Lucene search
K

334 matches found

NVD
NVD
added 2026/06/17 5:16 p.m.14 views

CVE-2025-71323

picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbo...

9.8CVSS0.00757EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 3:5 p.m.16 views

EUVD-2025-210270

picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbo...

9.8CVSS6.5AI score0.00757EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 3:5 p.m.28 views

CVE-2025-71323

CVE-2025-71323 affects picklescan prior to 0.0.33, where failure to block the ctypes module enables remote code execution via crafted pickle files that use ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbox protections and gadget-chain detection. Exploitation sta...

9.8CVSS6.6AI score0.00757EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 3:5 p.m.18 views

CVE-2025-71323 picklescan - Remote Code Execution via Unblocked ctypes Module

picklescan before 0.0.33 fails to block the ctypes module, allowing attackers to achieve remote code execution by invoking direct syscalls and accessing raw memory. Attackers can craft malicious pickle files using ctypes.WinDLL to load kernel32.dll and execute arbitrary commands, bypassing sandbo...

9.8CVSS0.00757EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/29 12:0 a.m.20 views

PT-2026-50454

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.33 Description The software fails to block the ctypes module, which is a foreign function interface library used to call C functions directly, load DLLs, and manipulate raw memory pointers. This allows attacker...

9.8CVSS6.8AI score0.00757EPSS
Exploits0References13
GithubExploit
GithubExploit
added 2025/12/18 5:26 a.m.160 views

Stack-Buffer-Overflow-x86

Stack-Based Buffer Overflow: From Bug to Code Execution I...

8.2AI score
Exploits0
0day.today
0day.today
added 2023/07/31 12:0 a.m.294 views

Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes)

import ctypes, struct from keystone import Shellcode Author: Senzee Shellcode Title: Windows/x64 - PIC Null-Free Calc.exe Shellcode 169 Bytes Date: 07/26/2023 Platform: Windows x64 Tested on: Windows 11 Home/Windows Server 2022 Standard/Windows Server 2019 Datacenter OS Version respectively:...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/04/25 12:0 a.m.327 views

Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode

; Name: Windows/x64 - Delete File shellcode / Dynamic PEB method null-free Shellcode ; Author: Nayani ; Tested on: Microsoft Windows Version 10.0.22621 Build 22621 ; Description: ; This an implementation of DeleteFileA Windows api to delete a file in the C:/Windows/Temp/ directory. ; To test this...

6.8AI score
Exploits0
0day.today
0day.today
added 2023/04/03 12:0 a.m.306 views

Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free Shellcode 373 bytes

; Title: Name: Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free Shellcode 373 bytes ; Author: Xavi Beltran ; Contact: email protected ; Website: https://xavibel.com/2023/01/18/shellcode-windows-x86-create-administrator-user-dynamic-peb-edt/ ; Date: 18/01/2022 ; Tested...

7.1AI score
Exploits0
0day.today
0day.today
added 2022/02/08 12:0 a.m.250 views

Windows/x86 - Locate kernel32 base address / Stack Crack method NullFree Shellcode (171 bytes)

171 bytes small Windows/x86 shellcode with a new method to find the kernel32 base address by walking down the stack and look for a possible Kernel32 address using a custom SEH handler. Each address found on the stack will be tested using the Exception handling function. If it's valid and starts...

0.1AI score
Exploits0
0day.today
0day.today
added 2022/02/06 12:0 a.m.479 views

Windows/x86 - Locate kernel32 base address / Memory Sieve method Shellcode (133 bytes)

; Shellcode Title: Windows/x86 - Locate kernel32 base address / Memory Sieve method Shellcode 133 bytes ; Description: ; This shellcode is a new method to find kernel32 base address by parsing .text section of memory to find a pointer to kernel32 API. ; Shellcode Author: Tarek Ahmed ; Tested on:...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/02/05 12:0 a.m.360 views

Windows/x86 Download File / Execute Shellcode (458 bytes)

; Exploit Title: Windows/x86 - Download File and Execute / Dynamic PEB & EDT method Shellcode 458 bytes ; Exploit Author: Techryptic @Tech ; Date: 2022-01-31 ; Tested on: WIN7X86 ; Shoutout to 848 Advanced Software Exploitation and DSU. ; Description: ; The shellcode works in three parts. The fir...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/09/13 12:0 a.m.413 views

Windows/x64 - Reverse TCP (192.168.201.11:4444) Shellcode (330 Bytes)

Title: Windows/x64 - Reverse TCP 192.168.201.11:4444 Shellcode 330 Bytes Author: Xenofon Vassilakopoulos Tested on: Windows/x64 - 10.0.19043 N/A Build 19043 / MIT License Copyright c 2021 Xenofon Vassilakopoulos Permission is hereby granted, free of charge, to any person obtaining a copy of this...

Exploits0
Kitploit
Kitploit
added 2021/08/07 9:30 p.m.335 views

Go-Shellcode - A Repository Of Windows Shellcode Runners And Supporting Utilities

go-shellcode is a repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques. The available Shellcode runners include: CreateFiber CreateProcess CreateProcessWithPipe CreateRemoteThread CreateRemoteThreadNati...

8.9AI score
Exploits0References22
0day.today
0day.today
added 2021/05/13 12:0 a.m.134 views

Microsoft Internet Explorer 8/11 and WPAD service (Jscript.dll) - Use-After-Free Exploit

Exploit Title: Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Versions: IE 8-11 64-bit as well as the...

7.5CVSS7.9AI score0.86863EPSS
Exploits17
Kitploit
Kitploit
added 2021/05/12 9:30 p.m.73 views

ByeIntegrity-UAC - Bypass UAC By Hijacking A DLL Located In The Native Image Cache

Bypass User Account Control UAC to gain elevated Administrator privileges to run any program at a high integrity level. Requirements Administrator account UAC notification level set to default or lower How it works ByeIntegrity hijacks a DLL located in the Native Image Cache NIC. The NIC is used ...

7.5AI score
Exploits0References1
0day.today
0day.today
added 2021/05/03 12:0 a.m.157 views

Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode (205 Bytes)

Shellcode Title: Windows/x64 - Dynamic Null-Free WinExec PopCalc Shellcode 205 Bytes Shellcode Author: Bobby Cooke boku Tested on: Windows 10 v2004 x64 Shellcode Description: 64bit Windows 10 shellcode that dynamically resolves the base address of kernel32.dll via PEB & ExportTable method. Contai...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/05/03 12:0 a.m.46 views

Windows/x64 Inject All Processes With Meterpreter Reverse Shell Shellcode (655 bytes)

Shellcode Title: Windows/x64 - Inject All Processes with Meterpreter Reverse Shell 655 Bytes Shellcode Author: Bobby Cooke boku Tested on: Windows 10 v2004 x64 Compiled from: Kali Linux x8664 Shellcode Description: 64bit Windows 10 shellcode that injects all processes with Meterpreter reverse...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/05/03 12:0 a.m.37 views

Windows/x64 - Dynamic NoNull Add RDP Admin (BOKU:SP3C1ALM0V3) Shellcode (387 Bytes)

Shellcode Title: Windows/x64 - Dynamic NoNull Add RDP Admin BOKU:SP3C1ALM0V3 Shellcode 387 Bytes Shellcode Author: Bobby Cooke boku Tested on: Windows 10 v2004 x64 Compiled from: Kali Linux x8664 Full Disclosure: github.com/boku7/x64win-AddRdpAdminShellcode Shellcode Description: 64bit Windows 10...

Exploits0
Kitploit
Kitploit
added 2021/03/28 11:30 a.m.81 views

CallObfuscator - Obfuscate Specific Windows Apis With Different APIs

Obfuscate hide the PE imports from static/dynamic analysis tools. Theory This's pretty forward, let's say I've used VirtualProtect and I want to obfuscate it with Sleep, the tool will manipulate the IAT so that the thunk that points to VirtualProtect will point instead to Sleep, now at executing...

7.5AI score
Exploits0References4
Rows per page
Query Builder