Packers and Movers Management System version 1.0 suffers from a remote blind SQL injection vulnerability. Proof of concept exploit written in python included.
392e218592b7d81bc0c0a1e2e699e9fe38ca587052d6e6393e97b66c59ab44eaVMWare Aria Operations for Networks (vRealize Network Insight) static SSH key remote code execution proof of concept exploit.
ae67475970c05c39bc93428dddf3a98ddfed987c1bd13fb23f729e242a686959Proof of concept exploit for Oracle RMAN on Oracle database versions 19c, 18c, 12.2.0.1, and 12.1.0.2 where an RMAN controlfile operation is not adequately logged.
a4b527febec8b5e2538fa176029d4e006f6958e1699c0f13efc73dce25b4e691LOLDriver version 1.3-x64 proof of concept memory corruption exploit.
a330abffaaadfd62570ff07c8df013554081bb33cab314ff75bd805bebba1f05A proof of concept exploit for chaining four CVEs to achieve remote code execution in Juniper JunOS within SRX and EX Series products.
ab0b70a7cc6a4a947d8faceced29674fb6ad7bf45e8a329120e642cb825e3c05GOM Player version 2.3.90.5360 man-in-the-middle proof of concept remote code execution exploit.
f2826517a53fda0ce64b48c45b78c7b264d5e4695963f36c0f2cda3c61797dceGoogle Chrome version 115.0.5790.102 WebGPU use-after-free memory corruption proof of concept exploit.
8d8a37ec6a9723c095e854941ee699a99d052bf1885ef10eb39b13deb719ce3dServiceNow suffered from having an insecure access control that could lead to full administrative compromise. The associated link has a proof of concept.
1ba72d97e5b5609910fcc6b7107bef5cb14d772f105f4a4b5e856f37da0c93f2WordPress Abandoned Cart Lite for WooCommerce plugin versions 5.14.2 and below proof of concept authentication bypass exploit.
a6f89cfb298bd156a4472f93e13a6411f9168c346e1e105e5bddc52630ec5c7dThis proof of concept abuses an SQL injection vulnerability in MOVEit to obtain a sysadmin API access token and then use that access to abuse a deserialization call to obtain remote code execution. This proof of concept needs to reach out to an Identity Provider endpoint which hosts proper RS256 certificates used to forge arbitrary user tokens - by default this POC uses horizon3ai's IDP endpoint hosted in AWS. By default, the exploit will write a file to C:\Windows\Temp\message.txt. Alternative payloads can be generated by using the ysoserial.net project.
891c1c3067e64d2916aec314b0195ba65fbc31db8570faee1f1fc3f6b4a366d9Proof of concept exploit for a SPARQL injection vulnerability in VIVO that triggers a denial of service.
03a908c86212c5d8cb01cd14ceb44e5ff14b5a0ad5966f87f7b111117d9a3ab6Proof of concept exploit for a buffer overflow in strongSwan VPN's charon server.
381239d433a012d932de3871f064091c52ad26bb7b01de975c5e82fe37562652Proof of concept exploit for a buffer overflow remote code execution vulnerability in librelp.
e494ed907a60d68aba585cbc21eba08e50daffab41973ff8ba84e679096953dcProof of concept exploit for polkit that triggers an eventfd file descriptor leak.
f9b681fc933ff4d272ea49c02694d6c797b953465a57f0c30ab341372a92d369Proof of concept exploit for a path traversal vulnerability in Ansible's fetch module.
8c4c608182c45d96419302765b9eaa12ca07e339dc23cb5c1ded2218533abe68libssh proof of concept authentication bypass exploit, which, under certain conditions, may enable a remote attacker to gain unauthorized access to another user's account via ssh login. Versions 0.9.0 through 0.9.6 and 0.10.0 through 0.10.4 are affected.
9bd1a8957c6bb9f405736511d3ad44169c96d1094aebcfdbf0555a4786bbe3ebProof of concept exploit for a D-Bus denial of service condition that can be triggered via a file descriptor leak.
87e71894350d7dbd3c36666fe7e024bd14e19415a79f2aed19e7d9102383633cApple XNU kernel memory exposure proof of concept exploit that is designed for macOS High Sierra version 10.13.
38dd575e5b5287e0c5ce77e2d2ac39c63d630fc15948a59b9200382df1ff09b0Proof of concept exploit for a remotely trigger-able heap buffer overflow vulnerability in iOS 11.4.1 and macOS 10.13.6. This exploit can be used to crash any vulnerable iOS or macOS device that is connected to the same network as the attacker's computer. The vulnerability can be triggered without any user interaction on the victim's device. The exploit involves sending a TCP packet with non-zero options in the IP and TCP headers.
5352cd5286d39bd38e49f40ff6d66d63f42d4b951311bef0126c92981172e14fmacOS NFS client buffer overflow proof of concept exploit. These issues were addressed in macOS version 10.13.6.
917b85555ca4494b492d414d04dedd1a7811edb66c81d2df1ef9435751ac4474Proof of concept exploit for a double-free memory corruption vulnerability in Ubuntu accountsservice.
a24f0c965168bcc3814136c8ee24f8fd5c7b0fb07f7be9bcaa47978b144f0e8fFive proof of concept exploits that encompass integer overflow and denial of service conditions in Ubuntu's Apport and Whoopsie components.
04883ffd913b86aa2c8a13bf6757fef0b0d4525b563200cbd5563f587cdfc221Proof of concept exploits for libsane. The first enumerates a series of memory corruption issues and the second pops a calculator.
5ceb1ae3ba7a731ca6ae7c87b33be4c77455ddf79d5edc4c07eb4b5cf09b23b2Microsoft ChakaCore proof of concept exploit for a remote code execution vulnerability.
2e0ec88002fb1391d58a60ee453157c9d0449ba5f50a42e34b268e8ddd28c73fProof of concept exploit for an authentication bypass vulnerability in polkit.
458437eef69ad8bf3f51e3b80d608d2052ad08a989fbda8025248aff1d4b2a27
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed