Exploit for Path Traversal in Microsoft

CVE-2022-4510-Binwalk This script allows you to generate expl...

Exploit for Improper Input Validation in Barracuda Email_Security_Gateway_300_Firmware

CVE-2023-2868: Barracuda ESG Command Injection For full...

Chinese UNC4841 Group Exploits Zero-Day Flaw in Barracuda Email Security Gateway

A suspected China-nexus threat actor dubbed UNC4841 has been linked to the exploitation of a recently patched zero-day flaw in Barracuda Email Security Gateway ESG appliances since October 2022. "UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People's Republic o...

GodPotato - Local Privilege Escalation Tool From A Windows Service Accounts To NT AUTHORITY\SYSTEM

Based on the history of Potato privilege escalation for 6 years, from the beginning of RottenPotato to the end of JuicyPotatoNG, I discovered a new technology by researching DCOM, which enables privilege escalation in Windows 2012 - Windows 2022, now as long as you have "ImpersonatePrivilege"...

New GobRAT Remote Access Trojan Targeting Linux Routers in Japan

Linux routers in Japan are the target of a new Golang remote access trojan RAT called GobRAT. "Initially, the attacker targets a router whose WEBUI is open to the public, executes scripts possibly by using vulnerabilities, and finally infects the GobRAT," the JPCERT Coordination Center JPCERT/CC...

Exploit for Code Injection in Vmware Spring_Cloud_Function

Exploit for RCE in Spring Cloud CVE 2022-22963 Exploit for...

Exploit-for-Searchor-2.4.0-Arbitrary-CMD-Injection

POC exploit for Searchor ' import'os'.popen''.rea...

Trend Micro OfficeScan Client 10.0 Local Privilege Escalation

Exploit Title: Trend Micro OfficeScan Client 10.0 - ACL Service LPE Date: 2023/05/04 Exploit Author: msd0pe Vendor Homepage: https://www.trendmicro.com My Github: https://github.com/msd0pe-1 Trend Micro OfficeScan Client: Versions = icacls "C:\Program Files x86\Trend Micro\OfficeScan Client"...

Hubstaff 1.6.14-61e5e22e DLL Hijacking

Exploit Title: Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking Date: 14/05/2023 Exploit Author: Ahsan Azad Vendor Homepage: https://hubstaff.com/ Software Link: https://app.hubstaff.com/download Version: 1.6.13, 1.6.14 Tested On: 64-bit operating system, x64-based processor...

Exploit for OS Command Injection in Zyxel Atp100_Firmware

CVE-2023-28771-PoC PoC for CVE-2023-28771 based on Rapid7's ex...

Exploit for OS Command Injection in Zyxel Atp100_Firmware

CVE-2023-28771-PoC PoC for CVE-2023-28771 based on Rapid7's ex...

Hubstaff 1.6.14-61e5e22e - (wow64log) DLL Search Order Hijacking Vulnerability

Exploit Title: Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking Exploit Author: Ahsan Azad Vendor Homepage: https://hubstaff.com/ Software Link: https://app.hubstaff.com/download Version: 1.6.13, 1.6.14 Tested On: 64-bit operating system, x64-based processor Description Hubstaff i...

Trend Micro OfficeScan Client 10.0 - ACL Service Local Privilege Escalation Vulnerability

Exploit Title: Trend Micro OfficeScan Client 10.0 - ACL Service LPE Exploit Author: msd0pe Vendor Homepage: https://www.trendmicro.com My Github: https://github.com/msd0pe-1 Trend Micro OfficeScan Client: Versions = icacls "C:\Program Files x86\Trend Micro\OfficeScan Client" C:\Program Files...

Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking

Exploit Title: Hubstaff 1.6.14-61e5e22e - 'wow64log' DLL Search Order Hijacking Date: 14/05/2023 Exploit Author: Ahsan Azad Vendor Homepage: https://hubstaff.com/ Software Link: https://app.hubstaff.com/download Version: 1.6.13, 1.6.14 Tested On: 64-bit operating system, x64-based processor...

TFTP Fetch, Windows Encrypted Reverse Shell

Fetch and execute an x64 payload from a TFTP server. Connect back to attacker and spawn an encrypted command shell Module Options msf use payload/cmd/windows/tftp/x64/encryptedshellreversetcp msf payloadencryptedshellreversetcp show actions ...actions... msf payloadencryptedshellreversetcp set...

HTTPS Fetch, Windows Encrypted Reverse Shell

Fetch and execute an x64 payload from an HTTPS server. Connect back to attacker and spawn an encrypted command shell Module Options msf use payload/cmd/windows/https/x64/encryptedshellreversetcp msf payloadencryptedshellreversetcp show actions ...actions... msf payloadencryptedshellreversetcp set...

Exploit for CVE-2022-30190

CVE 30190 Amine TITROFINE | December 17, 2022 ------------...

Exploit for Code Injection in Exiftool_Project Exiftool

CVE-2021-22204 Exploit for CVE-2021-22204 ExifTool - Arb...

New Stealthy Variant of Linux Backdoor BPFDoor Emerges from the Shadows

A previously undocumented and mostly undetected variant of a Linux backdoor called BPFDoor has been spotted in the wild, cybersecurity firm Deep Instinct said in a technical report published this week. "BPFDoor retains its reputation as an extremely stealthy and difficult-to-detect malware with...

New Variant of BPFDoor Linux Malware Features Enhanced Encryption and Stealthy Communication

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new variant of the Linux malware BPFDoor has been discovered, featuring more robust encryption and reverse shell communication. It uses the BPF to bypass firewall restrictions, allowing threat actors t...