XAMPP 3.3.0 Buffer Overflow

Exploit Title: XAMPP v3.3.0 — '.ini' Buffer Overflow Unicode + SEH Date: 2023-10-26 Author: Talson @Ripp3rdoc Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/8.0.28/xampp-windows-x64-8.0.28-0-VS16-installer.exe Version: 3.3.0 Tested on: Windows 11 CVE-2023-46517 \ / \ ...

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

🔍 Cisco IOS XE Web UI Vulnerability Scanner - CVE-2023-20198...

Exploit for CVE-2023-38646

CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabas...

Exploit for CVE-2023-38646

CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabas...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Netscaler_Application_Delivery_Controller

CVE-2023-4966 Citrix Memory Leak Exploit 🔒 Leak session token...

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

Cisco IOS XE Device Scanner User Guide for CVE-2023-20198-Scan...

Royal Elementor Addons and Templates 1.4.78 - Unauthenticated Arbitrary File Upload

Description The plugin does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. Note that this vulnerability is identical to https://wpscan.com/vulnerability/281518ff-7816-4007-b712-63aed7828b34/ as it was introduce...

Scripts failing intermittently due to permissions denied (401) exception while using PAT

h3. Issue Summary This is reproducible on the Data Center: Yes h3. Steps to Reproduce Create two Jira users: UserA and UserB and two Projects: ProjectA and ProjectB. Restrict access to ProjectA for UserA, and ProjectB for UserB. Create one issue each on ProjectA and ProjectB. Use the below python...

Exploit for Missing Authentication for Critical Function in Jetbrains Teamcity

TeamCity CVE-2023-42793 Exploit This Python script exploits...

SMShell - Send Commands And Receive Responses Over SMS From Mobile Broadband Capable Computers

PoC for an SMS-based shell. Send commands and receive responses over SMS from mobile broadband capable computers. This tool came as an insipiration during a research on eSIM security implications led by Markus Vervier, presented at Offensivecon 2023 Disclaimer This is not a complete C2 but rather...

Exploit for CVE-2023-3244

proof of concept for CVE-2023-3244 Hello, this is a simple Pr...

NVClient v5.0 - Stack Buffer Overflow Exploit

Exploit Title: NVClient v5.0 - Stack Buffer Overflow DoS Discovered by: Ahmet Ümit BAYRAM Software Link: http://www.neonguvenlik.com/yuklemeler/yazilim/kst-f919-hd2004.rar Software Manual: http://download.eyemaxdvr.com/DVST%20ST%20SERIES/CMS/Video%20Surveillance%20Management%20SoftwareV5.0.pdf...

Exploit for Cleartext Transmission of Sensitive Information in Keepass

keepass-dump-masterkey Usage python3 poc.py Previe...

Pyro CMS 3.9 Server-Side Template Injection

Exploit Title: Pyro CMS 3.9 - Server-Side Template Injection SSTI Authenticated Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Date: 03/08/2023 Vendor: https://pyrocms.com/ Software Link: https://pyrocms.com/documentation/pyrocms/3.9/getting-started/installation Vulnerable...

Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' (DOS)

Exploit Title: Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' DOS Discovered by: Yehia Elghaly Discovered Date: 2023-08-04 Vendor Homepage: https://www.xlightftpd.com/ Software Link : https://www.xlightftpd.com/download/setup.exe Tested Version: 3.9.3.6 Vulnerability Type: Buffer Overflow...

Xlight FTP Server 3.9.3.6 - Stack Buffer Overflow Exploit

Exploit Title: Xlight FTP Server 3.9.3.6 - 'Stack Buffer Overflow' DOS Discovered by: Yehia Elghaly Vendor Homepage: https://www.xlightftpd.com/ Software Link : https://www.xlightftpd.com/download/setup.exe Tested Version: 3.9.3.6 Vulnerability Type: Buffer Overflow Local Tested on OS: Windows XP...

Exploit for Cross-site Scripting in Ninjaforms Ninja_Forms

CVE-2023-37979 Exploit !Python Versionhttps://img.shields...

Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)

Exploit Title: Uvdesk v1.1.3 - File Upload Remote Code Execution RCE Authenticated Date: 28/07/2023 Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Vendor Homepage: https://www.uvdesk.com Software Link: https://github.com/uvdesk/community-skeleton Version: 1.1.3 Example: python...

Network_Assessment - With Wireshark Or TCPdump, You Can Determine Whether There Is Harmful Activity On Your Network Traffic That You Have Recorded On The Network You Monitor

With Wireshark or TCPdump, you can determine whether there is harmful activity on your network traffic that you have recorded on the network you monitor. This Python script analyzes network traffic in a given .pcap file and attempts to detect the following suspicious network activities and attack...

Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit

Exploit Title: Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit Author: Thurein Soe CVE : CVE-2022-28171 Vendor Homepage: https://www.hikvision.com Software Link: N/A Refence Link: https://cve.report/CVE-2022-28171 Version: Filmora 12: Ds-a71024 Firmware, Ds-a71024...