what you don't know can hurt you
Showing 1 - 25 of 2,278 RSS Feed

Proof of Concept Files

Zyxel Remote Command Execution
Posted May 16, 2022
Authored by jbaines-r7 | Site github.com

Victorian Machinery is a proof of concept exploit for CVE-2022-30525. The vulnerability is an unauthenticated and remote command injection vulnerability affecting Zyxel firewall's that support zero touch provisioning. Zyxel pushed a fix for this issue on April 28, 2022. Multiple models are affected.

tags | exploit, remote, proof of concept
advisories | CVE-2022-30525
SHA-256 | d85780bb5daa2abd4c685fc1f2bd14ad0bfe7fbd9a5a6a99b45f1efcddb6a0bf
F5 BIG-IP Remote Code Execution
Posted May 9, 2022
Authored by Alt3kx | Site github.com

F5 BIG-IP remote code execution proof of concept exploit that leverages the vulnerability identified in CVE-2022-1388.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2022-1388
SHA-256 | 2c3224e25af9797e9d7139c7d759da88b2eae07b09d164c4bf3a7423cfb95c06
Roxy File Manager 1.4.5 PHP File Upload Restriction Bypass
Posted Apr 4, 2022
Authored by Adam Shebani

Roxy File Manager version 1.4.5 proof of concept exploit for a PHP file upload restriction bypass vulnerability.

tags | exploit, php, proof of concept, bypass, file upload
advisories | CVE-2018-20525
SHA-256 | 56429affeb38a91070ee24b0aaf512970594ce033504501832983da83e9dea5a
Dirty Pipe SUID Binary Hijack Privilege Escalation
Posted Mar 8, 2022
Authored by Blasty, Max Kellermann

Variant proof of concept exploit for the Dirty Pipe file overwrite vulnerability. This version hijacks a SUID binary to spawn a root shell.

tags | exploit, shell, root, proof of concept
advisories | CVE-2022-0847
SHA-256 | 896e5b87da1c2dcdc6b5bf2a4c03daf9da0145521f3b205c1bcf72db8ff2340f
Dirty Pipe Linux Privilege Escalation
Posted Mar 8, 2022
Authored by Max Kellermann | Site dirtypipe.cm4all.com

Proof of concept for a vulnerability in the Linux kernel existing since version 5.8 that allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes.

tags | exploit, arbitrary, kernel, root, proof of concept
systems | linux
advisories | CVE-2022-0847
SHA-256 | 44e38035938b0841fe6c4b79375b95d9bdcc4665c0a63ed1dcb0ca5df0c03212
OpenBMCS 2.4 Remote Privilege Escalation
Posted Jan 17, 2022
Authored by LiquidWorm | Site zeroscience.mk

OpenBMCS version 2.4 create administrator proof of concept exploit that leverages a remote privilege escalation vulnerability.

tags | exploit, remote, proof of concept
SHA-256 | dfa165d919105379e965f9f7c64bc72209b082357f408421bbd7348be571f7ea
HTTP Protocol Stack Denial Of Service / Remote Code Execution
Posted Jan 17, 2022
Authored by nu11secur1ty

Proof of concept for a Microsoft HTTP protocol stack vulnerability that causes a denial of service.

tags | exploit, web, denial of service, protocol, proof of concept
advisories | CVE-2022-21907
SHA-256 | c2c18115a401a528cf1b5dc31c17571b0980e3c441f00ab74bcca4c29d729334
Apache Log4j2 2.14.1 Remote Code Execution
Posted Dec 10, 2021
Authored by tangxiaofeng7 | Site github.com

Apache Log4j2 versions 2.14.1 and below proof of concept remote code execution exploit. JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

tags | exploit, remote, arbitrary, code execution, proof of concept
advisories | CVE-2021-44228
SHA-256 | c8d0355e439c74ae436d3c409fe4b1f7b1c6c2d6fb97d2375bbaa49de94f642b
Docker runc Command Execution Proof Of Concept
Posted Dec 8, 2021
Authored by Frichetten | Site github.com

Docker proof of concept command execution exploit that leverages runc.

tags | exploit, proof of concept
advisories | CVE-2019-5736
SHA-256 | d839ae3cbe28eac31921153401a56b44bcb7aa9e71186e649af207b24a2573d0
Wipro Holmes Orchestrator 20.4.1 Arbitrary File Download
Posted Nov 15, 2021
Authored by Rizal Muhammed

Wipro Holmes Orchestrator version 20.4.1 unauthenticated arbitrary file reading proof of concept exploit.

tags | exploit, arbitrary, proof of concept
advisories | CVE-2021-38146
SHA-256 | aa43fdedfc7f5227a2a020d9bd25796fe6699fb9bbb47484e3814e5633c6039b
Microsoft Office OneNote 2007 Remote Code Execution
Posted Oct 6, 2021
Authored by Eduardo Braun Prado

Microsoft Office OneNote 2007 proof of concept exploit for a OnePKG file parsing remote code execution vulnerability. Upon decompressing files from .ONEPKG archives (using MS CAB format), a failure to sanitize file paths and file contents allows for arbitrary file planting in arbitrary locations on the OS, including the startup folder.

tags | exploit, remote, arbitrary, code execution, proof of concept
advisories | CVE-2014-2815
SHA-256 | a2e1f0872cb6d8139581f87f3c37e90d1829d74bca8d610a3d0ffadd03dd7e9d
JavaScriptCore Crash Proof Of Concept
Posted Aug 19, 2021
Authored by Ivan Fratric, Google Security Research

JavaScriptCore suffers from a crash condition due to an uninitialized register in slow_path_profile_catch. Proof of concept that affects Safari is included.

tags | exploit, proof of concept
advisories | CVE-2021-30797
SHA-256 | 8dd2cde7c2edb66fc6061ca48debe795fc639981944e4354c301b47af6a7c4b1
Firebase PHP-JWT Algorithm Confusion
Posted Aug 15, 2021
Site paragonie.com

Firebase's PHP-JWT suffers from an algorithm confusion issue. Proof of concept code included.

tags | exploit, php, proof of concept
SHA-256 | bb3896b28adac75139b54397d609f1fd54d05c94094f3213dbc7a00f3fa5c0c6
Sequoia: A Deep Root In Linux's Filesystem Layer
Posted Jul 21, 2021
Authored by Qualys Security Advisory

Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer. They successfully exploited this uncontrolled out-of-bounds write, and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation; other Linux distributions are certainly vulnerable, and probably exploitable. A basic proof of concept (a crasher) is attached to this advisory.

tags | exploit, kernel, local, root, proof of concept
systems | linux, debian, fedora, ubuntu
advisories | CVE-2021-33909, CVE-2021-33910
SHA-256 | 0c0b69962c7c4951fd574d5a8b85049490d77ada7568b05cfb4bce7ca40aa09a
Online Shopping Portal 3.1 SQL Injection
Posted Jul 21, 2021
Authored by faisalfs10x

Proof of concept code for a time-based blind remote SQL injection vulnerability in Online Shopping Portal version 3.1. This is a variant of the original discovery of SQL injection in this version by Umit Yalcin in July of 2020.

tags | exploit, remote, sql injection, proof of concept
SHA-256 | 767219aec319fdaf3843c6a3cee1e6adffa3ddc30ff33399b70b01cfabe1a3d6
XNU Network Stack Kernel Heap Overflow
Posted Jul 14, 2021
Authored by Google Security Research, ianbeer

XNU suffers from a network stack kernel heap overflow due to an out-of-bounds memmove in 6lowpan. Proof of concept code included.

tags | exploit, overflow, kernel, proof of concept
advisories | CVE-2020-9967, CVE-2021-30736
SHA-256 | a1d06d7c40ef5cee75dbfed56b2263d072ffb407a0a5a9ac79847d59421ad896
Windows TCP/IP Denial Of Service
Posted Jul 14, 2021
Authored by 0vercl0k | Site github.com

This is a proof of concept for a Windows TCP/IP denial of service vulnerability due to a NULL dereference in tcpip.sys. This was patched by Microsoft in February 2021. It is triggerable remotely by sending malicious UDP packet over IPv6.

tags | exploit, denial of service, udp, tcp, proof of concept
systems | windows
advisories | CVE-2021-24086
SHA-256 | 0516b2a0dc860ebf19e63ce4021cd59c81f89b4c0605fd9ecea4c32742d682e0
Realtek RTKVHD64.sys Out-Of-Bounds Access
Posted Jul 14, 2021
Authored by 0vercl0k | Site github.com

Proof of concept exploit for an out-of-bounds access vulnerability in the Realtek RTKVHD64.sys, leading to pool corruption.

tags | exploit, proof of concept
advisories | CVE-2021-32537
SHA-256 | bb5ee485c5648076add9bf2abf25ea37396550a4e2aa9b60094cc8338c092692
Microsoft Hyper-V vmswitch.sys Proof Of Concept
Posted Jul 14, 2021
Authored by 0vercl0k | Site github.com

This is a proof of concept for CVE-2021-28476 ("Hyper-V Remote Code Execution Vulnerability"), an arbitrary memory read in vmswitch.sys (network virtualization service provider) patched by Microsoft in May 2021.

tags | exploit, remote, arbitrary, code execution, proof of concept
advisories | CVE-2021-28476
SHA-256 | 48a1cc3a6acb78d90f7e5beca74fe39f754180b4d7a5529002e913fac71d8976
Pallets Werkzeug 0.15.4 Path Traversal
Posted Jul 6, 2021
Authored by faisalfs10x

Proof of concept exploit for a path traversal vulnerability in Pallets Werkzeug version 0.15.4.

tags | exploit, proof of concept
advisories | CVE-2019-14322
SHA-256 | 4f5c6bd91b62008c37cb7bf8cbae42390e891388493b81718362ca9738d106b3
PrintNightmare Windows Spooler Service Remote Code Execution
Posted Jul 2, 2021
Authored by Zhiniang Peng, Xuefeng Li | Site github.com

PrintNightmare remote code execution proof of concept exploit for the Windows Spooler Service.

tags | exploit, remote, code execution, proof of concept
systems | windows
advisories | CVE-2021-1675
SHA-256 | 65f3a8fdee04d68517612f8bbb28b7e29a2396d68991acfedf0892a70576c47a
Microsoft PrintNightmare Proof Of Concept
Posted Jul 2, 2021
Authored by cube0x0 | Site github.com

This is the Impacket implementation of the PrintNightmare proof of concept originally created by Zhiniang Peng and Xuefeng Li that leverages a privilege escalation vulnerability in the Windows Print Spooler.

tags | exploit, proof of concept
systems | windows
advisories | CVE-2021-1675
SHA-256 | 573d07da8eca58f9ce096e858ed133d273214a6db6d390271660e11698decd25
XML External Entity Via MP3 File Upload On WordPress
Posted Jun 15, 2021
Authored by Vallari Sharma, Archie Midha

This document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.

tags | exploit, proof of concept, file upload
advisories | CVE-2021-29447
SHA-256 | 6f2b6fbc58bcb6f703bd6d4a439b0bd64de13c645bc50f0f2f21b49152561b36
KnFTP Server 1.0.0 Denial Of Service
Posted Jun 14, 2021
Authored by Fernando Mengali

KnFTP Server version 1.0.0 LIST denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 6e992b00b4404656da10a5211abde600ea5faa319eb07349de5de184d6afe3de
PCMan FTP Server 2.0.7 Denial Of Service
Posted Jun 13, 2021
Authored by Fernando Mengali

PCMan FTP Server version 2.0.7 USER denial of service proof of concept exploit.

tags | exploit, denial of service, proof of concept
SHA-256 | 1ffb0cae68a951a3083217ac56d66b7415bc772ed03135d4020bb8195b4bf865
Page 1 of 92
Back12345Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close