Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2021/07/03 10:44 a.m.4 views

Exploit for Improper Input Validation in Microsoft

This is a PoC Proof of Concept exploit for CVE-2020-1350, also known as SigRed. The exploit is designed to target DNS servers and allows for remote code execution. The exploit is written in Python and consists of several files: configure.py: This script is used to set up the payload and Apache HT...

10CVSS9.2AI score0.92178EPSS
Exploits21
Gitee
Gitee
added 2021/07/01 11:56 p.m.4 views

Exploit for CVE-2021-1675

No description...

9.3CVSS8.8AI score0.86132EPSS
Exploits63
Gitee
Gitee
added 2021/06/30 10:9 a.m.4 views

Exploit for Improper Authentication in Apache Shiro

Apache Shiro 两种姿势绕过认证分析(CVE-2020-17523) 0x01 漏洞描述 Apache Shiro是一个强大且易用的Java安全框架,执行身份验证、授权、密码和会话管理。使用Shiro的易于理解的API,您可以快速、轻松地获得任何应用程序,从最小的移动应用程序到最大的网络和企业应用程序。 当它和 Spring 结合使用时,在一定权限匹配规则下,攻击者可通过构造特殊的 HTTP 请求包完成身份认证绕过。 影响范围:Apache Shiro / | | 双反斜杠处理成反斜杠 | // - / | | 以/.或者/..结尾,则在结尾添加/ | /. - /./ /.....

9.8CVSS7.1AI score0.85911EPSS
Exploits2
Gitee
Gitee
added 2021/06/29 3:48 p.m.4 views

vulhub

This repository is an offensive tool for creating vulnerable environments based on Docker-Compose. It is a pre-built collection of vulnerable environments for testing and practicing defensive security skills. The repository contains various vulnerable environments, including CouchDB, FFmpeg, Git,...

7AI score
Exploits0
Gitee
Gitee
added 2021/06/22 3:15 p.m.4 views

vulhub

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable applications and services, along with proof-of-concept PoC exploits and tools for exploiting them. The repository is maintained by phith0n and is available on GitHub. The...

7.5AI score
Exploits0
Gitee
Gitee
added 2021/06/14 7:33 p.m.4 views

Dictionary-Of-Pentesting

This repository is an offensive tool for Bug Bounty and penetration testing, specifically targeting WordPress and other web applications. It contains a collection of exploits and techniques for bypassing security measures, including account takeover, cross-site scripting XSS, denial of service Do...

6.5AI score
Exploits0
Gitee
Gitee
added 2021/06/10 8:46 p.m.4 views

Vxscan

This is a Python-based comprehensive scanning tool called Vxscan. It is designed to perform various types of scans, including sensitive file detection, WAF/CDN identification, port scanning, fingerprint/service identification, operating system identification, weak password detection, POC scanning...

7.7AI score
Exploits0
Gitee
Gitee
added 2021/06/03 10:57 a.m.4 views

PayloadsAllTheThings

This repository is an offensive tool for Web Application Security and Pentest/CTF. It contains a list of useful payloads and bypass for various web application security vulnerabilities and penetration testing. The repository includes tools and exploits for vulnerabilities such as CRLF injection,...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/06/03 10:56 a.m.4 views

edusrc_POC

This repository contains a collection of Python scripts, each designed to exploit vulnerabilities in various web applications. The scripts are written in Chinese and appear to be intended for use on Chinese-language systems. The scripts are categorized into several groups, each targeting a specif...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/06/03 10:18 a.m.4 views

metasploit-framework

This repository is an offensive tool for Metasploit Framework. The Metasploit Framework is a powerful tool for penetration testing and vulnerability assessment. It provides a comprehensive platform for identifying and exploiting vulnerabilities in various systems and applications. The framework...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/05/30 10:3 a.m.4 views

Exploit for CVE-2016-6700

PoC exploit for CVE-2016-6700 and CVE-2016-6702 vulnerabilities in libzipfile and libjpeg respectively. The exploits target Android versions 4.4.4, 5.0.2, and 5.1.1. The vulnerabilities occur due to missing bounds checks in libzipfile and an integer overflow in libjpeg. The exploits can be...

9.3CVSS8.3AI score0.01054EPSS
Exploits1
Gitee
Gitee
added 2021/05/30 10:1 a.m.4 views

EQGRP

This is a repository containing the decrypted content of eqgrp-auction-file.tar.xz. The repository appears to be a Linux binary repository, containing ELF files for 7z, 7za, and 7z.so. The ELF files are likely related to the 7-Zip file archiver. The repository does not contain any obvious...

6.9AI score
Exploits0
Gitee
Gitee
added 2021/05/25 9:0 p.m.4 views

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a PoC exploit for CVE-2021-3156, a sudo vulnerability dubbed Baron Samedit by Qualys. The exploit targets the heap overflow vulnerability in sudo, aiming for singleshot execution. It does not modify system files and comes with no warranties. The exploit is designed to be used in manual...

7.8CVSS8AI score0.99295EPSS
Exploits81
Gitee
Gitee
added 2021/05/23 3:10 p.m.4 views

monkey

This is a Python script repository for a tool called "Infection Monkey". The tool is designed to simulate a cyber attack on a network by injecting malware into the network and observing the behavior of the malware as it spreads. The script is written in Python and uses the "monkey" framework to...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/05/21 10:38 a.m.4 views

Exploit for Use After Free in Microsoft

CVE-2021-31166 is a remote code execution vulnerability in the HTTP protocol stack. It is a use-after-free dereference bug in the http!UlpParseContentCoding function. The bug occurs when the function appends items to a local list and then moves it into the Request structure without NULLing out th...

9.8CVSS8.6AI score0.99718EPSS
Exploits24
Gitee
Gitee
added 2021/05/16 8:36 p.m.4 views

vulhub

This repository is an open-source collection of pre-built vulnerable Docker environments, known as Vulhub. It is an offensive tool for testing and demonstrating vulnerabilities in various software and systems. The primary vulnerability class/vector targeted by Vulhub is not explicitly stated, but...

8.6AI score
Exploits0
Gitee
Gitee
added 2021/05/16 3:40 p.m.4 views

Exploit for SQL Injection in Zabbix

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is a collection of vulnerable environments, not a single exploit or tool. The repository contains various vulnerable environments, including CouchDB, ffmpeg, git, and influxdb, among...

9.8CVSS7AI score0.99686EPSS
Exploits74
Gitee
Gitee
added 2021/05/09 11:25 p.m.4 views

Exploit for CVE-2020-14882

CVE-2020-14882 is a vulnerability in Oracle WebLogic Server. The vulnerability allows for unauthorized access and remote code execution. The vulnerability is caused by a flaw in the way the server handles certain types of requests, which can be exploited by an attacker to gain access to sensitive...

10CVSS9.9AI score0.99997EPSS
Exploits41
Gitee
Gitee
added 2021/05/07 8:44 a.m.4 views

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

gofor 一款集漏洞探测、攻击,Session会话,蜜罐识别等功能于一身的软件,基于go-micro微服务框架并对外提供统一HTTP API网关接口服务 HTTP API Gateway shell ./api-srv Service InstallOptional Exploit ./srv-exploit Webshell webshell ./srv-webshell Example ThinkPHP5.0.20 RCE 攻击例子 shell curl -H "Content-Type:application/json;charset=utf-8" -X POST -d...

7.5CVSS8.6AI score0.99993EPSS
Exploits45
Gitee
Gitee
added 2021/05/03 9:25 p.m.4 views

Exploit for Use After Free in Debian Debian_Linux

This is a PoC exploit for CVE-2013-2857, a use-after-free vulnerability in the 3DS browser. The exploit is implemented in JavaScript and uses the UaF3 function to create a use-after-free condition, leading to a crash. The exploit is designed to be used on the 3DS browser, specifically on firmware...

7.5CVSS7.3AI score0.01068EPSS
Exploits1
Gitee
Gitee
added 2021/05/02 6:10 p.m.4 views

Exploit for Out-of-bounds Write in Microsoft

PoC exploit for CVE-2021-1732. This repository contains a proof-of-concept exploit for a vulnerability in Microsoft Visual Studio. The target is the Visual Studio 2013 solution file format, specifically the ExploitTest.sln file. The vulnerability class is not explicitly stated, but based on the...

7.8CVSS9.1AI score0.78376EPSS
Exploits21
Gitee
Gitee
added 2021/04/29 9:43 p.m.4 views

Exploit for Cross-site Scripting in Tastyigniter

PoC exploit for CVE-2021-38699. The target product/service is Java, and the vulnerability class/vector is XXE XML External Entity injection. The probable entry point is the XXEinjector.rb script, which is a Ruby script that automates the exploitation of XXE vulnerabilities using direct and out of...

5.4CVSS8.1AI score0.07977EPSS
Exploits5
Gitee
Gitee
added 2021/04/27 2:32 p.m.4 views

glimmer_pocs

This is a proof-of-concept PoC repository for the tool "glimmer". The repository contains various PoCs for different types of vulnerabilities and information disclosure. The PoCs are implemented as Python scripts, each targeting a specific vulnerability or information disclosure. The PoCs are...

7.7AI score
Exploits0
Gitee
Gitee
added 2021/04/27 11:16 a.m.4 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is an offensive tool for various areas, including web application security, penetration testing, and vulnerability research. The primary purpose of Vulhub is to provide a convenient and...

8.5AI score
Exploits0
Gitee
Gitee
added 2021/04/26 1:22 p.m.4 views

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary vulnerability is not specified, but the repository contains various vulnerable environments, including ones for CouchDB, FFmpeg, Git, InfluxDB,...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/04/23 9:23 a.m.4 views

awesome-virtualization

It is an offensive tool for virtualization. The repository contains a curated list of awesome resources about virtualization, including books, courses, and papers on the topic. The resources cover various aspects of virtualization, including software and hardware techniques, virtual machine...

7AI score
Exploits0
Gitee
Gitee
added 2021/04/14 6:44 p.m.4 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for testing and demonstrating vulnerabilities in various software and systems. The primary purpose of Vulhub is to provide a simple and easy-to-use platform f...

8.6AI score
Exploits0
Gitee
Gitee
added 2021/04/13 11:35 a.m.4 views

Exploit for Improper Input Validation in Google Chrome

PoC exploit for CVE-2020-16040, an out-of-bounds read vulnerability in the WebAssembly WASM module. The exploit targets the WASM module, which is loaded into a WebAssembly instance. The vulnerability allows an attacker to read arbitrary memory locations by crafting a malicious WASM module. The...

6.5CVSS8.1AI score0.99595EPSS
Exploits14
Gitee
Gitee
added 2021/04/11 4:7 p.m.4 views

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary vulnerability class is not specified, but the repository contains various vulnerable environments, including web applications, databases, and...

7.8AI score
Exploits0
Gitee
Gitee
added 2021/04/08 8:12 a.m.4 views

PayloadsAllTheThings

It is an offensive tool for general-purpose. This repository contains a collection of payloads, likely for testing and exploitation purposes. The primary CVE ID is not explicitly mentioned, but the repository is likely related to various vulnerabilities. The target product/service or framework is...

6.7AI score
Exploits0
Gitee
Gitee
added 2021/04/07 10:41 p.m.4 views

exploitdb

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains exploits, shellcodes, and papers for various vulnerabilities. The exploits are categorized by operating system, and the shellcodes are categorized by type. The papers are...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/03/07 7:11 p.m.4 views

Software-Security-Learning

It is an offensive tool for binary exploitation. The primary CVE ID is not explicitly mentioned, but the repository contains information on various software security topics, including binary exploitation. The target product/service or framework is not specified, but the repository includes tools...

7.2AI score
Exploits0
Gitee
Gitee
added 2021/03/06 4:46 p.m.4 views

thorn-linux

This is a Debian-based research and development platform for information security called Thorn Linux. It is designed to keep users up to date with the latest cybersecurity news while providing a hardened and anonymized penetration-testing environment. The platform includes a highly customized...

6.7AI score
Exploits0
Gitee
Gitee
added 2021/03/02 10:7 p.m.4 views

nightmare

This repository is an open-source project for teaching binary exploitation and reverse engineering skills through a series of challenges. It is a collection of CTF Capture The Flag challenges designed to help learners develop their skills in exploiting binaries and reversing assembly code. The...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/02/22 10:13 p.m.4 views

Exploit for Out-of-bounds Write in Microsoft

CVE-2018-0802 介绍 RTF118820802 软件架构 软件架构说明 安装教程 1. xxxx 2. xxxx 3. xxxx 使用说明 1. xxxx 2. xxxx 3. xxxx 参与贡献 1. Fork 本仓库 2. 新建 Featxxx 分支 3. 提交代码 4. 新建 Pull Request 特技 1. 使用 Readme\XXX.md 来支持不同的语言,例如 Readme\en.md, Readme\zh.md 2. Gitee 官方博客 blog.gitee.com 3. 你可以 https://gitee.com/explore 这个地址来了解 Gite...

9.3CVSS8.9AI score0.93289EPSS
Exploits7
Gitee
Gitee
added 2021/02/17 1:34 p.m.4 views

Findsploit

It is an offensive tool for searching and exploiting. The primary CVE ID is not explicitly mentioned in the provided context. The tool, Findsploit, is a bash script that searches both local and online exploit databases. It includes three sub-scripts: "compilesploit" to automatically compile and r...

6.8AI score
Exploits0
Gitee
Gitee
added 2021/02/10 4:0 p.m.4 views

Exploit for CVE-2020-14882

CVE-2020-14882ALL CVE-2020-14882ALL综合利用工具,支持命令回显检测、批量命令回显、外置xml无回显命令执行等功能。 需要模块:requests、http.client (工具仅用于授权的安全测试,请勿用于非法使用,违规行为与作者无关。) 命令回显模块已知成功版本:12.2.1.3.0、12.2.1.4.0、14.1.1.0.0 选项 功能一:命令回显 python3 CVE-2020-14882ALL.py -u http://1.1.1.1:7001 -c "net user" python3 CVE-2020-14882ALL.py -u...

10CVSS9.5AI score0.99997EPSS
Exploits41
Gitee
Gitee
added 2021/02/07 7:53 p.m.4 views

pwntools

This repository is an open-source project for a Python library called pwntools, which is used for reverse engineering and exploitation of binaries. The library is designed to be a comprehensive tool for security researchers and developers. The repository contains a variety of files, including:...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/02/06 10:32 p.m.4 views

Pwnable.kr-CTF-Writeups

This repository contains writeups for a CTF Capture The Flag challenge called Pwnable.kr. The challenge involves exploiting vulnerabilities in various programs to obtain flags. The repository includes four writeups: 1. FD: This writeup involves exploiting a file descriptor vulnerability in a...

7.6AI score
Exploits0
Gitee
Gitee
added 2021/02/05 8:58 p.m.4 views

pocsuite_poc_collect

It is an offensive tool for vulnerability exploitation...

7AI score
Exploits0
Gitee
Gitee
added 2021/02/02 3:9 p.m.4 views

Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind

CVE-2020-8840:FasterXML/jackson-databind 远程代码执行漏洞 0x00 简介 jackson-databind 是隶属 FasterXML 项目组下的JSON处理库。 0x01 漏洞概述 2月19日,NVD发布安全通告披露了jackson-databind由JNDI注入导致的远程代码执行漏洞(CVE-2020-8840),CVSS评分为9.8...

9.8CVSS8.9AI score0.26587EPSS
Exploits5
Gitee
Gitee
added 2021/02/02 2:38 p.m.4 views

vulhub1

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is a collection of vulnerable environments for testing and learning purposes, with no pre-existing knowledge of docker required. The repository contains a variety of vulnerable...

7.8AI score
Exploits0
Gitee
Gitee
added 2021/02/02 12:20 p.m.4 views

Exploit for Off-by-one Error in Sudo_Project Sudo

This repository contains exploits for the CVE-2021-3156 vulnerability, which affects the Linux kernel. The vulnerability allows an attacker to gain root privileges by exploiting a flaw in the way the kernel handles the "setuid" system call. The repository contains two exploit files: "exploit.c" a...

7.8CVSS7.3AI score0.99295EPSS
Exploits81
Gitee
Gitee
added 2021/01/31 7:55 p.m.4 views

shadowbroker

This repository, lvxiao54/shadowbroker, contains a collection of exploits and tools, including the infamous Shadow Brokers dump. The primary focus of this repository is on exploiting vulnerabilities in various software and systems, particularly in the context of Windows and Linux. The repository...

7.7AI score
Exploits0
Gitee
Gitee
added 2021/01/29 11:51 a.m.4 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security testing and vulnerability research. The primary vulnerability targeted by this repository is not explicitly stated, but it contai...

8.1AI score
Exploits0
Gitee
Gitee
added 2021/01/24 7:1 p.m.4 views

PrivescCheck

This is a PoC exploit for Windows privilege escalation enumeration. The script, PrivescCheck, is designed to identify common Windows security misconfigurations that can be leveraged for privilege escalation. It gathers various information that might be useful for exploitation and/or...

7AI score
Exploits0
Gitee
Gitee
added 2021/01/24 6:58 p.m.4 views

Exploit for CVE-2020-1034

This is a PoC Proof of Concept exploit for CVE-2020-1034, a vulnerability discovered by Microsoft and fixed on August 9, 2020. The exploit targets an unpatched Windows 10 2004, build 19041.488. The exploit code is written in C++ and uses the Windows API to manipulate the system's Event Tracing fo...

7.8CVSS8.7AI score0.04322EPSS
Exploits2
Gitee
Gitee
added 2021/01/24 10:49 a.m.4 views

CDK

It is an offensive tool for container exploitation. The primary CVE ID is not explicitly stated in the provided context, but the tool is designed for container exploitation, which may involve various vulnerabilities. The tool, CDK, is a zero-dependency container penetration toolkit that offers...

7.7AI score
Exploits0
Gitee
Gitee
added 2021/01/24 10:45 a.m.4 views

Exploit for Expression Language Injection in Apache Struts

PoC exploit for CVE-2020-17530, a deserialization vulnerability in Apache Struts 2.0.0 to 2.5.25. The target product/service is Apache Struts, specifically the struts2showcasewar application. The vulnerability class/vector is deserialization, allowing for remote code execution. The probable entry...

9.8CVSS8.2AI score0.95922EPSS
Exploits11
Gitee
Gitee
added 2021/01/24 10:44 a.m.4 views

Exploit for Path Traversal in Citrix Xenmobile_Server

使用方法&免责声明 该脚本为Citrix XenMobile 目录遍历漏洞(CVE-2020-8209)批量检测脚本。 使用方法:Python CVE-2020-8209-Multiple.py url.txt 存在漏洞的地址输出在vul.txt中 影响版本: - RP2之前的Citrix XenMobile Server 10.12 - RP4之前的Citrix XenMobile Server 10.11 - RP6之前的Citrix XenMobile Server 10.10 - RP5之前的Citrix XenMobile Server 10.9...

7.5CVSS9.4AI score0.48656EPSS
Exploits3
Total number of security vulnerabilities1886