62 matches found
PT-2025-1537
Name of the Vulnerable Software and Affected Versions Prusa PrusaSlicer versions prior to 2.6.2 Description A crafted 3mf project file can lead to arbitrary code execution on a host system during the process of slicing the project and exporting G-code. This issue occurs within the PostProcessor.c...
Exploit for Integer Underflow (Wrap or Wraparound) in 7-Zip
CVE-2024-11477 Writeup This is a writeup of my research...
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
CVE-2023-27997 Vulnerability Assessment Tool Safely detect wh...
Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
Exploit Title: Zoneminder v1.36.26 - Log Injection - CSRF Bypass - Stored Cross-Site Scripting XSS Date: 10/01/2022 Exploit Author: Trenches of IT Vendor Homepage: https://github.com/ZoneMinder/zoneminder Version: v1.36.26 Tested on: Linux/Windows CVE: CVE-2022-39285, CVE-2022-39290, CVE-2022-392...
Exploit for Link Following in Rarlab Unrar
A proof of concept for CVE-2022-30333 - a path traversal vulnera...
Exploit for NULL Pointer Dereference in Linux Linux_Kernel
CVE-2022-23222 Click here if you just wanna build and run th...
F5 BIG-IP iControl Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'F5 BIG-IP iControl RCE via REST Authentication Bypass', 'Description' = %q This module exploits an authentication bypass vulnerability in the F5...
Patch Tuesday - April 2022
From Defender to Windows, Office to Azure, this month’s Patch Tuesday has a large swath of Microsoft’s portfolio getting vulnerabilities fixed. 119 CVEs were addressed today, not including the 26 Chromium vulnerabilities that were fixed in the Edge browser. One of these has been observed being...
ImpressCMS 1.4.2 Remote Code Execution
?php / ---------------------------------------------------------- ImpressCMS = 1.4.2 SQL Injection to Remote Code Execution ---------------------------------------------------------- author..............: Egidio Romano aka EgiX mail................: n0b0d13satgmaildotcom software link.......:...
h1-ctf: The Return of the Grinch
Read the full writeup here: https://github.com/tarifas90/CTF-Writeups-2021/blob/main/hackyholidasy2021.md...
WordPress All-in-One Video Gallery plugin 2.4.9 Plugin - Local File Inclusion Vulnerability
Exploit Title: WordPress Plugin All-in-One Video Gallery plugin 2.4.9 - Local File Inclusion LFI Exploit Author: Mohamed Magdy Abumusilm Aka m19o Software: All-in-One Video Gallery plugin Version: = 2.4.9 Tested on: Windows,linux Poc:...
Dropbox: Full Response SSRF via Google Drive
This researcher pointed out that HelloSign's Google Drive doc export feature had a URL parsing issue that could allow extra parameters to be passed to Google Drive API. By making use of an extra parameter in the Google Drive API, it was possible for researchers to force HelloSign to parse externa...
Exploit for Expression Language Injection in Atlassian Confluence_Data_Center
CVE-2021-26084 An OGNL injection vulnerability exists that...
h1-ctf: HackerOne’s 100K CTF Writeup
Greetings team It has been a great challenge, thank you very much for the fun moments and also for the annoying ones : ██████████ P.S. I will put my writeup in my next comment. Impact ---...
h1-ctf: ccc.h1ctf.com CTF
Summary: Claiming the flag, writeup to follow. ██████████ ██████ Impact...
Exploit for Off-by-one Error in Sudo_Project Sudo
CVE-2021-3156 Sudo Baron Samedit This repository is CVE-202...
h1-ctf: h1-ctf : 12 days of hack holiday writeup
Summary This was a real fun CTF and I really enjoyed solving the challenges. Great job on creating the challenges. This is my writeup for the "12 Days of Hacky Holidays CTF". I hope you enjoy reading it, and I hope others reading it will pick up a trick or two. Flags: This is all the flags found...
h1-ctf: [H1 hackyholidays] CTF Writeup
Hello team, Here is my CTF writeup for HackyHolidays. Main page The main page doesn't contain any interesting stuff, just a few assets. Maybe we will find some known files in webapp root: index.php, .htaccess, robots.txt, ...? robots.txt file exists, and there is the first flag: User-agent:...
Exploit for SQL Injection in Joomla Joomla\!
CyberspaceSecurityLearning 在学习CTF、网络安全路上整合博客和一些资料,持续更新 置顶tips:如果你也有自己学习路上收集的一些好资料,或者愿意展示自己的优质博客给大家欢迎fork pull request给我(联系邮箱[email protected]) 最新更新时间:2018/3/13 更新内容: 任意用户密码重置(五):重置凭证可暴破 一些有趣的代码审计“小”题目为CTF-Web-dog提供一些套路 了解SSRF,这一篇就足够了 知识技能表 知道创宇技能表 CTF练习 Writeup 这是我自己从最早入门开始练习的一些题目往下排列的,可能很多当时写的writ...
h1-ctf: CTF Writeup
Hi, First of all, thanks for this amazing CTF!. I will post my writeup soon, it is time to sleep now : F1129602 By the way, the creator of challenge 11 is crazy. Impact Grinch Network is finally down...