Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2022/02/09 11:12 p.m.12 views

Exploit for Path Traversal in Mikrotik Routeros

Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介...

10CVSS9.8AI score0.99999EPSS
Exploits126
Gitee
Gitee
added 2022/01/27 3:36 p.m.12 views

Exploit for Out-of-bounds Write in Polkit_Project Polkit

PoC exploit for CVE-2021-4034, a privilege escalation vulnerability in polkit. The target vulnerability class is RCE Remote Code Execution, and the probable entry point is the cve-2021-4034.c file, which is compiled into an executable. The exploit is typically invoked by running ./cve-2021-4034...

7.8CVSS7.4AI score0.94921EPSS
Exploits151
Gitee
Gitee
added 2022/01/26 10:57 p.m.12 views

Exploit for Out-of-bounds Write in Polkit_Project Polkit

PoC exploit for CVE-2021-4034, a Linux local privilege escalation vulnerability. The target is the polkit privilege escalation exploit, which has a wide coverage and is stable. The vulnerability class/vector is auth bypass, specifically a privilege escalation exploit. The probable entry point is...

7.8CVSS7.4AI score0.94921EPSS
Exploits151
Gitee
Gitee
added 2021/11/23 4:28 p.m.12 views

Exploit for Off-by-one Error in Sudo_Project Sudo

Based on the provided context and code, here is a summary of the analysis: Classification: Exploit module/toolkit targeting a vulnerability in a specific product/service framework. Primary vulnerability: CVE-2021-3156, a heap-based buffer overflow in sudo. Target product/service: sudo, a Unix...

7.8CVSS8AI score0.99295EPSS
Exploits81
Gitee
Gitee
added 2021/10/29 4:45 p.m.12 views

Exploit for OS Command Injection in Docker

CVE-2019-5736 is a container escape vulnerability in Docker. The exploit works by overwriting and executing the host system's runc binary from within the container. The vulnerability allows an attacker to gain root access on the host system. The exploit is implemented in Go and consists of two us...

9.3CVSS7.8AI score0.9857EPSS
Exploits33
Gitee
Gitee
added 2021/09/29 10:39 p.m.12 views

Exploit for CVE-2017-0144

This is a PoC exploit for CVE-2017-0144, also known as the EternalBlue vulnerability, which is a remote code execution vulnerability in the Windows SMBv1 protocol. The exploit is implemented as a Metasploit module, and it targets the Double Pulsar backdoor. The target product/service is the Windo...

9.3CVSS8.6AI score0.9923EPSS
Exploits55
Gitee
Gitee
added 2021/03/30 5:7 p.m.12 views

Exploit for Path Traversal in Vmware Cloud_Foundation

Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介...

10CVSS9.7AI score0.99999EPSS
Exploits106
Gitee
Gitee
added 2021/02/04 2:17 p.m.12 views

Exploit for Improper Authentication in Apache Shiro

Apache Shiro 认证绕过分析(CVE-2020-17523) https://www.anquanke.com/post/id/230935 0x01 漏洞描述 Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序。 当它和 Spring 结合使用时,在一定权限匹配规则下,攻击者可通过构造特殊的 HTTP 请求包完成身份认证绕过。 影响范围:Apache Shiro 1.7.1 0x02 漏洞环境搭建 shiro 1.7...

9.8CVSS7.1AI score0.85911EPSS
Exploits2
Gitee
Gitee
added 2020/12/22 10:48 a.m.12 views

Exploit for CVE-2013-0422

K8tools 2020628 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...

10CVSS6.5AI score0.99913EPSS
Exploits281
Gitee
Gitee
added 2020/11/22 3:10 p.m.12 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2020-9484 is a vulnerability in the Apache Tomcat web server. The vulnerability allows an attacker to execute arbitrary code on the server by exploiting a deserialization vulnerability in the Apache Commons Collections library, which is used by Tomcat. The exploit code is written in Groovy an...

7CVSS9.1AI score0.56636EPSS
Exploits15
Gitee
Gitee
added 2020/11/04 10:40 p.m.12 views

Exploit for Use After Free in Microsoft

System-Vulnerability 实时更新较好用最新漏洞EXP,仅供已授权渗透测试使用 --- Windows --2019.9.20 CVE-2019-0708 Blue Keep Rce --2019.11.20 CVE-2019-1388 UAC 提权 --2020.3 CVE-2020-0796 - SMBv3 poc --2020.4 CVE-2020-0796 - SMBv3 提权 --2020.5 全版本窃取令牌提权 --2020.6 CVE-2020-0796 - SMBv3 getshell Linux --2019.11 CVE-2019-14287 sudo...

10CVSS8AI score0.99999EPSS
Exploits257
Gitee
Gitee
added 2020/09/03 8:57 a.m.12 views

Exploit for Improper Access Control in Elasticsearch

欢迎各位大佬提BUG,当前版本 AssetScanV1.3 周期 初版:2019年11月28日 V1.0初版编写完成 修改1:2019年12月02日 感谢Shadow·J反馈kali下文件导入异常 修改2:2019年12月03日 V1.1发布,新增ARP存活检测(回滚,测bug) 修改3:2019年12月04日 V1.2发布,修复漏洞脚本异常,修复weblogic脚本 修改4:2019年12月05日 V1.2修改,感谢sevck提供设计思路以及代码不规范问题 修改5:2019年12月05日 V1.2修改,修复IP数据处理异常 修改6:2019年12月19日...

10CVSS7AI score0.99999EPSS
Exploits145
Gitee
Gitee
added 2020/08/07 10:0 p.m.12 views

Exploit for CVE-2020-1938

Ghostcat exp for CNVD-2020-10487CVE-2020-1938 tomcat ajp协议任意属性设置导致的文件读取和文件执行。 漏洞分析 代码仅供安全测试,请勿用于非法用途,造成的后果使用者负责与本人无关!!! python3 ajpShooter.py -h /\ / \ | | | //\ | | ' \ \ | ' \ / \ / | / \ '| / | | | | \ \ | | | | | || / | / // | ./ /| ||/ / \|| |/|| 00theway,just for test usage:...

9.8CVSS7.1AI score0.9927EPSS
Exploits45
Gitee
Gitee
added 2020/03/28 12:48 a.m.12 views

Exploit for CVE-2014-4878

PoC-and-Exp-of-Vulnerabilities 漏洞验证和利用代码收集 - 免责声明:本项目中的代码为互联网收集或自行编写,请勿用于非法用途,产生的法律责任和本人无关。针对Windows的PoC很多会被杀毒软件拦截,此为正常现象,请自行斟酌是否下载,如果有带有后门的exp,请通过提交issue联系我。 Windows - CVE-2017-0143MS17-010 Microsoft Windows SMB远程代码执行漏洞(永恒之蓝) - CVE-2017-7269 Microsoft IIS 6.0 远程代码执行漏洞 - CVE-2017-11882 Microsoft...

10CVSS7AI score0.99999EPSS
Exploits283
Gitee
Gitee
added 2020/03/18 9:36 a.m.12 views

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug allows a web user to execute code on a vulnerable server if the server has a specific configuration. The exploit targets the php-fpm service running on a server with a configuration that includes a "location" block with a...

9.8CVSS9.6AI score0.9947EPSS
Exploits54
Gitee
Gitee
added 2020/03/14 9:53 p.m.12 views

Exploit for Race Condition in Canonical Ubuntu_Linux

This is a PoC exploit for CVE-2016-5195, a vulnerability in the Linux kernel that allows an attacker to gain root privileges by exploiting a flaw in the way the kernel handles page-zero writes. The exploit is implemented in C++ and Go, and is designed to work on various Linux distributions,...

7.2CVSS7.6AI score0.83524EPSS
Exploits81
Gitee
Gitee
added 2019/11/05 10:31 p.m.12 views

Exploit for Out-of-bounds Write in Php

This is an exploit for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to gain code execution if the configuration is vulnerable. The exploit works by setting the PATHINFO variable to an empty value,...

9.8CVSS8AI score0.9947EPSS
Exploits54
Gitee
Gitee
added 2021/11/21 2:1 p.m.11 views

Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux

This is a PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The exploit targets Ubuntu versions 20.10, 20.04 LTS, 19.04, 18.04 LTS, 16.04 LTS, and 14.04 ESM. The vulnerability arises from a Linux kernel issue where it did not properly validate the...

8.8CVSS6.9AI score0.43988EPSS
Exploits27
Gitee
Gitee
added 2021/10/09 12:39 p.m.11 views

Exploit for Race Condition in Canonical Ubuntu_Linux

This repository is an exploit module for the Dirty COW CVE-2016-5195 vulnerability. The exploit relies on ptrace to patch the vDSO Virtual Dynamic Shared Object and gain root privileges. The payload is written in assembly and is executed whenever a process makes a call to clockgettime. If the...

7.2CVSS7.5AI score0.83524EPSS
Exploits81
Gitee
Gitee
added 2021/09/09 2:37 p.m.11 views

Exploit for OS Command Injection in Docker

CVE-2019-5736 is a vulnerability in the runc container runtime that allows for container escape. The exploit works by overwriting the runc binary with a malicious payload, which is achieved by modifying the /bin/sh file in the container to point to the runc binary on the host. The attacker can th...

9.3CVSS7.3AI score0.9857EPSS
Exploits33
Gitee
Gitee
added 2021/06/03 10:56 a.m.11 views

Exploit for Improper Access Control in Elasticsearch

欢迎各位大佬提BUG,当前版本 AssetScanV1.3 周期 初版:2019年11月28日 V1.0初版编写完成 修改1:2019年12月02日 感谢Shadow·J反馈kali下文件导入异常 修改2:2019年12月03日 V1.1发布,新增ARP存活检测(回滚,测bug) 修改3:2019年12月04日 V1.2发布,修复漏洞脚本异常,修复weblogic脚本 修改4:2019年12月05日 V1.2修改,感谢sevck提供设计思路以及代码不规范问题 修改5:2019年12月05日 V1.2修改,修复IP数据处理异常 修改6:2019年12月19日...

10CVSS8AI score0.99999EPSS
Exploits145
Gitee
Gitee
added 2021/05/09 4:50 p.m.11 views

Exploit for CVE-2018-10933

PoC exploit for CVE-2018-10933, a vulnerability in libSSH that allows authentication bypass. The target product/service is libSSH, a free and open-source implementation of the Secure Shell protocol. The vulnerability class/vector is authentication bypass, allowing an attacker to spawn a shell...

9.1CVSS8.6AI score0.91789EPSS
Exploits11
Gitee
Gitee
added 2021/03/14 10:44 p.m.11 views

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a PoC exploit for CVE-2021-3156, a vulnerability in the GNU C Library glibc that allows for a buffer overflow attack. The exploit is written in C and is designed to work on Ubuntu 18.04 and 20.04 systems. The exploit creates a malicious shared library, "libnssX.so.2", that is designed to ...

7.8CVSS8.3AI score0.99295EPSS
Exploits81
Gitee
Gitee
added 2021/03/07 11:9 a.m.11 views

Exploit for Improper Restriction of XML External Entity Reference in Apache Solr

注意: 切勿利用本工具对未授权的网站进行非法攻击。由此产生的法律后果由使用者自行承担!!! AttackWebFrameworkTools 1.0 2021-03-06 AttackWebFrameworkTools For RedTeam 更新状态日志: 2021-03-06 新增DVR 摄像头exp 新增Nexus Repository Manager exp。修改默认线程数为20。增加超时时间。增加界面显示shell的路径。修复cookie bug 2021-03-03 修复某些类延时时间过短导致漏洞检测不准确。下一个版本将调整默认线程数字预计是20或者10 2021-02-27 ...

10CVSS9.4AI score0.9957EPSS
Exploits66
Gitee
Gitee
added 2020/12/18 10:54 a.m.11 views

Exploit for Race Condition in Canonical Ubuntu_Linux

PoC exploit for CVE-2016-5195 Dirty COW. The target product/service is Linux, specifically the vDSO Virtual Dynamic Shared Object component. The vulnerability class/vector is a privilege escalation vulnerability, allowing an unprivileged user to gain root privileges. The probable entry point is t...

7.2CVSS7.8AI score0.83524EPSS
Exploits81
Gitee
Gitee
added 2020/12/04 4:46 p.m.11 views

Exploit for CVE-2013-0422

K8tools 2020628 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...

10CVSS6.5AI score0.99913EPSS
Exploits281
Gitee
Gitee
added 2020/11/21 11:39 p.m.11 views

Exploit for Out-of-bounds Write in Php

It is an exploit module for CVE-2019-11043. The target product/service is Apache Log4j, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the JNDI exploit, which is a known vulnerability in Log4j. Notable dependencies/tooling include the Apache Log4j...

9.8CVSS8.1AI score0.9947EPSS
Exploits54
Gitee
Gitee
added 2020/11/20 3:17 p.m.11 views

Exploit for CVE-2013-0422

K8tools 2020628 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...

10CVSS6.5AI score0.99913EPSS
Exploits281
Gitee
Gitee
added 2020/10/18 12:49 a.m.11 views

Exploit for Improper Access Control in Elasticsearch

欢迎各位大佬提BUG,当前版本 AssetScanV1.3 周期 初版:2019年11月28日 V1.0初版编写完成 修改1:2019年12月02日 感谢Shadow·J反馈kali下文件导入异常 修改2:2019年12月03日 V1.1发布,新增ARP存活检测(回滚,测bug) 修改3:2019年12月04日 V1.2发布,修复漏洞脚本异常,修复weblogic脚本 修改4:2019年12月05日 V1.2修改,感谢sevck提供设计思路以及代码不规范问题 修改5:2019年12月05日 V1.2修改,修复IP数据处理异常 修改6:2019年12月19日...

10CVSS7AI score0.99999EPSS
Exploits145
Gitee
Gitee
added 2020/10/07 12:33 a.m.11 views

Exploit for OS Command Injection in Webmin

This repository contains a proof-of-concept PoC exploit for CVE-2019-15107, a vulnerability in the NetScape 2.0 browser. The exploit is a GIF file that, when opened, will execute arbitrary code on the victim's system. The exploit targets the vulnerability in the browser's GIF89a parser, which...

10CVSS7.7AI score0.99766EPSS
Exploits37
Gitee
Gitee
added 2020/09/03 10:32 a.m.11 views

Exploit for Improper Null Termination in Php

Ladon POC Moudle CVE-2019-11043 PHP-FPM + Ngnix 漏洞简介 PHP-FPM 远程代码执行漏洞CVE-2019-11043 在长亭科技举办的 Real World CTF 中,国外安全研究员 Andrew Danau 在解决一道 CTF 题目时发现,向目标服务器 URL 发送 %0a 符号时,服务返回异常,疑似存在漏洞。 在使用一些有错误的Nginx配置的情况下,通过恶意构造的数据包,即可让PHP-FPM执行任意代码。 Example 和Ladon.exe放在同一目录,即可对C段或url.txt进行批量检测 bash Ladon...

9.8CVSS7AI score0.9947EPSS
Exploits55
Gitee
Gitee
added 2020/08/24 2:16 a.m.11 views

Exploit for CVE-2013-0422

K8tools 2020628 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 反弹工具 Ladon 6.6.6 反弹MSF/NC ShellTCP/HTTP/HTTPS + 扫描工具 Ladon 6.6 SMB漏洞检测 SMBGhost...

10CVSS6.5AI score0.99913EPSS
Exploits281
Gitee
Gitee
added 2020/06/02 3:34 p.m.11 views

Exploit for CVE-2013-0422

K8tools 20200118 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 扫描工具 Ladon 6.0 大型内网渗透扫描神器内置48个功能,支持Cobalt Strike + 扫描工具 Ladon 5.7...

10CVSS9AI score0.99913EPSS
Exploits164
Gitee
Gitee
added 2020/05/06 3:20 p.m.11 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a PoC exploit for CVE-2020-0796, a SMBv3 RCE vulnerability. The exploit is a simple scanner that checks if a server is vulnerable by sending a specially crafted SMB request. The scanner is designed to test whether a server is vulnerable, not for research or development. It checks for SMB...

10CVSS9.1AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/05/03 6:44 p.m.11 views

Exploit for Race Condition in Canonical Ubuntu_Linux

This is a PoC Proof of Concept exploit for CVE-2016-5195, also known as Dirty COW. The exploit relies on ptrace to patch the vDSO Virtual Dynamic Shared Object and gain root privileges. The exploit is architecture-dependent and may not work on every Linux version. The payload is written in assemb...

7.2CVSS7AI score0.83524EPSS
Exploits81
Gitee
Gitee
added 2020/04/26 9:31 a.m.11 views

Exploit for CVE-2017-0144

PoC exploit for CVE-2017-0144 EternalBlue using the Doublepulsar backdoor, implemented as a Metasploit module. The target product/service is Windows, and the vulnerability class is RCE Remote Code Execution. The probable entry point is the Metasploit module, and the notable dependency is the...

9.3CVSS7.3AI score0.9923EPSS
Exploits55
Gitee
Gitee
added 2020/04/07 9:32 a.m.11 views

Exploit for Race Condition in Canonical Ubuntu_Linux

This is a PoC exploit for CVE-2016-5195, a vulnerability in the Linux kernel that allows for a Dirty Cow DC attack. The exploit is implemented in C++ and Go, with a legacy version in C++. The exploit targets the Linux kernel's memory mapping feature, which allows an attacker to map a file into a...

7.2CVSS6.9AI score0.83524EPSS
Exploits81
Gitee
Gitee
added 2020/03/28 4:30 p.m.11 views

Exploit for Out-of-bounds Write in Php

This is an exploit for a bug in php-fpm CVE-2019-11043. The bug allows a web user to execute code on a vulnerable server if the server has a specific configuration. The exploit is written in Go and uses the Cobra framework. The exploit works by setting a PHP setting using the SetSetting function,...

9.8CVSS7.5AI score0.9947EPSS
Exploits54
Gitee
Gitee
added 2020/03/07 8:42 a.m.11 views

Exploit for CVE-2015-0273

phpcodz Php Codz Hacking http://www.80vul.com/pch/ What is PHP? PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. If you are new to PHP and want to get some idea of how it works, try the introductory tutorial. Afte...

10CVSS6.9AI score0.41315EPSS
Exploits13
Gitee
Gitee
added 2020/03/02 3:4 p.m.11 views

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

ysoserial-cve-2018-2628 0x1. 准备工作 - 准备好POC脚本及Payload Object生成、JRMPListener运行所需软件环境 Python 2.7.x Oracle Java SE 1.7+ - 准备好一套安装好Patch Set Update 180417补丁的WebLogic Server 10.3.6环境(仅有AdminServer即可) 如果有现成的、已经安装好这个PSU版本的WebLogic环境,则可跳过这一步。 - 准备好POC工具 从本项目里下载POC脚本(wls-cve-2018-2628-poc.py)...

9.8CVSS6.9AI score0.99448EPSS
Exploits77
Gitee
Gitee
added 2020/02/06 8:19 p.m.11 views

Exploit for OS Command Injection in Docker

This is a PoC exploit for CVE-2019-5736, a Docker escape vulnerability. The target product/service is Docker, and the vulnerability class/vector is a Docker escape. The probable entry point is the Dockerfile, which contains a series of RUN commands that ultimately lead to the execution of the...

9.3CVSS8.1AI score0.9857EPSS
Exploits33
Gitee
Gitee
added 2019/12/05 2:28 p.m.11 views

Exploit for Argument Injection in Phpmailer_Project Phpmailer

This repository contains a collection of Perl scripts, each targeting a specific vulnerability. The vulnerabilities include: 1. CVE-2016-10033: A remote code execution vulnerability in PHPMailer before 5.2.18. 2. CVE-2016-6195: A SQL injection vulnerability in vBulletin before 4.2.2 Patch Level 5...

9.8CVSS9.1AI score0.99988EPSS
Exploits111
Gitee
Gitee
added 2019/08/28 8:48 a.m.11 views

Pocsuite

This project is an open-sourced remote vulnerability testing and proof-of-concept development framework called Pocsuite, developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine and many niche features for penetration testers and security researchers. The framewor...

7AI score
Exploits0
Gitee
Gitee
added 2019/03/28 1:46 a.m.11 views

Exploit for CVE-2017-0144

Based on the provided code and analysis, here is a summary of the findings: Classification: The repository is an offensive tool for exploiting vulnerabilities, specifically targeting the Windows operating system. Primary Target: The primary target is the Windows operating system, with a focus on...

9.3CVSS7.6AI score0.9923EPSS
Exploits55
Gitee
Gitee
added 2018/03/27 5:12 p.m.11 views

Exploit for CVE-2017-8570

This repository contains a Proof of Concept PoC exploit for CVE-2017-8570, a vulnerability in Microsoft Office that allows an attacker to execute arbitrary code by embedding a malicious script in a Rich Text Format RTF file. The exploit uses the "Packager.dll" file-dropping trick to drop a ".sct"...

9.3CVSS7.5AI score0.89889EPSS
Exploits14
Gitee
Gitee
added 2017/08/14 1:36 p.m.11 views

Exploit for Open Redirect in Git-Scm Git

PoC exploit for CVE-2017-1000117, a vulnerability in the way Git handles submodule initialization. The target is Git, a vulnerability class/vector of arbitrary file write, probable entry point is the Git submodule initialization process, notable dependency is Git, and execution context is a Git...

8.8CVSS7.3AI score0.77823EPSS
Exploits9
Gitee
Gitee
added 2023/09/28 4:52 p.m.10 views

Exploit for CVE-2013-0422

K8tools 20190727 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt...

10CVSS6.5AI score0.99913EPSS
Exploits116
Gitee
Gitee
added 2022/09/25 4:1 p.m.10 views

Exploit for OS Command Injection in Docker

This is a PoC Proof of Concept exploit for CVE-2019-5736, a vulnerability in the runc binary of the Docker container runtime. The exploit is implemented in Go and is designed to overwrite the runc binary on the host system from within a container. The exploit works by overwriting the /bin/sh bina...

9.3CVSS7.2AI score0.9857EPSS
Exploits33
Gitee
Gitee
added 2021/12/02 11:0 a.m.10 views

Exploit for CVE-2016-2384

This repository contains proof-of-concept PoC exploits for various vulnerabilities in the Linux kernel. The exploits target different vulnerabilities, including CVE-2016-2384, CVE-2016-9793, and CVE-2017-1000112. CVE-2016-2384 is a use-after-free vulnerability in the usb-midi driver, which allows...

7.8CVSS6.6AI score0.20797EPSS
Exploits30
Gitee
Gitee
added 2021/11/08 5:5 p.m.10 views

Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind

CVE-2020-8840 Jackson-databind远程代码执行漏洞(CVE-2020-8840)分析复现环境代码。 项目包含: jackson-databind、Fastjson中payload WebServer恶意类 编译好的marshalsec-0.0.3-SNAPSHOT-all.jar 漏洞简介 Jackson-databind远程代码执行漏洞(CVE-2020-8840),攻击者可利用xbean-reflect的利用链(org.apache.xbean.propertyeditor.JndiConverter)触发JNDI远程类加载从而达到远程代码执行。...

9.8CVSS8.9AI score0.26587EPSS
Exploits5
Total number of security vulnerabilities1886