Docker Images Containing Cryptojacking Malware Distributed via Docker Hub

With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service DDoS attacks and mine cryptocurrencies...

Exploit for CVE-2020-2551

PoC exploit for CVE-2020-2551, a Python example targeting Weblogic RCE via IIOP. The target vulnerability is a remote code execution vulnerability in Oracle WebLogic Server. The exploit uses the GIOP General Inter-ORB Protocol and CORBA Common Object Request Broker Architecture to establish a...

Quick Player 1.3 - Buffer Overflow

Quick Player version 1.3 suffers from a buffer overflow vulnerability. Exploit Title: Quick Player 1.3 - '.m3l' Buffer Overflow Unicode & SEH Date: 2020-06-05 Author: Felipe Winsnes Software Link: http://download.cnet.com/Quick-Player/3640-21684-10871418.html Version: 1.3 Tested on: Windows 7 Pro...

Bludit 3.9.12 Directory Traversal

Exploit Title: Bludit 3.9.12 - Directory Traversal Date: 2020-06-05 Exploit Author: Luis Vacacas Vendor Homepage: https://www.bludit.com Software Link: https://github.com/bludit/bludit Version: = 3.9.12 Tested on: Ubuntu 19.10 CVE : CVE-2019-16113 !/usr/bin/env python3 -- coding: utf-8 -- import...

Exploit for Improper Restriction of Excessive Authentication Attempts in Bludit

CVE-2019-17240https://www.cvedetails.com/cve/CVE-2019-17240...

Quick Player 1.3 - '.m3l' Buffer Overflow (Unicode & SEH)

Exploit Title: Quick Player 1.3 - '.m3l' Buffer Overflow Unicode & SEH Date: 2020-06-05 Author: Felipe Winsnes Software Link: http://download.cnet.com/Quick-Player/3640-21684-10871418.html Version: 1.3 Tested on: Windows 7 Proof of Concept: 1.- Run the python script "poc.py", it will create a new...

Quick Player 1.3 - Denial Of Service

Quick Player version 1.3 suffers from a denial of service vulnerability. Exploit Title: Quick Player 1.3 - 'Browser.exe' Denial of Service Date: 06/05/2020 Author: Felipe Winsnes Software Link: http://download.cnet.com/Quick-Player/3640-21684-10871418.html Version: 1.3 Tested on: Windows 7 Proof ...

Quick Player 1.3 Denial Of Service

Exploit Title: Quick Player 1.3 - 'Browser.exe' Denial of Service Date: 06/05/2020 Author: Felipe Winsnes Software Link: http://download.cnet.com/Quick-Player/3640-21684-10871418.html Version: 1.3 Tested on: Windows 7 Proof of Concept: 1.- Run the python script "poc.py", it will create a new file...

Some-PoC-oR-ExP

This repository contains a collection of proof-of-concept PoC exploits and exploits for various vulnerabilities. The primary classification of this repository is 'PoC exploit for CVE-YYYY-NNNN'. The primary CVE ID present in the context is CNVD-2020-10487, which is related to a Tomcat-Ajp LFI...

Microsoft Windows - (SMBGhost) Remote Code Execution Exploit

!/usr/bin/env python ''' EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/48537.zip SMBGhostRCEPoC RCE PoC for CVE-2020-0796 "SMBGhost" For demonstration purposes only! Only use this a reference. Seriously. This has not been tested outside of m...

HackerOne: Uploading large payload on domain instructions causes server-side DoS

This was a DoS vulnerability in a specific endpoint that didn't limit the size of the upload. As explained in the hacker summary, we limited the payload to mitigate the attack. Note : To everyone who sees this report, if a program accepts DoS vulnerabilities please try to try test carefully as it...

FinalRecon - The Last Web Recon Tool You'll Need

FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. Featured NullByte https://null-byte.wonderhowto.com/how-to/conduct-recon-web-target-with-python-tools-0198114/...

AbsoluteTelnet 11.21 - 'Username' Denial of Service (PoC)

Exploit Title: AbsoluteTelnet 11.21 - 'Username' Denial of Service PoC Discovered by: Xenofon Vassilakopoulos Discovered Date: 2020-05-21 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.21.exe Tested Version: 11.21...

Pi-hole < 4.4 - Remote Code Execution / Privileges Escalation Exploit

Exploit for linux platform in category web applications !/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard...

Exploit for OS Command Injection in Pi-Hole

CVE-2020-8816 A Python script to exploit CVE-2020-8816, a remo...

Exploit for CVE-2020-11651

It is an exploit module for Apache HTTP Server versions prior to...

YesWiki cercopitheque 2020.04.18.1 - (id) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: YesWiki cercopitheque 2020.04.18.1 - 'id' SQL Injection Exploit Author: coiffeur Vendor Homepage: https://yeswiki.net/ Software Link: https://yeswiki.net/, https://github.com/YesWiki/yeswiki Version: YesWiki cercopitheque...

SkyWrapper - Tool That Helps To Discover Suspicious Creation Forms And Uses Of Temporary Tokens In AWS

SkyWrapper is an open-source project which analyzes behaviors of temporary tokens created in a given AWS account. The tool is aiming to find suspicious creation forms and uses of temporary tokens to detect malicious activity in the account. The tool analyzes the AWS account, and creating an excel...

Online Course Registration 2.0 SQL Injection

Exploit Title: Online Course Registration 2.0 - Authentication Bypass Google Dork: N/A Date: 2020-04-25 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/online-course-registration-free-download/ Version: 2.0 Tested on: Kali Linux...

Pwned - Simple CLI Script To Check If You Have A Password That Has Been Compromised In A Data Breach

Pwned is a simple command-line python script to check if you have a password that has been compromised in a data breach. This script uses haveibeenpwned API to check whether your passwords were leaked during one of the many breaches of online services. This API uses k-Anonymity model that allows ...