Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2020/10/19 7:13 p.m.6 views

Exploit for CVE-2020-16898

PoC exploit for CVE-2020-16898, a Windows TCP/IP Remote Code Execution Vulnerability. The exploit targets the Windows TCP/IP stack and uses a specially crafted IPv6 packet to trigger a buffer overflow, leading to remote code execution. The exploit is implemented in Python using the Scapy library...

8.8CVSS9.9AI score0.09686EPSS
Exploits12
Gitee
Gitee
added 2020/10/15 9:24 a.m.6 views

ctf

This repository contains a writeup for the CSAW CTF 2015. The writeup includes descriptions of various challenges, including web, exploit, crypto, reversing, and forensics challenges. The writeup is organized into sections, with each section describing a specific challenge. The challenges include...

7AI score
Exploits0
Gitee
Gitee
added 2020/10/10 2:31 p.m.6 views

Exploit for Absolute Path Traversal in Rarlab Winrar

This is a PoC exploit for CVE-2018-20250. The exploit targets a vulnerability in the Microsoft Visual C++ compiler, specifically in the way it handles certain types of code. The vulnerability allows for arbitrary code execution. The exploit is likely to be used to demonstrate the vulnerability an...

7.8CVSS7.5AI score0.96274EPSS
Exploits13
Gitee
Gitee
added 2020/10/06 8:54 p.m.6 views

Exploit for SQL Injection in Drupal

vulnerability-list 常见漏洞快速检测,目前包含以下漏洞。 Tomcat: - CVE201712615 / CVE201712617 - tomcatweakpassword - examplevulnerability检测tomcat的examples等目录是否存在 moon.py -u tomcat http://xx.xx.xx.xx:xxxx Fckeditor - 获取版本及常见上传页面检测 - fck moon.py -u fck http://xx.xx.xx.xx/fckxx Weblogic - CVE201710271...

9.8CVSS8.2AI score0.99993EPSS
Exploits137
Gitee
Gitee
added 2020/10/05 3:45 p.m.6 views

Exploit for CVE-2018-2894

Weblogic任意文件上传漏洞(CVE-2018-2894) 最近大家都在说这个漏洞,大家都注意到config.do这里发生了问题,但是其实根据 https://mp.weixin.qq.com/s/y5JGmM-aNaHcs6P9a-gRQ 这里的信息,begin.do也是有问题。少扯淡,下面给出具体利用方法: 问题就出现下下面这个页面。 上传时候,修改name的值就可以了 避免大家麻烦,给出来: /../../../../../../wlserver/server/lib/consoleapp/webapp/framework/skins/wlsconsole/images/ 然后...

9.8CVSS9.6AI score0.50224EPSS
Exploits7
Gitee
Gitee
added 2020/10/05 3:12 p.m.6 views

Exploit for CVE-2018-2894

CVE-2018-2894 CVE-2018-2894 WebLogic 未授权访问致任意文件上传/RCE漏洞 检查脚本...

9.8CVSS7.1AI score0.50224EPSS
Exploits7
Gitee
Gitee
added 2020/10/04 9:56 p.m.6 views

Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform

This is a PoC exploit for CVE-2017-12149, a remote code execution vulnerability in JBoss. The exploit is written in Python and uses the requests library to send a crafted request to the target JBoss server. The exploit payload is encoded in hexadecimal and is injected into the request as a crafte...

9.8CVSS8.1AI score0.90713EPSS
Exploits14
Gitee
Gitee
added 2020/09/13 11:52 a.m.6 views

Exploit for Improper Input Validation in Joomla Joomla\!

CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明:目前来看,本项目会进行长期维护,有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 Discuz - Discuz<3.4birthprovince前台任意文件删除 DedeCMS - DedeCMSv5.7shopsdelivery存储型XSS - DedeCMSv5.7carbuyaction存储型XSS - DedeCMSv5.7友情链接CSRFGetShell - DedeCMS V5.7 SP2后台存在代码执行漏洞 Drupal -...

9.8CVSS7AI score0.99993EPSS
Exploits140
Gitee
Gitee
added 2020/09/11 5:2 p.m.6 views

Exploit for CVE-2014-7911

This is a local root exploit for Nexus5 Android 4.4.4KTU84P. The exploit is based on the CVE-2014-7911 vulnerability, which is a privilege escalation vulnerability in the Android operating system. The exploit is designed to gain root access on the device. The exploit is implemented in Java and us...

7.2CVSS7.3AI score0.2435EPSS
Exploits6
Gitee
Gitee
added 2020/09/11 3:13 p.m.6 views

exploit-database

This is the official Exploit Database repository, a collection of public exploits and vulnerable software. The repository is maintained by Offensive Security and is updated daily with new submissions. The database contains a wide range of exploits, including remote code execution, privilege...

7.5AI score
Exploits0
Gitee
Gitee
added 2020/09/10 9:29 a.m.6 views

isf

This is an offensive tool for ICS exploitation. It is a Python-based framework for exploiting Industrial Control Systems ICS, similar to Metasploit. The framework, known as ICSSploit, is a fork of the routersploit project and is designed for ICS exploitation. It includes various modules for...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/09/02 5:27 p.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Android

This repository is a proof-of-concept PoC exploit for CVE-2017-0474. The exploit targets a vulnerability in the Windows SMBv1 protocol, which allows an attacker to execute arbitrary code on a vulnerable system. The exploit is written in Python and uses the Metasploit framework to deliver the...

9.3CVSS8.2AI score0.02139EPSS
Exploits1
Gitee
Gitee
added 2020/09/01 9:22 a.m.6 views

Vxscan

This is a Python script for a comprehensive scanning tool called Vxscan. The tool is designed to perform various scans on a target, including sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password...

7.6AI score
Exploits0
Gitee
Gitee
added 2020/08/22 9:52 a.m.6 views

pocsuite3-1

This is a PoC Proof of Concept framework for vulnerability testing and penetration testing, developed by the Knownsec 404 Team. The framework is called pocsuite3. The framework has a powerful proof-of-concept engine and many features for penetration testers and security researchers. It supports...

6.7AI score
Exploits0
Gitee
Gitee
added 2020/08/11 11:37 a.m.6 views

Vxscan

This is a Python-based comprehensive scanning tool called Vxscan, which is used for sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, and other functions. The...

7.6AI score
Exploits0
Gitee
Gitee
added 2020/08/09 10:57 a.m.6 views

Exploit for Observable Discrepancy in Linux Linux_Kernel

PoC exploit for CVE-2021-34556 This repository contains a proof-of-concept exploit for a vulnerability in a specific product/service. The exploit targets a vulnerability in the product's framework, allowing for remote code execution. Exploit module/toolkit targeting The exploit module targets a...

5.5CVSS8.9AI score0.00419EPSS
Exploits2
Gitee
Gitee
added 2020/07/17 1:24 a.m.6 views

PowerSploit

This is a PowerShell post-exploitation framework called PowerSploit. It is a collection of PowerShell scripts that can be used to perform various malicious activities, such as code execution, DLL injection, and reflective PE injection. The framework is designed to be portable and can be used on...

7.9AI score
Exploits0
Gitee
Gitee
added 2020/07/17 1:14 a.m.6 views

Exploit for Improper Input Validation in Jenkins

hackUtils It is a hack tool kit for pentest and web security research, which is based on BeautifulSoup bs4 module http://www.crummy.com/software/BeautifulSoup/bs4/. Usage: hackUtils.py options Options: -h, --help Show basic help message and exit -b keyword, --baidu=keyword Fetch URLs from Baidu...

9CVSS7.6AI score0.82697EPSS
Exploits23
Gitee
Gitee
added 2020/07/13 12:59 p.m.6 views

Vulmap

This is an open-source online local vulnerability scanner project called Vulmap. It consists of online local vulnerability scanning programs for Windows and Linux operating systems. The project is designed to scan installed software on the host, query the Vulmon API for vulnerabilities, and print...

6.5AI score
Exploits0
Gitee
Gitee
added 2020/07/11 2:52 p.m.6 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID present in the provided context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is not explicitly stated, but it is likely related to the mentioned...

6.5CVSS6.8AI score0.05388EPSS
Exploits39
Gitee
Gitee
added 2020/07/09 9:36 a.m.6 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID present in the context is CVE-2016-9086. The target product/service or framework is GitLab. The vulnerability class/vector is not explicitly stated, but the context suggests it is related to a GitLab...

6.5CVSS6.6AI score0.05388EPSS
Exploits39
Gitee
Gitee
added 2020/07/08 3:38 p.m.6 views

Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager

PoC exploit for CVE-2020-5902, a vulnerability in F5 Networks BIG-IP TMUI web interface. The exploit targets a remote command execution vulnerability in the 'tmui/login.jsp' endpoint, allowing an attacker to read arbitrary files on the system. The vulnerability is exploited by sending a specially...

10CVSS7.5AI score0.99999EPSS
Exploits60
Gitee
Gitee
added 2020/07/01 4:26 p.m.6 views

Exploit for Cross-site Scripting in Google Chrome

It is an exploit module for CVE-2017-5124, a Chrome UXSS vulnerability. The target product/service is Google Chrome, and the vulnerability class/vector is User Interface UI Scripting UXSS. The probable entry point is the PoC.mht file, which is a MHTML file containing a malicious XML stylesheet th...

6.1CVSS9.2AI score0.05245EPSS
Exploits5
Gitee
Gitee
added 2020/06/20 5:4 p.m.6 views

Exploit for CVE-2020-2551

CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码:a6ob 漏洞利用 下载jar包,然后使用marshalsec起一个恶意的RMI服务,本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...

9.8CVSS7AI score0.93168EPSS
Exploits18
Gitee
Gitee
added 2020/06/19 2:7 p.m.6 views

K8tools

It is an offensive tool for web application exploitation. The repository, K8tools, contains a collection of tools for various purposes, including internal penetration, privilege escalation, remote overflow, vulnerability exploitation, scanning, password cracking, and anti-kill tools. The primary...

7.3AI score
Exploits0
Gitee
Gitee
added 2020/06/11 9:58 p.m.6 views

shadowbroker

This repository, xftx/shadowbroker, contains a collection of exploits and tools leaked by the Shadow Brokers. The repository includes a README.md file that provides information on the contents of the repository, including the exploits and tools it contains. The exploits and tools are organized in...

6.7AI score
Exploits0
Gitee
Gitee
added 2020/06/06 11:33 a.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 PoC aka CoronaBlue aka SMBGhost is a proof-of-concept exploit for a bug in Windows 10 1903/1909's new SMB3 compression capability. The bug is caused by a lack of bounds checking in the offset size of the SMB2CompressionTransformHeader, which can lead to a buffer overflow and crash t...

10CVSS9.4AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/06/04 2:6 p.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

PoC exploit for CVE-2020-0796 - SMBv3 RCE. The target product/service is SMB Server Message Block protocol, specifically SMBv3. The vulnerability class/vector is Remote Code Execution RCE. The probable entry point is the scanner.py script, which sends a specially crafted SMB negotiate request to...

10CVSS8.7AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/06/04 9:33 a.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 Windows SMBv3 LPE Exploit Authors Daniel García Gutiérrez @danigargu Manuel Blanco Parajón @dialluvioso Exploit analysis POC Analysis by SungLin Knownsec 404 Team Writeup+PoC by @ZecOps References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796...

10CVSS7.1AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/05/14 5:22 p.m.6 views

Exploit for Code Injection in Apache Solr

This is a PoC exploit for CVE-2019-0193, a vulnerability in the Windows operating system. The exploit is written in C and uses the Metasploit framework to target the Windows kernel. The exploit code is not provided, but it is likely that it uses a buffer overflow vulnerability to execute arbitrar...

9CVSS8.1AI score0.83547EPSS
Exploits3
Gitee
Gitee
added 2020/05/13 11:56 a.m.6 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This repository is an exploit module for CVE-2020-0796, a Windows SMBv3 LPE Local Privilege Escalation vulnerability. The exploit is written in C++ and utilizes the Windows API to achieve privilege escalation. The exploit targets the SMBv3 server on a Windows system and exploits a vulnerability i...

10CVSS9.3AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2020/05/09 6:35 p.m.6 views

kernel_exploit_series

This is a collection of files related to a vulnerable driver, specifically targeting the Linux kernel. The files are part of a repository called "povcfe/kernelexploitseries". The files include: 1. 1-heapsprayUAF/easyuaf.c: This file appears to be a simple example of a heap spray vulnerability,...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/04/27 11:24 a.m.6 views

exploitdb

The Exploit Database Git Repository This is an official repository of The Exploit Database, a project sponsored by Offensive Security. Our repositories are: - Exploits & Shellcodes: https://github.com/offensive-security/exploitdb - Binary Exploits:...

6.8AI score
Exploits0
Gitee
Gitee
added 2020/04/26 9:31 a.m.6 views

vmware_escape

This is an exploit module for VMware Workstation prior to version 12.5.5. The exploit targets a vulnerability in the way VMware handles certain types of memory access, allowing an attacker to execute arbitrary code on the host system. The exploit is designed to be used by an attacker who has gain...

7.8AI score
Exploits0
Gitee
Gitee
added 2020/04/21 1:57 a.m.6 views

Exploit for Path Traversal in Citrix Application_Delivery_Controller_Firmware

Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway CVE-2019-19781...

9.8CVSS7.5AI score0.99999EPSS
Exploits48
Gitee
Gitee
added 2020/04/14 5:56 p.m.6 views

Exploit for OS Command Injection in Cacti

The official exploit for Cacti v1.2.8 Remote Code Execution CVE-2020-8813...

9.3CVSS7.4AI score0.73779EPSS
Exploits24
Gitee
Gitee
added 2020/04/13 5:28 p.m.6 views

PSKernel-Primitives

This repository contains a collection of PowerShell primitives for exploitation, specifically targeting Windows systems. The code is written in PowerShell and utilizes various Windows APIs to achieve its goals. The repository includes several functions, each with a specific purpose: 1...

7AI score
Exploits0
Gitee
Gitee
added 2020/03/31 4:17 p.m.6 views

Exploit for Injection in Oracle Agile_Plm

CVE-2019-2725 CVE-2019-2725CNVD-C-2019-48814、WebLogic wls9-async 命令回显 10.3.6 12.1.3 ResultBaseExec.java 用于测试defineClass,将把恶意类从base64还原出来,执行代码,主要是比较方便(可用可不用)。 JDK7u21.java 会生成weblogic-2019-272512.1.3命令执行.txt中的xml,请使用jdk6编译。 CVE-2019-2725.py 检测命令是否会执行。...

9.8CVSS7.7AI score0.99964EPSS
Exploits35
Gitee
Gitee
added 2020/03/28 4:58 p.m.6 views

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2018-2628 is a remote command execution vulnerability in Oracle WebLogic Server. The exploit code is written in Python and uses the CVE-2018-2628 Weblogic GetShell.py script to exploit the vulnerability. The script sends a specially crafted request to the vulnerable server, which allows an...

9.8CVSS8.1AI score0.99448EPSS
Exploits69
Gitee
Gitee
added 2020/03/28 4:41 p.m.6 views

Exploit for Improper Input Validation in Microsoft

It is an exploit module for CVE-2019-0604, a remote code execution vulnerability in SharePoint. The target product/service is SharePoint, and the vulnerability class/vector is RCE. The probable entry point is not specified, but the usage link suggests it may be invoked via a web interface...

9.8CVSS8.3AI score0.99913EPSS
Exploits29
Gitee
Gitee
added 2020/03/23 3:44 p.m.6 views

cve_2019_0708_bluekeep_rce

bluekeep exploit...

7AI score
Exploits0
Gitee
Gitee
added 2020/03/20 5:2 p.m.6 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not explicitly stated, but the environments are designed to be vulnerable to various types of attacks. The probable entry points are not specified, but the environments are likel...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/03/17 6:53 p.m.6 views

vulhub

It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability is not explicitly stated, but the repository contains various vulnerable environments, including ones related to Flask, Apache, Nginx, and more. The repository is maintained by phith0n and is...

7AI score
Exploits0
Gitee
Gitee
added 2020/03/17 6:19 p.m.6 views

Exploit for CVE-2019-15231

This repository contains a collection of exploits for various vulnerabilities, including unauthenticated remote command execution RCE and directory traversal. The exploits are written in Python and utilize various libraries such as requests and pymongo. The repository includes exploits for the...

9.8CVSS7.5AI score0.99057EPSS
Exploits56
Gitee
Gitee
added 2020/03/17 1:50 p.m.6 views

pikachu

This is an offensive tool for Web application security testing. It is a web application that contains various web security vulnerabilities, including Burt Force brute-force, XSS cross-site scripting, CSRF cross-site request forgery, SQL-Inject SQL injection, RCE remote code execution, Files...

6.9AI score
Exploits0
Gitee
Gitee
added 2020/03/11 8:27 p.m.6 views

lua-resty-waf

This repository is an exploit module/toolkit targeting OpenResty, a high-performance web server built on the Nginx core. The primary vulnerability class/vector is not explicitly stated, but based on the code and metadata, it appears to be a remote code execution RCE vulnerability. The probable...

8AI score
Exploits0
Gitee
Gitee
added 2020/03/07 6:1 p.m.6 views

shadowbroker

This repository, Zam-0703/shadowbroker, contains a collection of exploits and tools for various vulnerabilities. The repository was created by the Shadow Brokers, a group known for releasing stolen NSA hacking tools. The repository includes exploits for several vulnerabilities, including:...

8.5AI score
Exploits0
Gitee
Gitee
added 2020/03/07 8:41 a.m.6 views

msf_module

msf-module wooyun还在的时候根据别人的审计写的一些msf插件,有几个还是挺好用的 module列表 auxiliary + zoomeye-search.rb exploits + Dswjcms-upload-wooyun-2015-0160899.rb + Lotapp-exec-wooyun-2015-0133750.rb + OEM-exec-wooyun-2010-0192732.rb + ZTE-exec-wooyun-2016-190343.rb + discuz-ssrf-wooyun-2011-0151179.rb +...

7.1AI score
Exploits0
Gitee
Gitee
added 2020/03/07 8:40 a.m.6 views

Exploit for Use After Free in Microsoft

This repository is a PoC Proof of Concept scanner for the CVE-2019-0708 vulnerability, also known as "BlueKeep", which is a remote code execution RCE vulnerability in Microsoft Windows Remote Desktop Services. The scanner is a fork of the rdesktop client, a Remote Desktop Protocol client, and is...

10CVSS8.4AI score0.99999EPSS
Exploits123
Gitee
Gitee
added 2020/03/06 4:31 p.m.6 views

Vxscan

This is a Python script called Vxscan, which is a comprehensive scanning tool for sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning, SQL injection, and other functions. The...

7.6AI score
Exploits0
Total number of security vulnerabilities1886