21 matches found
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo
CVE-2025-32463: Local Privilege Escalation Exploit for Sudo !...
Exploit for CVE-2025-2294
🚨 Kubio AI Page Builder = 2.5.1 - Unauthenticated Local File...
Exploit for Missing Authorization in Xlplugins Finale
CVE-2024-30485 Exploit 📌 Overview CVE-2024-30485 is a...
Leverage the Power of 45k, free, Hugging Face Models with Spring AI and Ollama
This blog post is co-authored by our great contributor Thomas Vitale. Ollama now supports all GGUF models from Hugging Face , allowing access to over 45,000 community-created models through Spring AI's Ollama integration, runnable locally. We'll explore using this new feature with Spring AI. The...
IpGeo - Tool To Extract IP Addresses From Captured Network Traffic File
IpGeo is a python tool to extract IP addresses from captured network traffic file pcap/pcapng and generate csv report containing details about the geolocation of each ip in the packets. The report contains: 1. Country: 2. Country Code. 3. Region 4. Region Name 5. City 6. Zip 7. Latitude 8...
Sub404 - A Python Tool To Check Subdomain Takeover Vulnerability
Sub 404 is a tool written in python which is used to check possibility of subdomain takeover vulnerabilty and it is fast as it is Asynchronous. Why During recon process you might get a lot of subdomainse.g more than 10k. It is not possible to test each manually or with traditional requests or...
Open redirect in Slashify
The package is an Express middleware that normalises routes by stripping any final slash, redirecting, for example, bookings/latest/ to bookings/latest. However, it does not validate the path it redirects to in any way. In particular, if the path starts with two slashes or two backslashes, or a...
Exploit for CVE-2021-3129
CVE-2021-3129exploit Exploit for CVE-2021-3129 Lab setup:...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
CVE-2020-9484 Click the image to watch the vide...
FireShodanMap - A Realtime Map That Integrates Firebase, Google Maps And Shodan
FireShodanMap is a Realtime map that integrates Firebase and Shodan. A search is carried out using Shodan searching vulnerable devices and they are showed on the map for analysis. All data updated in Firebase are Realtime. Changes We have a file named "fireshodan.py" responsible for fill Firebase...
ReverShellGenerator - A Tool to Generate Various Ways to Do a Reverse Shell
A tool to generate various ways to do a reverse shell. Usage example Reverse Shell fonts http://bernardodamele.blogspot.com.br/2011/09/reverse-shells-one-liners.html http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet Download ReverShellGenerator...
An ssh-agent for every domain: SSHecret
If you have an encrypted ssh key for each domain you access you should, and you keep your unlocked keys in a single ssh-agent you maybe shouldn’t, AND you’ve ever decided you need to forward your ssh-agent, then you should feel bad. If you forward an ssh-agent with all your unique keys for every...
Pemcracker - Tool To Crack Encrypted PEM Files
This tool is inspired by pemcrack by Robert Graham. The purpose is to attempt to recover the password for encrypted PEM files while utilizing all the CPU cores. It still uses high level OpenSSL calls in order to guess the password. As an optimization, instead of continually checking against the P...
Oracle <= 9i / 10g (extproc) - Local/Remote Command Execution Exploit
No description provided by source. -- -- $Id: raptororaextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororaextproc.sql - command exec via oracle extproc -- Copyright c 2006 Marco Ivaldi [email protected] -- -- Directory traversal vulnerability in extproc in Oracle 9i and 10g --...
DEDECMS full version disregard for GPC injection exp-vulnerability warning-the black bar safety net
? php printr " +------------------------------------+ DEDECMS full version disregard for GPC injection code by :Sunshie Usage:$argv0 domain Example: php.exe$argv0 www.phpinfo.me +------------------------------------+ " ; if$argv1=="" exit"do not tease than we're still good friends"; else...
Simple HTTPD <= 1.41 (/aux) Remote Denial of Service Exploit
Exploit for unknown platform in category dos / poc ============================================================ Simple HTTPD = 1.41 /aux Remote Denial of Service Exploit ============================================================ usage: poc.py host port import socket import sys print...
Zomplog <= 3.8 (mp3playlist.php speler) Remote SQL Injection Exploit
No description provided by source. !/usr/bin/python ---------------------------------------------------------------------------------- The sql injection : /zomplog-3.8/plugins/mp3playlist/mp3playlist.php?speler=sql I've code a sploit for the fun x...
Plan 9 Kernel (devenv.c OTRUNC/pwrite) Local Exploit
No description provided by source. / !!! DO NOT DISTRIBUTE !!! / / identity theft this exploit uses my devenv.c OTRUNC/pwrite vulnerability to overwrite specific kernel addresses to help elevate our privileges. this exploit is very picky, so you must understand the plan9 kernel and know what you...
GuppY <= 4.5.16 Remote Commands Execution Exploit
No description provided by source. ?php printr' --------------------------------------------------------------------------- Guppy = 4.5.16 remote commands execution exploit by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org dork: "Site powered by GuppY" | "Site cr驠avec Gupp...
Oracle <= 9i / 10g (extproc) Local/Remote Command Execution Exploit
No description provided by source. -- -- $Id: raptororaextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororaextproc.sql - command exec via oracle extproc -- Copyright c 2006 Marco Ivaldi [email protected] -- -- Directory traversal vulnerability in extproc in Oracle 9i and 10g --...