Exploit for Deserialization of Untrusted Data in Veeam One

Modified-CVE-2020-10915-MsfModule THIS IS NOT AN ORIGINAL EXPL...

New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits

A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services IIS servers to infiltrate their networks...

Exploit for Deserialization of Untrusted Data in Apache Dubbo

The 0xDABB of Doom - CVE-2021-25641-Proof-of-Concept Apache/Al...

Exploit for Deserialization of Untrusted Data in Microsoft

Proxylogon-exploi...

SpringBootVulExploit

This repository contains a collection of Spring Boot vulnerability exploit checklists, including information on how to exploit various vulnerabilities in Spring Boot applications. The repository includes several subdirectories, each containing a specific exploit: 1...

Exploit for Deserialization of Untrusted Data in Microsoft

This is a weaponized tool for exploiting the Microsoft Exchange 2010 MRM.AutoTag.Model unsafe deserialize vulnerability, identified as CVE-2020-17144. The tool is written in C and uses the .NET framework 3.5. The tool consists of two files: e.cs and cve-2020-17144.cs. The e.cs file is a simple C...

Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform

PenetrationTestingPOCWithPython - IOT Device - Web APP - 提权辅助相关 - PC - tools - books - 说明 PenetrationTestingPOCWithPython 搜集有关渗透测试中用python编写的POC、脚本 请善用搜索Ctrl+F查找 IOT Device - 天翼创维awifi路由器存在多处未授权访问漏洞 - 华为WS331a产品管理页面存在CSRF漏洞 - CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞 - D-Link路由器RCE漏洞 -...

marshalsec

This is a Java-based tool called "marshalsec" that exploits Java object deserialization vulnerabilities in various marshalling libraries. The tool is designed to test and demonstrate the exploitation of these vulnerabilities, which can lead to remote code execution RCE and other security issues...

Exploit for Deserialization of Untrusted Data in Oracle Access_Manager

This is a Java class file, specifically the Main class from the com.axin package. The class has a single method, main, which takes an array of String arguments. The method is not implemented, as it is empty. The class has several annotations and attributes, including: LineNumberTable: This...

Exploit for Deserialization of Untrusted Data in Telerik Ui_For_Asp.Net_Ajax

TelerikUI Python Scanner telerikrcescan.py Examples A...

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2018-2628 CVE-2018-2628漏洞工具包 根据Github上整理出的漏洞利用工具包含： 1.CVE-2018-2628漏洞检测工具 //漏洞存在检测的POC 2.weblogicpoc.py //漏洞利用的POC 3.ysoserial-0.1-cve-2018-2628-all.jar //借鉴的漏洞利用工具https://github.com/tdy218/ysoserial-cve-2018-2628/releases 具体的漏洞复现过程请移步简书：https://www.jianshu.com/p/6649118ba7b6...

Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform

PenetrationTestingPOCWithPython - IOT Device - Web APP - 提权辅助相关 - PC - tools - books - 说明 PenetrationTestingPOCWithPython 搜集有关渗透测试中用python编写的POC、脚本 请使用搜索查找 IOT Device - 天翼创维awifi路由器存在多处未授权访问漏洞 - 华为WS331a产品管理页面存在CSRF漏洞 - CVE-2019-16313 蜂网互联企业级路由器v4.31密码泄露漏洞 - D-Link路由器RCE漏洞 -...

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

ysoserial-cve-2018-2628 0x1. 准备工作 - 准备好POC脚本及Payload Object生成、JRMPListener运行所需软件环境 Python 2.7.x Oracle Java SE 1.7+ - 准备好一套安装好Patch Set Update 180417补丁的WebLogic Server 10.3.6环境（仅有AdminServer即可） 如果有现成的、已经安装好这个PSU版本的WebLogic环境，则可跳过这一步。 - 准备好POC工具 从本项目里下载POC脚本（wls-cve-2018-2628-poc.py）...

Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind

It is an offensive tool for Java. This PoC exploit targets CVE-2...

Exploit for Deserialization of Untrusted Data in Numpy

CVE-2019-6446: NumPy deserialization command execution NumP...

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

WebLogic WLS Core Component Deserialization Vulnerability CV...

ERS Data System 1.8.1 - Java Deserialization Exploit

Exploit for windows platform in category remote exploits Exploit Title: ERS Data System 1.8.1 Deserialize Vulnerability Google Dork: N/A Date: 9/21/2017 Exploit Author: West Shepherd Vendor Homepage: http://www.ersdata.com Software Link: www.ersdata.com/downloads/ErsSetup.exe Version: 1.8.1.0...

Exploit for Deserialization of Untrusted Data in Apache Struts

apache-struts-pwn - CVE-2017-9805 Exploit ============ An...

PT-2017-4235 · Red Hat · Red Hat Jboss Application Server +1

Name of the Vulnerable Software and Affected Versions: Red Hat JBoss Application Server versions as shipped with Red Hat Enterprise Application Platform 5.2 Description: The issue is related to the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker, which does not restrict classes fo...