Proof of concept exploit for Oracle RMAN on Oracle database versions 19c, 18c, 12.2.0.1, and 12.1.0.2 where recovery actions are not adequately logged.
4059913b910843fd7806fdd44a93afe09ba3bfaf7adb61de29614d5ac1df0dfc
Fortigate version 7.0.1 post authentication stack overflow zero day proof of concept exploit.
122dadbd84dd704ea57462ca66b6e746cb96632b68962fd5dd9add747b0391c5
PaperCut MF/NG proof of concept exploit that uses an authentication bypass vulnerability chained with abuse of built-in scripting functionality to execute code.
e01888c501e68b969faf6f9f0762260b9738e28e6c41609aee12cd8f6079824b
Swagger UI version 4.1.3 user interface misrepresentation of information proof of concept exploit.
74f00a654a2a4d31c2b12b82b8be249256b117d11759bd35353dda66a083ddc7
ImageMagick versions 6.9.11-60 and 7.1.0-48 arbitrary file read proof of concept exploit.
227461e99f3e214a1f0598dff3f2d58078edc4061f9acd2b5625012543e57375
Proof of concept code for a critical Microsoft Outlook vulnerability for Windows that allows hackers to remotely steal hashed passwords by simply receiving an email.
82650f1794c39715f1ff003f78302ace745bb32d6a7b8594b0d5025474d9963b
Proof of concept details for Oracle database versions 12.1.0.2, 12.2.0.1, 18c, and 19c that had a PDB isolation vulnerability allowing viewing of metadata for a different database within the same container.
7a77b45fcc76d5afb91f7f9e5267626d1904eb000933f05496369762ff8b6fb4
NetBSD hfslib_reada_node_offset local overflow proof of concept exploit.
aeffa7486397ae14dcb26b948fa13d566e647001d7c05e6c914781abe7d49588
Monitorr version 1.7.6 remote shell upload proof of concept exploit written in Python.
01595757eb8db499b07b46be3566c6b8bae226e88e11b02fea9bef8418392389
Proof of concept overview on how the DBMS_REDACT Dynamic Data Masking security feature in Oracle can be bypassed. Affected versions include 19c and 21c.
faa91bafa9b2e6c720d769cabe566e32648af86218a89d1e65f2e8680b811db4
Proof of concept remote command execution and file retrieval backdoor script for ModSecurity.
48d8b60d0bc4cdb2a44679ca2e1994ad76834d87845227891745d812a2dd8f7b
IBM Websphere Application Server version 7.0 persistent cross site scripting vulnerability proof of concept details.
dc1233536d7555212b10f45b23030e26739234a2f687d52112ff10261d1e40e6
Roxy Fileman versions 1.4.6 and below remote shell upload proof of concept exploit.
16a9c59173c82b869a340397a5e68377531e0e0f9be9781793142e4f47786e1b
This is a whitepaper along with a proof of concept eml file discussing CVE-2020-16947 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.13231.20262 when it fails to properly handle objects in memory.
e10886839475e813dff9362bc048392f047b424255b849ca304a468b0daa17a3
This is a whitepaper along with a proof of concept eml file that demonstrates an out-of-bounds read on Outlook 2019 version 16.0.12624.20424. NIST references this issue as simply an information disclosure.
d7cbdf78b8d88b5ef4f17ae322717c6adec1d335f3eddae9fc75f883c66bbc76
In 2015, HD Moore, the creator of Metasploit, published an article disclosing over 5,800 gas station Automated Tank Gauges (ATGs) which were publicly accessible. Besides monitoring for leakage, these systems are also instrumental in gauging fluid levels, tank temperature, and can alert operators when tank volumes are too high or have reached a critical low. ATGs are utilized by nearly every fueling station in the United States and tens of thousands of systems internationally. They are most commonly manufactured by Veeder-Root, a supplier of fuel dispensers, payment systems, and forecourt merchandising. For remote monitoring of these fuel systems, operators will commonly configure the ATG serial interface to an internet-facing TCP port (generally set to TCP 10001). This script reads the Get In-Tank Inventory Report from TCP/10001 as a proof of concept to demonstrate the arbitrary access.
1222ef3166eddf3e2b1283c72bc5f78616ec813de663f9a776c261eacba66ccf
MiniDVBLinux versions 5.4 and below root password changing proof of concept exploit.
0517758916f5224ee0d63a86e0026b8a9d83c177f294a5ec74c5a0938e44fc11
This is a write up demonstrating how to get root on macOS 12.3.1 using CoreTrust and DriverKit bugs. Included is the spawn_root proof of concept.
42264f6011010d1ea9305f22c2f23628b9337624b236c163e1a40b0e1273560f
This is a proof of concept exploit for the Apple macOS remote events remote memory corruption vulnerability. It serves as a toolkit to help debug and trigger crashes.
b71c042ede4f92abca7d1cc98ba26d58de335a31e253ab82c25fea5b3120ba80
There is a vulnerability in Kik Messenger for Android that allows an attacker to send arbitrary XMPP stanzas (XMPP control messages) to another Kik client, including XMPP stanzas that are normally sent only by the Kik server. Included is a proof of concept that demonstrates sending of the stc stanza which triggers a captcha dialog and opens an arbitrary attacker-control webpage on the victim client. However, the full impact is likely larger than this, and includes any application features accessible over XMPP.
3f66b31a34e395df392668d6453b6eee4bbfd623765c95d99108116f95c8a143
Proof of concept script that exploits the remote code execution vulnerability affecting Atlassian Confluence versions 7.18 and below. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance. All supported versions of Confluence Server and Data Center are affected. Confluence Server and Data Center versions after 1.3.0 and below 7.18.1 are affected. The vulnerability has a CVSS score of 10 out of 10 for criticality.
af35a5a0af240395f62e977601885f29387ee4fc958081d1910e6f6f0d3d428a
Through the Wire is a proof of concept exploit for CVE-2022-26134, an OGNL injection vulnerability affecting Atlassian Confluence Server and Data Center versions 7.13.6 LTS and below and versions 7.18.0 "Latest" and below. This was originally a zero-day exploited in-the-wild.
942e5b3f32027294cb480a1f6e34ca8ed1933380c4aa4a79161e45a5c6ec7cbc
Proof of concept for the remote code execution vulnerability in MSDT known as Follina.
53ac1f74816b206d64cdb03e581a54d26e7aad446de7be2e6ecd1af77d47ebc2
Proof of concept exploit for the Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability dubbed Follina.
21dda01f8e88aa4687f62848057799f68aeaf508af81b73f3368b5656c8f92fe
Victorian Machinery is a proof of concept exploit for CVE-2022-30525. The vulnerability is an unauthenticated and remote command injection vulnerability affecting Zyxel firewall's that support zero touch provisioning. Zyxel pushed a fix for this issue on April 28, 2022. Multiple models are affected.
d85780bb5daa2abd4c685fc1f2bd14ad0bfe7fbd9a5a6a99b45f1efcddb6a0bf