Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2021/11/28 8:26 p.m.6 views

php_code_audit_project

The provided code snippet appears to be a PDF document containing a vulnerability report for ThinkPHP, a PHP framework. The report describes a request function vulnerability that allows for remote code execution. The code snippet is a PDF document with a single page containing a table with severa...

8.3AI score
Exploits0
Gitee
Gitee
added 2021/11/08 9:45 p.m.6 views

vulhub

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable applications and services, along with exploits and tools to demonstrate their vulnerabilities. The primary vulnerability targeted by this repository is not explicitly stated, b...

7.8AI score
Exploits0
Gitee
Gitee
added 2021/11/06 3:51 a.m.6 views

Exploit for Path Traversal in Microsoft

This repository is an exploit module for CVE-2021-40444, a remote code execution vulnerability in Microsoft Office Word. The exploit is a malicious docx generator that creates a document that, when opened, will execute a malicious DLL file. The exploit is based on some reverse engineering over a...

8.8CVSS7.9AI score0.96843EPSS
Exploits38
Gitee
Gitee
added 2021/11/04 11:59 p.m.6 views

dedecms5.81beta1 rce

PoC exploit for CVE-2021-XXXX-XXXX. It is a Python script targeting DedeCMS V5.8.1 beta 1, exploiting a remote code execution RCE vulnerability. The probable entry point is the exp function, which is typically invoked by running python3 poc.py -u url. The script sends a GET request to the...

8.5AI score
Exploits0
Gitee
Gitee
added 2021/10/28 9:22 p.m.6 views

Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux

PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker coul...

8.8CVSS6.7AI score0.43988EPSS
Exploits27
Gitee
Gitee
added 2021/10/26 3:50 p.m.6 views

vulhub

This is an open-source collection of vulnerable web applications and environments for testing and learning about web application security. It is a project maintained by phith0n and hosted on GitHub. The project provides a variety of vulnerable applications and environments, including web servers,...

7AI score
Exploits0
Gitee
Gitee
added 2021/10/15 4:27 p.m.6 views

Exploit for Files or Directories Accessible to External Parties in Apache Flink

Based on the provided code and analysis, here is a summary of the vulnerabilities: 1. Apache Flink 1.9.1 Jar Upload RCE: This vulnerability allows an attacker to upload a malicious JAR file to the Apache Flink system, which can lead to arbitrary command execution and reverse shell. Affected...

9.1CVSS7.5AI score0.97856EPSS
Exploits14
Gitee
Gitee
added 2021/10/08 3:46 p.m.6 views

Exploit for Path Traversal in Microsoft

PoC exploit for CVE-2021-40444, a Microsoft Office Word RCE vulnerability. The target is Microsoft Office Word, with the vulnerability class being Remote Code Execution RCE. The probable entry point is the exploit.py script, which is not specified how it is typically invoked. The exploit chain...

8.8CVSS7.5AI score0.96843EPSS
Exploits38
Gitee
Gitee
added 2021/09/27 3:6 p.m.6 views

emp3r0r

It is an offensive tool for Linux systems. The tool is called emp3r0r, a Linux post-exploitation framework made by a user named jm33-ng. It is designed to provide a better experience for remote administration on Linux systems, particularly for terminal-based interactions. The framework is written...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/09/27 2:59 p.m.6 views

Exploit for CVE-2021-1675

Based on the provided context and code cues, here is a summary of the analysis: Classification: This is an exploit module for the CVE-2021-1675 vulnerability, which is a local privilege escalation LPE vulnerability. Target: The target of this exploit is the Windows operating system, specifically...

9.3CVSS8.9AI score0.86132EPSS
Exploits63
Gitee
Gitee
added 2021/09/15 11:52 p.m.6 views

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

Based on the provided code and metadata, here is a description of the repository and its contents: Repository: This repository appears to be a Maven wrapper for the Apache Maven project, specifically version 3.5.3. The repository contains metadata and configuration files for the Maven wrapper,...

9.8CVSS9.1AI score0.95649EPSS
Exploits9
Gitee
Gitee
added 2021/09/12 5:22 p.m.6 views

Exploit for Race Condition in Canonical Ubuntu_Linux

This is a PoC exploit for CVE-2016-5195, a vulnerability in the Linux kernel that allows an unprivileged user to gain root privileges by exploiting a bug in the way the kernel handles page table entries. The exploit is implemented in C++ and Go, and is designed to work on various Linux...

7.2CVSS7.7AI score0.83524EPSS
Exploits81
Gitee
Gitee
added 2021/09/06 6:44 p.m.6 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

补天poc合集 介绍 补天提交漏洞POC合集 目录 fwfileupload.py--泛微OA weaver.common.Ctrl 任意文件上传漏洞 kindeditorupload.py--kindeditor=4.1.5文件上传漏洞 cve-2021-26084confluencerce.py--Atlassian Confluence 远程代码执行漏洞CVE-2021-26084...

9.8CVSS8.7AI score0.99999EPSS
Exploits45
Gitee
Gitee
added 2021/08/31 3:36 p.m.6 views

exprolog

This is a Python script that exploits a vulnerability in Microsoft Exchange Server. The script is designed to target a specific version of the server and exploit a vulnerability to gain access to the system. Here is a summary of the script's functionality: 1. The script starts by importing the...

7AI score
Exploits0
Gitee
Gitee
added 2021/08/10 10:6 a.m.6 views

Vxscan

This is a Python script named Vxscan, which is a comprehensive scanning tool for sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, and other functions. The...

7.5AI score
Exploits0
Gitee
Gitee
added 2021/08/08 9:45 a.m.6 views

buffer_overflow

This is a repository for a buffer overflow assignment, specifically targeting six vulnerable programs. The repository contains the source code for the vulnerable programs, as well as a Makefile and a Python script for building and testing the exploits. The vulnerable programs are written in C and...

7.9AI score
Exploits0
Gitee
Gitee
added 2021/07/22 9:25 a.m.6 views

vulhub

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and frameworks, including CouchDB, FFmpeg, Git, and others. The repository is maintained by Vulhub, a community-driven project fo...

7.5AI score
Exploits0
Gitee
Gitee
added 2021/07/20 1:26 p.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Microsoft Windows. The exploit is written in Python and uses the SMB protocol to target vulnerable Windows systems. The exploit code is organized into...

10CVSS8.6AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2021/07/20 1:7 p.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost is a proof-of-concept exploit for a bug in Windows 10 1903/1909's new SMB3 compression capability. The bug is caused by a lack of bounds checking in the offset size of the SMB2CompressionTransformHeader, which is directly passed to several subroutines...

10CVSS9.4AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2021/07/15 3:49 p.m.6 views

Exploit for CVE-2021-3129

CVE-2021-3129 Laravel debug rce 食用方法 执行docker-compse up -d启动环境 访问8888端口后点击首页面的generate key就可以复现了 关于docker环境想说的几点: - 把.env.example复制到.env作用是开启debug环境 - 关闭了php.ini的phar.readonly - 在resources/view/里添加了一个hello模板并引用了一个未定义变量,同时在routes/web.php添加路由这个我加在源码里了,没写dockerfile里 复现效果 脚本已放出,脚本要和phpggc项目文件夹在同一级目录下...

9.8CVSS9.9AI score0.99943EPSS
Exploits36
Gitee
Gitee
added 2021/07/12 9:52 a.m.6 views

PayloadsAllTheThings

It is an offensive tool for general-purpose payloads. The repository contains a collection of payloads, but no specific exploit or vulnerability is identified. However, the presence of a GitHub Action workflow file .github/FUNDING.yml suggests that the repository may be used for generating or...

7AI score
Exploits0
Gitee
Gitee
added 2021/07/06 1:18 p.m.6 views

Exploit for SQL Injection in Zabbix

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable applications and services, along with exploit modules and tools for testing and demonstrating vulnerabilities. The primary vulnerability being targeted is not explicitly stated...

9.8CVSS7.5AI score0.83284EPSS
Exploits28
Gitee
Gitee
added 2021/06/17 12:7 a.m.6 views

SpringBootVulExploit

It is an offensive tool for Spring Boot exploitation. The repository contains a collection of exploits and techniques for exploiting Spring Boot applications, including: Spring Boot Vulnerability Exploit Check List: a checklist for identifying vulnerabilities in Spring Boot applications...

7.8AI score
Exploits0
Gitee
Gitee
added 2021/06/13 8:51 p.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a PoC exploit for CVE-2020-0796, a SMBv3 RCE vulnerability. The scanner is designed to test whether a server is vulnerable to this exploit. It checks for SMB dialect 3.1.1 and compression capability through a negotiate request. The scanner sends a specially crafted SMB packet to the targe...

10CVSS9AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2021/05/30 10:2 a.m.6 views

PowerShell-Suite

This repository is an offensive tool for Windows UAC User Account Control bypass. It provides a framework to perform UAC bypasses based on auto-elevating IFileOperation COM object method calls. The tool is written in C and uses the .NET framework. The tool supports several methods for UAC bypass,...

8AI score
Exploits0
Gitee
Gitee
added 2021/05/30 10:1 a.m.6 views

Exploit for Injection in Google Android

This is a full exploit for CVE-2016-6754, also known as BadKernel. The exploit is a proof-of-concept PoC code that demonstrates a vulnerability in the Linux kernel. The code is written in JavaScript and is intended to be used for educational purposes only. The exploit targets a vulnerability in t...

8.8CVSS7.6AI score0.04587EPSS
Exploits3
Gitee
Gitee
added 2021/05/30 9:59 a.m.6 views

exploit-database

This is an official repository of exploits and shellcodes, sponsored by Offensive Security. The repository contains a collection of publicly available exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The Exploit Database is a...

7.5AI score
Exploits0
Gitee
Gitee
added 2021/05/18 8:35 p.m.6 views

Exploit for Use After Free in Microsoft

CVE-2021-31166 is a remote code execution vulnerability in the HTTP protocol stack. It is a use-after-free dereference bug in the http!UlpParseContentCoding function. The bug occurs when the function appends items to a local list without nulling it out, leaving them dangling in the Request object...

9.8CVSS8.8AI score0.99718EPSS
Exploits24
Gitee
Gitee
added 2021/05/14 12:17 a.m.6 views

maltrail

This is a Python-based malicious traffic detection system called Maltrail. It is designed to identify and block malicious traffic by utilizing publicly available blacklists and custom user-defined lists. The system can be used to detect various types of malicious activity, including malware,...

7AI score
Exploits0
Gitee
Gitee
added 2021/05/08 5:29 p.m.6 views

Exploit for CVE-2020-1938

It is an exploit module/toolkit targeting Apache Tomcat. The primary CVE ID is CVE-2020-1938, also known as CNVD-2020-10487. The vulnerability class is Local File Inclusion LFI. The probable entry point is the poc.py script, which is typically invoked by running python poc.py with the required...

9.8CVSS7.3AI score0.9927EPSS
Exploits45
Gitee
Gitee
added 2021/05/02 11:53 a.m.6 views

Exploit for CVE-2017-0213

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 Security Bulletin KB Description Operating System - MS17-017 KB4013081 GDI Palette Objects Local Privilege Escalation windows 7/8 - CVE-2017-8464 LNK Remote Code Execution Vulnerability windows 10/8.1/7/2016/2010/2008 - CVE-2017-0213...

9.3CVSS8.3AI score0.90026EPSS
Exploits47
Gitee
Gitee
added 2021/04/29 9:43 p.m.6 views

Exploit for Use After Free in Adobe Flash_Player

This is a Python script, CVE-2018-15982EXP.py, which appears to be an exploit for the CVE-2018-15982 vulnerability. The script is designed to exploit a vulnerability in a specific product or service, likely a web application, to achieve remote code execution. The script starts with a logo and the...

10CVSS7.7AI score0.81971EPSS
Exploits13
Gitee
Gitee
added 2021/04/28 11:26 a.m.6 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security testing and vulnerability research. The primary vulnerability class targeted by this collection is web application vulnerabilitie...

7.8AI score
Exploits0
Gitee
Gitee
added 2021/04/20 9:58 p.m.6 views

Exploit for Improper Input Validation in Google Chrome

This is a PoC exploit for CVE-2020-16040, a vulnerability in the WebAssembly WASM module loader. The exploit targets the WASM module loader's ability to load and execute WASM code, which can lead to arbitrary code execution. The exploit is implemented in JavaScript and uses the WebAssembly API to...

6.5CVSS8.7AI score0.99595EPSS
Exploits14
Gitee
Gitee
added 2021/04/13 7:19 p.m.6 views

Exploit for Improper Input Validation in Google Chrome

PoC exploit for CVE-2020-16040, an out-of-bounds write vulnerability in the WebAssembly WASM engine of various browsers. The exploit targets the WASM engine's handling of large arrays, allowing an attacker to write arbitrary data to the heap. The exploit is implemented in JavaScript, using the...

6.5CVSS9AI score0.99595EPSS
Exploits14
Gitee
Gitee
added 2021/03/11 5:57 p.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

PoC exploit for CVE-2020-0796, a buffer overflow vulnerability in Windows 10 1903/1909's SMB3 compression capability. The exploit connects to the target host, compresses the authentication request with a bad offset field set in the transformation header, causing the decompressor to buffer overflo...

10CVSS9.4AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2021/03/03 1:35 p.m.6 views

vxhunter

This is an offensive tool for embedded device analysis. It is a toolset for VxWorks based embedded device analyses, specifically designed for analyzing VxWorks firmware. The toolset includes plugins written in Python for analyzing firmware loading address, fixing function names with symbol tables...

7AI score
Exploits0
Gitee
Gitee
added 2021/02/22 11:14 p.m.6 views

uafuzz

This is an offensive tool for Binary Analysis. The repository, cherrywb/uafuzz, is a directed fuzzer dedicated to Use-After-Free UAF bugs at the binary level. It aims to detect UAF bugs, which appear when a heap element is used after having been freed. The tool uses a combination of static...

7.7AI score
Exploits0
Gitee
Gitee
added 2021/02/20 3:44 p.m.6 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is an offensive tool for testing and practicing vulnerability exploitation. The primary vulnerability targeted by this repository is not explicitly stated, but it includes various...

6.9AI score
Exploits0
Gitee
Gitee
added 2021/02/07 3:45 p.m.6 views

Exploit for CVE-2019-1003000

PoC exploit for CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002: Script Security, Pipeline: Groovy, Pipeline: Declarative. This PoC allows users with Overall/Read permission and Job/Configure and optional Job/Build to bypass the sandbox protection and execute arbitrary code on the Jenkins...

8.8CVSS8.6AI score0.98428EPSS
Exploits17
Gitee
Gitee
added 2021/01/29 10:13 p.m.6 views

dedecmscan

This is a Python-based vulnerability scanner for the DedeCMS platform. The scanner is designed to identify potential vulnerabilities in the platform, including SQL injection, cross-site scripting XSS, and other types of attacks. The scanner consists of several modules, each responsible for...

7AI score
Exploits0
Gitee
Gitee
added 2021/01/27 10:49 a.m.6 views

Exploit for CVE-2020-14756

This is an exploit module for the CVE-2020-14756 vulnerability in Oracle WebLogic. The vulnerability allows for remote code execution RCE due to a deserialization issue in the coherence.jar library. The exploit is written in Python and uses the socket library to establish a connection to the...

9.8CVSS9.8AI score0.74753EPSS
Exploits4
Gitee
Gitee
added 2021/01/24 7:2 p.m.6 views

JNDIExploit

JNDIExploit 一款用于 JNDI注入 利用的工具,大量参考/引用了 Rogue JNDI 项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。 使用说明 使用 java -jar JNDIExploit.jar -h 查看参数说明,其中 --ip 参数为必选参数 Usage: java -jar JNDIExploit.jar options Options: -i, --ip Local ip address -l, --ldapPort Ldap bind port default: 1389 -p,...

7.2AI score
Exploits0
Gitee
Gitee
added 2021/01/24 7:1 p.m.6 views

Exploit for Improper Input Validation in Apache Unomi

PoC exploit for CVE-2020-13942, an unauthenticated RCE vulnerability through MVEL and OGNL injection in Apache Unomi. The exploit targets the context.js/json endpoint exposed by the Unomi server, allowing an attacker to execute arbitrary OS commands. Two RCE vectors are available: MVEL injection...

9.8CVSS7.8AI score0.68398EPSS
Exploits9
Gitee
Gitee
added 2021/01/24 7:0 p.m.6 views

Exploit for CVE-2020-14882

CVE-2020–14882 Weblogic Unauthorized bypass RCE bypass patch with CVE-2020–14882 private static final String IllegalUrl = new String";", "%252E%252E", "%2E%2E", "..", "%3C", "%3E", ""; list %252E%252E %2E%2E .. %3E %3C ; lower "%252E%252E%252F".lower '%252e%252e%252f' %252E%252E%252F to...

10CVSS9.8AI score0.99997EPSS
Exploits41
Gitee
Gitee
added 2021/01/24 4:22 p.m.6 views

shellcode-x86_x64

This repository contains a collection of assembly code examples for a 64-bit Linux system, primarily focusing on basic instructions and operations. The code is written in NASM Netwide Assembler and covers various topics such as arithmetic, logical operations, string manipulation, and stack...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/12/28 11:21 a.m.6 views

Exploit for SQL Injection in Joomla Joomla\!

CyberspaceSecurityLearning 在学习CTF、网络安全路上整合博客和一些资料,持续更新 置顶tips:如果你也有自己学习路上收集的一些好资料,或者愿意展示自己的优质博客给大家欢迎fork pull request给我(联系邮箱[email protected]) 最新更新时间:2018/3/13 更新内容: 任意用户密码重置(五):重置凭证可暴破 一些有趣的代码审计“小”题目为CTF-Web-dog提供一些套路 了解SSRF,这一篇就足够了 知识技能表 知道创宇技能表 CTF练习 Writeup 这是我自己从最早入门开始练习的一些题目往下排列的,可能很多当时写的writ...

9.8CVSS9.5AI score0.04785EPSS
Exploits1
Gitee
Gitee
added 2020/11/17 11:19 a.m.6 views

Exploit for CVE-2020-16898

CVE-2020-16898 CVE-2020-16898 Windows TCP/IP远程代码执行漏洞 EXP&POC 复现 forforever:https://www.cnblogs.com/forforever/p/13846077.html poc CVE-2020-16898Checker-poc 命令: 管理员启动powershell/CMD Powershell.exe -ExecutionPolicy UnRestricted -File .\CVE-2020-16898-poc.ps1 exp cve-2020-16898-exp2...

8.8CVSS9.3AI score0.09686EPSS
Exploits12
Gitee
Gitee
added 2020/11/17 10:9 a.m.6 views

pikachu

It is an offensive tool for web application security training. The primary CVE ID is not explicitly mentioned, but the tool is designed to simulate various web application vulnerabilities, including but not limited to, Burt Force 暴力破解漏洞, XSS 跨站脚本漏洞, CSRF 跨站请求伪造, SQL-Inject SQL注入漏洞, RCE 远程命令/代码执行,...

6.2AI score
Exploits0
Gitee
Gitee
added 2020/10/23 7:25 p.m.6 views

Exploit for CVE-2018-9995

This is a PoC exploit for CVE-2018-9995, a vulnerability in DVR systems that allows for the exposure of credentials. The exploit is written in Python and uses the requests library to send HTTP requests to the DVR system. The exploit targets various DVR systems, including Novo, CeNova, QSee, Pulni...

9.8CVSS7AI score0.83151EPSS
Exploits13
Total number of security vulnerabilities1886