Lucene search
K

1886 matches found

Gitee
Gitee
added 2021/05/02 11:53 a.m.6 views

Exploit for CVE-2017-0213

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 Security Bulletin KB Description Operating System - MS17-017 KB4013081 GDI Palette Objects Local Privilege Escalation windows 7/8 - CVE-2017-8464 LNK Remote Code Execution Vulnerability windows 10/8.1/7/2016/2010/2008 - CVE-2017-0213...

9.3CVSS8.3AI score0.90026EPSS
Exploits47
Gitee
Gitee
added 2021/04/29 9:43 p.m.5 views

Exploit for Use After Free in Adobe Flash_Player

This is a Python script, CVE-2018-15982EXP.py, which appears to be an exploit for the CVE-2018-15982 vulnerability. The script is designed to exploit a vulnerability in a specific product or service, likely a web application, to achieve remote code execution. The script starts with a logo and the...

10CVSS7.7AI score0.81844EPSS
Exploits13
Gitee
Gitee
added 2021/04/29 9:43 p.m.53 views

Exploit for Cross-site Scripting in Apache Http_Server

This is a PoC exploit for CVE-2019-10092, a Limited Cross-Site Scripting in modproxy Error Page-Apache httpd vulnerability. The target product/service is Apache HTTP Server, and the vulnerability class/vector is XSS. The probable entry points are the start.sh script, which invokes the Apache serv...

6.1CVSS7.2AI score0.81466EPSS
Exploits4
Gitee
Gitee
added 2021/04/29 9:43 p.m.3 views

suricata-rules

This repository contains Suricata IDS Intrusion Detection System rules for detecting various types of malicious activity, including CobaltStrike, crypto miners, and other threats. The rules are designed to identify specific patterns and behaviors associated with these threats. The rules are...

6.9AI score
Exploits0
Gitee
Gitee
added 2021/04/29 9:43 p.m.4 views

Exploit for Cross-site Scripting in Tastyigniter

PoC exploit for CVE-2021-38699. The target product/service is Java, and the vulnerability class/vector is XXE XML External Entity injection. The probable entry point is the XXEinjector.rb script, which is a Ruby script that automates the exploitation of XXE vulnerabilities using direct and out of...

5.4CVSS8.1AI score0.07977EPSS
Exploits5
Gitee
Gitee
added 2021/04/29 9:43 p.m.13 views

Exploit for CVE-2020-1472

CVE-2020-1472 is a vulnerability in the Windows Netlogon service that allows an attacker to authenticate as the computer account password. The vulnerability is a buffer overflow in the Netlogon service, which can be exploited by sending a specially crafted request to the service. The exploit code...

10CVSS9.1AI score0.99512EPSS
Exploits75
Gitee
Gitee
added 2021/04/29 8:29 p.m.3 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is an offensive tool for testing and training purposes. The primary vulnerability is not explicitly stated, but the repository contains various vulnerable environments, including ones for...

7AI score
Exploits0
Gitee
Gitee
added 2021/04/28 5:27 p.m.5 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for various areas, including web application security, penetration testing, and vulnerability research. The primary purpose of Vulhub is to provide a convenie...

8.6AI score
Exploits0
Gitee
Gitee
added 2021/04/28 11:26 a.m.5 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security testing and vulnerability research. The primary vulnerability class targeted by this collection is web application vulnerabilitie...

7.8AI score
Exploits0
Gitee
Gitee
added 2021/04/27 2:33 p.m.16 views

Exploit for Unrestricted Upload of File with Dangerous Type in Apache Tomcat

PoC exploit for CVE-2017-12617, CVE-2017-12618, CVE-2017-12619, CVE-2017-12620, CVE-2017-12621, CVE-2017-12622, CVE-2017-12623, CVE-2017-12624, CVE-2017-12625, CVE-2017-12626, CVE-2017-12627, CVE-2017-12628, CVE-2017-12629, CVE-2017-12630, CVE-2017-12631, CVE-2017-12632, CVE-2017-12633,...

10CVSS7AI score0.99988EPSS
Exploits52
Gitee
Gitee
added 2021/04/27 2:32 p.m.4 views

glimmer_pocs

This is a proof-of-concept PoC repository for the tool "glimmer". The repository contains various PoCs for different types of vulnerabilities and information disclosure. The PoCs are implemented as Python scripts, each targeting a specific vulnerability or information disclosure. The PoCs are...

7.7AI score
Exploits0
Gitee
Gitee
added 2021/04/27 11:16 a.m.4 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is an offensive tool for various areas, including web application security, penetration testing, and vulnerability research. The primary purpose of Vulhub is to provide a convenient and...

8.5AI score
Exploits0
Gitee
Gitee
added 2021/04/26 8:40 p.m.3 views

glimmer

This is a Python-based framework called Glimmer, which is a poc proof-of-concept framework for various attacks. The framework is designed to be extensible and allows users to write their own parsers for different protocols and targets. The framework has several dependencies, including rich,...

7.2AI score
Exploits0
Gitee
Gitee
added 2021/04/26 1:22 p.m.4 views

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary vulnerability is not specified, but the repository contains various vulnerable environments, including ones for CouchDB, FFmpeg, Git, InfluxDB,...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/04/25 4:5 p.m.5 views

Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux

PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker coul...

8.8CVSS7AI score0.43988EPSS
Exploits27
Gitee
Gitee
added 2021/04/23 9:23 a.m.4 views

awesome-virtualization

It is an offensive tool for virtualization. The repository contains a curated list of awesome resources about virtualization, including books, courses, and papers on the topic. The resources cover various aspects of virtualization, including software and hardware techniques, virtual machine...

7AI score
Exploits0
Gitee
Gitee
added 2021/04/22 10:39 p.m.5 views

wesng

This is an offensive tool for Windows vulnerability exploitation. It is a Python-based tool called Windows Exploit Suggester - Next Generation WES-NG, which provides a list of vulnerabilities the OS is vulnerable to, including any exploits for these vulnerabilities. The tool uses the output of...

7.3AI score
Exploits0
Gitee
Gitee
added 2021/04/22 7:23 p.m.2 views

IntruderPayloads

No description...

7AI score
Exploits0
Gitee
Gitee
added 2021/04/22 4:28 p.m.7 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security testing and education. The primary vulnerability class/vector targeted by this collection is not explicitly stated, but it likely...

8.1AI score
Exploits0
Gitee
Gitee
added 2021/04/22 12:40 p.m.10 views

Hack-Tools

This is an offensive tool for Web Pentesters. It is a browser extension called HackTools, which facilitates web application penetration tests. The extension includes cheat sheets and tools such as XSS payloads, reverse shells, and more, accessible in one click. It can be used in pop-up mode or in...

6.5AI score
Exploits0
Gitee
Gitee
added 2021/04/22 12:39 p.m.7 views

Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux

It is an exploit module for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local...

8.8CVSS7AI score0.43988EPSS
Exploits27
Gitee
Gitee
added 2021/04/20 9:58 p.m.6 views

Exploit for Improper Input Validation in Google Chrome

This is a PoC exploit for CVE-2020-16040, a vulnerability in the WebAssembly WASM module loader. The exploit targets the WASM module loader's ability to load and execute WASM code, which can lead to arbitrary code execution. The exploit is implemented in JavaScript and uses the WebAssembly API to...

6.5CVSS8.7AI score0.99595EPSS
Exploits14
Gitee
Gitee
added 2021/04/20 10:15 a.m.13 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This is a proof-of-concept PoC exploit for CVE-2020-0796, also known as SMBGhost, a pre-authentication remote code execution RCE vulnerability in the SMBv3 protocol. The exploit is written in Python and uses the SMB protocol to inject shellcode into the target system. The exploit targets Windows...

10CVSS8.6AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2021/04/16 11:3 a.m.5 views

Exploit for CVE-2015-1701

CVE-2015-1701 Win32k Elevation of Privilege Vulnerability. Original info https://www.fireeye.com/blog/threat-research/2015/04/probableapt28useo.html Protection Apply MS15-051 for fix. https://technet.microsoft.com/library/security/MS15-051 Authors c 2015 CVE-2015-1701 Project Credits R136a1...

7.8CVSS7.1AI score0.562EPSS
Exploits38
Gitee
Gitee
added 2021/04/15 8:51 p.m.5 views

pocsuite3

This is a Python package called pocsuite3 that provides a framework for remote vulnerability testing and proof-of-concept development. It is designed to be used by penetration testers and security researchers. The package has a powerful proof-of-concept engine and comes with many features,...

6.7AI score
Exploits0
Gitee
Gitee
added 2021/04/15 8:29 p.m.13 views

Exploit for SQL Injection in Zabbix

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary CVE IDs present in the context are CVE-2016-10134, CVE-2017-2824, and CVE-2020-11800. The target product/service or framework is not explicitly...

9.8CVSS6.8AI score0.83284EPSS
Exploits28
Gitee
Gitee
added 2021/04/14 11:9 p.m.3 views

vulhub

This repository is an open-source collection of pre-built vulnerable Docker environments, called Vulhub. It is an offensive tool for testing and training purposes. The primary vulnerability class/vector targeted by Vulhub is not explicitly stated, but it includes a wide range of vulnerabilities i...

8.1AI score
Exploits0
Gitee
Gitee
added 2021/04/14 11:8 p.m.2 views

ysoserial

This is a Java tool called ysoserial, which generates payloads that exploit unsafe Java object deserialization. The tool is designed to create gadgets that can be used to execute arbitrary code on a Java application that performs unsafe deserialization. The tool takes a user-specified command and...

8AI score
Exploits0
Gitee
Gitee
added 2021/04/14 11:8 p.m.8 views

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a Python-based exploit for the CVE-2021-3156 vulnerability in sudo. The exploit targets Linux systems with glibc and nscd service not running. It overwrites the struct serviceuser to gain root privileges. The exploit has several variants, including: 1. exploitnss.py: This is the main...

7.8CVSS7.7AI score0.99295EPSS
Exploits81
Gitee
Gitee
added 2021/04/14 9:18 p.m.3 views

Exploit for Use After Free in Adobe Flash_Player

Awesome CobaltStrike 0x00 前言 1. 一部分是近期做RedTeam项目的时候看到的一些关于CobaltStrike不错的文章 2. 目前网上的Aggressor Script种类繁多,大多数资源的聚合都是只给出对应的链接,而不说明是干什么的,以至于在查看时不知道如何选择,要一个一个打开看 3. 关于新特性BOF资源的整合 4. 解决要用的时候找不到合适aggressor script或者BOF的问题 5. 如果有本repo没有涉及的优质内容,欢迎大家提交pr 0x01 相关文章合集 基础知识参考: 1. CobaltStrikewiki 2...

9.8CVSS10AI score0.89618EPSS
Exploits19
Gitee
Gitee
added 2021/04/14 6:44 p.m.3 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for testing and demonstrating vulnerabilities in various software and systems. The primary purpose of Vulhub is to provide a simple and easy-to-use platform f...

8.6AI score
Exploits0
Gitee
Gitee
added 2021/04/14 9:13 a.m.5 views

CTF-All-In-One

This is a comprehensive guide to CTF Capture The Flag competitions, specifically focusing on the Pwn binary exploitation aspect. The book is written by Yang Chao, a member of L-Team, and is intended for beginners. It covers the basics of binary exploitation, including memory management, buffer...

7.8AI score
Exploits0
Gitee
Gitee
added 2021/04/13 7:19 p.m.6 views

Exploit for Improper Input Validation in Google Chrome

PoC exploit for CVE-2020-16040, an out-of-bounds write vulnerability in the WebAssembly WASM engine of various browsers. The exploit targets the WASM engine's handling of large arrays, allowing an attacker to write arbitrary data to the heap. The exploit is implemented in JavaScript, using the...

6.5CVSS9AI score0.99595EPSS
Exploits14
Gitee
Gitee
added 2021/04/13 5:51 p.m.2 views

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is a toolkit for defensive blue-team research and threat mitigation, providing a platform for testing and analyzing vulnerabilities in a controlled environment. The repository contains a variety of vulnerable...

7.8AI score
Exploits0
Gitee
Gitee
added 2021/04/13 1:41 p.m.7 views

Exploit for Improper Input Validation in Google Chrome

PoC exploit for CVE-2020-16040, an out-of-bounds read vulnerability in the WebAssembly WASM module loader. The exploit targets the WASM module loader's handling of WebAssembly code, specifically the wasmcode array, which is used to load and execute WASM modules. The vulnerability allows an attack...

7.8CVSS8.2AI score0.99595EPSS
Exploits92
Gitee
Gitee
added 2021/04/13 11:35 a.m.4 views

Exploit for Improper Input Validation in Google Chrome

PoC exploit for CVE-2020-16040, an out-of-bounds read vulnerability in the WebAssembly WASM module. The exploit targets the WASM module, which is loaded into a WebAssembly instance. The vulnerability allows an attacker to read arbitrary memory locations by crafting a malicious WASM module. The...

6.5CVSS8.1AI score0.99595EPSS
Exploits14
Gitee
Gitee
added 2021/04/13 11:28 a.m.2 views

vulscan

This is a Python-based web application for vulnerability scanning and management. The application is built using Django and has several features, including: 1. Vulnerability Scanning: The application can scan for vulnerabilities in web applications using a variety of plugins POCs. 2. Vulnerabilit...

7.2AI score
Exploits0
Gitee
Gitee
added 2021/04/12 3:30 p.m.16 views

Exploit for CVE-2013-0422

K8tools 20200118 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 下载: https://github.com/k8gege/K8tools 文档: http://k8gege.org PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 扫描工具 Ladon 6.0 大型内网渗透扫描神器内置48个功能,支持Cobalt Strike + 扫描工具 Ladon 5.7...

10CVSS8.3AI score0.99913EPSS
Exploits164
Gitee
Gitee
added 2021/04/11 4:7 p.m.4 views

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is an offensive tool for web application security testing. The primary vulnerability class is not specified, but the repository contains various vulnerable environments, including web applications, databases, and...

7.8AI score
Exploits0
Gitee
Gitee
added 2021/04/11 11:34 a.m.17 views

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

Zhengjim - 漏洞复现 搭漏洞环境是一个繁琐的事情,这里记录下自己学习搭各种环境的记录。部分利用Vulhub一个面向大众的开源漏洞靶场,来搭建漏洞环境,比较方便。(主要懒!) 漏洞 1. S2-057命令执行漏洞 2. ghostscript命令执行漏洞 3. weblogic反序列化漏洞CVE-2018-2628 4. Elasticsearch-Kibana本地包含漏洞CVE-2018-17246 5. ThinkPHP5.x版本命令执行漏洞 6. WordPressRESTAPI内容注入漏洞 7. Git漏洞允许任意代码执行CVE-2018-17456 8. Apache...

10CVSS7.1AI score0.99913EPSS
Exploits161
Gitee
Gitee
added 2021/04/08 8:17 p.m.5 views

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is a collection of vulnerable environments, not a single exploit or tool. The repository contains a variety of vulnerable environments, including CouchDB, FFmpeg, Git, InfluxDB, and more,...

7.2AI score
Exploits0
Gitee
Gitee
added 2021/04/08 8:12 a.m.3 views

PayloadsAllTheThings

It is an offensive tool for general-purpose. This repository contains a collection of payloads, likely for testing and exploitation purposes. The primary CVE ID is not explicitly mentioned, but the repository is likely related to various vulnerabilities. The target product/service or framework is...

6.7AI score
Exploits0
Gitee
Gitee
added 2021/04/07 10:41 p.m.4 views

exploitdb

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains exploits, shellcodes, and papers for various vulnerabilities. The exploits are categorized by operating system, and the shellcodes are categorized by type. The papers are...

7.1AI score
Exploits0
Gitee
Gitee
added 2021/04/04 11:7 a.m.3 views

rocComExpRce

综合RCE漏洞利用工具...

7AI score
Exploits0
Gitee
Gitee
added 2021/04/01 8:15 p.m.3 views

ysoserial

This is a proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization. The tool, called ysoserial, is a collection of utilities and property-oriented programming "gadget chains" discovered in common Java libraries that can, under the right conditions, exploit Jav...

7.2AI score
Exploits0
Gitee
Gitee
added 2021/03/31 3:58 p.m.3 views

vulhub2

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for various areas, including web application security, web server security, and more. The primary purpose of Vulhub is to provide a simple and easy-to-use...

6.8AI score
Exploits0
Gitee
Gitee
added 2021/03/31 11:15 a.m.3 views

Exploit for CVE-2019-1003000

PoC exploit for CVE-2019-1003000, CVE-2019-1003001, and CVE-2019-1003002, which are related to a vulnerability in Jenkins' Script Security, Pipeline: Groovy, and Pipeline: Declarative plugins. The exploit allows users with Overall/Read permission and Job/Configure and optional Job/Build to bypass...

8.8CVSS7.6AI score0.98428EPSS
Exploits17
Gitee
Gitee
added 2021/03/30 7:18 p.m.3 views

CTF-All-In-One

This repository is an offensive tool for CTF Capture The Flag competitions, specifically targeting Linux systems. The primary vulnerability class is not explicitly stated, but based on the content, it appears to be focused on binary exploitation Pwn. The tool is designed to be used in a CTF...

7.3AI score
Exploits0
Gitee
Gitee
added 2021/03/30 5:7 p.m.11 views

Exploit for Path Traversal in Vmware Cloud_Foundation

Ladon Scanner For Golang Wiki http://k8gege.org/Ladon/LadonGo.html 简介...

10CVSS9.7AI score0.99999EPSS
Exploits106
Gitee
Gitee
added 2021/03/30 12:38 p.m.5 views

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

weblogic-scan weblogic 漏洞扫描工具 妄想试图weblogic一把梭 目前检测的功能 - x console 页面探测 & 弱口令扫描 - x uuid页面的SSRF - x CVE-2017-10271 wls-wsat页面的反序列化 - x CVE-2018-2628 反序列化 - x CNVD-C-2019-48814 后期可以的话还会继续加功能的,主要是一些反序列化的poc真的不好写,我也不咋会.. USE 使用前请先填写config.py中的server参数...

9.8CVSS7.1AI score0.99993EPSS
Exploits102
Total number of security vulnerabilities1886