CVE-2026-37536

miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a 2016-10-05 contains a stack buffer overflow in senddiagnosticrequest. A 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 receives memcpy at offset 1+pidlength with payloadlength bytes. MAXUDSREQUESTPAYLOADLENGTH=7, so 1+2+7=10 exceeds...

SharpCookieMonster - Extracts Cookies From Chrome

This is a Sharp port of @defaultnamehere's cookie-crimes module - full credit for their awesome work! This C project will dump cookies for all sites, even those with httpOnly/secure/session flags. Usage Simply run the binary. SharpCookieMonster.exe https://sitename.com chrome-debugging-port user...

Seatbelt - A C# Project That Performs A Number Of Security Oriented Host-Survey "Safety Checks" Relevant From Both Offensive And Defensive Security Perspectives

Seatbelt is a C project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives. @andrewchiles' HostEnum.ps1 script and @tifkin's Get-HostProfile.ps1 provided inspiration for many of the artifacts to collect. @harmj0...

UBoat - HTTP Botnet Project

A POC HTTP Botnet designed to replicate a full weaponised commercial botnet Disclaimer This project should be used for authorized testing or educational purposes only. The main objective behind creating this offensive project was to aid security researchers and to enhance the understanding of...

PingCastle - Get Active Directory Security At 80% In 20% Of The Time

The risk level regarding Active Directory security has changed. Several vulnerabilities have been made popular with tools like mimikatz or sites likes adsecurity.org. Ping Castle is a tool designed to assess quickly the Active Directory security level with a methodology based on risk assessment a...

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Exploit

Exploit for windows platform in category local exploits Windows: LUAFV Delayed Virtualization Cross Process Handle Duplication EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The LUAFV...

VMware Workstation 14.1.5 / VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation

VMware: Host VMX Process COM Class Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15. Class: Elevation of Privilege Summary: COM classes used by the VMX process on a Windows host can be hijacked leading to elevation of privilege. Description: The...

Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation Exploit

Exploit for windows platform in category local exploits Windows: DSSVC DSOpenSharedFile Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m...

Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass

Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass Windows: DSSVC CanonicalAndValidateFilePath Security Feature Bypass Platform: Windows 10 1803 and 1809. Class: Security Feature Bypass/Elevation of Privilege Security Boundary per Windows Security Service Criteria:...

Microsoft Windows - FSCTL_FIND_FILES_BY_SID Information Disclosure

Microsoft Windows - FSCTLFINDFILESBYSID Information Disclosure Windows: FSCTLFINDFILESBYSID Information Disclosure Platform: Windows 10 1709, 1803 Class: Information Disclosure / Elevation of Privilege Summary: The FSCTLFINDFILESBYSID control code doesn’t check for permissions to list a directory...

Microsoft Windows - 'CiSetFileCache' TOCTOU Incomplete Fix

Windows: CiSetFileCache TOCTOU CVE-2017-11830 Incomplete Fix Platform: Windows 10 1709 including Win10S Class: Security Feature Bypass Summary: The fix for CVE-2017-11830 is insufficient to prevent a normal user application adding a cached signing level to an unsigned file by exploiting a TOCTOU ...

Microsoft Windows - Global Reparse Point Security Feature Bypass/Elevation of Privilege Exploit

Exploit for windows platform in category local exploits Windows: Global Reparse Point Security Feature Bypass/Elevation of Privilege Platform: Windows 10 1709 functionality not present prior to this version Class: Security Feature Bypass/Elevation of Privilege Summary: It’s possible to use the ne...

Microsoft Windows SMB Server (v1 and v2) - Mount Point Arbitrary Device Open Privilege Escalation Ex

Exploit for windows platform in category dos / poc Windows: SMB Server v1 and v2 Mount Point Arbitrary Device Open EoP Platform: Windows 10 1703 and 1709 seems the same on 7 and 8.1 but not extensively tested Class: Elevation of Privilege Summary: The SMB server driver srv.sys and srv2.sys don't...

Microsoft Windows PPL Process Injection Privilege Escalation Exploit

Exploit for windows platform in category dos / poc Windows: PPL Process Injection EoP Platform: Windows 10 1703 x64 Class: Elevation of Privilege Summary: It’s possible to inject code into a PPL protected process by hijacking COM objects leading to accessing PPL processes such as Lsa and...

Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution Exploit

Exploit for windows platform in category remote exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1081 Windows: ManagementObject Arbitrary .NET Serialization RCE Platform: .NET 4.6, Powershell 4. Tested between Server 2016 and Windows 10 Anniversary Edition Class: Remote...