Security research, exploits, and hardware hacking https://magikh0e.pl/ 2026-05-17T02:25:23Z magikh0e https://magikh0e.pl/exploits/2026/February/21nails.txt 2026-01-01T00:00:00Z

21Nails: Multiple vulnerabilities in Exim

https://magikh0e.pl/pubCarHacking/scripts/2k.txt 2026-01-01T00:00:00Z

Holds engine RPM at 2000 via UDS Service 0x31 (RoutineControl) on the Engine Control Module ($7E0 / $7E8). Press Ctrl+C to release. Differences from the horn / brake-light demos: - Target ECM uses OBD-II-style 11-bit IDs ($7E0 / $7E8), not the FCA-internal $620 / $504 BCM pair. - Session sub-function 0x92 (Chrysler manufacturer-specific), not 0x03 (extended). - Service 0x31 (RoutineControl, startR

https://magikh0e.pl/pubCarHacking/scripts/3rd_brakelight.txt 2026-01-01T00:00:00Z

Demo of UDS Service 0x2F (IOControlByIdentifier) on a JEEP platform — toggles the cargo-area / 3rd brake light on and off via the request sequence walked through in the Bus & Message Reference : NM wake → Extended Diagnostic Session → IOControl ON → IOControl OFF, plus a background TesterPresent keepalive so the ECU's S3 timer doesn't drop the session and a SIGINT trap that issues returnControlToE

https://magikh0e.pl/exploits/2026/January/Ashwesker-CVE-2026-22794-main.html 2026-01-01T00:00:00Z

🔥 CVE-2026-22794 — Critical Account Takeover Vulnerability (CVE-2026-22794)

https://magikh0e.pl/exploits/2026/January/Ashwesker-CVE-2026-22794-main.zip 2026-01-01T00:00:00Z

🔥 CVE-2026-22794 — Critical Account Takeover Vulnerability

https://magikh0e.pl/exploits/2026/January/BeatXP_Vega_Smartwatch_Security_Assessment_Report.pdf 2026-01-01T00:00:00Z

January 2026

https://magikh0e.pl/pubCarHacking/scripts/Blackbox_monitor.txt 2026-01-01T00:00:00Z

Ignition-state event monitor for a Raspberry Pi in-vehicle setup. Watches $122 on CAN-IHS for OFF→RUN and RUN→OFF transitions, starts/stops a configurable CAN recorder accordingly, shifts the CPU governor between powersave (idle) and ondemand (running), and optionally fires a remote-start HVAC trigger on the first observed OFF→RUN edge so a script restart on an already-running engine doesn't ghost

https://magikh0e.pl/exploits/2026/March/CVE-2018-1207-main.html 2026-01-01T00:00:00Z

Exploit PoC for CVE-2018-1207: Dell iDRAC7/iDRAC8 RCE (Reverse Shell) (CVE-2018-1207)

https://magikh0e.pl/exploits/2026/March/CVE-2018-1207-main.zip 2026-01-01T00:00:00Z

Exploit PoC for CVE-2018-1207: Dell iDRAC7/iDRAC8 RCE (Reverse Shell)

https://magikh0e.pl/exploits/2026/February/CVE-2020-10558-master.html 2026-01-01T00:00:00Z

CVE-2020-10558: Tesla Model S/3/X Denial of Service (DoS) (CVE-2020-10558)

https://magikh0e.pl/exploits/2026/February/CVE-2020-10558-master.zip 2026-01-01T00:00:00Z

CVE-2020-10558: Tesla Model S/3/X Denial of Service (DoS)

https://magikh0e.pl/exploits/2026/February/CVE-2020-12124-main.html 2026-01-01T00:00:00Z

Anatomy of an IoT Exploit, from Hands-On to RCE (CVE-2020-12124)

https://magikh0e.pl/exploits/2026/February/CVE-2020-12124-main.zip 2026-01-01T00:00:00Z

Anatomy of an IoT Exploit, from Hands-On to RCE

https://magikh0e.pl/exploits/2026/March/CVE-2020-5902-main.html 2026-01-01T00:00:00Z

Exploit for CVE-2020-5902

https://magikh0e.pl/exploits/2026/March/CVE-2020-5902-main.zip 2026-01-01T00:00:00Z

<div align="center">

https://magikh0e.pl/exploits/2026/January/CVE-2023-28432-main.html 2026-01-01T00:00:00Z

Minio Environment Variables Exploit (CVE-2023-28432) (CVE-2023-28432)

https://magikh0e.pl/exploits/2026/January/CVE-2023-28432-main.zip 2026-01-01T00:00:00Z

Minio Environment Variables Exploit (CVE-2023-28432)

https://magikh0e.pl/exploits/2026/February/CVE-2023-33730-main.html 2026-01-01T00:00:00Z

CVE-2023-33730 — eScan Management Console Privilege Escalation (CVE-2023-33730)

https://magikh0e.pl/exploits/2026/February/CVE-2023-33730-main.zip 2026-01-01T00:00:00Z

CVE-2023-33730 — eScan Management Console Privilege Escalation

https://magikh0e.pl/exploits/2026/February/CVE-2023-33731-main.html 2026-01-01T00:00:00Z

CVE-2023-33731 — eScan Management Console: Reflected Cross-Site Scripting (XSS) (CVE-2023-33731)

https://magikh0e.pl/exploits/2026/February/CVE-2023-33731-main.zip 2026-01-01T00:00:00Z

CVE-2023-33731 — eScan Management Console: Reflected Cross-Site Scripting (XSS)

https://magikh0e.pl/exploits/2026/February/CVE-2023-33732-main.html 2026-01-01T00:00:00Z

CVE-2023-33732 — Reflected Cross-Site Scripting in eScan Management Console (CVE-2023-33732)

https://magikh0e.pl/exploits/2026/February/CVE-2023-33732-main.zip 2026-01-01T00:00:00Z

CVE-2023-33732 — Reflected Cross-Site Scripting in eScan Management Console

https://magikh0e.pl/exploits/2026/March/CVE-2023-3452.html 2026-01-01T00:00:00Z

CVE-2023-3452 - WordPress Canto Plugin RCE (CVE-2023-3452)

https://magikh0e.pl/exploits/2026/March/CVE-2023-3452.zip 2026-01-01T00:00:00Z

CVE-2023-3452 - WordPress Canto Plugin RCE

https://magikh0e.pl/exploits/2026/February/CVE-2023-34632-main.html 2026-01-01T00:00:00Z

Reflected XSS in 1000projects Book Management System 1.0 (CVE-2023-34632)

https://magikh0e.pl/exploits/2026/February/CVE-2023-34632-main.zip 2026-01-01T00:00:00Z

Reflected XSS in 1000projects Book Management System 1.0

https://magikh0e.pl/exploits/2026/February/CVE-2023-34835-main.html 2026-01-01T00:00:00Z

CVE-2023-34835 — eScan Management Console: Reflected Cross-Site Scripting (XSS) (CVE-2023-34835)

https://magikh0e.pl/exploits/2026/February/CVE-2023-34835-main.zip 2026-01-01T00:00:00Z

CVE-2023-34835 — eScan Management Console: Reflected Cross-Site Scripting (XSS)

https://magikh0e.pl/exploits/2026/February/CVE-2023-34836-main.html 2026-01-01T00:00:00Z

CVE-2023-34836 — eScan Management Console 14.0.1400.2281: Reflected Cross-Site Scripting (XSS) (CVE-2023-34836)

https://magikh0e.pl/exploits/2026/February/CVE-2023-34836-main.zip 2026-01-01T00:00:00Z

CVE-2023-34836 — eScan Management Console 14.0.1400.2281: Reflected Cross-Site Scripting (XSS)

https://magikh0e.pl/exploits/2026/February/CVE-2023-34837-main.html 2026-01-01T00:00:00Z

CVE-2023-34837 — eScan Management Console: Reflected Cross-Site Scripting (XSS) (CVE-2023-34837)

https://magikh0e.pl/exploits/2026/February/CVE-2023-34837-main.zip 2026-01-01T00:00:00Z

CVE-2023-34837 — eScan Management Console: Reflected Cross-Site Scripting (XSS)

https://magikh0e.pl/exploits/2026/February/CVE-2023-34838-main.html 2026-01-01T00:00:00Z

CVE-2023-34838 — eScan Management Console Stored XSS (CVE-2023-34838)

https://magikh0e.pl/exploits/2026/February/CVE-2023-34838-main.zip 2026-01-01T00:00:00Z

CVE-2023-34838 — eScan Management Console Stored XSS

https://magikh0e.pl/exploits/2026/January/CVE-2023-35082-main.html 2026-01-01T00:00:00Z

🕵️ Vulnerability Scanner 🛡️ (CVE-2023-35082)

https://magikh0e.pl/exploits/2026/January/CVE-2023-35082-main.zip 2026-01-01T00:00:00Z

🕵️ Vulnerability Scanner 🛡️

https://magikh0e.pl/exploits/2026/January/CVE-2023-3519-main.html 2026-01-01T00:00:00Z

Citrix ADC RCE CVE-2023-3519 Exploit Guide (CVE-2023-3519)

https://magikh0e.pl/exploits/2026/January/CVE-2023-3519-main.zip 2026-01-01T00:00:00Z

Citrix ADC RCE CVE-2023-3519 Exploit Guide

https://magikh0e.pl/exploits/2026/January/CVE-2023-36846-main.html 2026-01-01T00:00:00Z

Remote Code Execution in Juniper JunOS (SRX and EX Series) - CVE-2023-36846 Exploit (CVE-2023-36846)

https://magikh0e.pl/exploits/2026/January/CVE-2023-36846-main.zip 2026-01-01T00:00:00Z

Remote Code Execution in Juniper JunOS (SRX and EX Series) - CVE-2023-36846 Exploit

https://magikh0e.pl/exploits/2026/February/CVE-2023-37189-main.html 2026-01-01T00:00:00Z

CVE-2023-37189 — Issabel PBX 4.0.0-6 Stored Cross-Site Scripting (XSS) (CVE-2023-37189)

https://magikh0e.pl/exploits/2026/February/CVE-2023-37189-main.zip 2026-01-01T00:00:00Z

CVE-2023-37189 — Issabel PBX 4.0.0-6 Stored Cross-Site Scripting (XSS)

https://magikh0e.pl/exploits/2026/February/CVE-2023-37190-main.html 2026-01-01T00:00:00Z

CVE-2023-37190 — Issabel-PBX 4.0.0-6: Stored Cross-Site Scripting (XSS) (CVE-2023-37190)

https://magikh0e.pl/exploits/2026/February/CVE-2023-37190-main.zip 2026-01-01T00:00:00Z

CVE-2023-37190 — Issabel-PBX 4.0.0-6: Stored Cross-Site Scripting (XSS)

https://magikh0e.pl/exploits/2026/February/CVE-2023-37191-main.html 2026-01-01T00:00:00Z

CVE-2023-37191 — Issabel PBX 4.0.0-6: Stored Cross-Site Scripting (XSS) (CVE-2023-37191)

https://magikh0e.pl/exploits/2026/February/CVE-2023-37191-main.zip 2026-01-01T00:00:00Z

CVE-2023-37191 — Issabel PBX 4.0.0-6: Stored Cross-Site Scripting (XSS)

https://magikh0e.pl/exploits/2026/February/CVE-2023-37596-main.html 2026-01-01T00:00:00Z

CVE-2023-37596 — issabel-pbx 4.0.0-6: Cross-Site Request Forgery (CSRF) — Delete Any User (CVE-2023-37596)

https://magikh0e.pl/exploits/2026/February/CVE-2023-37596-main.zip 2026-01-01T00:00:00Z

CVE-2023-37596 — issabel-pbx 4.0.0-6: Cross-Site Request Forgery (CSRF) — Delete Any User

https://magikh0e.pl/exploits/2026/February/CVE-2023-37597-main.html 2026-01-01T00:00:00Z

CVE-2023-37597 — issabel-pbx 4.0.0-6: Cross-Site Request Forgery (CSRF) — Delete User Group (CVE-2023-37597)