Exploit for Cross-Site Request Forgery (CSRF) in Cisco Industrial_Network_Director

PoC exploit for CVE-2019-18818, an unauthenticated password rese...

Online Reviewer System 1.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Online Reviewer System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja Vendor Homepage: https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html Software Link:...

HackTool.Win32.Hidd.b Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/665a408981294ca49be23096363eec2f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: HackTool.Win32.Hidd.b Vulnerability: Remote Stack Buffer Overflow UDP Datagram Description: The...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Microsoft Windows. The exploit is written in Python and uses the SMB protocol to target vulnerable Windows systems. The exploit code is organized into...

Exploit for Out-of-bounds Write in Qemu

This repository contains PoCs Proof of Concepts for two vulnerabilities: CVE-2020-14364 Qemu and CVE-2020-1472 Zerologon. CVE-2020-14364 Qemu The Qemu PoC is a C code that exploits a vulnerability in the Qemu emulator. The code includes two files: exp1irq.c and exp2configread.c. These files appea...

writeup

This is a Python script for exploiting a vulnerability in the "Aegis" binary. The script is designed to be used with the "pwn" library, which is a Python library for exploitation. The script starts by setting a debug flag to 1, which means that the script will run in debug mode. If the debug flag...

Notex the best notes 6.4 - Denial of Service (PoC)

Exploit Title: Notex the best notes 6.4 - Denial of Service PoC Date: 06-14-2021 Author: Geovanni Ruiz Download Link: https://apps.apple.com/us/app/notex-the-best-notes/id847994217 Version: 6.4 Category: DoS iOS Vulnerability Notex – the best notes is vulnerable to a DoS condition when a long lis...

Blacknote 2.2.1 - Denial of Service (PoC)

Exploit Title: Blacknote 2.2.1 - Denial of Service PoC Date: 2021-06-02 Author: Brian Rodríguez Download Link: https://play.google.com/store/apps/details?id=notepad.note.notas.notes.notizen&hl=esMX Version: 2.2.1 Category: DoS Android Vulnerability BlackNote Bloc de notas is vulnerable to a DoS...

iDailyDiary 4.30 - Denial of Service (PoC)

Exploit Title: iDailyDiary 4.30 - Denial of Service PoC Date: 2021-05-21 Exploit Author: Ismael Nava Vendor Homepage: https://www.splinterware.com/index.html Software Link: https://www.splinterware.com/download/iddfree.exe Version: 4.30 Tested on: Windows 10 Home x64 STEPS Open the program...

Exploit for Code Injection in Exiftool_Project Exiftool

CVE-2021-22204-exiftool Python exploit for the CVE-2021-22204...

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a Python-based exploit for the CVE-2021-3156 vulnerability in sudo. The exploit targets Linux systems with glibc and nscd service not running. It overwrites the struct serviceuser to gain root privileges. The exploit has several variants, including: 1. exploitnss.py: This is the main...

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a Python script repository for exploiting the CVE-2021-3156 vulnerability in sudo. The vulnerability is a heap-based overflow in the sudo package, which can be exploited to gain root privileges. The repository contains several exploit scripts, each targeting a specific version of the sudo...

Managed Switch Port Mapping Tool 2.85.2 Denial Of Service

Exploit Title: Managed Switch Port Mapping Tool 2.85.2 - Denial of Service PoC Date: 2021-02-15 Exploit Author: Ismael Nava Vendor Homepage: https://switchportmapper.com/ Software Link: https://switchportmapper.com/download.htm Version: 2.85.2 Tested on: Windows 10 Home x64 STEPS Open the program...

Nsauditor 3.2.2.0 - 'Event Description' Denial of Service (PoC)

Exploit Title: Nsauditor 3.2.2.0 - 'Event Description' Denial of Service PoC Date: 2021-02-15 Exploit Author: Ismael Nava Vendor Homepage: https://www.nsauditor.com/ Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Version: 3.2.2.0 Tested on: Windows 10 Home x64 STEPS Open the...

Sploit - Go Package That Aids In Binary Analysis And Exploitation

Sploit is a Go package that aids in binary analysis and exploitation. The motivating factor behind the development of sploit is to be able to have a well designed API with functionality that rivals some of the more common Python exploit development frameworks while taking advantage of the Go...

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Activemq

This repository is an offensive tool for collecting or writing various vulnerability PoCs proofs of concept and exploits. The primary vulnerability addressed by the repository is CNVD-2020-10487, a Tomcat-Ajp local file inclusion LFI vulnerability. The repository contains two main files:...

YATinyWinFTP Denial Of Service

Exploit Title: YATinyWinFTP - Denial of Service PoC Google Dork: None Date: 20.08.2020 Exploit Author: strider Vendor Homepage: https://github.com/ik80/YATinyWinFTP Software Link: https://github.com/ik80/YATinyWinFTP Tested on: Windows 10...

vBulletin 5.x Remote Code Execution

!/usr/bin/env python3 vBulletin 5.x pre-auth widgettabbedContainer RCE exploit by @zenofex import argparse import requests import sys def runexploitvbloc, shellcmd: postdata = 'subWidgets0template' : 'widgetphp', 'subWidgets0configcode' : "echo shellexec'%s'; exit;" % shellcmd r =...

pwntools

It is an offensive tool for binary exploitation. The repository contains the pwntools project, a Python library for binary exploitation. The primary vulnerability class targeted by this tool is RCE Remote Code Execution. The probable entry points for this tool are the exploit.py script and the...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

PoC exploit for CVE-2017-11826, a Microsoft Office Word vulnerability allowing arbitrary code execution through DDE injection. The exploit targets Microsoft Office Word, specifically the vulnerability class of remote code execution RCE via DDE Dynamic Data Exchange injection. The probable entry...