61 matches found
JNDIExploit
This is a Java-based exploit tool for JNDI Java Naming and Directory Interface injection vulnerabilities. The tool is designed to inject a payload into the JNDI repository, allowing an attacker to execute arbitrary code on the target system. The tool is based on the Rogue JNDI project and support...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
SMBGhost Simple scanner for CVE-2020-0796 - SMBv3 RCE. The scanner is for meant only for testing whether a server is vulnerable. It is not meant for research or development, hence the fixed payload. It checks for SMB dialect 3.1.1 and compression capability through a negotiate request. A network...
PT-2025-35522
Name of the Vulnerable Software and Affected Versions MobSF version 4.4.0 Description MobSF is a mobile application security testing tool. An authenticated user who uploaded a specially prepared one.a file could write arbitrary files to any directory writable by the user of the MobSF process. Thi...
LMeterX 路径遍历漏洞
LMeterX is an open source professional load testing program for any LLM API by MigoXLab. A path traversal vulnerability exists in LMeterX version 1.2.0, which stems from incorrect manipulation of the parameter taskid in the file backend/service/uploadservice.py resulting in path traversal...
Exploit for Authentication Bypass by Primary Weakness in Crushftp
CVE-2025-31161 - CrushFTP User Creation Authentication Bypass...
Exploit for CVE-2025-0133
CVE-2025-0133 Reflected XSS Detection Tool Author: Derek...
GHSA-C5VG-26P8-Q8CR Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
Vulnerable MobSF Versions: = v4.3.2 Details: MobSF is a widely adopted mobile application security testing tool used by security teams across numerous organizations. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web application...
Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver
CVE-2025-31324-File-Upload A totally unauthenticated file-uplo...
CVE-2025-25568
SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function. NOTE: the Supplier disputes this because the use-after-free is not in the VPN software, but is instead in a separate tool that has no untrusted input and runs under the user's o...
CVE-2023-43504
A vulnerability has been identified in COMOS All versions V10.4.4. Ptmcast executable used for testing cache validation service in affected application is vulnerable to Structured Exception Handler SEH based buffer overflow. This could allow an attacker to execute arbitrary code on the target...
Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple
CMS-Made-Simple-2.2.10---SQL-Injection-Exploit-com-corre-o-de-...
Newly patched VMware vulnerability exploited by Iranian espionage group, Rocket Kitten
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here An Iranian cyber espionage gang known as Rocket Kitten has began delivering the Core Impact penetration testing tool on susceptible computers by exploiting a newly fixed severe vulnerability in VMware Workspace ONE...
Intel VTune Profiler 安全漏洞
Intel VTune Profiler is a performance testing tool for optimized software from Intel USA. The software performs performance testing of IoT embedded applications, media software, Java applications, and high-performance computing applications. A security vulnerability exists in Intel VTune Profiler...
Ddosify - High-performance Load Testing Tool
Features Protocol Agnostic - Currently supporting HTTP, HTTPS, HTTP/2. Other protocols are on the way. Scenario-Based - Create your flow in a JSON file. Without a line of code! Different Load Types - Test your system's limits across different load types. Installation ddosify is available via...
FIN7 Backdoor Masquerades as Ethical Hacking Tool
The notorious FIN7 cybercrime gang, a financially motivated group, is spreading a backdoor called Lizar under the guise of being a Windows pen-testing tool for ethical hackers. According to the BI.ZONE Cyber Threats Research Team, FIN7 is pretending to be a legitimate organization that hawks a...
Unspecified Vulnerability in HCL OneTest
HCL OneTest is a software testing tool from HCL India that provides multiple testing options. The software supports API testing, functional testing, UI testing, performance testing and service virtualization to support software automation testing. A security vulnerability exists in HCL OneTest...
vulhub
It is an offensive tool for web application security testing. The repository contains a collection of pre-built vulnerable docker environments, allowing users to test web application security without requiring prior knowledge of docker. The tool is designed to be easy to use, with a simple...
Exploit for Argument Injection in Php
This repository is an exploit module for CVE-2018-19518, a vulnerability in the PHPMailer library. The exploit is written in Python and targets the PHPMailer library's use of the "mail" function to send emails. The vulnerability allows an attacker to inject malicious code into the email body, whi...
SQLMap v1.4.9 - Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...
metasploit-framework
This is a Metasploit Framework repository, a widely used penetration testing tool. The framework is used for identifying and exploiting vulnerabilities in computer systems and applications. The primary target of this framework is the Metasploit Framework itself, which is a Ruby-based framework fo...