deep-code-security

deep-code-security Multi-language Static Application Security...

nuclei_poc

This repository is an offensive tool for Nuclei POCs. It is a Python script that clones GitHub repositories, extracts Nuclei POCs, and organizes them into categorized folders. The script runs automatically every day using GitHub Actions. The primary vulnerability class targeted by this tool is no...

airbug

This repository is an offensive tool for collecting and utilizing web application vulnerabilities, specifically targeting Content Management Systems CMS. It is a Python-based tool that allows users to load and execute Proof of Concept PoC code for various vulnerabilities. The tool is designed to ...

Exploit for Improper Authentication in Automattic Woocommerce_Payments

CVE-2023-28121 WooCommerce Payments - For installing requirem...

Platbox - UEFI And SMM Assessment Tool

UEFI and SMM Assessment Tool Features Platbox is a tool that helps assessing the security of the platform: Dumps the platform registers that are interesting security-wise Flash Locks MMIO and Remapping Locks SMM Base and Locks MSRs RW access to the PCI configuration space of devices. RW to physic...

Osprey Pump Controller 1.0.1 Predictable Session Token / Session Hijack

Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...

Osprey Pump Controller 1.0.1 (eventFileSelected) Command Injection

Summary Providing pumping systems and automated controls for golf courses and turf irrigation, municipal water and sewer, biogas, agricultural, and industrial markets. Osprey: door-mounted, irrigation and landscape pump controller. Technology hasn't changed dramatically on pump and electric motor...

heap-buffer-overflow in function utfc_ptr2len

Description Heap-based Buffer Overflow in function utfcptr2len at mbyte.c:2145 Vim Version git log commit ebfec1c531f32d424bb2aca6e7391ef3bfcbfe20 HEAD - master, tag: v9.0.1234, origin/master, origin/HEAD Both POCs also apply to v9.0.1262: git log commit f2e30d0c448b9754d0d4daa901b51fbbf4c30747...

[Security Nation] Jeremi Gosney on the Psychology of Password Hygiene

!\Security Nation\ Jeremi Gosney on the Psychology of Password Hygienehttps://blog.rapid7.com/content/images/2022/10/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod talk to renowned password security expert Jeremi Gosney about how we are all guilty of bad password...

Flaw in some ManageEngine apps is being actively exploited, says CISA

CISA the Cybersecurity and Infrastructure Security Agency recently added CVE-2022-35405--a remote code executionRCE vulnerability affecting Zoho ManageEngine PAM360 versions 5500 and earlier, Password Manager Pro versions 12100 and earlier, and Access Manager Plus versions 4302 and earlier--to it...

Marval MSM 14.19.0.12476 Cross Site Request Forgery

Exploit Title: Marval MSM v14.19.0.12476 - Cross-Site Request Forgery CSRF Date: 27/5/2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://www.marvalnorthamerica.com/ Software Link: https://www.marvalnorthamerica.com/ Version: v14.19.0.12476 Tested on: Windows PoCs:...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Awesome-CVE-2021-44228 An awesome curated list of repos for CV...

Exploit for CVE-2021-38647

cve-2021-38647 https://github.com/corelight/CVE-2021-38647 wit...

CDK - Zero Dependency Container Penetration Toolkit

CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily. Currently still unde...

Exploit for Deserialization of Untrusted Data in Smartertools Smartermail

CVE-2019-7214 Remote Code Execution in .NET deseria...

pocsuite3

Based on the provided code and metadata, here is a compact paragraph of 5-7 sentences summarizing the analysis: pocsuite3 is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec 404 Team. It comes with a powerful proof-of-concept engine...

Exploit for OS Command Injection in Docker

RunC-CVE-2019-5736 --- Video: https://bit.ly/2WqvIL...

Razer: [pay.gold.razer.com] Stored XSS - Order payment

The tester discovered that the pay.gold.razer.com site suffered from a Stored XSS issue that could be used to steal a client id and key. The tester worked with team to provide multiple POCs to help them resolve the issue. Razer appreciates all the assistance from corraldev, which was above and...

KDE 4/5 KDesktopFile Command Injection

| | | | | / \ '/ \ | |/ | | / / / | | || | | | /|| |/|| https://zero.lol zero days 4 days Title: KDE 4/5 KDesktopFile Command Injection Date: July 28th 2019 Author: Dominik Penner / zer0pwn Vendor Homepage: https://kde.org/ Software Link: https://cgit.kde.org Version: 5.60.0 and below...

Exploit for CVE-2019-2525

VirtualBox 3D PoCs & exploits Author: @niklasbhttps://t...