CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

GithubExploit•added 2019/06/30 1:42 p.m.•95 views

Exploit for OS Command Injection in Docker

Breaking out of Docker via RunC A proof of concept code for CV...

9.3CVSS8.7AI score0.9589EPSS

Exploits33

Kitploit•added 2019/06/23 10:12 p.m.•153 views

BlueGhost - A Network Tool Designed To Assist Blue Teams In Banning Attackers From Linux Servers

This tool utilizes various linux network tools and bash scripting to assist blue teams on defending debian and ubuntu based servers from malicious attackers. Scan/Ban shows connected IPs, scans IP addresses for open ports using nmap and whois search to gather reconnaissance on connected IPs, show...

7AI score

exploitpack•added 2019/06/17 12:0 a.m.•26 views

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

Microsoft Windows - UAC Protection Bypass Via Slui File Handler Hijack PowerShell Interactive Version: function SluiHijackBypass Param ParameterMandatory=$True String$command, ValidateSet64,86 int$arch = 64 Create registry structure New-Item "HKCU:\Software\Classes\exefile\shell\open\command"...

0.8AI score

ossfuzz•added 2019/05/28 10:33 a.m.•14 views

radare2/ia_fuzz: Heap-buffer-overflow in load

Project: https://github.com/radare/radare2.git Detailed report: https://oss-fuzz.com/testcase?key=5749546694475776 Project: radare2 Fuzzer: libFuzzerradare2iafuzz Fuzz target binary: iafuzz Job Type: libfuzzerasanradare2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address:...

Exploits0Affected Software1

FireEye•added 2019/04/22 5:0 p.m.•16 views

CARBANAK Week Part One: A Rare Occurrence

It is very unusual for FLARE to analyze a prolifically-used, privately-developed backdoor only to later have the source code and operator tools fall into our laps. Yet this is the extraordinary circumstance that sets the stage for CARBANAK Week, a four-part blog series that commences with this...

0.5AI score

Exploits0References11

Hacker One•added 2019/03/11 6:10 p.m.•8 views

Omise: Public and secret api key leaked via omise github repo(owned by omise)

Found secret key of particular omise accounts! Functionality of the public and secret keys are described below: Public key The public key can be used to create tokens via javascript from your customers browsers. This key can be safely exposed to the outside world. Secret key The secret key can be...

6.7AI score

The Hacker News•added 2019/02/05 8:5 p.m.•141 views

Flaws in Popular RDP Clients Allow Malicious Servers to Reverse Hack PCs

You've always been warned not to share remote access to your computer with any untrusted people for many reasons—it's basic cyber security advice, and common sense, right? But what if I say, you should not even trust anyone who invites or offers you full remote access to their computers? Security...

1.3AI score

Kitploit•added 2018/11/30 8:15 p.m.•92 views

XSSFuzzer - A Tool Which Generates XSS Payloads Based On User-Defined Vectors And Fuzzing Lists

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an...

The Hacker News•added 2018/08/08 10:33 a.m.•1 views

Snapchat Hack — Hacker Leaked Snapchat Source Code On GitHub

The source code of the popular social media app Snapchat was recently surfaced online after a hacker leaked and posted it on the Microsoft-owned code repository GitHub. A GitHub account under the name Khaled Alshehri with the handle i5xx, who claimed to be from Pakistan, created a GitHub reposito...

6.7AI score

Hacker One•added 2018/08/06 9:49 p.m.•35 views

Block.one: [FG-VD-18-125] Buffer Overflow Vulnerability in Latest EOS's EOSIO.WASMSDK Repository

Hello Block.One / EOS Product Security Team, Good Afternoon. There exists a Memory Corruption vulnerability in the latest EOS WASMSDK Library. The PoC.wasm file is attached along with this report. Reproduction Steps: - 1 Fetch latest EOS WASMSDK repsository from...

0.1AI score

Hacker One•added 2018/07/25 9:15 a.m.•21 views

Rocket.Chat: Slack Token exposed over internet (Github)

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling out the report! Summary: Slack token is...

0.7AI score

ossfuzz•added 2018/06/28 12:12 a.m.•14 views

gdal/gdal_fuzzer: Heap-double-free in RMFRasterBand::IReadBlock

Project: https://github.com/OSGeo/gdal.git Detailed report: https://oss-fuzz.com/testcase?key=4818387774472192 Project: gdal Fuzzer: libFuzzergdalfuzzer Fuzz target binary: gdalfuzzer Job Type: libfuzzerasangdal Platform Id: linux Crash Type: Heap-double-free Crash Address: 0x61f000001c80 Crash...

Exploits0Affected Software1

OpenVAS•added 2018/05/16 12:0 a.m.•18 views

e107 < 2.1.8 CSRF Vulnerability

e107 is prone to a CSRF vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.113187";...

6.5CVSS6.5AI score0.0053EPSS

Exploits0References2

Kitploit•added 2018/04/27 12:49 p.m.•34 views

AutoNSE - Massive NSE (Nmap Scripting Engine) AutoSploit And AutoScanner

Massive NSE Nmap Scripting Engine AutoSploit and AutoScanner. The Nmap Scripting Engine NSE is one of Nmap's most powerful and flexible features. It allows users to write and share simple scripts using the Lua programming language to automate a wide variety of networking tasks. Those scripts are...