Exploit for OS Command Injection in Apsystems Energy_Communication_Unit_Firmware

CVE-2023-28343 CVE-2023-28343 POC exploit Usage shell us...

PT-2022-21679 · Undefined · Undefined

"Source": "https://t.me/documentors", "Content": "CVE-2022-33679.zip 1.2 MB 🔥🔥🔥CVE-2022-33679Windows Kerberos Elevation of Privilege - PoC exploit usage: CVE-2022-33079.py -h -ts -debug -dc-ip ip address target serverName", "author": "⚓️𝔇𝔬𝔠𝔲𝔪𝔢𝔫𝔱𝔬𝔯", "Detection Date": "04 Nov 2022", "Type": "Data...

Windows IIS HTTP Protocol Stack DOS

This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafted Accept-Encoding headers that was patched by Microsoft in May 2021, on vulnerable IIS servers. Successful exploitation will result in the target computer BSOD'ing before subsequently rebooting. Note that the...

Ruby on Rails: ReDoS in Rack::Multipart

A regular expression denial of service ReDoS vulnerability was discovered in the Rack gem's Multipart module. This vulnerability allowed an attacker to cause a denial of service by sending a specially crafted header, resulting in excessive CPU usage on the server. The vulnerability has been patch...

CISA Orders Federal Agencies to Fix Actively Exploited Windows Bug

CISA is putting the thumbscrews on federal agencies to get them to patch an actively exploited Windows vulnerability. On Friday, the U.S. Cybersecurity and Infrastructure Security Agency CISA announced that it added the vulnerability – tracked as CVE-2022-21882 and with a CVSS criticality rating ...

Critical Flaws Discovered in Cisco Small Business RV Series Routers

Cisco has patched multiple critical security vulnerabilities impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept PoC exploit code targeting some of these bugs. Three ...

LabTools <= 1.0 - Subscriber+ Arbitrary Publication Deletion

The plugin does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication The PoC will be displayed once the issue has been remediated...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

PoC exploit for CVE-2021-44228, a vulnerability in the Log4j Java library. The target product/service is Log4j, a Java logging library, and the vulnerability class/vector is a Remote Code Execution RCE vulnerability. The probable entry point is the "sendDetectionRequest" function in the...

Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux

This is a PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The exploit targets Ubuntu versions 20.10, 20.04 LTS, 19.04, 18.04 LTS, 16.04 LTS, and 14.04 ESM. The vulnerability arises from a Linux kernel issue where it did not properly validate the...

Exploit for Use After Free in Google Chrome

CVE-2021-30573-PoC-Google-Chrome Google Chrome Use After Free...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-42013Reverse-Shell PoC CVE-2021-42013 reverse shell...

Exploit for Improperly Implemented Security Check for Standard in Thekelleys Dnsmasq

This is a PoC exploit for CVE-2020-25686, CVE-2020-25684, and CVE-2020-25685, which are related to a DNS cache poisoning vulnerability in the dnsmasq service. The exploit is designed to demonstrate the vulnerability and is not intended for malicious use. The exploit uses a Python script to send...

Exploit for Off-by-one Error in Sudo_Project Sudo

PoC exploit for CVE-2021-3156, an exploit module targeting the WangluoAnquan framework. The exploit is designed to demonstrate the vulnerability in the framework's UploadHandler.ashx component, which allows for arbitrary file uploads. The exploit uses a simple form submission to upload a maliciou...

This Week in Security News July 2, 2021

Nefilim ransomware attack through a MITRE Att lens and PoC exploit circulating for critical Windows Print Spooler bug, and more...

Last Week’s Security news: Cisco ASA, BIG-IQ, vSphere, Solaris, Dlink, iPhone %s, DarkRadiation, Google schema, John McAfee

Hello, today I want to experiment with a new format. I will be reading last weeks news from my @avleonovnews channel, which I found the most interesting. I do this mostly for myself, but if you like it too, then that would be great. Please subscribe to my YouTube channel and my Telegram...

Exploit for Cross-site Scripting in Cisco Firepower_Threat_Defense

PoC exploit for CVE-2020-3580, a vulnerability in the Apache Hud...

CVE-2021-34506

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Recent assessments: NinjaOperator at June 24, 2021 7:26pm UTC reported:...

Exploit for Command Injection in Rubyonrails Rails

CVE-2019-5420.rb POC Explo...

Researcher release PoC exploit for 0-day in Chrome, Edge, Brave, Opera

By Deeba Ahmed The issue was demonstrated at the Pwn2Own 2021 hacking contest in which researchers won $100,000 for exploiting this flaw in Chrome and Edge. This is a post from HackRead.com Read the original post: Researcher release PoC exploit for 0-day in Chrome, Edge, Brave, Opera...

Critical F5 BIG-IP Bug Under Active Attacks After PoC Exploit Posted Online

Almost 10 days after application security company F5 Networks released patches for critical vulnerabilities in its BIG-IP and BIG-IQ products, adversaries have begun opportunistically mass scanning and targeting exposed and unpatched networking devices to break into enterprise networks. News of i...