Microsoft RTF CVE-2017-0199 proof of concept exploit.
94860eb2041748a74ccdfe99ad24e8276e83a03535808e480542e01b7dde6104
VirtualBox suffers from an unprivileged host user to host kernel privilege escalation via ALSA config.
f38ab6ac7db1ac5c9f60c3a076a685885892333cd88c3211cc5704218296d743
WebKit suffers from a universal cross site scripting vulnerability in operationSpreadGeneric.
6d9e305dd9fc16577996089d04a9e8ca38f2b5124a99b6df7e83db1c04d4e35e
Microsoft Windows suffers from an IEETWCollector arbitrary directory / file deletion privilege escalation vulnerability.
430a53cd94edd4e0e498a42cca519bca58b5345139e6f34fe55a3fac5ac08ac8
This Metasploit module exploits two vulnerabilities the Trend Micro Threat Discovery Appliance. The first is an authentication bypass vulnerability via a file delete in logoff.cgi which resets the admin password back to 'admin' upon a reboot (CVE-2016-7552). The second is a cmd injection flaw using the timezone parameter in the admin_sys_time.cgi interface (CVE-2016-7547).
035399021ac947492b961a04ac25a5a12f67bebc47e9858ba91b9e72dfccdc17
VirtualBox suffers from an unprivileged host user to host kernel privilege escalation vulnerability via environment and ioctl.
5ae11d5da89c21fa2ec3f008d6534c457837c34c5f2d020a423a08192ddfde0a
VirtualBox suffers from a guest-to-host local privilege escalation vulnerability via broken length handling in slirp copy.
79cd9c11d5258beceede4e3ea94c22037f513ff968d9ae2a19eeefa0afadf459
Microsoft Windows suffers from a runtime broker ClipboardBroker privilege escalation vulnerability.
7c916e43984e060a2ac3129f24b582d32092c2278a75ff95dfbfab95fd72d2cf
Microsoft Windows suffers from a ManagementObject arbitrary .NET serialization remote code execution vulnerability.
2191c2cf58409ae65a711b869567e7f0086659f623a87e56f5ca19199ab839a9
Apple Webkit suffers from a universal cross site scripting vulnerability in PrototypeMap::createEmptyStructure.
79780b821c23d3e4824a776971e35553e09962f68907b17945b1816687de7323
Microsoft Windows taskschd.msc local SYSTEM privilege escalation exploit.
745e5a4f4c52227b4be45f15a6b78b196c664d1436532ae73577cf9534505f2e
VLC Media Player version 2.2.3 DecodeAdpcmImaQ buffer overflow exploit.
ce938631e3a9c9ef064a71a86662cee234639f00fe1ce75a32787d6606ff0462
This Metasploit module uses information disclosure to determine if MS17-010 has been patched or not. Specifically, it connects to the IPC$ tree and attempts a transaction on FID 0. If the status returned is "STATUS_INSUFF_SERVER_RESOURCES", the machine does not have the MS17-010 patch. This Metasploit module does not require valid SMB credentials in default server configurations. It can log on as the user "\" and connect to IPC$.
406793a6d738119ccb6d6413edb253d56dcc7567c30b9802bc8d69cb7209cb0b
Watchguard's Firebox and XTM appliances suffer from XML external entity injection and XML-RPC user enumeration vulnerabilities.
947dba226b2f6a9ad24e1b5e7af199cf29a3450764e88c890268dcb7b1cd44c2
This Metasploit module exploits a command injection vulnerability in the Huawei HG532n routers provided by TE-Data Egypt, leading to a root shell. The router's web interface has two kinds of logins, a "limited" user:user login given to all customers and an admin mode. The limited mode is used here to expose the router's telnet port to the outside world through NAT port-forwarding. With telnet now remotely accessible, the router's limited "ATP command line tool" (served over telnet) can be upgraded to a root shell through an injection into the ATP's hidden "ping" command.
13f129a4c5fe898ac3c2bbe4698d84747643595b279f6dd5ed13bb1e7817b43b
This article documents practical exploitation of CVE-2017-0199 and includes a proof of concept.
7e95162e6d74646b2e07b57b6589a73c89a2105aa6fc97d5f1fd7552b825222e
Microsoft Word RTF remote code execution proof of concept exploit.
e3af621ee635b743874aebf34413bfde2f9b300518dd7ab7af4dfce56b891d5c
This Metasploit module will cause a denial of service condition against the WinSCP version 5.9.4 client using the LIST command.
70b4a4f4603ab9597bca18a248bf1413f07aecd0e5667bd5fd8aae0701e0f356
VirusChaser version 8.0 SEH buffer overflow exploit.
55d4edfc5e560528047e28f4aa656ddf9ae557f65bf055d9001a301986a25b69
Mantis Bug Tracker versions 1.3.0 and 2.3.0 suffer from a pre-authentication remote password reset vulnerability.
da0c10bca7d635dd4ba8a9cdd41f8f1b36c9490cffa05acee01ffcdf095d74d1
TOVA 8 Precision Test Environment (P.T.E) suffers from an unquoted service path privilege escalation vulnerability.
6d308920f28a2c5983e612f26b7acbcdf9165ed8f467d95cc9e2cc4c8e5515e6
ETERNALBLUE is an SMBv1 remote unauthenticated zero day exploit that works on 2008 R2. Note that this exploit is part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content. Consider this exploit hostile and unverified. For research purposes only. Description has been referenced from http://medium.com/@networksecurity.
05652205ec079cb034a9a5089e9083c36d21f4c85c6d7ed59a43282856e0724b
ZIPPYBEER is an authenticated Microsoft Domain Controller exploit. Note that this exploit is part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content. Consider this exploit hostile and unverified. For research purposes only. Description has been referenced from http://medium.com/@networksecurity.
a148e3b45ad148ca6737a4263c0182505021cf747bac80212e574fefb57bccc1
EXPLODINGCAN is an exploit for Microsoft IIS 6 that leverages WebDAV and works on 2003 only. Note that this exploit is part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content. Consider this exploit hostile and unverified. For research purposes only. Description has been referenced from http://medium.com/@networksecurity.
2d29211219806e7a08f3a5f698230796b4681542694e0bd5b0ea60b287739cb2
EWOKFRENZY is an exploit for Lotus Domino versions 6 and 7. Note that this exploit is part of the recent public disclosure from the "Shadow Brokers" who claim to have compromised data from a team known as the "Equation Group", however, there is no author data available in this content. Consider this exploit hostile and unverified. For research purposes only. Description has been referenced from http://medium.com/@networksecurity.
802e399220f5980b8abeb9745d973c45a5f0896f56a6377dd9019bae93b6953e