226 matches found
Exploit for Out-of-bounds Write in Adobe Acrobat
CVE-2010-2883 PoC for CVE...
ASLRay
This repository contains a Linux ELF x32/x64 ASLR DEP/NX bypass exploit with stack-spraying. The exploit targets the test binary, which is a simple program that takes a string argument and prints it. The exploit works by spraying the stack with a large amount of data, which increases the chances ...
Exploit for Use of Uninitialized Resource in Vmware Fusion
This is a VMware Escape Exploit, a proof-of-concept PoC exploit for CVE-2017-4905, targeting VMware WorkStation 12.5.5 and earlier versions. The exploit is designed to escape the VMware environment and execute arbitrary code on the host system. The exploit is written in C and uses a heap...
AutoBlue-MS17-010
This is a semi-automated, fully working, no-bs, non-metasploit version of the public exploit code for MS17-010. The exploit is designed to target Windows systems vulnerable to the EternalBlue vulnerability, which is a remote code execution RCE vulnerability in the SMBv1 protocol. The exploit code...
spraywmi
Exploit module/toolkit targeting Windows systems via WMI Windows Management Instrumentation spraying. The tool, named SprayWMI, is designed to mass spray Unicorn PowerShell injection to CIDR notations. It is a Python-based tool that uses the pexpect library to interact with the Windows Management...
CVE-2025-57815
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...
CVE-2025-57815 Fides Lacks Brute-Force Protections on Authentication Endpoints
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...
CVE-2025-57815 Fides Lacks Brute-Force Protections on Authentication Endpoints
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate limit for all API traffic and lacks specific anti-automation controls designed to protect against brute-force attacks. This could allow attackers to...
Brute Force
Overview ethyca-fides is an Open-source ecosystem for data privacy as code. Affected versions of this package are vulnerable to Brute Force via insufficient protections on the authentication process. An attacker can gain unauthorized access to user accounts by performing automated credential...
Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool
Cybersecurity researchers have uncovered a new account takeover ATO campaign that leverages an open-source penetration testing framework called TeamFiltration to breach Microsoft Entra ID formerly Azure Active Directory user accounts. The activity, codenamed UNKSneakyStrike by Proofpoint, has...
Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
!/usr/bin/env python3 Exploit Title: Microsoft Windows Server 2025 JScript Engine - Remote Code Execution RCE Exploit Author: Mohammed Idrees Banyamer Instagram: @@banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-05-31 CVE: CVE-2025-30397 Vendor: Microsoft Affected Versions: Windo...
Exploit for Type Confusion in Microsoft
CVE-2025-30397---Windows-Server-2025-JScript-RCE-Use-After-Fre...
CVE-2022-45860
A weak authentication vulnerability CWE-1390 in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increas...
CVE-2022-24044
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The login functionality of the application does not employ any countermeasures...
Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers
Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year. "The attack involves the use of AzureChecker.exe, a Command Line Interface CLI tool that is being used by a wide range of...
Botnet of 130K Devices Targets Microsoft 365 in Password-Spraying Attack
A botnet of 130,000 devices is launching a Password-Spraying attack on Microsoft 365, bypassing MFA and exploiting legacy authentication to access accounts...
CVE-2024-54852
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary...
CVE-2024-54852
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary...
CVE-2025-22390
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...
IoT Devices in Password-Spraying Botnet
Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in "highly evasive" password spraying. Not sure about the "highly evasive" part; the techniques seem basically what you get in a distributed password-guessing attack: "Any threat actor using the CovertNetwork-1658...