61 matches found
EUVD-2017-16647
Malware in sbrugna...
Exploit for CVE-2010-1485
PoC exploit for CVE-2010-1485, Exploit module/toolkit targeting XXE vulnerability. The target product/service or framework is unspecified, but the tool is designed to automate exploitation of XXE vulnerabilities in various applications. The vulnerability class/vector is XXE XML eXternal Entity. T...
Exploit for Link Following in Rarlab Unrar
A proof of concept for CVE-2022-30333 - a path traversal vulnera...
Exploit for Off-by-one Error in Sudo_Project Sudo
PoC exploit for CVE-2021-3156, an exploit module targeting the WangluoAnquan framework. The exploit is designed to demonstrate the vulnerability in the framework's UploadHandler.ashx component, which allows for arbitrary file uploads. The exploit uses a simple form submission to upload a maliciou...
Exploit for Cross-site Scripting in Tastyigniter
PoC exploit for CVE-2021-38699. The target product/service is Java, and the vulnerability class/vector is XXE XML External Entity injection. The probable entry point is the XXEinjector.rb script, which is a Ruby script that automates the exploitation of XXE vulnerabilities using direct and out of...
h1-ctf: 12 Days of Hacky Holidays write-up, but as a text-based RPG?
The flags are - flag48104912-28b0-494a-9995-a203d1e261e7 - flagb7ebcb75-9100-4f91-8454-cfb9574459f7 - flagb705fb11-fb55-442f-847f-0931be82ed9a - flag972e7072-b1b6-4bf7-b825-a912d3fd38d6 - flag2e6f9bf8-fdbd-483b-8c18-bdf371b2b004 - flag18b130a7-3a79-4c70-b73b-7f23fa95d395 -...
Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass
!/usr/bin/env ruby Title: Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass Author: noraj Alexandre ZANNI Author website: https://pwn.by/noraj/ Date: 2020-08-16 Vendor Homepage: https://www.bludit.com/ Software Link: https://github.com/bludit/bludit/archive/3.9.2.tar.gz Version: = 3.9.2...
XXEinjector
This is an exploit module/toolkit targeting XXE XML eXternal Entity vulnerabilities. The primary CVE ID is not explicitly stated, but the tool is designed to automate exploitation of XXE vulnerabilities using direct and out-of-band methods. The target product/service is likely web applications,...
CVE-2018-8780
It was found that the methods from the Dir class did not properly handle strings containing the NULL byte. An attacker, able to inject NULL bytes in a path, could possibly trigger an unspecified behavior of the ruby script. Mitigation It is possible to test for presence of the NULL byte manually...
Homematic CCU2 2.29.23 Arbitrary File Write
!/usr/bin/ruby Exploit Title: Homematic CCU2 Arbitrary File Write Date: 28-03-18 Exploit Author: Patrick Muench, Gregor Kopf Vendor Homepage: http://www.eq-3.de Software Link: http://www.eq-3.de/service/downloads.html?id=268 Version: 2.29.23 CVE : 2018-7300 Description:...
Homematic CCU2 2.29.23 - Remote Command Execution
!/usr/bin/ruby Exploit Title: Homematic CCU2 Remote Command Execution Date: 28-03-18 Exploit Author: Patrick Muench, Gregor Kopf Vendor Homepage: http://www.eq-3.de Software Link: http://www.eq-3.de/service/downloads.html?id=268 Version: 2.29.23 CVE : 2018-7297 Description:...
Hashicorp vagrant-vmware-fusion 4.0.23 - Local Privilege Escalation
A couple of weeks ago I disclosed a local root privesc in Hashicorp's vagrant-vmware-fusion plugin: https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmw... The initial patch they released was 4.0.21 which unfortunately contained a bug that prevented it from working at all...
Hashicorp vagrant-vmware-fusion 4.0.23 Local Root Privilege Escalation
CVE-2017-11741 Local root privesc in Hashicorp vagrant-vmware-fusion = 4.0.23 2 Aug 2017 06:49 A couple of weeks ago I disclosed a local root privesc in Hashicorp's vagrant-vmware-fusion plugin: https://m4.rkw.io/blog/cve20177642-local-root-privesc-in-hashicorp-vagrantvmwarefusion--4020.html The...
CVE-2017-7642
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable...
CVE-2017-7642
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable...
CVE-2017-11465
The parseryyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service invalid write or read or possibly have unspecified other impact via a crafted Ruby script, related to the parsertokaddutf8 function in parse.y. NOTE: this might have security relevance as a...
RPCBind / libtirpc - Denial of Service Exploit
Exploit for linux platform in category dos / poc !/usr/bin/ruby Source: https://raw.githubusercontent.com/guidovranken/rpcbomb/fe53048af2d4fb78c911e71a30f21afcffbbf5e1/rpcbomb.rb By Guido Vranken https://guidovranken.wordpress.com/ Thanks to Sean Verity for writing an exploit in Ruby for an earli...
Airia Shell Upload
Exploit Title: Airia - Webshell Upload Vulnerability Date: 2016-06-20 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://ytyng.com Software Link: https://github.com/ytyng/airia/archive/master.zip Version: Latest commit Tested on: Debian wheezy require "net/http"...
Ruby Web Applications Vulnerability Scanner: Yasuo
Ruby Web Applications Vulnerability Scanner Yasuo is a ruby script that scans for vulnerable 3rd-party web applications While working on a network security assessment internal, external, redteam gigs etc., we often come across vulnerable 3rd-party web applications or web front-ends that allow us ...
YASUO - Scans for Vulnerable & Exploitable 3rd-party Web Applications
Yasuo is a ruby script that scans for vulnerable 3rd-party web applications. While working on a network security assessment internal, external, redteam gigs etc., we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiti...