Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2021-26084 CVE-2021-26084 Remote Code Execution on Conflu...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2021-26084 CVE-2021-26084 Remote Code Execution on Conflu...

Exploit for CVE-2021-33766

POC Exploit CVE-2021-33766 ProxyToken POC Exploit for CVE-...

Ship Ferry Ticket Reservation System 1.0 SQL Injection

Exploit Title: Ship Ferry Ticket Reservation System v1.0 SQL-Injection-Bypass-Authentication in /shipticketing/classes/Login.php. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 08.30.2021 Vendor:...

CVE-2021-40145

gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes...

CVE-2021-40145

gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes...

CVE-2021-40145

gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes...

CVE-2021-40145

CVE-2021-40145 is a double-free vulnerability in libgd2 (gdImageGd2Ptr in gd_gd2.c) affecting libgd2 up to and including 2.3.2. Connected advisories confirm patches/upgrades exist (e.g., Debian DLA-4411-1 fixing libgd2 in 2.3.0-2+deb11u1; Mariner and ALAS advisories indicate required upgrades to ...

CVE-2021-40145

gdImageGd2Ptr in gdgd2.c in the GD Graphics Library aka LibGD through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes...

Data races in model

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust. Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and...

GHSA-8Q64-WRFR-Q48C Data races in model

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust. Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and...

Data races in model

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust. Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and...

GHSA-MXV6-Q98X-H958 Data races in model

Shared data structure in model crate implements Send and Sync traits regardless of the inner type. This allows safe Rust code to trigger a data race, which is undefined behavior in Rust. Users are advised to treat Shared as an unsafe type. It should not be used outside of the testing context, and...

Exploit for Deserialization of Untrusted Data in Xstream

Xstream-1.4.17 The above Xstream demo environment was set up...

Pocsuite

This project is an open-sourced remote vulnerability testing and proof-of-concept development framework called Pocsuite. It is developed by the Knownsec 404 Team and supports Python 2.6+. The framework comes with a powerful proof-of-concept engine and many niche features for penetration testers a...

SQLancer - Detecting Logic Bugs In DBMS

SQLancer Synthesized Query Lancer is a tool to automatically test Database Management Systems DBMS in order to find logic bugs in their implementation. We refer to logic bugs as those bugs that cause the DBMS to fetch an incorrect result set e.g., by omitting a record. SQLancer operates in the...

DLA-2742-2 ffmpeg - regression update

Bulletin has no description...

Exploit for CVE-2018-9995

PoC exploit for CVE-2018-9995. This exploit targets a vulnerability in a DVR system, allowing for remote code execution. The exploit is written in Python and uses the requests library to send HTTP requests to the vulnerable system. The exploit first defines a function to get the system's response...

vulhub

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and frameworks, including Docker, Git, and Oracle Java. The repository is maintained by phith0n and is licensed under the MIT...

probench_aflnet

It is an offensive tool for network protocols. The primary CVE ID is not explicitly mentioned in the provided context; however, the tool is designed to fuzz network protocols, which may lead to the discovery of vulnerabilities. The target product/service or framework is network protocols, and the...