Bludit 3.9.12 Directory Traversal

Exploit Title: Bludit 3.9.12 - Directory Traversal Date: 2020-06-05 Exploit Author: Luis Vacacas Vendor Homepage: https://www.bludit.com Software Link: https://github.com/bludit/bludit Version: = 3.9.12 Tested on: Ubuntu 19.10 CVE : CVE-2019-16113 !/usr/bin/env python3 -- coding: utf-8 -- import...

Exploit for Improper Restriction of Excessive Authentication Attempts in Bludit

CVE-2019-17240https://www.cvedetails.com/cve/CVE-2019-17240...

Quick Player 1.3 - '.m3l' Buffer Overflow (Unicode & SEH)

Exploit Title: Quick Player 1.3 - '.m3l' Buffer Overflow Unicode & SEH Date: 2020-06-05 Author: Felipe Winsnes Software Link: http://download.cnet.com/Quick-Player/3640-21684-10871418.html Version: 1.3 Tested on: Windows 7 Proof of Concept: 1.- Run the python script "poc.py", it will create a new...

Quick Player 1.3 - Denial Of Service

Quick Player version 1.3 suffers from a denial of service vulnerability. Exploit Title: Quick Player 1.3 - 'Browser.exe' Denial of Service Date: 06/05/2020 Author: Felipe Winsnes Software Link: http://download.cnet.com/Quick-Player/3640-21684-10871418.html Version: 1.3 Tested on: Windows 7 Proof ...

Quick Player 1.3 Denial Of Service

Exploit Title: Quick Player 1.3 - 'Browser.exe' Denial of Service Date: 06/05/2020 Author: Felipe Winsnes Software Link: http://download.cnet.com/Quick-Player/3640-21684-10871418.html Version: 1.3 Tested on: Windows 7 Proof of Concept: 1.- Run the python script "poc.py", it will create a new file...

Some-PoC-oR-ExP

This repository contains a collection of proof-of-concept PoC exploits and exploits for various vulnerabilities. The primary classification of this repository is 'PoC exploit for CVE-YYYY-NNNN'. The primary CVE ID present in the context is CNVD-2020-10487, which is related to a Tomcat-Ajp LFI...

Microsoft Windows - (SMBGhost) Remote Code Execution Exploit

!/usr/bin/env python ''' EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/48537.zip SMBGhostRCEPoC RCE PoC for CVE-2020-0796 "SMBGhost" For demonstration purposes only! Only use this a reference. Seriously. This has not been tested outside of m...

HackerOne: Uploading large payload on domain instructions causes server-side DoS

This was a DoS vulnerability in a specific endpoint that didn't limit the size of the upload. As explained in the hacker summary, we limited the payload to mitigate the attack. Note : To everyone who sees this report, if a program accepts DoS vulnerabilities please try to try test carefully as it...

FinalRecon - The Last Web Recon Tool You'll Need

FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. Featured NullByte https://null-byte.wonderhowto.com/how-to/conduct-recon-web-target-with-python-tools-0198114/...

AbsoluteTelnet 11.21 - 'Username' Denial of Service (PoC)

Exploit Title: AbsoluteTelnet 11.21 - 'Username' Denial of Service PoC Discovered by: Xenofon Vassilakopoulos Discovered Date: 2020-05-21 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.21.exe Tested Version: 11.21...

Pi-hole < 4.4 - Remote Code Execution / Privileges Escalation Exploit

Exploit for linux platform in category web applications !/usr/bin/env python3 Pi-hole = 4.4 RCE Author: Nick Frichette Homepage: https://frichetten.com Note: This exploit must be run with root privileges and port 80 must not be occupied. While it is possible to exploit this from a non standard...

Exploit for OS Command Injection in Pi-Hole

CVE-2020-8816 A Python script to exploit CVE-2020-8816, a remo...

Exploit for CVE-2020-11651

It is an exploit module for Apache HTTP Server versions prior to...

YesWiki cercopitheque 2020.04.18.1 - (id) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: YesWiki cercopitheque 2020.04.18.1 - 'id' SQL Injection Exploit Author: coiffeur Vendor Homepage: https://yeswiki.net/ Software Link: https://yeswiki.net/, https://github.com/YesWiki/yeswiki Version: YesWiki cercopitheque...

SkyWrapper - Tool That Helps To Discover Suspicious Creation Forms And Uses Of Temporary Tokens In AWS

SkyWrapper is an open-source project which analyzes behaviors of temporary tokens created in a given AWS account. The tool is aiming to find suspicious creation forms and uses of temporary tokens to detect malicious activity in the account. The tool analyzes the AWS account, and creating an excel...

Online Course Registration 2.0 SQL Injection

Exploit Title: Online Course Registration 2.0 - Authentication Bypass Google Dork: N/A Date: 2020-04-25 Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/online-course-registration-free-download/ Version: 2.0 Tested on: Kali Linux...

Pwned - Simple CLI Script To Check If You Have A Password That Has Been Compromised In A Data Breach

Pwned is a simple command-line python script to check if you have a password that has been compromised in a data breach. This script uses haveibeenpwned API to check whether your passwords were leaked during one of the many breaches of online services. This API uses k-Anonymity model that allows ...

Acronis: anti_ransomware_service.exe REST API does not require authentication

antiransomwareservice.exe exposes a REST API that can be used by everyone, even unprivileged users. This API is used to communicate from the Acronis True Image 2020 GUI to the antiransomwareservice.exe. This can be exploited to add an arbitary malicious executable to the whitelist or even exclude...

RM Downloader 3.1.3.2.2010.06.13 - (Load) Buffer Overflow (SEH) Exploit

Exploit Title: RM Downloader 3.1.3.2.2010.06.13 - 'Load' Buffer Overflow SEH Author: Felipe Winsnes Version: 3.1.3.2.2010.06.13 Tested on: Windows 7 x86 Proof of Concept: 1.- Run the python script, it will create a new file "poc.txt" 2.- Copy the content of the new file 'poc.txt' to clipboard 3.-...

RM Downloader 3.1.3.2.2010.06.13 Buffer Overflow

Exploit Title: RM Downloader 3.1.3.2.2010.06.13 - 'Load' Buffer Overflow SEH Date: 2020-04-20 Author: Felipe Winsnes Software Link: https://www.exploit-db.com/apps/9af366e59468eac0b92212912b5c3bcb-RMDownloader.exe Version: 3.1.3.2.2010.06.13 Tested on: Windows 7 x86 Proof of Concept: 1.- Run the...