what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 2,421 RSS Feed

Proof of Concept Files

CyberPanel upgrademysqlstatus Arbitrary Command Execution
Posted Nov 7, 2024
Site github.com

Proof of concept remote command execution exploit for CyberPanel versions prior to 5b08cd6.

tags | exploit, remote, proof of concept
advisories | CVE-2024-51567
SHA-256 | cc940e99f4e4ef4ac83ab7b84fe7d3f90ff95549ed54049913abec4f7582bf85
WordPress Automatic 3.92.0 Path Traversal / Server-Side Request Forgery
Posted Oct 31, 2024
Authored by Quantum-Hacker | Site github.com

WordPress Automatic plugin versions 3.92.0 and below proof of concept exploit that demonstrates path traversal and server-side request forgery vulnerabilities.

tags | exploit, vulnerability, proof of concept
advisories | CVE-2024-27954
SHA-256 | 1e3ab221180e7f26ab2127194c4584fbb6f05727c5578c16eb87089046795a1e
CyberPanel Command Injection
Posted Oct 31, 2024
Authored by Luka Petrovic | Site github.com

Proof of concept exploit for a command injection vulnerability in CyberPanel. This vulnerability enables unauthenticated attackers to inject and execute arbitrary commands on vulnerable servers by sending crafted OPTIONS HTTP requests to /dns/getresetstatus and /ftp/getresetstatus endpoints, potentially leading to full system compromise. Versions prior to 1c0c6cb appear to be affected.

tags | exploit, web, arbitrary, proof of concept
advisories | CVE-2024-51378
SHA-256 | f67f580b585c400ff03b025158d51ee9a118eeef098fff7d55b85a53e5841da2
Skyhigh Client Proxy Policy Bypass
Posted Oct 31, 2024
Authored by calligraf0 | Site github.com

Proof of concept code for a flaw where a malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code.

tags | exploit, proof of concept
advisories | CVE-2024-0311
SHA-256 | 2e31e7ddba5252351c7ee14e263acdbc754af802d6a309868e3a30682bf1b543
Grav CMS 1.7.44 Server-Side Template Injection
Posted Oct 7, 2024
Authored by geniuszlyy | Site github.com

GenGravSSTIExploit is a proof of concept Python script that exploits an authenticated server-side template injection (SSTI) vulnerability in Grav CMS versions 1.7.44 and below. This vulnerability allows a user with editor permissions to execute OS commands on a remote server.

tags | exploit, remote, proof of concept, python
advisories | CVE-2024-28116
SHA-256 | 320840a574bd1e39d76e644a70206a220bf7e080390462bcc9fbdf69d6cd628a
TeamViewer Privilege Escalation
Posted Oct 4, 2024
Authored by Peter Gabaldon | Site github.com

Proof of concept code for a flaw in TeamViewer that enables an unprivileged user to load an arbitrary kernel driver into the system.

tags | exploit, arbitrary, kernel, proof of concept
advisories | CVE-2024-7479, CVE-2024-7481
SHA-256 | 8e84c906525cb3028d5e2434a5ce1ee9c2d79ef078f6024e17e16888fa959853
CUPS Arbitrary Command Execution
Posted Oct 2, 2024
Authored by pearlmansara | Site github.com

Proof of concept remote command execution exploit for CUPS that leverages the vulnerability outlined in CVE-2024-47176.

tags | exploit, remote, proof of concept
advisories | CVE-2024-47176
SHA-256 | f82d269469017149bbd434de30b07d4526663090bd5e3ba7fda438e2b9fa9ee7
ALEOS 4.16 Denial Of Service
Posted Oct 2, 2024
Authored by 7h3w4lk3r | Site github.com

ALEOS versions 4.16 and below denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
advisories | CVE-2023-40459
SHA-256 | 93e119b2d764c5aa22f0c54cf74c0369c5a4254019d26c982bb0de6d5d846df2
TI Bluetooth Denial Of Service
Posted Sep 26, 2024
Authored by crypt0d1v3r | Site github.com

Proof of concept toolkit to demonstrate the issue noted in CVE-2023-52709 related to the TI bluetooth stack. When running Defensics test case #SMP legacy 1001 with loop mode on DUT configured as resolvable private address, after a while, the device will end up generating unresolvable random private address causing denial of service for already bonded peer devices.

tags | exploit, denial of service, proof of concept
advisories | CVE-2023-52709
SHA-256 | 02f2601eddbe9fb045062d2c686c897f6039df04b9482db6478440625d4786ae
Invesalius 3.1.99995 Arbitrary File Write / Directory Traversal
Posted Sep 23, 2024
Authored by Riccardo Degli Esposti

Proof of concept python3 code that creates a malicious payload to exploit an arbitrary file write via directory traversal in Invesalius version 3.1. In particular the exploitation steps of this vulnerability involve the use of a specifically crafted .inv3 (a custom extension for InVesalius) that is indeed a tar file file which, once imported inside the victim's client application allows an attacker to write files and folders on the disk.

tags | exploit, arbitrary, proof of concept, file inclusion
advisories | CVE-2024-44825
SHA-256 | 3e2115a5ac5563793a0f2c821d2286084e05076d87ec7793c02b372c65ca4475
Nexus Repository Manager 3 Path Traversal
Posted Sep 19, 2024
Authored by verylazytech | Site github.com

Proof of concept exploit that demonstrates an unauthenticated path traversal vulnerability in Nexus Repository Manager version 3.

tags | exploit, proof of concept
advisories | CVE-2024-4956
SHA-256 | bfbc582aeb7d694c2fb50f516d1b6e7be747c9691933654f4b1d426c8e5327dd
Check Point Security Gateways Information Disclosure
Posted Sep 19, 2024
Authored by verylazytech | Site github.com

Proof of concept exploit that demonstrates an information disclosure vulnerability in Check Point Security Gateways.

tags | exploit, proof of concept, info disclosure
advisories | CVE-2024-24919
SHA-256 | 3d1d9908347cad7b090b35327c160e791c08878516956e5f60997b2cd3d13687
VICIdial SQL Injection / Remote Code Execution
Posted Sep 16, 2024
Authored by Chocapikk | Site github.com

Proof of concept exploit that allows an attacker to retrieve administrative credentials through SQL injection and ultimately execute arbitrary code on the target server.

tags | exploit, arbitrary, sql injection, proof of concept
advisories | CVE-2024-8503, CVE-2024-8504
SHA-256 | e281d48432c2585fa05b2517fffc0171d56091981f896fb78703333f642a73a5
Rejetto HTTP File Server 2.3m Template Injection / Arbitrary Code Execution
Posted Sep 16, 2024
Authored by verylazytech | Site github.com

Proof of concept remote code execution exploit for Rejetto HTTP File Server (HFS) version 2.3m.

tags | exploit, remote, web, code execution, proof of concept
advisories | CVE-2024-23692
SHA-256 | 94abc34636ee9d2ee77ab7b6f4f07a3e5915b2c3ea027b41ba855261a1cd204a
Calibre 7.14.0 Remote Code Execution
Posted Sep 16, 2024
Authored by Uno13x | Site github.com

Proof of concept unauthenticated remote code execution exploit for Calibre versions 7.14.0 and below.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2024-6782
SHA-256 | 8c3200bd22a9201376c309b810720c70e5e01d5f4a8e6a5ec53a060dd8be9202
Ivanti EPM Remote Code Execution
Posted Sep 13, 2024
Authored by James Horseman, Horizon3 Attack Team | Site github.com

Proof of concept remote code execution exploit for Ivanti EPM versions prior to 2022 SU6 or the 2024 September update.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2024-29847
SHA-256 | aae283a6cefb5b56bdc7a70bc3a56e323ee785291fa82aaf40d1ff35d8e2d1e0
GeoServer Remote Code Execution
Posted Sep 13, 2024
Authored by daniellowrie | Site github.com

Proof of concept remote code execution exploit for GeoServer versions prior 2.23.6, 2.24.4, and 2.25.2.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2024-36401
SHA-256 | 89efe87af55cddb0baaa46de1bab5d58c270e280ff489d9b19f578e9bf29121e
GitHub sqlpad/sqlpad Template Injection / Remote Code Execution
Posted Sep 10, 2024
Authored by Philip-Otter | Site github.com

Proof of concept automation code to exploit a template injection vulnerability in GitHub repository sqlpad/sqlpad version prior to 6.10.1 that can result in remote code execution.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2022-0944
SHA-256 | 79a6a3c0f0cc3437faa5b70a9c94c21f376448987379d2b3ee42300f9a2f5271
Spring Cloud Data Flow Remote Code Execution
Posted Sep 10, 2024
Authored by Kayiyan | Site github.com

Proof of concept exploit for Spring Cloud Data Flow versions prior to 2.11.4 that achieves remote code execution through a malicious upload.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2024-37084
SHA-256 | 0ee38b6a8cf494539040a02c4712511aeac366dfde03820937e77f9441253ed3
Microsoft Windows DWM Core Library Privilege Escalation
Posted Sep 9, 2024
Authored by ricnar456 | Site github.com

Proof of concept code for the Microsoft Windows DWM Core library elevation of privilege vulnerability. The researcher shows how they reversed the patch, how the heap overflow is produced, and overall gives a complete walk through of their process.

tags | exploit, overflow, proof of concept
systems | windows
advisories | CVE-2024-30051
SHA-256 | ae21b7b798fa9141cefb1411db92e94dfef6796823599323e49ec4cfcc3f7c0d
ASUS RT-AC3200 3.0.0.4.382.50010 Command Injection
Posted Sep 5, 2024
Authored by BTtea | Site github.com

Proof of concept exploit demonstrating a remote command injection vulnerability in ASUS RT-AC3200 version 3.0.0.4.382.50010.

tags | exploit, remote, proof of concept
advisories | CVE-2018-14714
SHA-256 | b27808b91b15909e2f42e7da7a3eccc359039ba12c7fdda7e04df55b3861f29b
Linux Kernel 5.6.13 Use-After-Free
Posted Sep 4, 2024
Authored by ii4gsp | Site ii4gsp.github.io

Proof of concept exploit that uses a use-after-free vulnerability due to a race condition in MIDI devices in Linux Kernel version 5.6.13.

tags | exploit, kernel, proof of concept
systems | linux
advisories | CVE-2020-27796
SHA-256 | 5772575942e33bf0bb3f88209aeb358c538c5851a59e7ed25e4a63653b6b7cda
Sendmail SMTP Address prescan Memory Corruption
Posted Aug 31, 2024
Authored by Jay Turla | Site metasploit.com

This is a proof of concept denial of service module for Sendmail versions 8.12.8 and earlier. The vulnerability is within the prescan() method when parsing SMTP headers. Due to the prescan function, only 0x5c and 0x00 bytes can be used, limiting the likelihood for arbitrary code execution.

tags | exploit, denial of service, arbitrary, code execution, proof of concept
advisories | CVE-2003-0694
SHA-256 | 3daa5e578d5efd9b701f44fe3d3053617431c40f560b0e62e15b7cf2208f57d9
Google Chrome V8 Type Confusion
Posted Aug 30, 2024
Authored by mistymntncop, buptsb | Site github.com

Google Chrome versions prior to 125.0.6422.112 V8 type confusion proof of concept exploit.

tags | exploit, proof of concept
advisories | CVE-2024-5274
SHA-256 | 788ea39c0477eb3c46d9338780f690985742a96415f3fd4f64358b8315057dfa
Microsoft Windows IPv6 CVE-2024-38063 Checker / Denial Of Service
Posted Aug 29, 2024
Authored by Photubias

Microsoft Windows IPv6 vulnerability checking proof of concept python script that causes a denial of service. Windows 10 and 11 versions under 10.0.26100.1457 and Server 2016-2019-2022 versions under 10.0.17763.6189 are affected.

tags | exploit, denial of service, proof of concept, python
systems | windows
advisories | CVE-2024-38063
SHA-256 | 04c38d06a082513de8abf2875e18f1ebec41c245eac05cf7f60cc0cff919185a
Page 1 of 97
Back12345Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close