72 matches found
Abi-smuggling-exploit
Web3 Security Research Portfolio A collection of smart contra...
EUVD-2022-4267
Malicious code in bioql PyPI...
Exploit for Use of Hard-coded Credentials in Solarwinds Web_Help_Desk
CVE-2024-28987 Proof of Concept Exploit for CVE-2024-28987: So...
Vulnerabilities-Proofs-of-Concept
Vulnerabilities Proofs-of-Concept This repository hosts proof...
Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access
Cybersecurity researchers have released a proof-of-concept PoC exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical vulnerability ...
Researchers Discover Command Injection Flaw in Wi-Fi Alliance's Test Suite
A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with elevated privileges. The CERT Coordination Center CERT/CC said the susceptible code from the Wi-Fi Alliance has been found deployed on Arcadyan FMIMG51AX000J routers. The...
Common UNIX Printing System (CUPS) Vulnerabilities
Common UNIX Printing System CUPS is an open-source printing system for Linux and other UNIX-like operating systems. CUPS uses the IPP Internet Printing Protocol to allow for printing with local and network printers. By combining these vulnerabilities CVE-2024-47076, CVE-2024-47177, CVE-2024-47175...
Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks
A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 CVSS score: 8.7, the vulnerability in question, is a "command injection vulnerability found in the brightness function of AVTECH closed-circui...
PT-2025-17686 · Cloudera · Cloudera Hue
Name of the Vulnerable Software and Affected Versions: Cloudera Hue affected versions not specified Description: The issue is related to a directory traversal information disclosure problem. It is described as having a high severity. There is a proof-of-concept exploit available. Recommendations:...
Exploit for CVE-2024-44610
CVE-2024-44610: PEAK PCAN-Ethernet Gateway FD DR Authenticated...
PT-2024-4627 · Microsoft · Windows Hyper-V +1
Name of the Vulnerable Software and Affected Versions: Windows Hyper-V affected versions not specified Description: The issue is related to an elevation-of-privilege vulnerability in Windows Hyper-V, which is caused by an integer overflow. This vulnerability can be exploited by an attacker to gai...
Suspected Exploitation of Apache ActiveMQ CVE-2023-46604
Tom Elkins, John Fenninger, Evan McCann, Matthew Smith, and Micah Young contributed attacker behavior insights to this blog. Beginning Friday, October 27, Rapid7 Managed Detection and Response MDR identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer...
Update now! GoAnywhere MFT zero-day patched
An emergency patch 7.1.2 has been released for an actively exploited zero-day vulnerability found in the GoAnywhere MFT administrator console. GoAnywhere MFT, which stands for managed file transfer, is a software solution that allows businesses to manage and exchange files in a secure and complia...
Apache Brooklyn is vulnerable to cross-site request forgery (CSRF)
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...
GHSA-G2HF-G7FH-VG92 Apache Brooklyn is vulnerable to cross-site request forgery (CSRF)
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery CSRF, which could permit a malicious web site to produce a link which, if clicked whilst a user is logged in to Brooklyn, would cause the server to execute the attacker's commands as the user. There is...
GHSA-J3G9-3FVV-GQFP Cross-site Scripting In Apache Brooklyn
In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to ...
CVE-2021-22893
Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Windows SMBv3. The exploit is written in Python and uses the SMB protocol to inject shellcode into the Windows kernel. The shellcode is generated from a...
Cisco Network Security Flaw Leaks Sensitive Data
A high-severity vulnerability in Cisco’s network security software could lay bare sensitive data – such as WebVPN configurations and web cookies – to remote, unauthenticated attackers. The flaw exists in the web services interface of Cisco’s Firepower Threat Defense FTD software, which is part of...
Exploit for NULL Pointer Dereference in Openssl
CVE-2020-1967 Proof of concept exploit about OpenSSL signature...