Exploit for Double Free in Xhttp_Project Xhttp

CVE-2023-38434 xHTTP commit 72f812d and below suffers from a...

Icinga Web 2.10 - Authenticated Remote Code Execution

!/usr/bin/env python3 Exploit Title: Icinga Web 2.10 - Authenticated Remote Code Execution Date: 8/07/2023 Exploit Author: Dante CoronaAka. cxdxnt Software Link: https://github.com/Icinga/icingaweb2 Vendor Homepage: https://icinga.com/ Software Link: https://github.com/Icinga/icingaweb2 Version:...

Exploit for Improper Access Control in Citrix Sharefile_Storage_Zones_Controller

ShareFile RCE CVE-2023-24489 This is a Python script that e...

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315-POC CVE-2023-32315-Openfire-Bypass-Py O...

Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called a manifest confusion attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package's manifest is...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889 Text4Shell Testing Script This repository co...

Dos via Document Comments

Description An attacker can abuse the document comment functionality, handled by the /api/comments.create API endpoint, since there is not size check or validation of the comment contents, which allows an attacker to send a comment with almost an unlimited number of characters1MB max POST size...

Exploit for Special Element Injection in Rocket.Chat

CVE-2021-22911 If you have already registered...

Exploit for Buffer Underflow in Fortinet Fortiweb

CVE-2023-25610 Insufficient heap memory in the FortiOS manage...

Microsoft Windows PowerShell Remote Command Execution Exploit

This python script mints a .ps1 file with an exploitable semicolon condition that allows for command execution from Microsoft Windows PowerShell. This is an updated exploit to work with Python3. from base64 import b64encode import argparse,sys,os PSTrojanFile.py By hyp3rlinx c 2023 ApparitionSec...

LinkedInDumper - Tool To Dump Company Employees From LinkedIn API

Python 3 script to dump company employees from LinkedIn API Description LinkedInDumper is a Python 3 script that dumps employee data from the LinkedIn social networking platform. The results contain firstname, lastname, position title, location and a user's profile link. Only 2 API calls are...

Exploit for Double Free in Openbsd Openssh

CVE-2023-25136 POC POC For A Pre Auth Double Free Vulnerability...

Exploit for Incorrect Authorization in Cacti

CVE-2022-46169 Pseudo Shell Description This Python script...

Exploit for Command Injection in Deltaww Dx-3021L9_Firmware

CVE-2022-46169 Pseudo Shell Description This Python script...

Exploit for Incorrect Authorization in Cacti

CVE-2022-46169 This repository contains a Proof of Concept P...

Exploit for Cross-site Scripting in Dompdf_Project Dompdf

CVE-2022-28368-handler This repository contains a python scrip...

Microsoft Windows 11 - 'cmd.exe' Denial of Service

Exploit Title: Microsoft Windows 11 - 'cmd.exe' Denial of Service Exploit Author: Milad Karimi Ex3ptionaL Date: 2023-03-30 Vendor Homepage: https://www.microsoft.com/en-us Software Link: https://www.microsoft.com/en-us Tested Version: N/A Tested on OS: Windows 11 Pro About App Microsoft Windows i...

Microsoft Windows 11 - (cmd.exe) Denial of Service Exploit

Exploit Title: Microsoft Windows 11 - 'cmd.exe' Denial of Service Exploit Author: Milad Karimi Ex3ptionaL Date: 2023-03-30 Vendor Homepage: https://www.microsoft.com/en-us Software Link: https://www.microsoft.com/en-us Tested Version: N/A Tested on OS: Windows 11 Pro About App Microsoft Windows i...

Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing

!/usr/bin/python3 Exploit Title: Tenda N300 F3 12.01.01.48 - Malformed HTTP Request Header Processing Shodan Dork: http.favicon.hash:-2145085239 http.title:"Tenda | LOGIN" Date: 09/03/2023 Exploit Author: @h454nsec Github: https://github.com/H454NSec/CVE-2020-35391 Vendor Homepage:...

Exploit for Improper Access Control in Joomla Joomla\!

CVE-2023-23752This is a proof-of-concept code for the CVE-2023-2...