@eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser

Summary The ConfigCommentParserparseJSONLikeConfig API is vulnerable to a Regular Expression Denial of Service ReDoS attack in its only argument. Details The regular expression at packages/plugin-kit/src/config-comment-parser.js:158 is vulnerable to a quadratic runtime attack because the grouped...

Open-AudIT Professional - 2.1.1 - Cross-Site Scripting

Exploit Title: Open-AudIT Professional 2.1.1 – Multiple Cross-Site Scripting Exploit Author: Tejesh Kolisetty Vendor Homepage: https://opmantek.com/ Software Link: https://opmantek.com/network-tools-download/ Affected Version: 2.1.1 Category: WebApps Tested on: Win7 Professional CVE : CVE-2018-91...

SMBLoris Denial Of Service

There's a lot of talk about SMBLoris but nobody seems to have written a public efficient PoC yet, so I gave it a shot. A single instance takes down a fully patched Windows 10 Pro box with 8GiB of RAM in less than 10 seconds. I tried using Scapy initially, but it's dog slow, so I went with C. The...

ProFTPD <= 1.2.10 Remote Users Enumeration Exploit

Exploit for linux platform in category remote exploits ================================================== ProFTPD include include include include define PORT 21 define PROBE 8 main int argc, char argv int sock,n,y; long dist,stat=0; struct sockaddrin sin; char buf1024, buf21024; struct timeval t...