Exploit-Databases

💥 Exploits Database & PoC Resources Koleksi exploit databas...

01-Pentesting-and-Offensive-Security

No d...

DrakonixReverseShellPlayground

No d...

binary-exploitation-learning

No d...

SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal

Exploit Title: SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal Date: 2025-05-28 Exploit Author: @ibrahimsql Exploit Author's github: https://github.com/ibrahimsql Vendor Homepage: https://www.solarwinds.com/serv-u-managed-file-transfer-server Software Link:...

Microsoft SQL Server Privilege Escalation

Microsoft SQL Server versions 2016, 2017, 2019, and 2022 suffer from multiple privilege escalation vulnerabilities to the SYSADMIN role. Title: Microsoft SQL Server Privilege Escalation from Control Server To Sysadmin role Product: Microsoft SQL Server Affected Versions: sql server...

Exploit for CVE-2024-53376

CVE-2024-53376 CyberPanel Authenticated OS Command Injection...

ZINC attacks against security researchers

In recent months, Microsoft has detected cyberattacks targeting security researchers by an actor we track as ZINC. The campaign originally came to our attention after Microsoft Defender for Endpoint detected an attack in progress. Observed targeting includes pen testers, private offensive securit...

Non-stack format string exploit techniques-vulnerability warning-the black bar safety net

On Linux the stack format string vulnerability in the use of online has many explanations, but non-stack format string vulnerability few people introduced. This is mainly over weekends SUCTF game playfmt topic, for example, detail about the bss segment or on the heap format strings the use of...

Windows exploit techniques: from any directory you create to any file-read-vulnerability warning-the black bar safety net

One, Foreword In the past few months, I'm in meetings, introduced me to the“Windows logic privilege escalation guide”tips. Meeting length is only 2 hours, I would like to introduce many interesting techniques and tricks had to have been deleted. Over time, think in training courses complete about...

Axis Communications MPQT/PACS 5.20.x - Server Side Include (SSI) Daemon Remote Format String

Exploit for multiple platform in category remote exploits !/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following characteristic: - Heap Based...

Axis Communications MPQT/PACS 5.20.x - Server-Side Include Daemon Remote Format String

!/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following characteristic: - Heap Based Exploiting string located on the heap - Blind Attack No output...

linux common exploit techniques practice-vulnerability warning-the black bar safety net

1.1 purpose of the 1.1.1 writing this article is to summarize some time ago learned,the second is to pwn also not getting the students some help,after all they learn when still encountered many difficulties the following are my actual operation,write more detailed,contains some of my own...

ATutor 1.4.3 search.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to...

MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation

Due to a problem with isolating window broadcast messages in the Windows kernel, an attacker can broadcast commands from a lower Integrity Level process to a higher Integrity Level process, thereby effecting a privilege escalation. This issue affects Windows Vista, 7, 8, Server 2008, Server 2008...

Axous 1.1.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting

+-----------------------------------------------------------------------------------------------------------+ Exploit Title : Axous 1.1.1 Multiple Vulnerabilities CSRF - Persistent XSS Date : 30-04-2012 Author : Ivano Binetti http://www.ivanobinetti.com Software link :...

How Offensive Research Drives Down the Cost of Attacks

CANCUN–The offensive security research community has evolved in the last decade or so from a relatively small and insular group inwardly focused, to a large and rather vocal group with a wide variety of motives, opinions and skill levels. But, to hear Brad Arkin of Adobe tell it, the huge amount ...

Smashing the Linux Heap

MIAMI BEACH–There has been a lot of discussion and research in the last decade on exploiting heap overflows in various platforms, especially Windows. But one researcher has found that there is a heap allocator in the Linux kernel that is, as he describes it, “beautifully exploitable.” Meet SLOB...

Interview with Team Inj3ct0r ( 1337day )

Interview with Team Inj3ct0r 1337day Inj3ct0r provides useful information to people who perform penetration testing, IDS signature development, and exploit research. This project was created to provide information on exploit techniques and to create a useful resource for exploit developers and...

PowerTCP FTP Module - Multiple Techniques (SEH HeapSpray)

!-- PowerTCP FTP module Multiple Technique Exploit SEH Overwrite + HeapSpray bug originally found by : Intel http://www.milw0rm.com/exploits/6793 I use Intel's exploit , but IE change unASCII bytes and it doesn't work! my system is XP SP2 IE7 . then I wrote my own expl with HeapSpray technique ,...