Classic-Heap-Attacks-POCs-Windows-10

Pruebas de concepto contra el heap de Windows En este reposit...

Exploit for Use of Uninitialized Resource in Microsoft

Proof-of-Concept exploit for the Untrusted Pointer Dereferenc...

Exploit for Use of Uninitialized Resource in Microsoft

Proof-of-Concept exploit for the Untrusted Pointer Dereferenc...

Exploit for Out-of-bounds Write in Adobe Acrobat

CVE-2010-2883 PoC for CVE...

Exploit for Use of Uninitialized Resource in Vmware Fusion

This is a VMware Escape Exploit, a proof-of-concept PoC exploit for CVE-2017-4905, targeting VMware WorkStation 12.5.5 and earlier versions. The exploit is designed to escape the VMware environment and execute arbitrary code on the host system. The exploit is written in C and uses a heap...

AutoBlue-MS17-010

This is a semi-automated, fully working, no-bs, non-metasploit version of the public exploit code for MS17-010. The exploit is designed to target Windows systems vulnerable to the EternalBlue vulnerability, which is a remote code execution RCE vulnerability in the SMBv1 protocol. The exploit code...

Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Microsoft Windows Server 2025 JScript Engine - Remote Code Execution RCE Exploit Author: Mohammed Idrees Banyamer Instagram: @@banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-05-31 CVE: CVE-2025-30397 Vendor: Microsoft Affected Versions: Windo...

Exploit for Type Confusion in Microsoft

CVE-2025-30397---Windows-Server-2025-JScript-RCE-Use-After-Fre...

Exploit for Type Confusion in Google Chrome

Chrome Renderer 1day RCE via Type Confusion in Async Stack Tra...

Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel

Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitatio...

Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass

Posted by Samuel Groß, Project Zero This post is the second in a series about a remote, interactionless iPhone exploit over iMessage.The first blog post, which introduced the exploited vulnerability, can be found here. The initial primitive gained from the vulnerability is an absolute address...

Analyzing an exploit for СVE-2017-11826

The latest Patch Tuesday 17 October brought patches for 62 vulnerabilities, including one that fixed СVE-2017-11826 – a critical zero-day vulnerability used to launch targeted attacks – in all versions of Microsoft Office. The exploit for this vulnerability is an RTF document containing a DOCX...

IE browser vulnerability integrated use of technology: the heap spray techniques-vulnerability warning-the black bar safety net

The browser was once the vulnerabilities wreak havoc on the hardest-hit areas, in the IE6 era often accidentally open a page will be caught. Even in the web the penetration circles also spread through the“Get shell hanging horse”such a word. Then this is the case when is a difference? I personall...

Kerio Control < 9.1.3 Multiple Vulnerabilities - Active Check

Kerio Control is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:kerio:control"; ifdescription...

Micro Focus Rumba 9.3 Active-X Stack Buffer Overflow

Exploit Title: Micro Focus Rumba function vuln // 272 Junk Data // 272 + "\x43\x43\x43\x43" = EDX = 43434343 // // If we change the edx to an address that point to a valid address // We will have control over EIP // 0x20302228 // Overwrite the stack var evilpayload = "AAAAAAA...

Kerio Control Unified Threat Management 9.1.0 build 10879.1.1 build 1324 - Multiple Vulnerabilities

Kerio Control Unified Threat Management 9.1.0 build 10879.1.1 build 1324 - Multiple Vulnerabilities SEC Consult has also released a blog post describing the attack scenarios of the vulnerabilities within this advisory in detail and a video which shows the remote attack. Exploit code has been...

IE browser exploit technical evolution of the(a)-vulnerability warning-the black bar safety net

! IE browser exploits technology evolution Note: the article relates to the software, or dll, that is the final exp: https://yunpan.cn/OckK8EjZnR9cGj （extraction code: 2a79 Today, the browser is the user access to the Internet portal. The browser was born from the beginning of the Main to provide...

Microsoft Office 内存损坏漏洞(CVE-2015-1641)

来源： http://drops.wooyun.org/papers/9809 Microsoft Office 内存损坏漏洞 0x01 漏洞概述 今年4月份微软修补了一个名为CVE-2015-1641的word类型混淆漏洞，攻击者可以构造嵌入了docx的rtf文档进行攻击。word在解析docx文档处理displacedByCustomXML属性时未对customXML对象进行验证，可以传入其他标签对象进行处理，造成类型混淆，导致任意内存写入，最终经过精心构造的标签以及对应的属性值可以造成远程任意代码执行。 根据微软官方MS15-33安全公告里显示，这个漏洞覆盖Office 2007...

Dude, where’s my heap?

Guest posted by Ivan Fratric, spraying 1TB of memory The ability to place controlled content to a predictable location in memory can be an important primitive in exploitation of memory corruption vulnerabilities. A technique that is commonly used to this end in browser exploitation is heap...

Adobe Begins Patching Third Flash Player Zero Day

Adobe announced today that it will begin distributing a patch for the third and most recent zero-day vulnerability in Flash Player. Version 16.0.0.305 will be distributed to users who have enabled auto-update. Adobe said it expects to have a manual update available tomorrow. “We are working with...