Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2024/01/11 2:7 p.m.6 views

pocsuite3

This is a Python-based framework for remote vulnerability testing and proof-of-concept development, called pocsuite3. It is developed by the Knownsec 404 Team and is designed for penetration testers and security researchers. The framework comes with a powerful proof-of-concept engine and various...

7.2AI score
Exploits0
Gitee
Gitee
added 2023/04/07 4:5 p.m.6 views

Exploit for Incorrect Authorization in Vmware Spring_Security

CVE-2022-22978 POC environment CVE-2022-22978 Spring-Security bypass Demo 在Spring Security中使用RegexRequestMatcher且规则中包含带点号的正则表达式时,攻击者可以通过构造恶意数据包绕过身份认证 影响范围 Spring Security 5.5.x http://localhost:8080/admin/index%0a Docker docker pull s0cke3t/cve-2022-22978:latest...

9.8CVSS7.5AI score0.10037EPSS
Exploits6
Gitee
Gitee
added 2023/02/08 4:9 p.m.6 views

vulhub

This is a collection of vulnerable web applications and tools for testing and learning about web application security. The repository contains a variety of applications, including CouchDB, FFmpeg, Git, and Jenkins, each with its own set of vulnerabilities. The applications are designed to be used...

7AI score
Exploits0
Gitee
Gitee
added 2023/01/12 9:59 a.m.6 views

Exploit for Out-of-bounds Write in Linux Linux_Kernel

This is a PoC exploit for CVE-2022-0995, a heap out-of-bounds write in the watchqueue Linux kernel component. The exploit targets Ubuntu 21.10 with kernel 5.13.0-37. It uses the same technique described in a Google Security Research writeup for CVE-2021-22555. The exploit is not 100% reliable and...

8.3CVSS7.4AI score0.78684EPSS
Exploits27
Gitee
Gitee
added 2022/11/10 4:4 p.m.6 views

Exploit for Open Redirect in Git-Scm Git

CVE-2017-1000117 借鉴使用github平台的AnonymKing/CVE-2017-1000117仓库 项目简介 + CVE-2017-1000117 漏洞的复现(PoC+Exp) + Git2.12.1 + SSH 漏洞简介: + 漏洞名称: Git命令注入漏洞 + CNNVD编号:CNNVD-201708-670 + 危害等级:中危 + CVE编号:CVE-2017-1000117 + 漏洞类型:命令注入 + 发布时间:2017-08-16...

8.8CVSS7AI score0.77823EPSS
Exploits9
Gitee
Gitee
added 2022/09/04 6:10 p.m.6 views

nuclei-templates

This is a GitHub repository for a community-curated list of templates for the Nuclei engine to find security vulnerabilities in applications. The repository contains various templates for the scanner provided by the team and contributed by the community. The templates are stored in the...

6.8AI score
Exploits0
Gitee
Gitee
added 2022/04/01 8:10 a.m.6 views

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

6.7AI score
Exploits0
Gitee
Gitee
added 2022/03/11 5:31 p.m.6 views

Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager

CVE-2020-5902 is a vulnerability in BIG-IP, a load balancer and application delivery controller. The vulnerability is a remote code execution RCE flaw that allows an attacker to execute arbitrary code on the BIG-IP system. The vulnerability exists in the BIG-IP web interface, specifically in the...

10CVSS8.3AI score0.99999EPSS
Exploits60
Gitee
Gitee
added 2022/01/09 4:18 p.m.6 views

vulhub

This is an open-source collection of vulnerable systems and applications for educational purposes. The repository is maintained by phith0n and is available on GitHub. It contains a variety of vulnerable systems and applications, including web applications, databases, and operating systems. The...

8AI score
Exploits0
Gitee
Gitee
added 2021/12/23 6:24 p.m.6 views

vulhub

This repository is an open-source collection of vulnerable systems and applications for educational purposes, specifically for learning and practicing penetration testing and vulnerability assessment. It is maintained by phith0n and hosted on GitHub. The repository contains various vulnerable...

6.9AI score
Exploits0
Gitee
Gitee
added 2021/12/11 12:59 a.m.6 views

Exploit for Use After Free in Microsoft

CVE-2021-40449-Exploit olny worker on windows 10 14393,and windows 10 17763 Use Palette to Spay and RtlSetAllBits to Write...

7.8CVSS7.1AI score0.73381EPSS
Exploits11
Gitee
Gitee
added 2021/11/30 5:29 p.m.6 views

Exploit for OS Command Injection in Zabbix

This is a Python script that exploits a vulnerability in the Zabbix web application. The script is designed to send a malicious payload to the Zabbix server, which will execute the payload and potentially allow an attacker to gain unauthorized access to the system. Here is a breakdown of the...

8.1CVSS8AI score0.261EPSS
Exploits24
Gitee
Gitee
added 2021/11/28 8:26 p.m.6 views

php_code_audit_project

The provided code snippet appears to be a PDF document containing a vulnerability report for ThinkPHP, a PHP framework. The report describes a request function vulnerability that allows for remote code execution. The code snippet is a PDF document with a single page containing a table with severa...

8.3AI score
Exploits0
Gitee
Gitee
added 2021/11/08 9:45 p.m.6 views

vulhub

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable applications and services, along with exploits and tools to demonstrate their vulnerabilities. The primary vulnerability targeted by this repository is not explicitly stated, b...

7.8AI score
Exploits0
Gitee
Gitee
added 2021/11/04 11:59 p.m.6 views

dedecms5.81beta1 rce

PoC exploit for CVE-2021-XXXX-XXXX. It is a Python script targeting DedeCMS V5.8.1 beta 1, exploiting a remote code execution RCE vulnerability. The probable entry point is the exp function, which is typically invoked by running python3 poc.py -u url. The script sends a GET request to the...

8.5AI score
Exploits0
Gitee
Gitee
added 2021/10/28 9:22 p.m.6 views

Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux

PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker coul...

8.8CVSS6.7AI score0.43988EPSS
Exploits27
Gitee
Gitee
added 2021/10/26 3:50 p.m.6 views

vulhub

This is an open-source collection of vulnerable web applications and environments for testing and learning about web application security. It is a project maintained by phith0n and hosted on GitHub. The project provides a variety of vulnerable applications and environments, including web servers,...

7AI score
Exploits0
Gitee
Gitee
added 2021/10/15 4:27 p.m.6 views

Exploit for Files or Directories Accessible to External Parties in Apache Flink

Based on the provided code and analysis, here is a summary of the vulnerabilities: 1. Apache Flink 1.9.1 Jar Upload RCE: This vulnerability allows an attacker to upload a malicious JAR file to the Apache Flink system, which can lead to arbitrary command execution and reverse shell. Affected...

9.1CVSS7.5AI score0.97856EPSS
Exploits14
Gitee
Gitee
added 2021/10/09 2:52 p.m.6 views

Exploit for Path Traversal in Microsoft

This repository is an exploit module for CVE-2021-40444, a remote code execution vulnerability in Microsoft Office Word. The repository contains a Python script exploit.py that generates a malicious docx document, a Windows DLL calc.dll that pops a calc.exe when executed, and a server script...

8.8CVSS8.4AI score0.96843EPSS
Exploits38
Gitee
Gitee
added 2021/09/27 3:6 p.m.6 views

emp3r0r

It is an offensive tool for Linux systems. The tool is called emp3r0r, a Linux post-exploitation framework made by a user named jm33-ng. It is designed to provide a better experience for remote administration on Linux systems, particularly for terminal-based interactions. The framework is written...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/09/27 2:59 p.m.6 views

Exploit for CVE-2021-1675

Based on the provided context and code cues, here is a summary of the analysis: Classification: This is an exploit module for the CVE-2021-1675 vulnerability, which is a local privilege escalation LPE vulnerability. Target: The target of this exploit is the Windows operating system, specifically...

9.3CVSS8.9AI score0.86132EPSS
Exploits63
Gitee
Gitee
added 2021/09/12 5:22 p.m.6 views

Exploit for Race Condition in Canonical Ubuntu_Linux

This is a PoC exploit for CVE-2016-5195, a vulnerability in the Linux kernel that allows an unprivileged user to gain root privileges by exploiting a bug in the way the kernel handles page table entries. The exploit is implemented in C++ and Go, and is designed to work on various Linux...

7.2CVSS7.7AI score0.83524EPSS
Exploits81
Gitee
Gitee
added 2021/09/12 12:47 p.m.6 views

Exploit for Path Traversal in Microsoft

This repository is a proof-of-concept PoC exploit for CVE-2021-40444, a Microsoft Office Word remote code execution vulnerability. The PoC is a malicious docx generator that creates a document that, when opened, will execute arbitrary code on the victim's system. The PoC consists of several files...

8.8CVSS8.4AI score0.96843EPSS
Exploits38
Gitee
Gitee
added 2021/09/06 6:44 p.m.6 views

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

补天poc合集 介绍 补天提交漏洞POC合集 目录 fwfileupload.py--泛微OA weaver.common.Ctrl 任意文件上传漏洞 kindeditorupload.py--kindeditor=4.1.5文件上传漏洞 cve-2021-26084confluencerce.py--Atlassian Confluence 远程代码执行漏洞CVE-2021-26084...

9.8CVSS8.7AI score0.99999EPSS
Exploits45
Gitee
Gitee
added 2021/08/31 3:36 p.m.6 views

exprolog

This is a Python script that exploits a vulnerability in Microsoft Exchange Server. The script is designed to target a specific version of the server and exploit a vulnerability to gain access to the system. Here is a summary of the script's functionality: 1. The script starts by importing the...

7AI score
Exploits0
Gitee
Gitee
added 2021/08/10 10:6 a.m.6 views

Vxscan

This is a Python script named Vxscan, which is a comprehensive scanning tool for sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, and other functions. The...

7.5AI score
Exploits0
Gitee
Gitee
added 2021/08/08 9:45 a.m.6 views

buffer_overflow

This is a repository for a buffer overflow assignment, specifically targeting six vulnerable programs. The repository contains the source code for the vulnerable programs, as well as a Makefile and a Python script for building and testing the exploits. The vulnerable programs are written in C and...

7.9AI score
Exploits0
Gitee
Gitee
added 2021/08/03 4:3 p.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Advantech Webaccess

This is a PoC Proof of Concept exploit for CVE-2016-0856, a vulnerability in the Windows RPC Remote Procedure Call service. The exploit targets the RpcClient and RpcDcClient classes in the bwconn.dll library. The exploit is written in Python and uses the ctypes library to interact with the Window...

10CVSS8.9AI score0.16655EPSS
Exploits9
Gitee
Gitee
added 2021/07/27 11:11 a.m.6 views

Exploit for CVE-2020-14882

CVE-2020-14882ALL CVE-2020-14882ALL综合利用工具,支持命令回显检测、批量命令回显、外置xml无回显命令执行等功能。 需要模块:requests、http.client (工具仅用于授权的安全测试,请勿用于非法使用,违规行为与作者无关。) 选项 功能一:命令回显 python3 CVE-2020-14882ALL.py -u http://1.1.1.1:7001 -c "net user" python3 CVE-2020-14882ALL.py -u http://1.1.1.1:7001 -c "whoami" 功能二:批量命令回显 python3...

10CVSS9.7AI score0.99997EPSS
Exploits41
Gitee
Gitee
added 2021/07/22 9:25 a.m.6 views

vulhub

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable environments and exploits for various software and frameworks, including CouchDB, FFmpeg, Git, and others. The repository is maintained by Vulhub, a community-driven project fo...

7.5AI score
Exploits0
Gitee
Gitee
added 2021/07/20 1:26 p.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Microsoft Windows. The exploit is written in Python and uses the SMB protocol to target vulnerable Windows systems. The exploit code is organized into...

10CVSS8.6AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2021/07/20 1:7 p.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost is a proof-of-concept exploit for a bug in Windows 10 1903/1909's new SMB3 compression capability. The bug is caused by a lack of bounds checking in the offset size of the SMB2CompressionTransformHeader, which is directly passed to several subroutines...

10CVSS9.4AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2021/07/15 3:49 p.m.6 views

Exploit for CVE-2021-3129

CVE-2021-3129 Laravel debug rce 食用方法 执行docker-compse up -d启动环境 访问8888端口后点击首页面的generate key就可以复现了 关于docker环境想说的几点: - 把.env.example复制到.env作用是开启debug环境 - 关闭了php.ini的phar.readonly - 在resources/view/里添加了一个hello模板并引用了一个未定义变量,同时在routes/web.php添加路由这个我加在源码里了,没写dockerfile里 复现效果 脚本已放出,脚本要和phpggc项目文件夹在同一级目录下...

9.8CVSS9.9AI score0.99943EPSS
Exploits36
Gitee
Gitee
added 2021/07/12 9:52 a.m.6 views

PayloadsAllTheThings

It is an offensive tool for general-purpose payloads. The repository contains a collection of payloads, but no specific exploit or vulnerability is identified. However, the presence of a GitHub Action workflow file .github/FUNDING.yml suggests that the repository may be used for generating or...

7AI score
Exploits0
Gitee
Gitee
added 2021/07/06 1:18 p.m.6 views

Exploit for SQL Injection in Zabbix

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable applications and services, along with exploit modules and tools for testing and demonstrating vulnerabilities. The primary vulnerability being targeted is not explicitly stated...

9.8CVSS7.5AI score0.83284EPSS
Exploits28
Gitee
Gitee
added 2021/06/17 12:7 a.m.6 views

SpringBootVulExploit

It is an offensive tool for Spring Boot exploitation. The repository contains a collection of exploits and techniques for exploiting Spring Boot applications, including: Spring Boot Vulnerability Exploit Check List: a checklist for identifying vulnerabilities in Spring Boot applications...

7.8AI score
Exploits0
Gitee
Gitee
added 2021/06/13 8:51 p.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a PoC exploit for CVE-2020-0796, a SMBv3 RCE vulnerability. The scanner is designed to test whether a server is vulnerable to this exploit. It checks for SMB dialect 3.1.1 and compression capability through a negotiate request. The scanner sends a specially crafted SMB packet to the targe...

10CVSS9AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2021/05/30 10:2 a.m.6 views

PowerShell-Suite

This repository is an offensive tool for Windows UAC User Account Control bypass. It provides a framework to perform UAC bypasses based on auto-elevating IFileOperation COM object method calls. The tool is written in C and uses the .NET framework. The tool supports several methods for UAC bypass,...

8AI score
Exploits0
Gitee
Gitee
added 2021/05/30 10:1 a.m.6 views

Exploit for Injection in Google Android

This is a full exploit for CVE-2016-6754, also known as BadKernel. The exploit is a proof-of-concept PoC code that demonstrates a vulnerability in the Linux kernel. The code is written in JavaScript and is intended to be used for educational purposes only. The exploit targets a vulnerability in t...

8.8CVSS7.6AI score0.04587EPSS
Exploits3
Gitee
Gitee
added 2021/05/30 9:59 a.m.6 views

exploit-database

This is an official repository of exploits and shellcodes, sponsored by Offensive Security. The repository contains a collection of publicly available exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers. The Exploit Database is a...

7.5AI score
Exploits0
Gitee
Gitee
added 2021/05/18 8:35 p.m.6 views

Exploit for Use After Free in Microsoft

CVE-2021-31166 is a remote code execution vulnerability in the HTTP protocol stack. It is a use-after-free dereference bug in the http!UlpParseContentCoding function. The bug occurs when the function appends items to a local list without nulling it out, leaving them dangling in the Request object...

9.8CVSS8.8AI score0.99647EPSS
Exploits24
Gitee
Gitee
added 2021/05/14 12:17 a.m.6 views

maltrail

This is a Python-based malicious traffic detection system called Maltrail. It is designed to identify and block malicious traffic by utilizing publicly available blacklists and custom user-defined lists. The system can be used to detect various types of malicious activity, including malware,...

7AI score
Exploits0
Gitee
Gitee
added 2021/05/08 5:29 p.m.6 views

Exploit for CVE-2020-1938

It is an exploit module/toolkit targeting Apache Tomcat. The primary CVE ID is CVE-2020-1938, also known as CNVD-2020-10487. The vulnerability class is Local File Inclusion LFI. The probable entry point is the poc.py script, which is typically invoked by running python poc.py with the required...

9.8CVSS7.3AI score0.9927EPSS
Exploits45
Gitee
Gitee
added 2021/05/02 11:53 a.m.6 views

Exploit for CVE-2017-0213

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 Security Bulletin KB Description Operating System - MS17-017 KB4013081 GDI Palette Objects Local Privilege Escalation windows 7/8 - CVE-2017-8464 LNK Remote Code Execution Vulnerability windows 10/8.1/7/2016/2010/2008 - CVE-2017-0213...

9.3CVSS8.3AI score0.90026EPSS
Exploits47
Gitee
Gitee
added 2021/04/29 9:43 p.m.6 views

Exploit for Use After Free in Adobe Flash_Player

This is a Python script, CVE-2018-15982EXP.py, which appears to be an exploit for the CVE-2018-15982 vulnerability. The script is designed to exploit a vulnerability in a specific product or service, likely a web application, to achieve remote code execution. The script starts with a logo and the...

10CVSS7.7AI score0.81971EPSS
Exploits13
Gitee
Gitee
added 2021/04/28 11:26 a.m.6 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security testing and vulnerability research. The primary vulnerability class targeted by this collection is web application vulnerabilitie...

7.8AI score
Exploits0
Gitee
Gitee
added 2021/04/20 9:58 p.m.6 views

Exploit for Improper Input Validation in Google Chrome

This is a PoC exploit for CVE-2020-16040, a vulnerability in the WebAssembly WASM module loader. The exploit targets the WASM module loader's ability to load and execute WASM code, which can lead to arbitrary code execution. The exploit is implemented in JavaScript and uses the WebAssembly API to...

6.5CVSS8.7AI score0.99595EPSS
Exploits14
Gitee
Gitee
added 2021/04/13 7:19 p.m.6 views

Exploit for Improper Input Validation in Google Chrome

PoC exploit for CVE-2020-16040, an out-of-bounds write vulnerability in the WebAssembly WASM engine of various browsers. The exploit targets the WASM engine's handling of large arrays, allowing an attacker to write arbitrary data to the heap. The exploit is implemented in JavaScript, using the...

6.5CVSS9AI score0.99595EPSS
Exploits14
Gitee
Gitee
added 2021/03/11 5:57 p.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

PoC exploit for CVE-2020-0796, a buffer overflow vulnerability in Windows 10 1903/1909's SMB3 compression capability. The exploit connects to the target host, compresses the authentication request with a bad offset field set in the transformation header, causing the decompressor to buffer overflo...

10CVSS9.4AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2021/02/22 11:14 p.m.6 views

uafuzz

This is an offensive tool for Binary Analysis. The repository, cherrywb/uafuzz, is a directed fuzzer dedicated to Use-After-Free UAF bugs at the binary level. It aims to detect UAF bugs, which appear when a heap element is used after having been freed. The tool uses a combination of static...

7.7AI score
Exploits0
Total number of security vulnerabilities1886