This is a proof-of-concept tool to demonstrate possible distributed attacking concepts, such as sending packets from one workstation and sniffing the reply packets on another.
5e617cf0cb9536d67cf2f63996629e47e11fc6856b5cfb66fe5a51d551eb1189This is a proof of concept exploit for the Apple macOS remote events remote memory corruption vulnerability. It serves as a toolkit to help debug and trigger crashes.
b71c042ede4f92abca7d1cc98ba26d58de335a31e253ab82c25fea5b3120ba80This is a proof of concept for a Windows TCP/IP denial of service vulnerability due to a NULL dereference in tcpip.sys. This was patched by Microsoft in February 2021. It is triggerable remotely by sending malicious UDP packet over IPv6.
0516b2a0dc860ebf19e63ce4021cd59c81f89b4c0605fd9ecea4c32742d682e0This is a proof of concept for CVE-2021-28476 ("Hyper-V Remote Code Execution Vulnerability"), an arbitrary memory read in vmswitch.sys (network virtualization service provider) patched by Microsoft in May 2021.
48a1cc3a6acb78d90f7e5beca74fe39f754180b4d7a5529002e913fac71d8976This is a proof of concept exploit that takes advantage of a privilege escalation vulnerability in the Windows Print Spooler.
10cd5282101291a6752965e7e18cbc4e13658d0643547dbb3204e8fd764b8c3aThis is a proof of concept exploit that demonstrates the SMBleed remote kernel memory read vulnerability.
0af6adccbaa14f46fae84ec9b385edc67b8dfd138dd74de61102046328ddd506This is a proof of concept for CVE-2018-8413 where the Microsoft Windows Theme API had a file parsing vulnerability.
151f82e511c984cae8aeb3b7d347316ee62dc83304eec3e377f5c727cc699462This is a proof of concept exploit that demonstrates the Microsoft Windows CryptoAPI spoofing vulnerability as described in CVE-2020-0601 and disclosed by the NSA.
dbcf6e21e9b280b90adc6d4dc06dc38feadb3dd70aef54f167d5df5417901041This is a proof of concept exploit of the PortSmash micro-architecture vulnerability that makes use of an SMT side-channel attack.
883afbc344f3891cddcec8777cf2e0d9c121b4315090fae51c38ec879915df0eThis is a proof of concept exploit for the memcached denial of service vulnerability.
e236ca49ed546c12ddb112111227312a5a52d87e88bf7ea165c9c3f5f8064cc2This is a proof of concept for the Huge Dirty Cow vulnerability (CVE-2017-1000405). Before running, make sure to set transparent huge pages to "always" with "echo always | sudo tee /sys/kernel/mm/transparent_hugepage/enabled".
50b43bfd2a4bd7eba2cd6356aa2b51d18c79f963281e4740e87af772ef924eedThis is a proof of concept exploit for the waitid bug introduced in version 4.13 of the Linux kernel. It can be used to break out of sandboxes such as that in Google Chrome.
854cb1ce85981606e24a931ab89249e09b5fa308d5a78568be232d6518a25db0This is a proof of concept of an OS X / iOS kernel use-after-free racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient.
79081df20f058ae04524d60bd64ede2274ad0427278d2da4608b9c9253bfcd1fFuse (fusermount) suffers from a local privilege escalation vulnerability. This is a proof of concept for Ubuntu.
b50e101f0fd8a29c70f51dd4db578306c1a77f5520e6a8b981293987baf4ba67This is a proof-of-concept exploit that is able to escape from Native Client's x86-64 sandbox on machines that are susceptible to the DRAM "rowhammer" problem. It works by inducing a bit flip in read-only code so that the code is no longer safe, producing instruction sequences that wouldn't pass NaCl's x86-64 validator. Note that this uses the CLFLUSH instruction, so it doesn't work in newer versions of NaCl where this instruction is disallowed by the validator.
e6593966ab188ce0527192162955cdd9d0be2836c92fe8c8ae35f4c97e8dbe65This is a proof-of-concept exploit that is able to gain kernel privileges on machines that are susceptible to the DRAM "rowhammer" problem. It runs as an unprivileged userland process on x86-64 Linux. It works by inducing bit flips in page table entries (PTEs).
b98de0b89f4234492083f03996c7cb5d72fb3cfcc699889b93c0cd1a61b15025This is a proof of concept that demonstrates how the Bash shellshock vulnerability can be used in PHP to bypass disable_functions, safe_mode, etc.
b9bd9444e5105c1afeb7ec6b5e23447262e07246b635b19251ef95b61a88d237AVE.CMS versions less than 2.09 suffer from a remote blind SQL injection vulnerability in the "module" parameter. This is a proof of concept exploit. This issue is addressed in later versions.
a58ccee98e2766a83b2334654aae4e4bd323c91cb8f725358879fb1018be8100The SCTP implementation used by FreeBSD ("reference implementation") is vulnerable to a remote NULL pointer dereference in kernel due to a logic bug. When parsing ASCONF chunks, an attempt is made to find an association by address. if the address found is INADDR_ANY, sctp_findassoc_by_vtag() is called and an attempt is made to find an association by vtag. Before searching for the vtag in a hash table, a pointer is set to NULL, with the intention of redefining it after finding the association. However, if the specified vtag is not found, the function returns and the ptr is never reinitialized, causing a kernel panic when the NULL pointer is later dereferenced by the SCTP_INP_DECR_REF macro when flow returns to sctp_process_control(). This is a proof of concept denial of service exploit.
318b17b766a7c0e5fc891db3c6cd991c6323ae2a559c0d010ec2ec369599711bThis is a proof of concept remote root authentication bypass exploit for F5 BIG-IP. Written in Python.
56ead1dc2b7a0b89044841502ec4977b0bed8067f3b3118da72703e3b50cbed2LibreOffice version 3.5.2.2 suffers from a soffice.exe\soffice.bin memory corruption vulnerability when handling a malformed RTF file. This is a proof of concept exploit.
9108e491be1d7df3025c505170e97f3e07e7d1652a9bd9606c234343e61301b5This is a proof of concept exploit for the vulnerability documented in MS11-046 for the Microsoft Windows Ancillary Function Driver (AFD).
db03166f4056e42fe514f3a64ffbe8b1395886a9e9f58f55dbe8e7302af75e70This is a proof of concept exploit that allows an attacker to execute arbitrary code via vectors involving a dereferenced memory address in Microsoft Internet Explorer 8. It leverages the issue discussed in MS11-081. The exploit is slightly crippled by the author.
31cef28f3ae91f47c652ada6f2b786f3ba4d464050c6d2c3cfd46b5a0f99df82The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character. This is a proof of concept exploit that demonstrates this vulnerability.
75f36dfa842b3b7a95c175cb265cef819693d09f8c78a6ec91fe76cb8705da9eThis is a proof of concept exploit that leverages the addUrl method in the DeploymentScanner module on an exposed JBoss JMX console.
3b14a4e6aa14ccbdd211ed14a974885f5bc04e420e7ba32e5ebbbb4652200efbThis is a proof of concept denial of service exploit for Adobe Reader / Acrobat 10.0.1.
f4707181a5488c9a9c04dd3216eef79a7d475b24d554758aac8d2f6d346f71c2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed