router, specifically within the HTTP POST Request Handler component. This issue arises from improper handling of the 'ip6addr' argument, allowing remote attackers to exploit the vulnerability and potentially execute arbitrary code. The ...
Discovered 17 hours ago
PoC for CVE-2025-8135
The itsourcecode Insurance Management System 1.0 is susceptible to a SQL injection vulnerability via the /updateAgent.php file. This flaw allows unauthorized manipulation of the 'agent_id' parameter, potentially enabling remote attackers to execute arbitrary SQL commands on the underlying databas...
PoC for CVE-2025-8134
The PHPGurukul BP Monitoring Management System version 1.0 is susceptible to an SQL injection vulnerability through the manipulation of the 'fromdate' and 'todate' parameters in the /bwdates-report-result.php file. This flaw allows attackers to execute unauthorized SQL commands remotely, potentia...
PoC for CVE-2025-7022
The My Reservation System WordPress plugin, up to version 2.3, is susceptible to a reflected cross-site scripting (XSS) vulnerability. This issue arises due to insufficient sanitization and escaping of parameters before rendering them on the page, potentially allowing attackers to exploit this fl...
Discovered 18 hours ago
PoC for CVE-2025-8133
A server-side request forgery vulnerability exists in yanyutao0402 ChanCMS versions up to 3.1.2, specifically affecting the getArticle function in app/modules/api/service/gather.js. An unauthenticated attacker can manipulate the targetUrl argument to initiate requests to internal services, potent...
PoC for CVE-2025-8132
A security flaw exists in ChanCMS versions up to 3.1.2 that allows for path traversal through the delfile function in app/extend/utils.js. This vulnerability can be exploited remotely, potentially enabling unauthorized file deletion. The issue has been publicly disclosed, heightening the risk of ...
Discovered 19 hours ago
PoC for CVE-2025-8131
A stack-based buffer overflow vulnerability exists in the Tenda AC20 router version 16.03.08.05, specifically within the functionality of the /goform/SetStaticRouteCfg file. This flaw arises from improper handling of argument lists, permitting remote attackers to potentially execute arbitrary cod...
PoC for CVE-2025-8129
An open redirect vulnerability has been identified in the KoaJS Koa library, specifically within the HTTP Header Handler in 'lib/response.js'. This flaw allows for the manipulation of the 'Referrer' argument, which can be exploited to redirect users to unintended external sites. The vulnerability...