ExploitMind

ExploitMind Overview ExploitMind is an en...

KAVACHx

Intelligent Exploit & Patch Management Platform A full-stack...

Exploit for Out-of-bounds Write in Google Chrome

CVE-2025-5419 An uninitialized read vulnerability by incorrec...

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2024-42008 RoundCube XSS Exploit Overview This reposi...

Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover

Exploit Title: Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover Google Dork: N/A Date: 21/07/2024 Exploit Author: Mohammed Adel Vendor Homepage: https://www.cisco.com Software Link:...

NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution

Exploit Title: NorthStar C2 agent RCE via stored XSS Date: 2024-03-11 Exploit Author: @chebuya Software Link: https://github.com/EnginDemirbilek/NorthStarC2 Version: v1.0 Tested on: Ubuntu 20.04 LTS CVE: CVE-2024-28741 Description: NorthStar C2 applies insufficient sanitization on agent...

Exploit for Type Confusion in Google Chrome

CVE-2022-4262 Full Analysis including roo...

GCP ESPv2 Hit with Critical API Authorization Bypass CVE-2023-30845

This post delves into a very impactful JWT Authentication Bypass vulnerability CVE-2023-30845 found in ESP-v2, an open-source service proxy that provides API management capabilities using Google Service Infrastructure. This vulnerability allows malicious API clients to bypass JWT authentication...

CVE-2022-4262

creationtimestamp| type| source ---|---|--- 2022-12-05 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=926 2022-12-05 11:10:43+00:00| exploited| https://t.me/truesecator/3783 2022-12-06 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=927 2022-12-06...

CVE-2022-3038

creationtimestamp| type| source ---|---|--- 2022-09-26 20:23:01+00:00| seen| https://t.me/cibsecurity/50511 2023-03-30 18:17:31+00:00| seen| https://t.me/truesecator/4237 2023-06-14 21:10:04+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-09-19 16:01:00+00:00| seen|...

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 Visualization, Fuzzing, Exploit and Patch...

Exploit for SQL Injection in Zohocorp Manageengine_Network_Configuration_Manager

CVE-2021-41081 N-DAY VULNERABILITY RESEARCH F...

Heapinspect - Inspect Heap In Python

HeapInspect is designed to make heap much more prettier. Now this tool is aplugin of nadbg. Try it! Features Free of gdb and other requirement Multi glibc support 2.19, 2.23-2.27 currently tested both 32bit and 64bit Nice UI to show heap HeapShower detailed PrettyPrinter colorful, summary Heapdif...

Travel to the dark of the door! Debugee in QEMU-vulnerability warning-the black bar safety net

I haven't to secure guest posting, just recently the contact vulnerability discovery, and have been reading some of the classic fuzzer source code, at the same time also began to contact the virtualization escape this piece of content, at this time happened to come across two very classic exploit...

Office of the senior threat vulnerability in the wild use analysis-vulnerability warning-the black bar safety net

Office of the senior threat vulnerability background In the advanced threat attack, the hackers remote delivery invasion client the most like the vulnerability is office documents vulnerability in the just-concluded black hat conference, the best client security vulnerabilities award went to...

EnglishmansDentist Exploit Analysis

Introduction Introduction We are continuing our series of blog posts dissecting the exploits released by ShadowBrokers in April 2017. After the first two posts about the SMB exploits known as EternalChampion and EternalSynergy, we’ll move this time to analyze a different tool and we’ll focus on t...

Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security

On April 14, a group calling themselves the Shadow Brokers caught the attention of the security community by releasing a set of weaponized exploits. Shortly thereafter, one of these exploits was used to create wormable malware that we now know as WannaCrypt, which targeted a large number of...

NSA's EternalBlue Exploit Ported to Windows 10

The NSA’s EternalBlue exploit has been ported to Windows 10 by white hats, meaning that every unpatched version of the Microsoft operating system back to Windows XP—and likely earlier—can be affected by one of the most powerful attacks ever made public. Researchers at RiskSense, among the first t...

CVE-2017-6178: from patch contrast-to-Exploit-vulnerability warning-the black bar safety net

Some time ago in the EDB poking around, saw a driver of a kernel Vulnerability, CVE-2017-6178, like me in learning the Kernel PWN the newbie Natural is not missed:, after debugging analysis after feeling learned a few things, so come and share with everyone. USBPcap is a USB packet capture tool,...

Fashmark eCommerce 1.2 SQL Injection

Exploit Title: Fashmark - eCommerce Script v1.2 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.ncrypted.net/ Software: https://www.ncrypted.net/fashmark Demo: http://demo.ncryptedprojects.com/fashmark-ent/ Version: 1.2 Tested on: Win7 x64, Kali Linux x64 Exploit...