CVE-2025-61882

This repository contains a functional exploit for CVE-2025-61882, targeting Oracle E-Business Suite with a pre-authentication RCE chain. The exploit leverages CSRF token retrieval, HTTP request smuggling, and XSLT-based Java runtime execution to achieve remote code execution.

The repository contains a functional exploit PoC for CVE-2026-22812, targeting OpenCode for remote command execution (RCE). The script establishes a session, then sends a crafted JSON payload to execute the 'id' command, verifying RCE by checking for 'uid=' and 'gid=' in the response.

This repository contains a functional exploit for CVE-2025-61882, targeting Oracle E-Business Suite. The exploit leverages SSRF and CRLF injection to achieve remote code execution (RCE) by crafting malicious HTTP requests and using a malicious server to deliver payloads.

This repository contains a functional SQL injection exploit for WordPress Quiz Maker (CVE-2025-10042). The Python script demonstrates time-based blind SQLi via crafted HTTP headers, extracting admin credentials and password hashes.

This repository provides a detailed technical analysis and detection guidance for CVE-2025-61882, a pre-authentication RCE vulnerability in Oracle E-Business Suite (versions 12.2.3–12.2.14). It includes IOCs, detection rules for Splunk/Elastic, and a safe Python script for log analysis.

The repository contains detailed technical writeups for multiple CVEs, including command injection, XXE, SQLi, and RCE vulnerabilities. Each writeup provides vulnerability overviews, proof-of-concept details, and mitigation recommendations.

This repository contains a functional multi-threaded scanner and exploit for CVE-2025-61882, targeting Oracle E-Business Suite. The exploit leverages HTTP request smuggling and XSL payload delivery to achieve unauthenticated remote code execution (RCE).

This repository contains an NSE script for detecting Oracle E-Business Suite vulnerability CVE-2025-61882. It performs multi-tier checks including fingerprinting, version checks, and optional active probing for high-confidence detection.

The repository contains functional exploit code for multiple CVEs, including authentication bypass vulnerabilities in TOTOLINK devices and a scanner for Fortinet SSL VPN (CVE-2024-21762). The PoCs demonstrate the vulnerabilities with clear technical details and executable scripts.

This repository contains functional exploit code for CVE-2025-61882, an unauthenticated remote code execution vulnerability in Oracle E-Business Suite (EBS) BI Publisher. The exploit leverages server-side template injection via crafted XSLT/XML payloads, demonstrating pre-auth RCE through SSRF and CRLF injection techniques.

This PoC demonstrates a remote code execution vulnerability in Oracle BI Publisher via insecure deserialization. It includes a Java exploit that generates a serialized payload and a bash script to simulate sending it to the vulnerable endpoint.

This repository is a comprehensive academic writeup analyzing GDPR compliance, security frameworks, and a case study on the Oracle E-Business Suite breach involving CVE-2025-61882. It does not contain exploit code but provides a detailed incident response analysis.

This repository contains a functional exploit for CVE-2025-61882, a critical pre-authentication RCE vulnerability in Oracle E-Business Suite. The exploit chains SSRF, CRLF injection, HTTP smuggling, authentication bypass, and XSLT injection to achieve remote code execution.

This repository provides a Nuclei template for detecting Oracle E-Business Suite instances vulnerable to CVE-2025-61882 by checking the Last-Modified header date. It also includes a detection script for CVE-2025-61884.

The repository claims to provide a tool for detecting Oracle vulnerabilities (CVE-2025-61882 and CVE-2025-61884) but only contains a README with download links to a ZIP file. No actual exploit code or technical details are provided, raising suspicion.

This Metasploit module exploits CVE-2025-61882 in Oracle E-Business Suite by chaining SSRF, Path Traversal, HTTP request smuggling, and XSLT injection to achieve remote code execution. It hosts a malicious XSL file that the target fetches and processes, leading to an interactive shell session.