Proof of concept overview on how the DBMS_REDACT Dynamic Data Masking security feature in Oracle can be bypassed. Affected versions include 19c and 21c.
faa91bafa9b2e6c720d769cabe566e32648af86218a89d1e65f2e8680b811db4Proof of concept remote command execution and file retrieval backdoor script for ModSecurity.
48d8b60d0bc4cdb2a44679ca2e1994ad76834d87845227891745d812a2dd8f7bIBM Websphere Application Server version 7.0 persistent cross site scripting vulnerability proof of concept details.
dc1233536d7555212b10f45b23030e26739234a2f687d52112ff10261d1e40e6Roxy Fileman versions 1.4.6 and below remote shell upload proof of concept exploit.
16a9c59173c82b869a340397a5e68377531e0e0f9be9781793142e4f47786e1bThis is a whitepaper along with a proof of concept eml file discussing CVE-2020-16947 where a remote code execution vulnerability exists in Microsoft Outlook 2019 version 16.0.13231.20262 when it fails to properly handle objects in memory.
e10886839475e813dff9362bc048392f047b424255b849ca304a468b0daa17a3This is a whitepaper along with a proof of concept eml file that demonstrates an out-of-bounds read on Outlook 2019 version 16.0.12624.20424. NIST references this issue as simply an information disclosure.
d7cbdf78b8d88b5ef4f17ae322717c6adec1d335f3eddae9fc75f883c66bbc76In 2015, HD Moore, the creator of Metasploit, published an article disclosing over 5,800 gas station Automated Tank Gauges (ATGs) which were publicly accessible. Besides monitoring for leakage, these systems are also instrumental in gauging fluid levels, tank temperature, and can alert operators when tank volumes are too high or have reached a critical low. ATGs are utilized by nearly every fueling station in the United States and tens of thousands of systems internationally. They are most commonly manufactured by Veeder-Root, a supplier of fuel dispensers, payment systems, and forecourt merchandising. For remote monitoring of these fuel systems, operators will commonly configure the ATG serial interface to an internet-facing TCP port (generally set to TCP 10001). This script reads the Get In-Tank Inventory Report from TCP/10001 as a proof of concept to demonstrate the arbitrary access.
1222ef3166eddf3e2b1283c72bc5f78616ec813de663f9a776c261eacba66ccfMiniDVBLinux versions 5.4 and below root password changing proof of concept exploit.
0517758916f5224ee0d63a86e0026b8a9d83c177f294a5ec74c5a0938e44fc11This is a write up demonstrating how to get root on macOS 12.3.1 using CoreTrust and DriverKit bugs. Included is the spawn_root proof of concept.
42264f6011010d1ea9305f22c2f23628b9337624b236c163e1a40b0e1273560fThis is a proof of concept exploit for the Apple macOS remote events remote memory corruption vulnerability. It serves as a toolkit to help debug and trigger crashes.
b71c042ede4f92abca7d1cc98ba26d58de335a31e253ab82c25fea5b3120ba80There is a vulnerability in Kik Messenger for Android that allows an attacker to send arbitrary XMPP stanzas (XMPP control messages) to another Kik client, including XMPP stanzas that are normally sent only by the Kik server. Included is a proof of concept that demonstrates sending of the stc stanza which triggers a captcha dialog and opens an arbitrary attacker-control webpage on the victim client. However, the full impact is likely larger than this, and includes any application features accessible over XMPP.
3f66b31a34e395df392668d6453b6eee4bbfd623765c95d99108116f95c8a143Proof of concept script that exploits the remote code execution vulnerability affecting Atlassian Confluence versions 7.18 and below. The OGNL injection vulnerability allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance. All supported versions of Confluence Server and Data Center are affected. Confluence Server and Data Center versions after 1.3.0 and below 7.18.1 are affected. The vulnerability has a CVSS score of 10 out of 10 for criticality.
af35a5a0af240395f62e977601885f29387ee4fc958081d1910e6f6f0d3d428aThrough the Wire is a proof of concept exploit for CVE-2022-26134, an OGNL injection vulnerability affecting Atlassian Confluence Server and Data Center versions 7.13.6 LTS and below and versions 7.18.0 "Latest" and below. This was originally a zero-day exploited in-the-wild.
942e5b3f32027294cb480a1f6e34ca8ed1933380c4aa4a79161e45a5c6ec7cbcProof of concept for the remote code execution vulnerability in MSDT known as Follina.
53ac1f74816b206d64cdb03e581a54d26e7aad446de7be2e6ecd1af77d47ebc2Proof of concept exploit for the Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability dubbed Follina.
21dda01f8e88aa4687f62848057799f68aeaf508af81b73f3368b5656c8f92feVictorian Machinery is a proof of concept exploit for CVE-2022-30525. The vulnerability is an unauthenticated and remote command injection vulnerability affecting Zyxel firewall's that support zero touch provisioning. Zyxel pushed a fix for this issue on April 28, 2022. Multiple models are affected.
d85780bb5daa2abd4c685fc1f2bd14ad0bfe7fbd9a5a6a99b45f1efcddb6a0bfF5 BIG-IP remote code execution proof of concept exploit that leverages the vulnerability identified in CVE-2022-1388.
2c3224e25af9797e9d7139c7d759da88b2eae07b09d164c4bf3a7423cfb95c06Roxy File Manager version 1.4.5 proof of concept exploit for a PHP file upload restriction bypass vulnerability.
56429affeb38a91070ee24b0aaf512970594ce033504501832983da83e9dea5aVariant proof of concept exploit for the Dirty Pipe file overwrite vulnerability. This version hijacks a SUID binary to spawn a root shell.
896e5b87da1c2dcdc6b5bf2a4c03daf9da0145521f3b205c1bcf72db8ff2340fProof of concept for a vulnerability in the Linux kernel existing since version 5.8 that allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes.
44e38035938b0841fe6c4b79375b95d9bdcc4665c0a63ed1dcb0ca5df0c03212OpenBMCS version 2.4 create administrator proof of concept exploit that leverages a remote privilege escalation vulnerability.
dfa165d919105379e965f9f7c64bc72209b082357f408421bbd7348be571f7eaProof of concept for a Microsoft HTTP protocol stack vulnerability that causes a denial of service.
c2c18115a401a528cf1b5dc31c17571b0980e3c441f00ab74bcca4c29d729334Apache Log4j2 versions 2.14.1 and below proof of concept remote code execution exploit. JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
c8d0355e439c74ae436d3c409fe4b1f7b1c6c2d6fb97d2375bbaa49de94f642bDocker proof of concept command execution exploit that leverages runc.
d839ae3cbe28eac31921153401a56b44bcb7aa9e71186e649af207b24a2573d0Wipro Holmes Orchestrator version 20.4.1 unauthenticated arbitrary file reading proof of concept exploit.
aa43fdedfc7f5227a2a020d9bd25796fe6699fb9bbb47484e3814e5633c6039b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed