6771 matches found
Forescout SecureConnector 11.3.07 Privilege Escalation
Forescout SecureConnector versions 11.3.07 and below privilege escalation proof of concept that makes use of an insecure permissions vulnerability...
WordPress Email Subscribers by Icegram Express 5.7.14 SQL Injection
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress and WooCommerce plugin for WordPress is vulnerable to SQL Injection via the run function of the IGESSubscribersQuery class in all versions up to, and including, 5.7.14 due to insufficient escaping on...
CISA: Closing the Software Understanding Gap
CISA document to help close the gap and secure infrastructure with a deep, scalable understanding of software-controlled systems, including AI-systems...
Ivanti Connect Secure IFT TLS Stack Overflow / Remote Code Execution
This is an Ivanti Connect Secure IFT TLS stack overflow pre-authentication remote code execution proof of concept exploit. It is crippled by default...
CISA: Microsoft Expanded Cloud Logs Implementation Playbook
This playbook provides a detailed overview of the newly introduced logging capabilities in Microsoft Purview Audit Standard. These capabilities enable organizations to conduct forensic and compliance investigations by accessing critical events...
Jenkins 2.441 Arbitrary File Read
This proof of concept can be used to exploit CVE-2024-23897 to achieve file-read access on a Jenkins server versions 2.441 and below...
CISA: Secure by Demand: Priority Considerations
This is CISA's Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products. This guide is intended to help owners and operators procure Operational Technology OT products, particularly industrial automation and control system products,...
Ivanti CVE-2025-0282 Checker
This script allows you to safely scan and test to see if you are vulnerable to CVE-2025-0282, a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 that allows a...
Report of Special Counsel Smith Volume 1
Special Counsel Jack Smith's January 2025 report concluded that former President Donald Trump engaged in a criminal effort to overturn the 2020 election results, including pressuring officials and inciting the January 6 Capitol riot. Smith asserted that sufficient evidence existed to convict Trum...
Paradox Security Systems IPR512 Denial of Service
Paradox Security Systems IPR512 proof of concept denial of service script...
CISA: AI Cybersecurity Collaboration Playbook
The AI Cybersecurity Collaboration Playbook provides guidance to organizations across the AI community – including AI providers, developers, and adopters – for sharing AI-related cybersecurity information voluntarily with the Cybersecurity and Infrastructure Security Agency CISA and other partner...
CISA: AI Cybersecurity Collaboration Playbook Fact Sheet
This is the fact sheet for CISA's AI Security Collaboration Playbook...
Palo-Alto Firewall Denial of Service
Simple proof of concept script that aims to attack the firewall on certain vulnerable versions of Palo Alto's PAN OS via malicious DNS queries. A successful attack will force the firewall to crash and enter maintenance mode...
Netgear Router Password Disclosure
Multiple Netgear routers suffers from remote and local password disclosure vulnerabilities...
HTML Compiler Remote Code Execution
HTML Compiler remote code execution exploit that downloads a malicious file...
PHP 5.x / Bash Shellshock Proof of Concept
This is a proof of concept that demonstrates how the Bash shellshock vulnerability can be used in PHP to bypass disablefunctions, safemode, etc...
IPSwitch IMail 12.4 Cross Site Scripting
IPSwitch IMail server web client versions 12.3 and 12.4 before 12.4.1.15 suffer from a persistent cross site scripting vulnerability...
Cool PDF Reader 3.0.2.256 Buffer Overflow
Cool PDF Reader version 3.0.2.256 buffer overflow exploit...
DataLife Engine 9.7 PHP Code Injection
DataLife Engine version 9.7 suffers from a PHP code injection vulnerability in preview.php...
Cisco TelePresence Cookie Theft / Impersonation / Code Execution
Cisco TelePresensce Series suffers from client-side code execution, denial of service, cookie theft, loss of confidentiality, and impersonation vulnerabilities...
sa2001_02.txt
NSFOCUS Security Advisory SA2001-02 - The nsfocus team has found a vulnerability in filename processing of CGI program in MS IIS4.0/5.0, as discussed in ms01-026. CGI filename is decoded twice by error. Exploitation of this vulnerability leads to intruders being able to run arbitrary system...