OpenBMCS version 2.4 create administrator proof of concept exploit that leverages a remote privilege escalation vulnerability.
dfa165d919105379e965f9f7c64bc72209b082357f408421bbd7348be571f7ea
Proof of concept for a Microsoft HTTP protocol stack vulnerability that causes a denial of service.
c2c18115a401a528cf1b5dc31c17571b0980e3c441f00ab74bcca4c29d729334
Apache Log4j2 versions 2.14.1 and below proof of concept remote code execution exploit. JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
c8d0355e439c74ae436d3c409fe4b1f7b1c6c2d6fb97d2375bbaa49de94f642b
Docker proof of concept command execution exploit that leverages runc.
d839ae3cbe28eac31921153401a56b44bcb7aa9e71186e649af207b24a2573d0
Wipro Holmes Orchestrator version 20.4.1 unauthenticated arbitrary file reading proof of concept exploit.
aa43fdedfc7f5227a2a020d9bd25796fe6699fb9bbb47484e3814e5633c6039b
Microsoft Office OneNote 2007 proof of concept exploit for a OnePKG file parsing remote code execution vulnerability. Upon decompressing files from .ONEPKG archives (using MS CAB format), a failure to sanitize file paths and file contents allows for arbitrary file planting in arbitrary locations on the OS, including the startup folder.
a2e1f0872cb6d8139581f87f3c37e90d1829d74bca8d610a3d0ffadd03dd7e9d
JavaScriptCore suffers from a crash condition due to an uninitialized register in slow_path_profile_catch. Proof of concept that affects Safari is included.
8dd2cde7c2edb66fc6061ca48debe795fc639981944e4354c301b47af6a7c4b1
Firebase's PHP-JWT suffers from an algorithm confusion issue. Proof of concept code included.
bb3896b28adac75139b54397d609f1fd54d05c94094f3213dbc7a00f3fa5c0c6
Qualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset of exactly -2GB-10B below the beginning of a vmalloc()ated kernel buffer. They successfully exploited this uncontrolled out-of-bounds write, and obtained full root privileges on default installations of Ubuntu 20.04, Ubuntu 20.10, Ubuntu 21.04, Debian 11, and Fedora 34 Workstation; other Linux distributions are certainly vulnerable, and probably exploitable. A basic proof of concept (a crasher) is attached to this advisory.
0c0b69962c7c4951fd574d5a8b85049490d77ada7568b05cfb4bce7ca40aa09a
Proof of concept code for a time-based blind remote SQL injection vulnerability in Online Shopping Portal version 3.1. This is a variant of the original discovery of SQL injection in this version by Umit Yalcin in July of 2020.
767219aec319fdaf3843c6a3cee1e6adffa3ddc30ff33399b70b01cfabe1a3d6
XNU suffers from a network stack kernel heap overflow due to an out-of-bounds memmove in 6lowpan. Proof of concept code included.
a1d06d7c40ef5cee75dbfed56b2263d072ffb407a0a5a9ac79847d59421ad896
This is a proof of concept for a Windows TCP/IP denial of service vulnerability due to a NULL dereference in tcpip.sys. This was patched by Microsoft in February 2021. It is triggerable remotely by sending malicious UDP packet over IPv6.
0516b2a0dc860ebf19e63ce4021cd59c81f89b4c0605fd9ecea4c32742d682e0
Proof of concept exploit for an out-of-bounds access vulnerability in the Realtek RTKVHD64.sys, leading to pool corruption.
bb5ee485c5648076add9bf2abf25ea37396550a4e2aa9b60094cc8338c092692
This is a proof of concept for CVE-2021-28476 ("Hyper-V Remote Code Execution Vulnerability"), an arbitrary memory read in vmswitch.sys (network virtualization service provider) patched by Microsoft in May 2021.
48a1cc3a6acb78d90f7e5beca74fe39f754180b4d7a5529002e913fac71d8976
Proof of concept exploit for a path traversal vulnerability in Pallets Werkzeug version 0.15.4.
4f5c6bd91b62008c37cb7bf8cbae42390e891388493b81718362ca9738d106b3
PrintNightmare remote code execution proof of concept exploit for the Windows Spooler Service.
65f3a8fdee04d68517612f8bbb28b7e29a2396d68991acfedf0892a70576c47a
This is the Impacket implementation of the PrintNightmare proof of concept originally created by Zhiniang Peng and Xuefeng Li that leverages a privilege escalation vulnerability in the Windows Print Spooler.
573d07da8eca58f9ce096e858ed133d273214a6db6d390271660e11698decd25
This document illustrates proof of concept exploitation of a vulnerability in WordPress versions 5.6.0 through 5.7.0 that gives a user the ability to upload files on a server and exploit an XML parsing issue in the Media Library using an MP3 file upload that leads to an XXE attack.
6f2b6fbc58bcb6f703bd6d4a439b0bd64de13c645bc50f0f2f21b49152561b36
KnFTP Server version 1.0.0 LIST denial of service proof of concept exploit.
6e992b00b4404656da10a5211abde600ea5faa319eb07349de5de184d6afe3de
PCMan FTP Server version 2.0.7 USER denial of service proof of concept exploit.
1ffb0cae68a951a3083217ac56d66b7415bc772ed03135d4020bb8195b4bf865
memono Notepad 4.2 denial of service proof of concept exploit.
6e0c80eeec1f14cb6c54d8b2608794aad97b58dbd5466fd0e4ea84a35c530d90
EasyFTP Server version 1.7.0.11 XRMD denial of service proof of concept exploit.
4f7789b1d4176284fefe0a8f3b908427852a8228b67f9e6a4263e89a59386e80
Proof of concept exploit for a remote code execution vulnerability in Microsoft's RDP service.
6d22c79340f19a7303c4fe1251a1c8e3e6781fc8551886316a0e4e976e9a6dbf
Exim versions prior to 4.90.1 remote buffer overflow proof of concept exploit.
ee8228224f1f993d6d2342e211a9be7a153342208313db672c854f83eba4d705
Cisco SD-WAN vManage version 19.2.2 remote root shell proof of concept exploit that leverages multiple vulnerabilities.
a39fed0dc5f1a0ca97a329bad76e86ccb0fe30addc423eef4129602dce1d82e6