what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 2,302 RSS Feed

Proof of Concept Files

Oracle RMAN Missing Auditing
Posted May 5, 2023
Authored by Emad Al-Mousa

Proof of concept exploit for Oracle RMAN on Oracle database versions 19c, 18c, 12.2.0.1, and 12.1.0.2 where recovery actions are not adequately logged.

tags | exploit, proof of concept
advisories | CVE-2020-2978
SHA-256 | 4059913b910843fd7806fdd44a93afe09ba3bfaf7adb61de29614d5ac1df0dfc
Fortigate 7.0.1 Stack Overflow
Posted May 2, 2023
Authored by Cody Sixteen

Fortigate version 7.0.1 post authentication stack overflow zero day proof of concept exploit.

tags | exploit, overflow, proof of concept
SHA-256 | 122dadbd84dd704ea57462ca66b6e746cb96632b68962fd5dd9add747b0391c5
PaperCut MF/NG Authentication Bypass / Remote Code Execution
Posted Apr 25, 2023
Authored by James Horseman, Zach Hanley, Horizon3 Attack Team | Site github.com

PaperCut MF/NG proof of concept exploit that uses an authentication bypass vulnerability chained with abuse of built-in scripting functionality to execute code.

tags | exploit, proof of concept, bypass
advisories | CVE-2023-27350
SHA-256 | e01888c501e68b969faf6f9f0762260b9738e28e6c41609aee12cd8f6079824b
Swagger UI 4.1.3 Critical Information Misrepresentation
Posted Apr 20, 2023
Authored by Rafael Cintra Lopes

Swagger UI version 4.1.3 user interface misrepresentation of information proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | 74f00a654a2a4d31c2b12b82b8be249256b117d11759bd35353dda66a083ddc7
ImageMagick 7.1.0-48 Arbitrary File Read
Posted Apr 6, 2023
Authored by Cristian Giustini

ImageMagick versions 6.9.11-60 and 7.1.0-48 arbitrary file read proof of concept exploit.

tags | exploit, arbitrary, proof of concept
advisories | CVE-2022-44268
SHA-256 | 227461e99f3e214a1f0598dff3f2d58078edc4061f9acd2b5625012543e57375
Microsoft Outlook CVE-2023-23397 Proof Of Concept
Posted Mar 16, 2023
Authored by sqrtZeroKnowledge | Site github.com

Proof of concept code for a critical Microsoft Outlook vulnerability for Windows that allows hackers to remotely steal hashed passwords by simply receiving an email.

tags | exploit, proof of concept
systems | windows
advisories | CVE-2023-23397
SHA-256 | 82650f1794c39715f1ff003f78302ace745bb32d6a7b8594b0d5025474d9963b
Oracle DB Broken PDB Isolation / Metadata Exposure
Posted Mar 15, 2023
Authored by Emad Al-Mousa

Proof of concept details for Oracle database versions 12.1.0.2, 12.2.0.1, 18c, and 19c that had a PDB isolation vulnerability allowing viewing of metadata for a different database within the same container.

tags | exploit, proof of concept, info disclosure
advisories | CVE-2021-2173
SHA-256 | 7a77b45fcc76d5afb91f7f9e5267626d1904eb000933f05496369762ff8b6fb4
NetBSD hfslib_reada_node_offset Overflow
Posted Mar 3, 2023
Authored by Erg Noor | Site github.com

NetBSD hfslib_reada_node_offset local overflow proof of concept exploit.

tags | exploit, overflow, local, proof of concept
systems | netbsd
SHA-256 | aeffa7486397ae14dcb26b948fa13d566e647001d7c05e6c914781abe7d49588
Monitorr 1.7.6 Shell Upload
Posted Feb 10, 2023
Authored by Achuth V P

Monitorr version 1.7.6 remote shell upload proof of concept exploit written in Python.

tags | exploit, remote, shell, proof of concept, python
advisories | CVE-2023-26775
SHA-256 | 01595757eb8db499b07b46be3566c6b8bae226e88e11b02fea9bef8418392389
Oracle DBMS_REDACT Dynamic Data Masking Bypass
Posted Jan 3, 2023
Authored by Emad Al-Mousa

Proof of concept overview on how the DBMS_REDACT Dynamic Data Masking security feature in Oracle can be bypassed. Affected versions include 19c and 21c.

tags | exploit, proof of concept, bypass
SHA-256 | faa91bafa9b2e6c720d769cabe566e32648af86218a89d1e65f2e8680b811db4
ModSecurity Backdoor Tool
Posted Jan 3, 2023
Authored by Jozef Sudolsky | Site github.com

Proof of concept remote command execution and file retrieval backdoor script for ModSecurity.

tags | tool, remote, rootkit, proof of concept
systems | unix
SHA-256 | 48d8b60d0bc4cdb2a44679ca2e1994ad76834d87845227891745d812a2dd8f7b
IBM Websphere Application Server 7.0 Cross Site Scripting
Posted Dec 2, 2022
Authored by Milad Karimi

IBM Websphere Application Server version 7.0 persistent cross site scripting vulnerability proof of concept details.

tags | exploit, xss, proof of concept
advisories | CVE-2009-0855
SHA-256 | dc1233536d7555212b10f45b23030e26739234a2f687d52112ff10261d1e40e6
Roxy Fileman 1.4.6 Remote Shell Upload
Posted Nov 21, 2022
Authored by Hadi Mene

Roxy Fileman versions 1.4.6 and below remote shell upload proof of concept exploit.

tags | exploit, remote, shell, proof of concept, file upload
advisories | CVE-2022-40797
SHA-256 | 16a9c59173c82b869a340397a5e68377531e0e0f9be9781793142e4f47786e1b
Microsoft Outlook 2019 16.0.13231.20262 Remote Code Execution
Posted Nov 21, 2022
Authored by Hangjun Go

This is a whitepaper along with a proof of concept eml file discussing CVE-2020-16947 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.13231.20262 when it fails to properly handle objects in memory.

tags | exploit, paper, remote, code execution, proof of concept
advisories | CVE-2020-16947
SHA-256 | e10886839475e813dff9362bc048392f047b424255b849ca304a468b0daa17a3
Microsoft Outlook 2019 16.0.12624.20424 Out-Of-Bounds Read
Posted Nov 21, 2022
Authored by Hangjun Go

This is a whitepaper along with a proof of concept eml file that demonstrates an out-of-bounds read on Outlook 2019 version 16.0.12624.20424. NIST references this issue as simply an information disclosure.

tags | exploit, paper, proof of concept, info disclosure
advisories | CVE-2020-1493
SHA-256 | d7cbdf78b8d88b5ef4f17ae322717c6adec1d335f3eddae9fc75f883c66bbc76
Automated Tank Gauge (ATG) Remote Configuration Disclosure
Posted Nov 3, 2022
Authored by RoseSecurity

In 2015, HD Moore, the creator of Metasploit, published an article disclosing over 5,800 gas station Automated Tank Gauges (ATGs) which were publicly accessible. Besides monitoring for leakage, these systems are also instrumental in gauging fluid levels, tank temperature, and can alert operators when tank volumes are too high or have reached a critical low. ATGs are utilized by nearly every fueling station in the United States and tens of thousands of systems internationally. They are most commonly manufactured by Veeder-Root, a supplier of fuel dispensers, payment systems, and forecourt merchandising. For remote monitoring of these fuel systems, operators will commonly configure the ATG serial interface to an internet-facing TCP port (generally set to TCP 10001). This script reads the Get In-Tank Inventory Report from TCP/10001 as a proof of concept to demonstrate the arbitrary access.

tags | exploit, remote, arbitrary, root, tcp, proof of concept
SHA-256 | 1222ef3166eddf3e2b1283c72bc5f78616ec813de663f9a776c261eacba66ccf
MiniDVBLinux 5.4 Change Root Password
Posted Oct 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

MiniDVBLinux versions 5.4 and below root password changing proof of concept exploit.

tags | exploit, root, proof of concept
SHA-256 | 0517758916f5224ee0d63a86e0026b8a9d83c177f294a5ec74c5a0938e44fc11
macOS 12.3.1 Local Root
Posted Oct 10, 2022
Authored by zhuowei | Site worthdoingbadly.com

This is a write up demonstrating how to get root on macOS 12.3.1 using CoreTrust and DriverKit bugs. Included is the spawn_root proof of concept.

tags | exploit, root, proof of concept
advisories | CVE-2022-26763, CVE-2022-26766
SHA-256 | 42264f6011010d1ea9305f22c2f23628b9337624b236c163e1a40b0e1273560f
Apple macOS Remote Events Memory Corruption
Posted Sep 5, 2022
Authored by Jeremy Brown

This is a proof of concept exploit for the Apple macOS remote events remote memory corruption vulnerability. It serves as a toolkit to help debug and trigger crashes.

tags | exploit, remote, proof of concept
systems | apple
advisories | CVE-2022-22630
SHA-256 | b71c042ede4f92abca7d1cc98ba26d58de335a31e253ab82c25fea5b3120ba80
Kik Messenger XMPP Stanza Smuggling
Posted Jun 10, 2022
Authored by Ivan Fratric, Google Security Research

There is a vulnerability in Kik Messenger for Android that allows an attacker to send arbitrary XMPP stanzas (XMPP control messages) to another Kik client, including XMPP stanzas that are normally sent only by the Kik server. Included is a proof of concept that demonstrates sending of the stc stanza which triggers a captcha dialog and opens an arbitrary attacker-control webpage on the victim client. However, the full impact is likely larger than this, and includes any application features accessible over XMPP.

tags | exploit, arbitrary, proof of concept
SHA-256 | 3f66b31a34e395df392668d6453b6eee4bbfd623765c95d99108116f95c8a143
Confluence OGNL Injection Proof Of Concept
Posted Jun 7, 2022
Authored by Samy Younsi | Site github.com

Proof of concept script that exploits the remote code execution vulnerability affecting Atlassian Confluence versions 7.18 and below. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance. All supported versions of Confluence Server and Data Center are affected. Confluence Server and Data Center versions after 1.3.0 and below 7.18.1 are affected. The vulnerability has a CVSS score of 10 out of 10 for criticality.

tags | exploit, remote, arbitrary, code execution, proof of concept
advisories | CVE-2022-26134
SHA-256 | af35a5a0af240395f62e977601885f29387ee4fc958081d1910e6f6f0d3d428a
Through The Wire CVE-2022-26134 Confluence Proof Of Concept
Posted Jun 7, 2022
Authored by jbaines-r7 | Site github.com

Through the Wire is a proof of concept exploit for CVE-2022-26134, an OGNL injection vulnerability affecting Atlassian Confluence Server and Data Center versions 7.13.6 LTS and below and versions 7.18.0 "Latest" and below. This was originally a zero-day exploited in-the-wild.

tags | exploit, proof of concept
advisories | CVE-2022-26134
SHA-256 | 942e5b3f32027294cb480a1f6e34ca8ed1933380c4aa4a79161e45a5c6ec7cbc
Microsoft Office MSDT Follina Proof Of Concept
Posted May 31, 2022
Authored by JMousqueton | Site github.com

Proof of concept for the remote code execution vulnerability in MSDT known as Follina.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2022-30190
SHA-256 | 53ac1f74816b206d64cdb03e581a54d26e7aad446de7be2e6ecd1af77d47ebc2
Microsoft Follina Proof Of Concept
Posted May 31, 2022
Authored by onecloudemoji | Site github.com

Proof of concept exploit for the Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability dubbed Follina.

tags | exploit, remote, code execution, proof of concept
systems | windows
advisories | CVE-2022-30190
SHA-256 | 21dda01f8e88aa4687f62848057799f68aeaf508af81b73f3368b5656c8f92fe
Zyxel Remote Command Execution
Posted May 16, 2022
Authored by jbaines-r7 | Site github.com

Victorian Machinery is a proof of concept exploit for CVE-2022-30525. The vulnerability is an unauthenticated and remote command injection vulnerability affecting Zyxel firewall's that support zero touch provisioning. Zyxel pushed a fix for this issue on April 28, 2022. Multiple models are affected.

tags | exploit, remote, proof of concept
advisories | CVE-2022-30525
SHA-256 | d85780bb5daa2abd4c685fc1f2bd14ad0bfe7fbd9a5a6a99b45f1efcddb6a0bf
Page 1 of 93
Back12345Next

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    18 Files
  • 2
    Jun 2nd
    13 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    32 Files
  • 6
    Jun 6th
    39 Files
  • 7
    Jun 7th
    22 Files
  • 8
    Jun 8th
    17 Files
  • 9
    Jun 9th
    20 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close