Exploit for Classic Buffer Overflow in Freefloat Freefloat_Ftp_Server

CVE-2025-5548 Security research and reprod...

Exploit for Path Traversal in Jenkins

CVE-2024-23897 환경 구축 1. Java 설치 sudo apt update sudo apt ins...

Creation of Temporary File With Insecure Permissions

Overview Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions in the getorcreatetmpdir function in fileutils.py. This enables an attacker who can write to /tmp to cause the execution of arbitrary .py files during environment setup. Remediation...

Exploit for CVE-2025-30208

CVE-2025-30208 & CVE-2025-31125 & CVE-2025-31486 1. Overvie...

Exploit for Path Traversal in Lfprojects Mlflow

MLflow CVE-2023-1177 - PoC & Reproduce Repo này chứa mã khai...

Exploit for CVE-2025-31486

CVE-2025-31486-PoC.py url !imagehttps://github.co...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

利用条件 + DefaultServlet 写入功能启用：需在 web.xml 中配置 readonly=false...

Exploit for CVE-2024-9926

wordpress-jetpack-broken-access-control-vulnerable-application...

CVE-2024-39934

Robotmk before 2.0.1 allows a local user to escalate privileges e.g., to SYSTEM if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment...

CVE-2024-39934

Robotmk before 2.0.1 allows a local user to escalate privileges e.g., to SYSTEM if automated Python environment setup is enabled, because the "shared holotree usage" feature allows any user to edit any Python environment...

Exploit for Race Condition in Openbsd Openssh

0.省流 这本质上是一种统计漏洞：需要进行大量尝试才能赢得竞争条件并成功执行任意代码，攻击者需要克服很多障碍，”Schwa...

DarkGPT - An OSINT Assistant Based On GPT-4-200K Designed To Perform Queries On Leaked Databases, Thus Providing An Artificial Intelligence Assistant That Can Be Useful In Your Traditional OSINT Processes

DarkGPT is an artificial intelligence assistant based on GPT-4-200K designed to perform queries on leaked databases. This guide will help you set up and run the project on your local environment. Prerequisites Before starting, make sure you have Python installed on your system. This project has...

Cmaps v8.0 - SQL injection

Exploit Title: Cmaps v8.0 - SQL injection - Date: 27.04.2023 - Exploit Author: Lucas Noki 0xPrototype - Vendor Homepage: https://github.com/vogtmh - Software Link: https://github.com/vogtmh/cmaps - Version: 8.0 - Tested on: Mac, Windows, Linux - CVE : CVE-2023-29809 Description: The vulnerability...

Companymaps 8.0 SQL Injection Vulnerability

Exploit Title: Unauthenticated SQL injection - Exploit Author: Lucas Noki 0xPrototype - Vendor Homepage: https://github.com/vogtmh - Software Link: https://github.com/vogtmh/cmaps - Version: 8.0 - Tested on: Mac, Windows, Linux - CVE : CVE-2023-29809 Description: The vulnerability found is an SQL...

CompanyMaps 8.0 Cross Site Scripting

Exploit Title: Stored Cross Site Scripting Google Dork: Date: 27.04.2023 Exploit Author: Lucas Noki 0xPrototype Vendor Homepage: https://github.com/vogtmh Software Link: https://github.com/vogtmh/cmaps Version: 8.0 Tested on: Mac, Windows, Linux CVE : CVE-2023-29983 Steps to reproduce: 1. Clone t...

Web-Hacking-Playground - Web Application With Vulnerabilities Found In Real Cases, Both In Pentests And In Bug Bounty Programs

Web Hacking Playground is a controlled web hacking environment. It consists of vulnerabilities found in real cases, both in pentests and in Bug Bounty programs. The objective is that users can practice with them, and learn to detect and exploit them. Other topics of interest will also be addresse...

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

SpringCloud-Gateway Command Execution Vulnerability CVE-2022...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

SpringCloud-Gateway Command Execution Vulnerability CVE-2022...

How to add new XenMobile nodes in environments with Rolling Patches installed

Step by step on how to add new XenMobile nodes when the the environment already has Rolling Patches installed...

Router exploitation of the Stack Overflow entry II-vulnerability warning-the black bar safety net

Foreword Finally, in learning MIPS vulnerability discovery process, to find a good drone platform The Damn Vulnerable Router Firmware Project Project address: https://github.com/praetorian-inc/DVRF The goal of this project is to simulate a real world environment to help people learn about other C...