The Oxasploits Exploit Feed

Marshall Whittaker https://oxasploits.com/exploits/ The Oxasploits Exploit Feed 2026-03-06T13:33:19-05:00 https://oxasploits.com/exploits/dbman-HPe-iMC-PLAT-remote-powershell-RCE-sploit.pl/ Exploit for getting Administrator remote code exec on HP iMC PLATs dbman.exe with command injection 2022-04-02T00:00:00-04:00 2022-04-02T00:00:00-04:00 https://oxasploits.com/exploits/aol-binary-file-planting-8.0.1.5.sh/ Binary file planting exploit via AIM advertising code bug 2014-09-01T00:00:00-04:00 2014-09-01T00:00:00-04:00 https://oxasploits.com/exploits/cve-2023-48251-boche-netrunner-hardcoded-password-rce.rb/ A hardcoded root password was used in the firmware for the Boche Netrunner. 2024-05-22T00:00:00-04:00 2024-05-22T00:00:00-04:00 https://oxasploits.com/exploits/cve-2023-38941-django-sspanel-good-create-rce.rb/ A code injection vuln exploited in the good_create function of Django SSPanel 2024-08-02T00:00:00-04:00 2024-08-02T00:00:00-04:00 https://oxasploits.com/exploits/cve-2026-24479-hustoj-problem-import-rce.rb/ In HustOJ < 26.01.24 A crafted zip file can traverse into the web root and drop php files, leading to RCE 2026-02-10T00:00:00-05:00 2026-02-10T00:00:00-05:00 https://oxasploits.com/exploits/cve-2019-12881-linux-kernel-i915-drm-exploit.c/ i915 Driver null pointer derefrence exploit for the Linux kernel 2019-04-06T00:00:00-04:00 2019-04-06T00:00:00-04:00 https://oxasploits.com/exploits/makeitrain-bitcoin-core-crash-dumps.sh/ Bitcoin service core dumps contain wallet.dats in memory 2019-11-03T00:00:00-04:00 2019-11-03T00:00:00-04:00 https://oxasploits.com/exploits/cve-2025-6514-mcp-remote-401-to-auth-routine-rce.rb/ MCP-remote when dominos tumble from a 401 unauthorized to RCE in the authentication subroutine 2025-07-21T00:00:00-04:00 2025-07-21T00:00:00-04:00 https://oxasploits.com/exploits/mount-under-2.42-dup-uuid.sh/ Exploit for mount that abuses UUIDs and filesystems created and edited via uesr 2025-04-08T00:00:00-04:00 2025-04-08T00:00:00-04:00 https://oxasploits.com/exploits/cve-2024-23824-nginxui-api-injection.rb/ API injection allows for editing config and spawning a root shell on the webterm, which can be hooked with websockets. 2024-03-09T00:00:00-05:00 2024-03-09T00:00:00-05:00 https://oxasploits.com/exploits/cve-2010-2626-perl-pipe-exploit.pl/ Exploit general perl pipe RCE 2010-05-14T00:00:00-04:00 2010-05-14T00:00:00-04:00 https://oxasploits.com/exploits/pk5001z00pin-router-exploit.c/ A known credential pk5001z router RCE exploit 2015-09-14T00:00:00-04:00 2015-09-14T00:00:00-04:00 https://oxasploits.com/exploits/cve-2021-3560-polkit-race-condition-LPE.sh/ A polkit race condition turned LPE exploit 2021-01-23T00:00:00-05:00 2021-01-23T00:00:00-05:00 https://oxasploits.com/exploits/cve-2025-55182-RSC-deserialization-to-rce-react2shell.rb/ A deserialization vulnerability exists in RSC Next.js that leads to RCE 2025-12-30T00:00:00-05:00 2025-12-30T00:00:00-05:00 https://oxasploits.com/exploits/sshd9.2-woahisread.sh/ Adding a symbolic link under the banner directive in the sshd config file can give you read to any file as root. 2018-02-05T00:00:00-05:00 2018-02-05T00:00:00-05:00 https://oxasploits.com/exploits/cve-2018-17336-udisks-2.8.0-format-string-DoS.sh/ A UDisks2 2.8.0 Format string denail of servie exploit 2018-07-07T00:00:00-04:00 2018-07-07T00:00:00-04:00 https://oxasploits.com/exploits/cve-2006-3392-webmin-session-hijacked-cookie-via-dir-traversal-rce.sh/ Exploit for getting RCE with a dir traversal and session hijacked cookie on Webmin &lt1.29 2016-12-19T00:00:00-05:00 2016-12-19T00:00:00-05:00 2026-03-06T13:33:19-05:00