what you don't know can hurt you
Showing 1 - 25 of 2,265 RSS Feed

Proof of Concept Files

Sequoia: A Deep Root In Linux's Filesystem Layer
Posted Jul 21, 2021
Authored by Qualys Security Advisory

Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer. They successfully exploited this uncontrolled out-of-bounds write, and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation; other Linux distributions are certainly vulnerable, and probably exploitable. A basic proof of concept (a crasher) is attached to this advisory.

tags | exploit, kernel, local, root, proof of concept
systems | linux, debian, fedora, ubuntu
advisories | CVE-2021-33909, CVE-2021-33910
MD5 | 2739ab8c7448e7ea41f28d5e97efa32a
Online Shopping Portal 3.1 SQL Injection
Posted Jul 21, 2021
Authored by faisalfs10x

Proof of concept code for a time-based blind remote SQL injection vulnerability in Online Shopping Portal version 3.1. This is a variant of the original discovery of SQL injection in this version by Umit Yalcin in July of 2020.

tags | exploit, remote, sql injection, proof of concept
MD5 | 4f65a9a04d5b6e35d86e2c743c2dc565
XNU Network Stack Kernel Heap Overflow
Posted Jul 14, 2021
Authored by Google Security Research, ianbeer

XNU suffers from a network stack kernel heap overflow due to an out-of-bounds memmove in 6lowpan. Proof of concept code included.

tags | exploit, overflow, kernel, proof of concept
advisories | CVE-2020-9967, CVE-2021-30736
MD5 | 9333b7751aa7686ac0ca4c62a49c3d4e
Windows TCP/IP Denial Of Service
Posted Jul 14, 2021
Authored by 0vercl0k | Site github.com

This is a proof of concept for a Windows TCP/IP denial of service vulnerability due to a NULL dereference in tcpip.sys. This was patched by Microsoft in February 2021. It is triggerable remotely by sending malicious UDP packet over IPv6.

tags | exploit, denial of service, udp, tcp, proof of concept
systems | windows
advisories | CVE-2021-24086
MD5 | 603e905801bb4f31bf554bafa86b2826
Realtek RTKVHD64.sys Out-Of-Bounds Access
Posted Jul 14, 2021
Authored by 0vercl0k | Site github.com

Proof of concept exploit for an out-of-bounds access vulnerability in the Realtek RTKVHD64.sys, leading to pool corruption.

tags | exploit, proof of concept
advisories | CVE-2021-32537
MD5 | 61c0be3a39d9a150ecd6ecc535ae3063
Microsoft Hyper-V vmswitch.sys Proof Of Concept
Posted Jul 14, 2021
Authored by 0vercl0k | Site github.com

This is a proof of concept for CVE-2021-28476 ("Hyper-V Remote Code Execution Vulnerability"), an arbitrary memory read in vmswitch.sys (network virtualization service provider) patched by Microsoft in May 2021.

tags | exploit, remote, arbitrary, code execution, proof of concept
advisories | CVE-2021-28476
MD5 | f030942316606ad6079ada92310ac838
Pallets Werkzeug 0.15.4 Path Traversal
Posted Jul 6, 2021
Authored by faisalfs10x

Proof of concept exploit for a path traversal vulnerability in Pallets Werkzeug version 0.15.4.

tags | exploit, proof of concept
advisories | CVE-2019-14322
MD5 | 262f237db7999ab766781c5e99c59463
PrintNightmare Windows Spooler Service Remote Code Execution
Posted Jul 2, 2021
Authored by Zhiniang Peng, Xuefeng Li | Site github.com

PrintNightmare remote code execution proof of concept exploit for the Windows Spooler Service.

tags | exploit, remote, code execution, proof of concept
systems | windows
advisories | CVE-2021-1675
MD5 | 18a157d3de35ba9fba2bda057819d0ad
Microsoft PrintNightmare Proof Of Concept
Posted Jul 2, 2021
Authored by cube0x0 | Site github.com

This is the Impacket implementation of the PrintNightmare proof of concept originally created by Zhiniang Peng and Xuefeng Li that leverages a privilege escalation vulnerability in the Windows Print Spooler.

tags | exploit, proof of concept
systems | windows
advisories | CVE-2021-1675
MD5 | 22a0e1a00b3142f5f762d0e3fa1470aa
XML External Entity Via MP3 File Upload On WordPress
Posted Jun 15, 2021
Authored by Vallari Sharma, Archie Midha

This document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.

tags | exploit, proof of concept, file upload
advisories | CVE-2021-29447
MD5 | f480e11bbb87f0689d864f58c065154d
KnFTP Server 1.0.0 Denial Of Service
Posted Jun 14, 2021
Authored by Fernando Mengali

KnFTP Server version 1.0.0 LIST denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | a72acf4b3f794d9350cade34d6f0dfdb
PCMan FTP Server 2.0.7 Denial Of Service
Posted Jun 13, 2021
Authored by Fernando Mengali

PCMan FTP Server version 2.0.7 USER denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | 17efc6e256a96524ee05c5544add1ecd
memono Notepad 4.2 Denial Of Service
Posted Jun 10, 2021
Authored by Geovanni Ruiz

memono Notepad 4.2 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | 02eea882c45475062dbace15b6daf8a6
EasyFTP Server 1.7.0.11 Denial Of Service
Posted Jun 10, 2021
Authored by Fernando Mengali

EasyFTP Server version 1.7.0.11 XRMD denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | 7f3bbe6bd85382a8eea6762baae721d3
Microsoft RDP Remote Code Execution
Posted Jun 3, 2021
Authored by Johnny Yu | Site github.com

Proof of concept exploit for a remote code execution vulnerability in Microsoft's RDP service.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2019-0708
MD5 | ba1bc2933bf6b851671dc70d3284245c
Exim base64d Buffer Overflow
Posted Jun 3, 2021
Authored by Johnny Yu | Site github.com

Exim versions prior to 4.90.1 remote buffer overflow proof of concept exploit.

tags | exploit, remote, overflow, proof of concept
advisories | CVE-2018-6789
MD5 | 6468b402efc15ca33e2db61638ca5cb9
Cisco SD-WAN vManage 19.2.2 Remote Root
Posted Jun 3, 2021
Authored by Johnny Yu | Site github.com

Cisco SD-WAN vManage version 19.2.2 remote root shell proof of concept exploit that leverages multiple vulnerabilities.

tags | exploit, remote, shell, root, vulnerability, proof of concept
systems | cisco
advisories | CVE-2020-3387, CVE-2020-3437
MD5 | a4bd588c350b9a327fc445d03fadab85
VMware ESXi OpenSLP Heap Overflow
Posted Jun 3, 2021
Authored by Johnny Yu | Site github.com

Proof of concept exploit for the OpenSLP heap overflow in VMware ESXi versions 7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, and 6.5 before ESXi650-202102101-SG.

tags | exploit, overflow, proof of concept
advisories | CVE-2021-21974
MD5 | 74b3fa0ce957d3e82fb4eb6c32a6c8f6
DupTerminator 1.4.5639.37199 Denial Of Service
Posted Jun 1, 2021
Authored by Brian Rodriguez

DupTerminator version 1.4.5639.37199 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | 055b8b8e2d4f5efb50ab336161341836
Postbird 0.8.4 XSS / LFI / Insecure Data Storage
Posted Jun 1, 2021
Authored by Tridentsec | Site tridentsec.io

Postbird version 0.8.4 suffers from cross site scripting, local file inclusion, and insecure data storage vulnerabilities. Included in this archive is a whitepaper and proof of concept exploit.

tags | exploit, local, vulnerability, xss, proof of concept, file inclusion
advisories | CVE-2021-33570
MD5 | f60c4ad77076831e6c6210dffcd07d54
Ubuntu OverlayFS Local Privilege Escalation
Posted May 31, 2021
Authored by Chris Wild, Sudhanshu Kumar, Rohit Verma

The document in this archive illustrates using the included proof of concept exploit to achieve root on Ubuntu systems using a flaw in the OverlayFS file system. The exploit itself does not have author attribution as the proof of concept came through SSD Disclosures.

tags | exploit, paper, root, proof of concept
systems | linux, ubuntu
advisories | CVE-2021-3493
MD5 | f594195ba35e11d203cb280d4aa0e967
PHP 8.1.0-dev Backdoor Remote Command Execution
Posted May 31, 2021
Authored by Mayank Deshmukh

PHP version 8.1.0-dev unauthenticated remote command execution proof of concept exploit that leverages the backdoor.

tags | exploit, remote, php, proof of concept
MD5 | 68b81a413521d514b1b67f8bde5a5138
RarmaRadio 2.72.8 Denial Of Service
Posted May 26, 2021
Authored by Ismael Nava

RarmaRadio version 2.72.8 denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
MD5 | e3972881c8a84c8b53c0c3119a4c0df4
Microsoft HTTP Protocol Stack Remote Code Execution
Posted May 20, 2021
Authored by 0vercl0k

Proof of concept exploit for the HTTP protocol stack remote code execution vulnerability related to a use-after-free dereference in http.sys.

tags | exploit, remote, web, code execution, protocol, proof of concept
advisories | CVE-2021-31166
MD5 | 231a2e9926b68408725ba7d1ab0d8acd
xscreensaver Raw Socket Leak
Posted Apr 19, 2021
Authored by Tavis Ormandy, Google Security Research

xscreensaver suffers from a raw socket leak vulnerability. Proof of concept exploit demonstrates running tcpdump via this issue.

tags | exploit, proof of concept
MD5 | 48106b83c9aba927ebf03a5ccbadc196
Page 1 of 91
Back12345Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    1 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    21 Files
  • 27
    Jul 27th
    8 Files
  • 28
    Jul 28th
    9 Files
  • 29
    Jul 29th
    12 Files
  • 30
    Jul 30th
    9 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close