WordPress Really Simple Security plugin versions prior to 9.1.2 proof of concept authentication bypass exploit.
9fb5206f79bdaf66dbedfc4d45fcf5665de6fe05f64aab8cb3e399923acff9faProof of concept code to exploit an authentication bypass in Palo Alto's PAN-OS that is coupled with remote command execution.
c8b10b5731e612b147d09c4e3d75d1869c7c85552ecae142103e7ca29fb1797bProof of concept remote code execution exploit for GravCMS 1.10.7 that leverages an arbitrary YAML write / update.
5cb1696418ca010542d02a039fd2e7ced0fb5abc292d2bf9e447350af4776e32Proof of concept remote code execution exploit for PHP-CGI that affects versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8.
a6b63ce9c93a3021236a9a584571d58798fe9d500b30228bb2141feca495c4d9Proof of concept remote command execution exploit for CyberPanel versions prior to 5b08cd6.
cc940e99f4e4ef4ac83ab7b84fe7d3f90ff95549ed54049913abec4f7582bf85WordPress Automatic plugin versions 3.92.0 and below proof of concept exploit that demonstrates path traversal and server-side request forgery vulnerabilities.
1e3ab221180e7f26ab2127194c4584fbb6f05727c5578c16eb87089046795a1eProof of concept exploit for a command injection vulnerability in CyberPanel. This vulnerability enables unauthenticated attackers to inject and execute arbitrary commands on vulnerable servers by sending crafted OPTIONS HTTP requests to /dns/getresetstatus and /ftp/getresetstatus endpoints, potentially leading to full system compromise. Versions prior to 1c0c6cb appear to be affected.
f67f580b585c400ff03b025158d51ee9a118eeef098fff7d55b85a53e5841da2Proof of concept code for a flaw where a malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code.
2e31e7ddba5252351c7ee14e263acdbc754af802d6a309868e3a30682bf1b543GenGravSSTIExploit is a proof of concept Python script that exploits an authenticated server-side template injection (SSTI) vulnerability in Grav CMS versions 1.7.44 and below. This vulnerability allows a user with editor permissions to execute OS commands on a remote server.
320840a574bd1e39d76e644a70206a220bf7e080390462bcc9fbdf69d6cd628aProof of concept code for a flaw in TeamViewer that enables an unprivileged user to load an arbitrary kernel driver into the system.
8e84c906525cb3028d5e2434a5ce1ee9c2d79ef078f6024e17e16888fa959853Proof of concept remote command execution exploit for CUPS that leverages the vulnerability outlined in CVE-2024-47176.
f82d269469017149bbd434de30b07d4526663090bd5e3ba7fda438e2b9fa9ee7ALEOS versions 4.16 and below denial of service proof of concept exploit.
93e119b2d764c5aa22f0c54cf74c0369c5a4254019d26c982bb0de6d5d846df2Proof of concept toolkit to demonstrate the issue noted in CVE-2023-52709 related to the TI bluetooth stack. When running Defensics test case #SMP legacy 1001 with loop mode on DUT configured as resolvable private address, after a while, the device will end up generating unresolvable random private address causing denial of service for already bonded peer devices.
02f2601eddbe9fb045062d2c686c897f6039df04b9482db6478440625d4786aeProof of concept python3 code that creates a malicious payload to exploit an arbitrary file write via directory traversal in Invesalius version 3.1. In particular the exploitation steps of this vulnerability involve the use of a specifically crafted .inv3 (a custom extension for InVesalius) that is indeed a tar file file which, once imported inside the victim's client application allows an attacker to write files and folders on the disk.
3e2115a5ac5563793a0f2c821d2286084e05076d87ec7793c02b372c65ca4475Proof of concept exploit that demonstrates an unauthenticated path traversal vulnerability in Nexus Repository Manager version 3.
bfbc582aeb7d694c2fb50f516d1b6e7be747c9691933654f4b1d426c8e5327ddProof of concept exploit that demonstrates an information disclosure vulnerability in Check Point Security Gateways.
3d1d9908347cad7b090b35327c160e791c08878516956e5f60997b2cd3d13687Proof of concept exploit that allows an attacker to retrieve administrative credentials through SQL injection and ultimately execute arbitrary code on the target server.
e281d48432c2585fa05b2517fffc0171d56091981f896fb78703333f642a73a5Proof of concept remote code execution exploit for Rejetto HTTP File Server (HFS) version 2.3m.
94abc34636ee9d2ee77ab7b6f4f07a3e5915b2c3ea027b41ba855261a1cd204aProof of concept unauthenticated remote code execution exploit for Calibre versions 7.14.0 and below.
8c3200bd22a9201376c309b810720c70e5e01d5f4a8e6a5ec53a060dd8be9202Proof of concept remote code execution exploit for Ivanti EPM versions prior to 2022 SU6 or the 2024 September update.
aae283a6cefb5b56bdc7a70bc3a56e323ee785291fa82aaf40d1ff35d8e2d1e0Proof of concept remote code execution exploit for GeoServer versions prior 2.23.6, 2.24.4, and 2.25.2.
89efe87af55cddb0baaa46de1bab5d58c270e280ff489d9b19f578e9bf29121eProof of concept automation code to exploit a template injection vulnerability in GitHub repository sqlpad/sqlpad version prior to 6.10.1 that can result in remote code execution.
79a6a3c0f0cc3437faa5b70a9c94c21f376448987379d2b3ee42300f9a2f5271Proof of concept exploit for Spring Cloud Data Flow versions prior to 2.11.4 that achieves remote code execution through a malicious upload.
0ee38b6a8cf494539040a02c4712511aeac366dfde03820937e77f9441253ed3Proof of concept code for the Microsoft Windows DWM Core library elevation of privilege vulnerability. The researcher shows how they reversed the patch, how the heap overflow is produced, and overall gives a complete walk through of their process.
ae21b7b798fa9141cefb1411db92e94dfef6796823599323e49ec4cfcc3f7c0dProof of concept exploit demonstrating a remote command injection vulnerability in ASUS RT-AC3200 version 3.0.0.4.382.50010.
b27808b91b15909e2f42e7da7a3eccc359039ba12c7fdda7e04df55b3861f29b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed