Lucene search
+L

226 matches found

GithubExploit
GithubExploit
added 2025/09/22 3:20 p.m.178 views

Exploit for Out-of-bounds Write in Adobe Acrobat

CVE-2010-2883 PoC for CVE...

9.3CVSS7.1AI score0.82485EPSS
Exploits13
Gitee
Gitee
added 2025/09/14 6:34 p.m.94 views

ASLRay

This repository contains a Linux ELF x32/x64 ASLR DEP/NX bypass exploit with stack-spraying. The exploit targets the test binary, which is a simple program that takes a string argument and prints it. The exploit works by spraying the stack with a large amount of data, which increases the chances ...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/14 6:1 p.m.104 views

Exploit for Use of Uninitialized Resource in Vmware Fusion

This is a VMware Escape Exploit, a proof-of-concept PoC exploit for CVE-2017-4905, targeting VMware WorkStation 12.5.5 and earlier versions. The exploit is designed to escape the VMware environment and execute arbitrary code on the host system. The exploit is written in C and uses a heap...

5.5CVSS8.3AI score0.01204EPSS
Exploits3
Gitee
Gitee
added 2025/09/14 3:58 p.m.276 views

AutoBlue-MS17-010

This is a semi-automated, fully working, no-bs, non-metasploit version of the public exploit code for MS17-010. The exploit is designed to target Windows systems vulnerable to the EternalBlue vulnerability, which is a remote code execution RCE vulnerability in the SMBv1 protocol. The exploit code...

8.5AI score
Exploits0
Gitee
Gitee
added 2025/09/14 12:1 p.m.174 views

spraywmi

Exploit module/toolkit targeting Windows systems via WMI Windows Management Instrumentation spraying. The tool, named SprayWMI, is designed to mass spray Unicorn PowerShell injection to CIDR notations. It is a Python-based tool that uses the pexpect library to interact with the Windows Management...

7.7AI score
Exploits0
NVD
NVD
added 2025/09/08 10:15 p.m.43 views

CVE-2025-57815

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...

6.5CVSS0.00277EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/08 9:11 p.m.5 views

CVE-2025-57815 Fides Lacks Brute-Force Protections on Authentication Endpoints

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...

6.3CVSS6.6AI score0.00277EPSS
Exploits0References3
OSV
OSV
added 2025/09/08 9:11 p.m.6 views

CVE-2025-57815 Fides Lacks Brute-Force Protections on Authentication Endpoints

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...

6.3CVSS6.8AI score0.00277EPSS
Exploits0References5
Snyk
Snyk
added 2025/09/08 8:45 p.m.6 views

Brute Force

Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Brute Force via insufficient protections on the authentication process. An attacker can gain unauthorized access to user accounts by performing automated credential...

6.5CVSS7AI score0.00277EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/06/12 5:41 a.m.35 views

Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool

Cybersecurity researchers have uncovered a new account takeover ATO campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID formerly Azure Active Directory user accounts. The activity, codenamed UNKSneakyStrike by Proofpoint, has...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2025/06/05 12:0 a.m.342 views

Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)

!/usr/bin/env python3 Exploit Title: Microsoft Windows Server 2025 JScript Engine - Remote Code Execution RCE Exploit Author: Mohammed Idrees Banyamer Instagram: @@banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-05-31 CVE: CVE-2025-30397 Vendor: Microsoft Affected Versions: Windo...

7.5CVSS7.4AI score0.21228EPSS
Exploits7
GithubExploit
GithubExploit
added 2025/05/31 12:20 p.m.514 views

Exploit for Type Confusion in Microsoft

CVE-2025-30397---Windows-Server-2025-JScript-RCE-Use-After-Fre...

7.5CVSS10AI score0.21228EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2025/05/23 12:19 a.m.11 views

CVE-2022-45860

A weak authentication vulnerability CWE-1390 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increas...

7.5CVSS7.4AI score0.00488EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:57 p.m.8 views

CVE-2022-24044

A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application does not employ any countermeasures...

7.5CVSS6.6AI score0.00844EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/04/27 5:2 a.m.75 views

Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year. "The attack involves the use of AzureChecker.exe, a Command Line Interface CLI tool that is being used by a wide range of...

7.8AI score
Exploits0
HackRead
HackRead
added 2025/02/24 7:12 p.m.13 views

Botnet of 130K Devices Targets Microsoft 365 in Password-Spraying Attack

A botnet of 130,000 devices is launching a Password-Spraying attack on Microsoft 365, bypassing MFA and exploiting legacy authentication to access accounts...

7.5AI score
Exploits0
OSV
OSV
added 2025/01/29 10:15 p.m.8 views

CVE-2024-54852

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary...

9.8CVSS5.9AI score0.00743EPSS
Exploits1References1
NVD
NVD
added 2025/01/29 10:15 p.m.13 views

CVE-2024-54852

When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary...

9.8CVSS0.00743EPSS
Exploits1References1
OSV
OSV
added 2025/01/04 2:15 a.m.5 views

CVE-2025-22390

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...

7.5CVSS5.7AI score0.00347EPSS
Exploits0References1
Schneier on Security
Schneier on Security
added 2024/11/06 12:2 p.m.7 views

IoT Devices in Password-Spraying Botnet

Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in "highly evasive" password spraying. Not sure about the "highly evasive" part; the techniques seem basically what you get in a distributed password-guessing attack: "Any threat actor using the CovertNetwork-1658...

7.3AI score
Exploits0
Rows per page
Query Builder