Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2021/02/20 3:44 p.m.6 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is an offensive tool for testing and practicing vulnerability exploitation. The primary vulnerability targeted by this repository is not explicitly stated, but it includes various...

6.9AI score
Exploits0
Gitee
Gitee
added 2021/02/07 3:45 p.m.6 views

Exploit for CVE-2019-1003000

PoC exploit for CVE-2019-1003000, CVE-2019-1003001, CVE-2019-1003002: Script Security, Pipeline: Groovy, Pipeline: Declarative. This PoC allows users with Overall/Read permission and Job/Configure and optional Job/Build to bypass the sandbox protection and execute arbitrary code on the Jenkins...

8.8CVSS8.6AI score0.98428EPSS
Exploits17
Gitee
Gitee
added 2021/01/29 10:13 p.m.6 views

dedecmscan

This is a Python-based vulnerability scanner for the DedeCMS platform. The scanner is designed to identify potential vulnerabilities in the platform, including SQL injection, cross-site scripting XSS, and other types of attacks. The scanner consists of several modules, each responsible for...

7AI score
Exploits0
Gitee
Gitee
added 2021/01/27 10:49 a.m.6 views

Exploit for CVE-2020-14756

This is an exploit module for the CVE-2020-14756 vulnerability in Oracle WebLogic. The vulnerability allows for remote code execution RCE due to a deserialization issue in the coherence.jar library. The exploit is written in Python and uses the socket library to establish a connection to the...

9.8CVSS9.8AI score0.74753EPSS
Exploits4
Gitee
Gitee
added 2021/01/25 3:34 p.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution vulnerability in Windows SMBv3. The exploit is written in Python and uses the SMB protocol to inject shellcode into the Windows kernel. The shellcode is generated from a...

10CVSS8.6AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2021/01/24 7:2 p.m.6 views

JNDIExploit

JNDIExploit 一款用于 JNDI注入 利用的工具,大量参考/引用了 Rogue JNDI 项目的代码,支持直接植入内存shell,并集成了常见的bypass 高版本JDK的方式,适用于与自动化工具配合使用。 使用说明 使用 java -jar JNDIExploit.jar -h 查看参数说明,其中 --ip 参数为必选参数 Usage: java -jar JNDIExploit.jar options Options: -i, --ip Local ip address -l, --ldapPort Ldap bind port default: 1389 -p,...

7.2AI score
Exploits0
Gitee
Gitee
added 2021/01/24 7:1 p.m.6 views

Exploit for Improper Input Validation in Apache Unomi

PoC exploit for CVE-2020-13942, an unauthenticated RCE vulnerability through MVEL and OGNL injection in Apache Unomi. The exploit targets the context.js/json endpoint exposed by the Unomi server, allowing an attacker to execute arbitrary OS commands. Two RCE vectors are available: MVEL injection...

9.8CVSS7.8AI score0.68398EPSS
Exploits9
Gitee
Gitee
added 2021/01/24 7:0 p.m.6 views

Exploit for CVE-2020-14882

CVE-2020–14882 Weblogic Unauthorized bypass RCE bypass patch with CVE-2020–14882 private static final String IllegalUrl = new String";", "%252E%252E", "%2E%2E", "..", "%3C", "%3E", ""; list %252E%252E %2E%2E .. %3E %3C ; lower "%252E%252E%252F".lower '%252e%252e%252f' %252E%252E%252F to...

10CVSS9.8AI score0.99997EPSS
Exploits41
Gitee
Gitee
added 2021/01/24 4:22 p.m.6 views

shellcode-x86_x64

This repository contains a collection of assembly code examples for a 64-bit Linux system, primarily focusing on basic instructions and operations. The code is written in NASM Netwide Assembler and covers various topics such as arithmetic, logical operations, string manipulation, and stack...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/01/20 9:21 a.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Advantech Webaccess

This is a proof-of-concept PoC exploit for a vulnerability in the bwconn.dll library, which is a Windows RPC client library. The vulnerability is identified as CVE-2016-0856. The PoC exploit is written in Python and uses the ctypes library to interact with the bwconn.dll library. The exploit...

10CVSS7.2AI score0.16655EPSS
Exploits9
Gitee
Gitee
added 2020/12/28 11:21 a.m.6 views

Exploit for SQL Injection in Joomla Joomla\!

CyberspaceSecurityLearning 在学习CTF、网络安全路上整合博客和一些资料,持续更新 置顶tips:如果你也有自己学习路上收集的一些好资料,或者愿意展示自己的优质博客给大家欢迎fork pull request给我(联系邮箱[email protected]) 最新更新时间:2018/3/13 更新内容: 任意用户密码重置(五):重置凭证可暴破 一些有趣的代码审计“小”题目为CTF-Web-dog提供一些套路 了解SSRF,这一篇就足够了 知识技能表 知道创宇技能表 CTF练习 Writeup 这是我自己从最早入门开始练习的一些题目往下排列的,可能很多当时写的writ...

9.8CVSS9.5AI score0.04785EPSS
Exploits1
Gitee
Gitee
added 2020/11/22 2:0 p.m.6 views

Exploit for Use After Free in Microsoft

This is a Metasploit module for exploiting the BlueKeep vulnerability CVE-2019-0708 in Microsoft Remote Desktop. The module is designed to check a range of hosts for the vulnerability by binding the MST120 channel outside of its normal slot and sending non-DoS packets which respond differently on...

10CVSS6.9AI score0.99999EPSS
Exploits123
Gitee
Gitee
added 2020/11/17 11:19 a.m.6 views

Exploit for CVE-2020-16898

CVE-2020-16898 CVE-2020-16898 Windows TCP/IP远程代码执行漏洞 EXP&POC 复现 forforever:https://www.cnblogs.com/forforever/p/13846077.html poc CVE-2020-16898Checker-poc 命令: 管理员启动powershell/CMD Powershell.exe -ExecutionPolicy UnRestricted -File .\CVE-2020-16898-poc.ps1 exp cve-2020-16898-exp2...

8.8CVSS9.3AI score0.09686EPSS
Exploits12
Gitee
Gitee
added 2020/11/17 10:9 a.m.6 views

pikachu

It is an offensive tool for web application security training. The primary CVE ID is not explicitly mentioned, but the tool is designed to simulate various web application vulnerabilities, including but not limited to, Burt Force 暴力破解漏洞, XSS 跨站脚本漏洞, CSRF 跨站请求伪造, SQL-Inject SQL注入漏洞, RCE 远程命令/代码执行,...

6.2AI score
Exploits0
Gitee
Gitee
added 2020/11/02 12:32 a.m.6 views

isf

This is an offensive tool for ICS exploitation. It is a Python-based framework for ICS exploitation, similar to Metasploit. The framework is based on the open-source project "routersploit" and is designed for exploitation of industrial control systems ICS. The tool provides a range of features,...

7AI score
Exploits0
Gitee
Gitee
added 2020/10/23 7:25 p.m.6 views

Exploit for CVE-2018-9995

This is a PoC exploit for CVE-2018-9995, a vulnerability in DVR systems that allows for the exposure of credentials. The exploit is written in Python and uses the requests library to send HTTP requests to the DVR system. The exploit targets various DVR systems, including Novo, CeNova, QSee, Pulni...

9.8CVSS7AI score0.83151EPSS
Exploits13
Gitee
Gitee
added 2020/10/21 10:39 p.m.6 views

Exploit for Improper Input Validation in Joomla Joomla\!

CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明:目前来看,本项目会进行长期维护,有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 Discuz - Discuz<3.4birthprovince前台任意文件删除 DedeCMS - DedeCMSv5.7shopsdelivery存储型XSS - DedeCMSv5.7carbuyaction存储型XSS - DedeCMSv5.7友情链接CSRFGetShell - DedeCMS V5.7 SP2后台存在代码执行漏洞 Drupal -...

9.8CVSS7AI score0.99993EPSS
Exploits140
Gitee
Gitee
added 2020/10/19 7:13 p.m.6 views

Exploit for CVE-2020-16898

PoC exploit for CVE-2020-16898, a Windows TCP/IP Remote Code Execution Vulnerability. The exploit targets the Windows TCP/IP stack and uses a specially crafted IPv6 packet to trigger a buffer overflow, leading to remote code execution. The exploit is implemented in Python using the Scapy library...

8.8CVSS9.9AI score0.09686EPSS
Exploits12
Gitee
Gitee
added 2020/10/15 9:24 a.m.6 views

ctf

This repository contains a writeup for the CSAW CTF 2015. The writeup includes descriptions of various challenges, including web, exploit, crypto, reversing, and forensics challenges. The writeup is organized into sections, with each section describing a specific challenge. The challenges include...

7AI score
Exploits0
Gitee
Gitee
added 2020/10/10 2:31 p.m.6 views

Exploit for Absolute Path Traversal in Rarlab Winrar

This is a PoC exploit for CVE-2018-20250. The exploit targets a vulnerability in the Microsoft Visual C++ compiler, specifically in the way it handles certain types of code. The vulnerability allows for arbitrary code execution. The exploit is likely to be used to demonstrate the vulnerability an...

7.8CVSS7.5AI score0.96274EPSS
Exploits13
Gitee
Gitee
added 2020/10/06 8:54 p.m.6 views

Exploit for SQL Injection in Drupal

vulnerability-list 常见漏洞快速检测,目前包含以下漏洞。 Tomcat: - CVE201712615 / CVE201712617 - tomcatweakpassword - examplevulnerability检测tomcat的examples等目录是否存在 moon.py -u tomcat http://xx.xx.xx.xx:xxxx Fckeditor - 获取版本及常见上传页面检测 - fck moon.py -u fck http://xx.xx.xx.xx/fckxx Weblogic - CVE201710271...

9.8CVSS8.2AI score0.99993EPSS
Exploits137
Gitee
Gitee
added 2020/10/05 3:45 p.m.6 views

Exploit for CVE-2018-2894

Weblogic任意文件上传漏洞(CVE-2018-2894) 最近大家都在说这个漏洞,大家都注意到config.do这里发生了问题,但是其实根据 https://mp.weixin.qq.com/s/y5JGmM-aNaHcs6P9a-gRQ 这里的信息,begin.do也是有问题。少扯淡,下面给出具体利用方法: 问题就出现下下面这个页面。 上传时候,修改name的值就可以了 避免大家麻烦,给出来: /../../../../../../wlserver/server/lib/consoleapp/webapp/framework/skins/wlsconsole/images/ 然后...

9.8CVSS9.6AI score0.50224EPSS
Exploits7
Gitee
Gitee
added 2020/10/05 3:12 p.m.6 views

Exploit for CVE-2018-2894

CVE-2018-2894 CVE-2018-2894 WebLogic 未授权访问致任意文件上传/RCE漏洞 检查脚本...

9.8CVSS7.1AI score0.50224EPSS
Exploits7
Gitee
Gitee
added 2020/10/04 9:56 p.m.6 views

Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform

This is a PoC exploit for CVE-2017-12149, a remote code execution vulnerability in JBoss. The exploit is written in Python and uses the requests library to send a crafted request to the target JBoss server. The exploit payload is encoded in hexadecimal and is injected into the request as a crafte...

9.8CVSS8.1AI score0.90713EPSS
Exploits14
Gitee
Gitee
added 2020/09/11 5:2 p.m.6 views

Exploit for CVE-2014-7911

This is a local root exploit for Nexus5 Android 4.4.4KTU84P. The exploit is based on the CVE-2014-7911 vulnerability, which is a privilege escalation vulnerability in the Android operating system. The exploit is designed to gain root access on the device. The exploit is implemented in Java and us...

7.2CVSS7.3AI score0.2435EPSS
Exploits6
Gitee
Gitee
added 2020/09/10 11:10 p.m.6 views

ios-resources

PoC exploit for iOS device. The primary CVE ID is not explicitly mentioned, but the repository contains resources for iOS hacking, including ARMv8 instruction set documentation and assembly language crash course. The target product/service is the iOS operating system, and the vulnerability...

6.7AI score
Exploits0
Gitee
Gitee
added 2020/09/10 9:29 a.m.6 views

isf

This is an offensive tool for ICS exploitation. It is a Python-based framework for exploiting Industrial Control Systems ICS, similar to Metasploit. The framework, known as ICSSploit, is a fork of the routersploit project and is designed for ICS exploitation. It includes various modules for...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/09/02 5:27 p.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android

This repository is a proof-of-concept PoC exploit for CVE-2017-0474. The exploit targets a vulnerability in the Windows SMBv1 protocol, which allows an attacker to execute arbitrary code on a vulnerable system. The exploit is written in Python and uses the Metasploit framework to deliver the...

9.3CVSS8.2AI score0.02139EPSS
Exploits1
Gitee
Gitee
added 2020/09/01 9:22 a.m.6 views

Vxscan

This is a Python script for a comprehensive scanning tool called Vxscan. The tool is designed to perform various scans on a target, including sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password...

7.6AI score
Exploits0
Gitee
Gitee
added 2020/08/26 10:6 a.m.6 views

Pocsuite

This project, Pocsuite, is an open-sourced remote vulnerability testing and proof-of-concept development framework developed by the Knownsec Security Team. It comes with a powerful proof-of-concept engine and many niche features for penetration testers and security researchers. The framework...

7.2AI score
Exploits0
Gitee
Gitee
added 2020/08/22 9:52 a.m.6 views

pocsuite3-1

This is a PoC Proof of Concept framework for vulnerability testing and penetration testing, developed by the Knownsec 404 Team. The framework is called pocsuite3. The framework has a powerful proof-of-concept engine and many features for penetration testers and security researchers. It supports...

6.7AI score
Exploits0
Gitee
Gitee
added 2020/08/11 11:37 a.m.6 views

Vxscan

This is a Python-based comprehensive scanning tool called Vxscan, which is used for sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, and other functions. The...

7.6AI score
Exploits0
Gitee
Gitee
added 2020/08/09 10:57 a.m.6 views

Exploit for Observable Discrepancy in Linux Linux_Kernel

PoC exploit for CVE-2021-34556 This repository contains a proof-of-concept exploit for a vulnerability in a specific product/service. The exploit targets a vulnerability in the product's framework, allowing for remote code execution. Exploit module/toolkit targeting The exploit module targets a...

5.5CVSS8.9AI score0.00419EPSS
Exploits2
Gitee
Gitee
added 2020/07/17 1:24 a.m.6 views

PowerSploit

This is a PowerShell post-exploitation framework called PowerSploit. It is a collection of PowerShell scripts that can be used to perform various malicious activities, such as code execution, DLL injection, and reflective PE injection. The framework is designed to be portable and can be used on...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/07/17 1:14 a.m.6 views

Exploit for Improper Input Validation in Jenkins

hackUtils It is a hack tool kit for pentest and web security research, which is based on BeautifulSoup bs4 module http://www.crummy.com/software/BeautifulSoup/bs4/. Usage: hackUtils.py options Options: -h, --help Show basic help message and exit -b keyword, --baidu=keyword Fetch URLs from Baidu...

9CVSS7.6AI score0.82697EPSS
Exploits23
Gitee
Gitee
added 2020/07/15 4:1 p.m.6 views

Exploit for Improper Resource Shutdown or Release in Microsoft

Web-Security-Note Record some common Web security sites 由于平常读过的文章以及遇到的比较好的开源项目都被渐渐遗忘了,所以利用这个项目来记录一下,以便查阅。 目录: - CTF - Online-Tools - 漏洞环境 - 信息搜集 - 工具 - 面经 - BypassWAF - WEB安全 - 漏洞挖掘 - 渗透测试 - 内网渗透 - 扫描器开发 - 开发 - 运维 CTF + CTF Time + Pwnhub + CTF论剑场 + 南京邮电大学CTF平台 + Whale CTF + JarvisOJ + Hackme CTF ...

7.2CVSS6.5AI score0.73721EPSS
Exploits18
Gitee
Gitee
added 2020/07/13 12:59 p.m.6 views

Vulmap

This is an open-source online local vulnerability scanner project called Vulmap. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. The project is designed to scan installed software on the host, query the Vulmon API for vulnerabilities, and print...

6.5AI score
Exploits0
Gitee
Gitee
added 2020/07/11 2:52 p.m.6 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID present in the provided context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is not explicitly stated, but it is likely related to the mentioned...

6.5CVSS6.8AI score0.05388EPSS
Exploits39
Gitee
Gitee
added 2020/07/09 9:36 a.m.6 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID present in the context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is not explicitly stated, but the context suggests it is related to a GitLab...

6.5CVSS6.6AI score0.05388EPSS
Exploits39
Gitee
Gitee
added 2020/07/01 4:26 p.m.6 views

Exploit for Cross-site Scripting in Google Chrome

It is an exploit module for CVE-2017-5124, a Chrome UXSS vulnerability. The target product/service is Google Chrome, and the vulnerability class/vector is User Interface UI Scripting UXSS. The probable entry point is the PoC.mht file, which is a MHTML file containing a malicious XML stylesheet th...

6.1CVSS9.2AI score0.05245EPSS
Exploits5
Gitee
Gitee
added 2020/06/20 5:4 p.m.6 views

Exploit for CVE-2020-2551

CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码:a6ob 漏洞利用 下载jar包,然后使用marshalsec起一个恶意的RMI服务,本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...

9.8CVSS7AI score0.93168EPSS
Exploits18
Gitee
Gitee
added 2020/06/11 9:58 p.m.6 views

shadowbroker

This repository, xftx/shadowbroker, contains a collection of exploits and tools leaked by the Shadow Brokers. The repository includes a README.md file that provides information on the contents of the repository, including the exploits and tools it contains. The exploits and tools are organized in...

6.7AI score
Exploits0
Gitee
Gitee
added 2020/06/06 11:33 a.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost is a proof-of-concept exploit for a bug in Windows 10 1903/1909's new SMB3 compression capability. The bug is caused by a lack of bounds checking in the offset size of the SMB2CompressionTransformHeader, which can lead to a buffer overflow and crash t...

10CVSS9.4AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/06/04 2:6 p.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

PoC exploit for CVE-2020-0796 - SMBv3 RCE. The target product/service is SMB Server Message Block protocol, specifically SMBv3. The vulnerability class/vector is Remote Code Execution RCE. The probable entry point is the scanner.py script, which sends a specially crafted SMB negotiate request to...

10CVSS8.7AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/06/04 9:33 a.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 Windows SMBv3 LPE Exploit Authors Daniel García Gutiérrez @danigargu Manuel Blanco Parajón @dialluvioso Exploit analysis POC Analysis by SungLin Knownsec 404 Team Writeup+PoC by @ZecOps References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796...

10CVSS7.1AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/05/14 5:22 p.m.6 views

Exploit for Code Injection in Apache Solr

This is a PoC exploit for CVE-2019-0193, a vulnerability in the Windows operating system. The exploit is written in C and uses the Metasploit framework to target the Windows kernel. The exploit code is not provided, but it is likely that it uses a buffer overflow vulnerability to execute arbitrar...

9CVSS8.1AI score0.83547EPSS
Exploits3
Gitee
Gitee
added 2020/05/13 11:56 a.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This repository is an exploit module for CVE-2020-0796, a Windows SMBv3 LPE Local Privilege Escalation vulnerability. The exploit is written in C++ and utilizes the Windows API to achieve privilege escalation. The exploit targets the SMBv3 server on a Windows system and exploits a vulnerability i...

10CVSS9.3AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/05/09 6:35 p.m.6 views

kernel_exploit_series

This is a collection of files related to a vulnerable driver, specifically targeting the Linux kernel. The files are part of a repository called "povcfe/kernelexploitseries". The files include: 1. 1-heapsprayUAF/easyuaf.c: This file appears to be a simple example of a heap spray vulnerability,...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/04/27 11:24 a.m.6 views

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/04/26 9:31 a.m.6 views

vmware_escape

This is an exploit module for VMware Workstation prior to version 12.5.5. The exploit targets a vulnerability in the way VMware handles certain types of memory access, allowing an attacker to execute arbitrary code on the host system. The exploit is designed to be used by an attacker who has gain...

7.8AI score
Exploits0
Total number of security vulnerabilities1886