Skip to content

Instantly share code, notes, and snippets.

@woOzZ2

woOzZ2/cves.txt

Forked from cranelab/cves.txt
Created December 30, 2021 12:25
Show Gist options
  • Save woOzZ2/bb4c58085c31c9ca03474431a3fc8184 to your computer and use it in GitHub Desktop.
Save woOzZ2/bb4c58085c31c9ca03474431a3fc8184 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cves.txt
CVEs:
• http://blog.ptsecurity.com/2020/03/cve-2019-18683-exploiting-linux-kernel.html
Exploiting a Linux kernel vuln. in the V4L2 subsystem (CVE-2019-18683).
• https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
Turning \x00\x00 into 10000$ (CVE-2021-22555).
• https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/
CRS Request Body Bypass (CVE-2021-35368).
• https://github.com/mavillon1/CVE-2021-31955-POC
Windows Kernel Information Disclosure PoC (CVE-2021-31955).
• https://github.com/stong/CVE-2020-15368
How to exploit a vuln. windows driver - AsrDrv104.sys PoC (CVE-2020-15368).
• https://github.com/0vercl0k/CVE-2021-32537
Out-of-bounds access in RTKVHD64 leading to pool corruption (CVE-2021-32537).
• https://y4y.space/2021/06/04/learning-jndi-injection-from-cve-2021-21985/
Learning JNDI Injection From CVE-2021-21985.
• https://www.wispwisp.com/index.php/2019/08/16/cve-2017-16088-poc/
safe-eval Sandbox Breakout (CVE-2017-16088).
• https://cyllective.com/blog/post/plone-authenticated-rce-cve-2021-32633/
Plone Authenticated RCE (CVE-2021-32633).
• https://tradahacking.vn/cve-2021-22201-arbitrary-file-read-on-gitlab-d84d77cd83e3
Arbitrary file read on Gitlab (CVE-2021–22201).
• https://github.com/motikan2010/CVE-2021-29447
WordPress 5.6-5.7 - Authenticated XXE (CVE-2021-29447).
• https://blog.whtaguy.com/2021/05/d-link-router-cve-2021-27342.html
D-Link Router Timing Side-Channel Attack Writeup (CVE-2021-27342).
• https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome
Google Chrome - File System Access API (CVE-2021-21123).
• https://blog.mbie.me/posts/cve-2020-9478/
OS Command Injection through file restore functionality (CVE-2020-9478).
• https://connormcgarr.github.io/cve-2020-21551-sploit/
Exploit Development- Dell 'dbutil_2_3.sys' Kernel Exploit Writeup (CVE-2021-21551).
• https://github.com/waleedassar/CVE-2021-24098
POC for CVE-2021-24098, a Denial Of Service bug in condrv.sys.
• https://sysdig.com/blog/cve-2021-25735-kubernetes-admission-bypass/
Exploiting/Detecting CVE-2021-25735 - K8s validating admission webhook bypass.
• https://www.cloaked.pl/2021/04/cve-2021-26415/
Windows Installer Elevation of Privilege Vulnerability (CVE-2021-26415).
• https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/
Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027).
• https://github.com/waleedassar/CVE-2021-1656
TPM Device Driver Information Disclosure Vulnerability (CVE-2021-1656).
• https://dirkjanm.io/exploiting-CVE-2019-1040-relay-vulnerabilities-for-rce-and-domain-admin/
Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin.
• https://blog.frizn.fr/linux-kernel/cve-2020-14381
The curious case of CVE-2020-14381.
• http://dronesec.pw/blog/2021/03/10/on-exploiting-cve-2021-1648/
On Exploiting CVE-2021-1648 (Splwow64 LPE).
• https://github.com/HoangKien1020/CVE-2021-23132
Remote Code Execution (RCE) in Joomla (CVE-2021-23132).
• https://github.com/ForbiddenProgrammer/CVE-2021-21315-PoC
Node.JS OS sanitize service Parameters Command Injection (CVE-2021-21315).
• https://sec.stealthcopter.com/cve-2020-28243/
SaltStack Minion Local Privilege Escalation (CVE-2020-28243).
• https://www.zeroperil.com/cisco-lpe-cve-2021-1280/
LPE in Cisco Immunet and Cisco AMP (CVE-2021-1280).
• https://elongl.github.io/exploitation/2021/01/08/cve-2014-3153.html
Exploiting CVE-2014-3153 (Towelroot).
• https://www.crowdstrike.com/blog/cve-2021-1678-printer-spooler-relay-security-advisory/
Security Advisory: MSRPC Printer Spooler Relay (CVE-2021-1678).
• https://ch3rn0byl.com/2021/02/a-look-at-cve-2020-17087/
A Look at CVE-2020-17087 - Or how I failed at exploitation but mitigated it instead...
• https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792
How clicking a link can give away your precise location.
• https://faraz.faith/2021-01-07-cve-2020-16040-analysis/
Analyzing V8 "TurboFan's Simplified Lowering Phase" (CVE-2020-16040).
• https://blog.zecops.com/vulnerabilities/ntfs-remote-code-execution-cve-2020-17096-analysis/
NTFS Remote Code Execution Analysis (CVE-2020-17096).
• https://blog.longterm.io/cve-2020-0423.html
Exploiting a Single Instruction Race Condition in Binder (CVE-2020-0423).
• https://alexplaskett.github.io/CVE-2020-9967/
Apple macOS 6LowPAN Vulnerability (CVE-2020-9967).
• https://staaldraad.github.io/post/2020-12-15-cve-2020-25695-postgresql-privesc/
Privilege Escalation in Postgresql (CVE-2020-25695).
• https://github.com/Airboi/CVE-2020-17144-EXP
Microsoft Exchange Remote Code Execution Vulnerability (CVE-2020-17144).
• https://x-stream.github.io/CVE-2020-26217.html
XStream Remote Code Execution (CVE-2020-26217).
• https://ricardojba.github.io/CVE-2020-23968-ILEX-SignGo-EoP/
ILEX International Sign&go 7.1 Arbitrary File Creation PE (CVE-2020-23968).
• https://darkbit.io/blog/cve-2020-15157-containerdrip
CVE-2020-15157 "ContainerDrip" Write-up.
• https://labs.ioactive.com/2020/11/cve-2020-16877-exploiting-microsoft.html
Exploiting Microsoft Store Games (CVE-2020-16877).
• https://github.com/0neb1n/CVE-2020-16947
Microsoft Outlook RCE vulnerablility PoC (CVE-2020-16947).
• https://securitylab.github.com/research/CVE-2020-6449-exploit-chrome-uaf
Exploiting a textbook use-after-free in Chrome (CVE-2020-6449).
• https://github.com/S1lkys/CVE-2020-15906
Tiki Wiki Cms Groupware 21.1 Authentication Bypass (CVE-2020-15906).
• https://github.com/ioncodes/CVE-2020-16938
Bypassing NTFS permissions to read any files as unpriv. user (CVE-2020-16938).
• https://unit42.paloaltonetworks.com/cve-2020-14386/
Privilege Escalation Vulnerability in the Linux kernel (CVE-2020-14386).
• https://blog.whtaguy.com/2020/09/utorrent-cve-2020-8437-vulnerability.html
uTorrent CVE-2020-8437 Vulnerability And Exploit Overview.
• https://www.matteomalvica.com/blog/2020/09/24/weaponizing-cve-2020-17382/
Kernel exploitation - Weaponizing CVE-2020-17382 MSI Ambient Link driver.
• https://ti.dbappsecurity.com.cn/blog/index.php/2020/09/18/cve-2020-0968/
Detailed Analysis of the JScript Vulnerability (CVE-2020-0968).
• https://raelize.com/posts/espressif-esp32-bypassing-encrypted-secure-boot-cve-2020-13629/
Espressif ESP32 - Bypassing Encrypted Secure Boot (CVE-2020-13629).
• https://www.hackersforchange.com/post/maltego-cve-2020-24656-analysis
Maltego CVE-2020-24656 Analysis.
• https://blog.redteam.pl/2020/08/rocket-chat-xss-rce-cve-2020-15926.html
Rocket.Chat XSS leading to Remote Code Execution (CVE-2020-15926).
• https://insomniasec.com/blog/ghostscript-cve-2020-15900
Ghostscript SAFER Sandbox Breakout (CVE-2020-15900).
• https://rhynorater.github.io/CVE-2020-13379-Write-Up
Unauthenticated Full-Read SSRF in Grafana (CVE-2020-13379).
• https://github.com/irsl/CVE-2020-1313
PoC exploit of Windows Update Orchestrator Service EoP (CVE-2020-1313).
• https://itm4n.github.io/cve-2020-1170-windows-defender-eop/
Microsoft Windows Defender EoP Vulnerability (CVE-2020-1170).
• https://github.com/Q4n/CVE-2020-1362
Exploiting an Elevation of Privilege bug in Windows 10 (CVE-2020-1362).
• https://b.ou.is/articles/2020-05/CVE-2020-13693
Analysis of BBPress 2.6.5 Unauthenticated PE (CVE-2020-13693).
• https://full-disclosure.eu/reports/2019/FDEU-CVE-2019-10222-telia-savitarna-backdoor.html
Telia Savitarna Backdoor (CVE-2019-10222).
• https://medium.com/faraday/analysis-of-cve-2020-7350-dcda2ff8a3d6
Pwning Metasploit with Metasploit (CVE-2020-7350).
• https://medium.com/@wabz/covidsafe-ios-vulnerability-cve-2020-12717-30dc003f9708
COVIDSafe iOS Vulnerability (CVE-2020–12717).
• https://sigpwn.io/blog/2020/5/7/cve-2019-0685-win32k-reference-count-leak
win32k reference count leak in DirectComposition (CVE-2019-0685).
• https://www.qualys.com/2020/05/19/cve-2005-1513/remote-code-execution-qmail.txt
Remote Code Execution in qmail (CVE-2005-1513).
• https://medium.com/csis-techblog/cve-2020-1088-yet-another-arbitrary-delete-eop-a00b97d8c3e2
Yet another arbitrary delete EoP (CVE-2020–1088).
• https://github.com/0xc0d/CVE-2020-11651
SaltStack Salt Unauthenticated RCE Proof of Concept (CVE-2020-11651).
• https://shells.systems/open-audit-v3-3-1-remote-command-execution-cve-2020-12078/
Open-AudIT v3.3.1 Remote Command Execution (CVE-2020-12078).
• https://github.com/james0x40/CVE-2020-0624
Win32k Elevation of Privilege via UaF PoC (CVE-2020-0624).
• https://insinuator.net/2020/04/cve-2020-0022-an-android-8-0-9-0-bluetooth-zero-click-rce-bluefrag/
Android 8.0-9.0 Bluetooth Zero-Click RCE – BlueFrag (CVE-2020-0022).
• https://github.com/fdiskyou/CVE-2018-19320
Exploiting ring0 memcpy-like functionality to disable DSE.
• https://alexplaskett.github.io/CVE-2020-3919/
IOHIDFamily Uninitialised Kernel Memory Vulnerability (CVE-2020-3919).
• https://github.com/wsfengfan/CVE-2020-10199-10204/
Nexus Repository Manager 3 - Remote Code Execution PoC.
• https://natedotred.wordpress.com/2020/03/28/cve-2020-8816-pi-hole-remote-code-execution/
Pi-hole Remote Code Execution (CVE-2020-8816).
• https://blog.forallsecure.com/uncovering-openwrt-remote-code-execution-cve-2020-7982
Uncovering OpenWRT remote code execution (CVE-2020-7982).
• https://itm4n.github.io/cve-2020-0863-windows-diagtrack-info-disclo/
Arbitrary File Read Vuln. in Windows Diagnostic Tracking Serv. (CVE-2020-0863).
• https://alexbakker.me/post/mysterious-google-titan-m-bug-cve-2019-9465.html
A mysterious bug in the firmware of Google's Titan M chip (CVE-2019-9465).
• https://github.com/migueltarga/CVE-2020-9380
IPTV Smarters Exploit (CVE-2020–9380).
• https://github.com/piotrflorczyk/cve-2019-1458_POC
Going from 'in the wild report' to PoC (CVE-2019-1458).
• https://moabi.com/advisories/CVE-2019-10064.html
Hostapd fails at seeding PRNGs (CVE-2016-10743 and CVE-2019-10064).
• https://github.com/Xh4H/Satellian-CVE-2020-7980
PoC script that shows RCE vulnerability over Intellian Satellite controller.
• https://blog.gypsyengineer.com/en/security/cve-2020-1925-ssrf-in-apache-olingo.html
Requests to arbitrary URLs in Apache Olingo (CVE-2020-1925).
• https://medium.com/@maxi./finding-and-exploiting-cve-2018-7445-f3103f163cc1
Finding and exploiting CVE-2018–7445 (Unauth RCE in MikroTik’s RouterOS SMB).
• https://web-in-security.blogspot.com/2020/01/cve-2020-2655-jsse-client.html
JSSE Client Authentication Bypass (CVE-2020-2655).
• https://github.com/cve-search/git-vuln-finder
Finding potential software vulnerabilities from git commit messages.
• https://github.com/masahiro331/CVE-2019-10758/
mongo-express <0.54.0 RCE via endpoints that uses the `toBSON` method.
• https://github.com/v-p-b/cve-2019-12750/
Symantec Local Privilege Escalation (CVE-2019-12750).
• https://github.com/blackarrowsec/advisories/tree/master/2019/CVE-2019-18956
RCE (Java Deserialization) in Proxia Suite/Proxia PHR/SparkSpace (CVE-2019-18956).
• https://medium.com/maverislabs/cve-2019-17123-cbc946c99f8
eGain Web API Email Header Injection (CVE-2019-17123).
• https://github.com/jreppiks/CVE-2017-12149
Jboss Java Deserialization RCE (CVE-2017-12149).
• https://github.com/0vercl0k/CVE-2019-11708
Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Win64.
• https://github.com/Ky0-HVA/CVE-2019-2890
Exploit for WebLogic with T3 (CVE-2019-2890).
• https://iwantmore.pizza/posts/cve-2019-1414.html
Local Command Execution in Visual Studio Code (CVE-2019-1414).
• https://blog.vastart.dev/2019/10/stack-overflow-cve-2019-17424.html
Stack Overflow Write-Up and RCE Exploit Walk Through (CVE-2019-17424).
• https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
Exploiting prototype pollution – RCE in Kibana (CVE-2019-7609).
• https://github.com/foospidy/web-cve-tests
A simple framework for sending test payloads for known web CVEs.
• https://www.shielder.it/blog/exploiting-an-old-novnc-xss-cve-2017-18635-in-openstack/
Exploiting an old noVNC XSS (CVE-2017-18635) in OpenStack.
• https://hernan.de/blog/2019/10/15/tailoring-cve-2019-2215-to-achieve-root/
Tailoring CVE-2019-2215 to Achieve Root.
• https://x-c3ll.github.io//posts/CVE-2018-7081-RCE-ArubaOS/
Remote Code Execution in Aruba Mobility Controller - ArubaOS (CVE-2018-7081).
• https://iwantmore.pizza/posts/cve-2019-10392.html
Yet Another 2k19 Authenticated RCE in Jenkins (CVE-2019-10392).
• https://github.com/Barakat/CVE-2019-16098
Micro-Star MSI Afterburner Driver v4.6.2.15658 LPE PoC (CVE-2019-16098).
• https://xlab.tencent.com/en/2019/09/12/deep-analysis-of-cve-2019-8014/
Deep Analysis of CVE-2019-8014 - The Vulnerability Ignored 6 Years Ago.
• https://github.com/projectzeroindia/CVE-2019-11510
Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510).
• https://blog.bi0s.in/2019/08/18/Pwn/Browser-Exploitation/cve-2019-11707-writeup/
Writeup for Type confusion in Array.pop - Firefox (CVE-2019-11707).
• https://github.com/Vlad-tri/CVE-2019-1132/
PoC for Win32k Elevation of Privilege Vulnerability (CVE-2019-1132).
• https://gts3.org/2019/cve-2019-0609.html
Analysis of a use-after-unmap vulnerability in Edge (CVE-2019-0609).
• https://github.com/jas502n/CVE-2019-13272
Linux 4.10 < 5.1.17 PTRACE_TRACEME local root (CVE-2019-13272).
• https://github.com/butterflyhack/CVE-2019-10207/
Bluetooth (hci_uart) - Linux Kernel NULL pointer dereference (CVE-2019-10207).
• https://github.com/marcinguy/CVE-2019-2107
PoC for Android CVE-2019-2107 RCE.
• https://medium.com/@ruvlol/rce-in-jira-cve-2019-11581-901b845f0f
Remote Code Execution (RCE) in Jira (CVE-2019–11581).
• https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/
Docker build code execution (CVE-2019-13139).
• http://lordofpwn.kr/index.php/writeup/cve-2019-5825-v8-exploit/
CVE-2019-5825 v8 Exploit.
• https://enigma0x3.net/2019/07/05/cve-2019-13142-razer-surround-1-1-63-0-eop/
Razer Surround EoP through Insecure folder/file permissions (CVE-2019-13142).
• https://github.com/hook-s3c/CVE-2018-18852
CERIO authenticated web RCE as root user (CVE-2018-18852).
• https://github.com/maldiohead/CVE-2019-8627
Kernel information leak on macOS<= 10.14.4 (CVE-2019-8627).
• https://github.com/dhn/exploits/tree/master/CVE-2019-10149
Exim 4.87 < 4.91 Local Privilege Escalation (CVE-2019-10149).
• https://github.com/Sheisback/CVE-2019-0859-1day-Exploit
Local Privilege Escalation vulnerability in Windows (CVE-2019-0859).
• https://payatu.com/microsoft-edge-extensions-host-permission-bypass-cve-2019-0678/
Microsoft EDGE Extensions host permission bypass (CVE-2019-0678).
• https://leakfree.wordpress.com/2015/03/12/php-object-instantiation-cve-2015-1033/
PHP Object Instantiation CVE-2015-1033 (Oldies).
• http://lordofpwn.kr/index.php/writeup/cve-2019-8506-javascriptcore-exploit/
JavaScriptCore exploit (CVE-2019-8506).
• https://theevilbit.github.io/posts/vmware_fusion_11_guest_vm_rce_cve-2019-5514/
VMware Fusion 11 - Guest VM RCE (CVE-2019-5514).
• https://security.lauritz-holtmann.de/advisories/cve-2019-11832/
TYPO3 CMS is vulnerable to RCE using PostScript (CVE-2019-11832).
• https://landgrey.me/richfaces-cve-2018-14667/
RichFaces Deserialization-induced EL Expression Injection (CVE-2018-14667).
• http://eternalsakura13.com/2019/04/29/CVE-2016-5198/
Case study CVE-2016-5198.
• https://github.com/sophoslabs/CVE-2018-18500/
Firefox Use-After-Free PoC (CVE-2018-18500).
• https://github.com/exodusintel/CVE-2019-5786/
Chrome 72.0.3626.119 stable FileReader UaF for Windows 7 x86 (CVE-2019-5786).
• https://polict.net/blog/CVE-2018-17057
Yet another phar deserialization in TCPDF (CVE-2018-17057).
• https://lgtm.com/blog/facebook_fizz_CVE-2019-3560
DoS in Facebook Fizz due to integer overflow (CVE-2019-3560).
• https://github.com/mpgn/CVE-2019-0192/
Apache Solr RCE 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5 (CVE-2019-0192).
• https://github.com/mpgn/CVE-2019-9580/
Exploiting CORS misconfiguration (null origin) to gain RCE (CVE-2019-9580).
• http://blogs.360.cn/post/RootCause_CVE-2019-0808_EN.html
Root Cause of the Kernel Privilege Escalation Vulnerabilities (CVE-2019-0808).
• https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/
Exploiting Command Injection in Apache Tika (CVE-2018-1335).
• https://lgtm.com/blog/ghostscript_CVE-2018-19134_exploit
Remote code execution through type confusion in Ghostscript (CVE-2018-19134).
• https://github.com/stigtsp/CVE-2019-6690-python-gnupg-vulnerability
Improper Input Validation in python-gnupg 0.4.3 (CVE-2019-6690).
• https://github.com/phoenhex/files/blob/master/pocs/cve-2018-8629-chakra.js
Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2018-8629).
• https://github.com/payatu/CVE-2018-14442
PoC for Foxit Reader Use-After-Free -> RCE (CVE-2018-14442).
• https://github.com/WyAtu/CVE-2018-8581/
MS Exchange Server Elevation of Privilege Vulnerability (CVE-2018-8581).
• https://mksben.l0.cm/2018/05/cve-2018-5175-firefox-csp-strict-dynamic-bypass.html
Universal CSP strict-dynamic bypass in Firefox (CVE-2018-5175).
• https://github.com/r3dxpl0it/Apache-Superset-Remote-Code-Execution-PoC-CVE-2018-8021
Apache Superset pickle library code execution (CVE-2018-8021).
• https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/
Remote Code Execution (CVE-2018-5767) Walkthrough on Tenda AC15 Router.
• https://menschers.com/2018/10/30/what-is-cve-2018-8493/
Exploiting Windows' IP ID Randomization to Leak Kernel Data (CVE-2018-8493).
• https://xlab.tencent.com/en/2018/11/13/cve-2018-4277/
Spoof All Domains Containing 'd' in Apple Products (CVE-2018-4277).
• https://medium.com/@mrnikhilsri/oob-xxe-in-prizmdoc-cve-2018-15805-dfb1e474345c
OOB XXE in PrizmDoc (CVE-2018–15805).
• https://github.com/tamirzb/CVE-2018-9539/
Android Media framework UaF PoC (CVE-2018-9539).
• https://wwws.nightwatchcybersecurity.com/2018/11/11/cve-2018-15835/
Android Sensitive Data Exposure via Battery Info. Broadcasts (CVE-2018-15835).
• https://lgtm.com/blog/icecast_snprintf_CVE-2018-18820
The problem with snprintf - A vulnerability in Icecast (CVE-2018-18820).
• https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407
Kernel RCE - Buffer overflow in Apple's ICMP packet-handling code (CVE-2018-4407).
• https://blog.lexfo.fr/cve-2017-11176-linux-kernel-exploitation-part1.html
A step-by-step Linux Kernel exploitation (CVE-2017-11176).
• https://github.com/DownWithUp/CVE-2018-16712/
PoC Code for CVE-2018-16712 (exploit MmMapIoSpace).
• https://github.com/Lz1y/CVE-2018-8420
MS XML Remote Code Execution Vulnerability (CVE-2018-8420).
• http://blog.nsfocus.net/cve-2018-804-analysis/
Analysis of Joomla Kernel SQL Injection Vulnerability (CVE-2018-8045).
• https://github.com/V-E-O/PoC/tree/master/CVE-2018-9341
Heap Buffer OOB Write - Android libmpeg2 (CVE-2018-9341).
• https://github.com/milo2012/CVE-2018-0296
Tool to extract usernames from vulnerable Cisco ASA (CVE-2018-0296).
• http://sploit3r.xyz/cve-2017-13284-injection-in-configuration-file/
Injection in configuration file (CVE-2017-13284).
• https://github.com/ezelf/CVE-2018-9995_dvr_credentials
Get DVR Credentials (CVE-2018-9995).
• http://blog.nsfocus.net/cve-2018-6574/
Go language arbitrary code execution vulnerability analysis (CVE-2018-6574).
• http://bluec0re.blogspot.pt/2018/03/cve-2018-7160-pwning-nodejs-developers.html
Pwning NodeJS Developers (CVE-2018-7160).
• https://github.com/zi0Black/POC-CVE-2018-0114
This repository contains the POC of an exploit for node-jose < 0.11.0.
• https://github.com/erpscanteam/CVE-2018-2380
RCE via Log injection on SAP NetWeaver AS JAVA CRM (CVE-2018-2380).
• http://www.paulosyibelo.com/2018/02/hotspot-shield-cve-2018-6460-sensitive.html
Hotspot Shield - Sensitive Info Disclosure w/ XSSI & DNS Rebinding (CVE-2018-6460).
• http://blog.orange.tw/2018/01/php-cve-2018-5711-hanging-websites-by.html
PHP - Hanging Websites by a Harmful GIF (CVE-2018-5711).
• https://github.com/rxwx/CVE-2017-8570
Proof of Concept exploit for CVE-2017-8570.
• https://www.tarlogic.com/en/blog/exploiting-word-cve-2017-11826/
Exploiting Word (CVE-2017-11826).
• http://blog.talosintelligence.com/2017/11/exploiting-cve-2016-2334.html
Vulnerability Walkthrough - 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability.
• https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
A Busybox autocompletion vulnerability (CVE-2017-16544).
• https://xorl.wordpress.com/2017/11/11/cve-2017-13089-wget-http-integer-overflow/
wget HTTP integer overflow (CVE-2017-13089).
• https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074
DCCP double-free vulnerability - Linux kernel local root (CVE-2017-6074).
• https://github.com/xairy/kernel-exploits/blob/master/CVE-2017-1000112/poc.c
Local root PoC Includes KASLR and SMEP bypasses (CVE-2017-1000112).
• https://www.fidusinfosec.com/tp-link-remote-code-execution-cve-2017-13772/
A Curious Tale of RCE, The TP-Link Story (CVE-2017-13772).
• https://warroom.securestate.com/cve-2017-9769/
Razer rzpnk.sys IOCTL 0x226050 ZwOpenProcess (CVE-2017-9769).
• https://blog.flanker017.me/cve-2017-2416-gif-remote-exec/
RCE by malformed GIF in iOS/MacOS ImageIO framework (CVE-2017-2416).
• https://github.com/cyberheartmi9/CVE-2017-12617
JSP Upload Bypass/RCE vulnerability in Apache Tomcat (CVE-2017-12617).
• https://github.com/Bo0oM/CVE-2017-7089
Safari 10 Exploit SOP Bypass -> UXSS (CVE-2017-7089).
• https://github.com/derrekr/android_security/blob/master/CVE-2017-0576/
Qualcomm crypto engine driver buffer overflow (CVE-2017-0576).
• https://aspe1337.blogspot.pt/2017/04/writeup-of-cve-2017-7199.html
Local privilege escalation in Tenable Nessus Agent 6.10.3 (CVE-2017-7199).
• https://github.com/0x00string/oldays/blob/master/CVE-2015-1158.py
CUPS Reference Count Over Decrement Remote Code Execution (CVE-2015-1158).
• https://github.com/freener/exploits/tree/master/CVE-2016-5342
EoP vulnerability in Qualcomm Wi-Fi (CVE-2016-5342).
• https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
Git Shell Bypass By Abusing Less (CVE-2017-8386).
• https://github.com/qazbnm456/awesome-cve-poc
A curated list of CVE PoCs.
• https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html
Race condition in n_hdlc Linux kernel driver (CVE-2017-2636).
• https://github.com/CunningLogic/PixelDump_CVE-2016-8462
Pixel bootloader exploit for reading flash storage (CVE-2016-8462).
• https://gitlab.com/micaksica/CVE-2016-1000304
Arbitrary code execution vector for PouchDB (CVE-2016-1000304).
• http://dumpco.re/cve-2016-7434/
ntpd remote pre-auth Denial of Service (CVE-2016-7434).
• https://github.com/tinysec/public/tree/master/CVE-2016-7255
PoC for CVE-2016-7255 (Win32k Elevation of Privilege Vulnerability).
• https://blog.lizzie.io/notes-about-cve-2016-7117.html
Notes about CVE-2016-7117 (Linux RCE).
• https://blog.paranoidsoftware.com/dirty-cow-cve-2016-5195-docker-container-escape/
Dirty COW - (CVE-2016-5195) - Docker Container Escape.
• http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
Cryptsetup Initrd root Shell (CVE-2016-4484).
• http://secalert.net/#CVE-2016-4977
RCE in Spring Security OAuth (CVE-2016-4977).
• https://cyseclabs.com/blog/cve-2016-6187-heap-off-by-one-exploit
Exploiting Linux kernel heap off-by-one (CVE-2016-6187).
• https://www.cgsec.co.uk/powershell-empire-cve-2016-0189-profit/
Powershell Empire + CVE-2016-0189 = Profit.
• https://httpsonly.blogspot.pt/2016/08/cve-2016-0782-writeup.html
Apache ActiveMQ Pwn (CVE-2016-0782).
• https://github.com/4B5F5F4B/PoCs/blob/master/CVE-2016-1649
Lokihardt's libangle bug (CVE-2016-1649).
• https://github.com/llamakko/CVE-2015-7214
SOP bypass the SOP via data: and view-source: URIs (FF <43.0).
• https://github.com/4B5F5F4B/Exploits/tree/master/CVE-2015-6764
PoC V8 bug (CVE-2015-6764).
• https://github.com/FiloSottile/CVE-2016-2107
PoC OpenSSL padding oracle (CVE-2016-2107).
• http://www.sekoia.fr/blog/ms-office-exploit-analysis-cve-2015-1641/
MS Office exploit analysis - CVE-2015-1641.
• http://bytesdarkly.com/2016/01/know-your-tools-cve-2015-2342-ioc-and-metasploit/
Know your tools – CVE-2015-2342 IOC and Metasploit.
• https://github.com/BishopFox/cve-2016-1764
Recovery of Plaintext iMessage Data Without Breaking Crypto (CVE-2016-1764).
• https://github.com/Rootkitsmm/cve-2016-0040
PoC for CVE-2016-0040.
• https://xisigr.com/x/cve-2016-1932/
Web Notification Origin Spoof and FS DoS on win Firefox (CVE-2016-1932).
• https://github.com/HackerFantastic/Public/blob/master/exploits/cve-2016-1531.sh
CVE-2016-1531 exim <= 4.84-3 local root exploit.
• http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html
Unlimiting the stack not longer disables ASLR (CVE-2016-3672).
• https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563
Putty Stack Buffer Overwrite (CVE-2016-2563).
• https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3116
Dropbearsshd xauth command injection.
• https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
Openssh xauth command injection and /bin/false bypass.
• https://xairy.github.io/blog/2016/cve-2016-2384
Arbitrary code exec in the usb-midi linux kernel driver (CVE-2016-2384).
• https://github.com/koczkatamas/CVE-2016-0051
PoC for BSoD and Privilege Escalation - CVE-2016-0051 (MS-016).
• https://github.com/cve-search/cve-search
CVE-Search tool to perform local searches for known vulnerabilities.
• http://hdwsec.fr/blog/CVE-2015-0057.html
(MS15-010/CVE-2015-0057) Exploitation.
• http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
Grub2 Authentication 0-Day.
• http://www.n0tr00t.com/2015/11/27/cve-2015-8213.html
Django settings leak possibility in date template filter (CVE-2015-8213).
• https://github.com/ud2/advisories/tree/master/embedded/dlink/nocve-2015-0002
Remote stack overflow on D-Link cameras.
• https://github.com/reigningshells/CVE-2015-3073
Adobe Acrobat Reader AFParseDate Javascript API Restrictions Bypass (CVE-2015-3073).
• https://www.7elements.co.uk/resources/blog/cve-2015-2342-remote-code-execution-within-vmware-vcenter/
CVE-2015-2342 – Remote Code Execution within VMware vCenter.
• https://blog.perimeterx.com/bugzilla-cve-2015-4499/
Bugzilla CVE-2015-4499 - All Your Bugs Are Belong To Us.
• http://blog.perimeterx.com/bugzilla-cve-2015-4499
• https://www.rcesecurity.com/2015/09/cve-2014-7216-a-journey-through-yahoos-bug-bounty-program/
CVE-2014-7216 - A Journey Through Yahoo’s Bug Bounty Program.
• https://github.com/ChiChou/CVE-2014-4076
Windows 2k3 tcpip.sys Privilege Escalation.
• https://github.com/robertdavidgraham/cve-2015-5477
PoC exploit for CVE-2015-5477 BIND9 TKEY assertion failure.
• https://github.com/ud2/advisories/tree/master/osx/cve-2015-5763
Security issue in com.apple.filesystems.ntfs kext (CVE-2015-5763).
• http://intothesymmetry.blogspot.it/2015/08/apple-safari-sop-bypass-cve-2015-3753.html
Apple Safari SOP bypass (CVE-2015-3753).
• http://topolik-at-work.blogspot.cz/2015/06/cve-2015-3096-rosetta-flash-fix-bypass.html
Rosetta Flash fix bypass using UTF-8 (CVE-2015-3096).
• http://jaanuskp.blogspot.cz/2015/05/cve-2015-3200.html
Log injection vulnerability in mod_auth (CVE-2015-3200).
• https://github.com/hfiref0x/CVE-2015-1701
Win32k LPE vulnerability used in APT attack (CVE-2015-1701).
• http://blog.silentsignal.eu/2015/05/07/cve-2014-3440-symantec-critical-system-protection-remote-code-execution/
Symantec Critical System Protection Remote Code Execution (CVE-2014-3440).
• http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html
The old is new, again. CVE-2011-2461 is back!
• https://github.com/SecurityObscurity/cve-2015-0313
Adobe Flash vulnerability source code (CVE-2015-0313) from Angler Exploit Kit.
• http://secniche.blogspot.pt/2015/03/a-real-world-story-of-cve-2014-6332-rce.html
A Real World Story of CVE-2014-6332 - RCE and Malware Download via VBScript!
• http://shubh.am/exploiting-markdown-syntax-and-telescope-persistent-xss-through-markdown-cve-2014-5144/
Exploiting Markdown Syntax and Telescope Persistent XSS through Markdown (CVE-2014-5144).
• https://github.com/NorthernSec/CVE-Scan
Scan systems with NMap and parse the output to a list of CVE's, CWE's and DPE's.
• http://labs.bromium.com/2015/02/02/exploiting-badiret-vulnerability-cve-2014-9322-linux-kernel-privilege-escalation/
Exploiting "BadIRET" vulnerability (CVE-2014-9322, Linux kernel privilege escalation).
• https://blog.netspi.com/advisory-xxe-injection-oracle-database-cve-2014-6577/
XXE Injection in Oracle Database (CVE-2014-6577).
• http://ednolo.alumnos.upv.es/papers/advisories/CVE-2015-0554_pirelli.txt
ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N remote information disclosure HomeStation Movistar.
• http://blog.h3xstream.com/2014/12/predicting-struts-csrf-token-cve-2014.html
Predicting Struts CSRF Token (CVE-2014-7809).
• https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/
Analysis of the CVE-2013-6435 Flaw in RPM.
• http://blog.malwaretracker.com/2014/12/cve-2014-4114cve-2014-6352-evade-av-by.html?spref=tw
CVE-2014-4114/CVE-2014-6352 Evade AV by removing read access in zip structure.
• http://www.behindthefirewalls.com/2014/12/cve-2014-9016-and-cve-2014-9034-PoC.html
CVE-2014-9016 and CVE-2014-9034 Proof of Concept.
• https://labs.integrity.pt/articles/from-0-day-to-exploit-buffer-overflow-in-belkin-n750-cve-2014-1635/
From 0-Day to Exploit - Buffer Overflow in Belkin N750 (CVE-2014-1635).
• http://www.cloudscan.me/2014/09/cve-2014-4406-apple-sa-2014-09-17-5-os.html
XSS vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1.
• http://www.tripwire.com/state-of-security/featured/analysis-for-phpmyadmin-xss-cve-2014-1879/
Analysis for phpMyAdmin XSS CVE-2014-1879.
• https://community.qualys.com/blogs/securitylabs/2014/02/27/mediawiki-djvu-and-pdf-file-upload-remote-code-execution-vulnerability-cve-2014-1610
MediaWiki DjVu and PDF File Upload Remote Code Execution Vulnerability (CVE-2014-1610).
• http://blog.includesecurity.com/2014/06/exploit-walkthrough-cve-2014-0196-pty-kernel-race-condition.html
Exploiting CVE-2014-0196 a walk-through of the Linux pty race condition PoC.
• http://cyvera.com/cve-2014-1776-how-easy-it-is-to-attack-these-days/
CVE-2014-1776 - How easy it is to attack these days.
• http://eternal-todo.com/blog/cve-2013-2729-exploit-zeusp2p-gameover
Attached CVE-2013-2729 exploit used to drop ZeuS-P2P/Gameover.
• http://blog.includesecurity.com/2014/03/exploit-CVE-2014-0038-x32-recvmmsg-kernel-vulnerablity.html
How to exploit the x32 recvmmsg() kernel vulnerability CVE 2014-0038.
• https://www.netspi.com/blog/entryid/220/dekrypto-padding-oracle-attack-against-ibm-websphere-commerce-cve-2013-05230
DeKrypto - Padding oracle attack against IBM WebSphere Commerce (CVE-2013-05230).
• http://labs.bromium.com/2014/02/25/dissecting-the-newest-ie10-0-day-exploit-cve-2014-0322/
Dissecting the newest IE10 0-day exploit (CVE-2014-0322).
• https://github.com/saelo/cve-2014-0038
Linux local root exploit for CVE-2014-0038.
• https://github.com/saelo/cve-2014-0038 | http://pastebin.com/DH3Lbg54
Local root exploit for CVE-2014-0038.
• https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/
iOS IOMobileFrameBuffer LPE (CVE-2021-30807).
• https://bit.ly/3xLze2Y (+)
Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156).
• https://iamelli0t.github.io/2021/04/10/RPC-Bypass-CFG.html
Exploiting WinRPC to bypass CFG mitigation - Analysis of CVE-2021-26411.
• https://bit.ly/3jO2uCe (+)
Exploiting CVE-2021-25770 - A Server-Side Template Injection in YouTrack.
• https://github.com/b1n4r1b01/n-days
iOS kernel vulnerabilities PoCs (CVE-2021-1757).
• https://research.checkpoint.com/2020/apache-guacamole-rce/
Would you like some RCE with your Guacamole? (CVE-2020-9497/CVE-2020-9498).
• https://link.medium.com/DHjNK5dnhhb
CVE-2021-20226 a reference counting bug which leads to LPE in io_uring.
• https://bit.ly/3f2Uc5c (+)
Dell Computers At Risk Due to Multiple BIOS Driver PE Flaws (CVE-2021-21551).
• https://dozer.nz/posts/saltapi-vulns
SaltStack API vulnerabilities (CVE-2021-3197/CVE-2021-25281/CVE-2021-25282).
• https://www.tiraniddo.dev/2020/05/old-net-vulnerability-5-security.html
Old .NET Vulnerability - Security Transparent Compiled Expressions (CVE-2013-0073).
• https://bit.ly/34MRjB3 (+)
Overwolf 1-Click Remote Code Execution (CVE-2021-33501).
• https://blog.lbherrera.me/posts/appcache-forgotten-tales/
AppCache's forgotten tales (CVE-2020-6399 and CVE-2021-21168).
• https://bit.ly/3isaRmr (+)
Digging into a Ubiquiti Firmware Update bug (CVE-2021-22909).
• https://blog.ret2.io/2021/06/02/pwn2own-2021-jsc-exploit/
Exploitation of a JavaScriptCore WebAssembly Vulnerability (CVE-2021-30734).
• https://link.medium.com/FxjIpGAJCgb
SolarWinds Orion Deserialization to RCE vulnerability analysis (CVE-2021–31474).
• https://bit.ly/3phAibo (+)
OOB to RCE - Exploitation of the Hobbes Functional Interpreter (CVE-2020-13656).
• https://github.com/ayoubfathi/leaky-paths
Dump of special paths linked to major web CVEs, misconfigurations and more.
• https://bit.ly/3vu90kA (+)
FreeBSD Kernel Privilege Escalation (CVE-2020-7460).
• https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/
Argument Injection in Ruby Dragonfly (CVE-2021-33564).
• https://bit.ly/3hWGMuT (+)
SMBleedingGhost Writeup - Chaining SMBleed (CVE-2020-1206) with SMBGhost.
• https://m1racles.com/
Covert channel vulnerability in the Apple Silicon "M1" chip (CVE-2021-30747).
• https://bit.ly/3f2lEkP (+)
Microsoft Windows LNK Remote Code Execution Vulnerability - (CVE-2020-1299).
• https://bit.ly/3wmJCx7 (+)
Cisco RV34X Series - Authentication Bypass and RCE (CVE-2021-1472/CVE-2021-1473).
• https://bit.ly/3v6tyPW (+)
Microsoft Azure Vulnerability Allows PE and Leak of Private Data (CVE-2021-27075).
• https://voidsec.com/nvidia-geforce-experience-command-execution/
NVIDIA GeForce Experience Command Execution (CVE‑2021‑1079).
• https://bit.ly/3vXTRHY (+)
Uncovering and Disclosing a Signature Spoofing Issue in MSI (CVE-2021-26413).
• https://www.atredis.com/blog/2021/4/30/asus-authentication-bypass
ASUS GT-AC2900 Authentication Bypass (CVE-2021-32030).
• https://bit.ly/3tauyAU (+)
Breaking ABUS Secvest internet-connected alarm systems (CVE-2020-28973).
• https://bit.ly/3nz1wtx (+)
RCE in Apache OFBiz XMLRPC via Insecure Deserialization (CVE-2020-9496).
• https://link.medium.com/a2T3FpCjLfb
Microsoft Exchange From Deserialization to Post-Auth RCE (CVE-2021-28482).
• https://theevilbit.github.io/posts/macos_crashreporter/
Abusing macOS Crash Reporter (CVE-2020-9900/CVE-2021-1786).
• https://secret.club/2021/04/20/source-engine-rce-invite.html
Source engine remote code execution via game invites (CVE-2021-30481).
• https://bit.ly/3xjBjDo (+)
Analysis of a UaF Vulnerability in Adobe Acrobat Reader DC (CVE-2020-9715).
• https://shenaniganslabs.io/2021/04/13/Airstrike.html
Airstrike Attack - FDE bypass and EoP on domain joined Windows WS (CVE-2021-28316).
• https://leethax0.rs/2021/04/ElectricChrome/
Electric Chrome - CVE-2020-6418 on Tesla Model 3.
• https://bit.ly/39VqsWl (+)
Getting Code Execution on Apache Druid (CVE-2021-25646).
• https://bit.ly/3ma8B2X (+)
A vulnerability in RAUC embedded firmware update framework (CVE-2020-25860).
• https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html
This man thought opening a TXT file is fine, he thought wrong (CVE-2019-8761).
• https://starlabs.sg/advisories/21-3409/
QEMU Heap Overflow in SDHCI Component (CVE-2021-3409).
• https://bit.ly/3wizlTq (+)
netmask NPM Package SSRF, RFI, LFI, and more (CVE-2021-28918).
• http://bit.ly/3cRLOVs (+)
Analysis of Cisco AnyConnect Posture (HostScan) LPE (CVE-2021-1366).
• http://bit.ly/2NzwdkG (+)
Stealing Froxlor login credentials using dangling markup (CVE-2020-29653).
• https://www.synacktiv.com/posts/exploit/memory-leak-and-use-after-free-in-squid.html
Memory leak (CVE-2019-18679) and Use After Free (CVE-2020-11945) in Squid.
• https://link.medium.com/hKwnItmxJeb
Examining a Phishing Vector in Plex Media Server (CVE-2020–5740/CVE-2020–574).
• http://bit.ly/2PQ7ol3 (+)
A brief history of an XSS at chat.mozilla.org (CVE-2021-21320).
• https://www.horizon3.ai/disclosures/zabbix-csrf-to-rce
CSRF to RCE Chain in Zabbix (CVE-2021-27927).
• http://bit.ly/2OKoEaW (+)
Analysis of CVE-2020-0605 – Code Execution using XPS Files in .NET.
• https://suid.ch/research/DAP-2020_Preauth_RCE_Chain.html
D-LinkGATE Remote Code Execution (CVE-2021-27249/CVE-2021-27250).
• https://infosecwriteups.com/leakage-of-sensitive-data-through-android-webviews-3b0b86486a28
Leakage of Sensitive Data Through Android Webviews (CVE-2021–21136).
• https://underdefense.com/n-day-exploit-development-and-upgrade-to-rce/
N-day exploit development and upgrade to RCE (CVE-2018-6231).
• https://ssd-disclosure.com/ssd-advisory-yealink-dm-pre-auth-root-level-rce/
Yealink DM Pre Auth ‘root’ level RCE (CVE-2021-27561/CVE-2021-27562).
• https://link.medium.com/yi1V1YwVLdb
Analysis of Windows Fax Service Remote Code Execution Vulnerability (CVE-2021–1722).
• http://bit.ly/3qzgGPZ (+)
Unauth command execution vuln in TerraMaster TOS <= 4.2.06 (CVE-2020-35665).
• http://bit.ly/3p8qJKd (+)
Discovering an Undisclosed Stack Overflow in MS SQL Server (CVE-2019-1068).
• https://www.horizon3.ai/disclosures/librenms-second-order-sqli
Exploiting a Second-Order SQL Injection in LibreNMS < 21.1.0 (CVE-2020-35700).
• https://blog.recurity-labs.com/2021-02-03/webOS_Pt1.html
CVE-2020-XXXXX - Getting root on webOS.
• https://secret.club/2021/01/15/bitlocker-bypass.html
BitLocker Lockscreen bypass (CVE-2020-1398).
• http://bit.ly/3qEA79J (+)
Abusing XPC Service mechanism to EP in macOS/iOS (CVE-2020-9971).
• https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce.html
Unauth XSS to RCE Chain in Mautic <3.2.4 (CVE-2020-35124/CVE-2020-35125).
• http://bit.ly/38kVwhW (+)
Apache Struts OGNL Remote Code Execution (CVE-2019-0230).
• http://mzl.la/3snCD5S (+)
Leaking silhouettes of cross-origin images (CVE-2020-16012).
• https://bit.ly/38kVo1W (+)
RCE on Microsoft SharePoint Using TypeConverters (CVE-2020-0932).
• https://ninjalab.io/a-side-journey-to-titan/
Side-Channel Attack on the Google Titan Security Key (CVE-2021-3011).
• http://bit.ly/3s0Gx4t (+)
Firefox Vulnerabilities (CVE-2020-26964/CVE-2020-15661/CVE-2020-15662).
• https://github.com/opencve/opencve
CVE Alerting Platform.
• https://gist.github.com/0xsha/75616ef6f24067c4fb5b320c5dfa4965
SolarWinds Orion Local File Disclosure PoC (CVE-2020-10148).
• http://bit.ly/3b3cALf (+)
Full infrastructure takeover of VMware Cloud Director (CVE-2020-3956).
• http://bit.ly/3825W63 (+)
Mimosa Routers Privilege Escalation and Authentication bypass (CVE-2020-14003).
• https://link.medium.com/AtJHZidkEcb
HPE System Insight Manager (SIM) AMF Deserialization lead to RCE(CVE-2020-7200).
• https://bit.ly/3nNMkrI (+)
MS Exchange RCE (CVE-2020-16875) Protection/Filter Bypass.
• https://link.medium.com/B3ElcW7tqcb
Turning AMF Deserialize bug to Java Deserialize bug (CVE-2020-2950).
• https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/
Vulnerabilities in McAfee ePolicy Orchestrator (CVE-2020-7318).
• https://cybercx.com.au/blog/2020/12/15/logrhythm-zero-days/
LogRhythm "Zero" Days (CVE-2020-25094/CVE-2020-25096/CVE 2020-25095).
• http://bit.ly/2KBngFZ (+)
Abstract Shimmer (CVE-2020-15257) - Host Networking is root-Equivalent, Again.
• https://xz.aliyun.com/t/8614
Win32k Vulnerability Analysis Notes (CVE-2018-8453).
• https://blog.khonggianmang.vn/vmware-workstation-attack-surface-through-virtual-printer/
VMware Workstation - Attack surface through Virtual Printer (CVE-2020-3989/3990).
• https://bit.ly/39ZsyFC (+)
Uncovering and Exploiting CVE-2020-27950 iOS kernel memory leak.
• https://insinuator.net/2020/11/forklift-lpe/
Forklift <=3.3.9 and <=3.4 LPE on macOS (CVE-2020-15349/CVE-2020-27192).
• https://bit.ly/3lCM8cE (+)
IBM QRadar Wincollect Escalation of Privilege (CVE-2020-4485 & CVE-2020-4486).
• https://bit.ly/37aSw5V (+)
Remote code execution in Elixir-based Paginator (CVE-2020-15150).
• https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/
Path Traversal on Citrix XenMobile Server (CVE-2020-8209).
• https://bit.ly/378ypVW (+)
Detailing SaltStack Salt Command Injection Vuln. (CVE-2020-16846/CVE-2020-25592).
• https://mp.weixin.qq.com/s/_5wF8Sja4xz0Fee1GoA3vw
Analysis of spoofing vulnerability in Windows CAT file digital certificate (CVE-2020-16922).
• https://accntu.re/3nZc0Bj (+)
Discovering, exploiting and shutting down a dangerous Win print spooler vuln (CVE-2020-1030).
• https://link.medium.com/x2VUw0mcubb
Firefox - How a website could steal all your cookies (CVE-2020–15647).
• https://bit.ly/3nD5iAS (+)
Use-After-Free IE Vulnerability (CVE-2020-17053).
• https://bit.ly/3eWkx4s (+)
A case study with Cybereason EDR (CVE-2020-26562/CVE-2020-26871).
• https://trmm.net/Sleep_attack/
Sleep Attack - Intel Bootguard vulnerability waking from S3 (CVE-2020-8705).
• https://github.com/irsl/apache-openoffice-rce-via-uno-links
Apache OpenOffice RCE (CVE-2020-13958).
• https://devcraft.io/2020/10/20/github-pages-multiple-rces-via-kramdown-config.html
GitHub Pages - Multiple RCEs via insecure Kramdown config (CVE-2020-10518).
• https://bit.ly/38eSNqs (+)
Multiple Priv. Escalation in Citrix Gateway Plug-In (CVE-2020-8257/CVE-2020-8258).
• https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html
A story of 3 CVE's in Ubuntu Desktop (CVE-2020-15703/CVE-2020-16121/CVE-2020-15238).
• https://link.medium.com/pTiFzZp2Wab
Weblogic RCE by only one GET request (CVE-2020-14882).
• https://adepts.of0x.cc/ruckus-vriot-rce/
Remote Command Execution in Ruckus IoT Controller (CVE-2020-26878/CVE-2020-26879).
• https://mksben.l0.cm/2020/10/discord-desktop-rce.html
Discord Desktop app RCE (CVE-2020-15174).
• https://bit.ly/3kmPtgp (+)
Java Deserialization vuln. in QRadar RemoteJavaScript Servlet (CVE-2020-4280).
• https://h0mbre.github.io/RyzenMaster_CVE/
Privilege Escalation in AMD Ryzen Master AMDRyzenMasterDriver.sys (CVE-2020-12928).
• https://decoder.cloud/2020/09/23/abusing-group-policy-caching/
Abusing Group Policy Caching (CVE-2020-1317).
• https://bit.ly/3nx3mdJ (+)
HP Device Manager – CVE-2020-6925/CVE-2020-6926/CVE-2020-6927.
• https://bit.ly/34EBLij (+)
Code Execution Vulnerability in Instagram App for Android and iOS (CVE-2020-1895).
• https://bit.ly/33EvCTN (+)
Dissecting Two D-Link Router Authentication Bypasses (CVE-2020-8863/CVE-2020-8864).
• https://decoded.avast.io/martinhron/the-fresh-smell-of-ransomed-coffee/
The Fresh Smell of ransomed coffee (CVE-2020-15501).
• https://hexhive.epfl.ch/BLURtooth/
Exploiting Cross-Transport Key Derivation in BT Classic and BLE (CVE-2020-15802).
• https://bit.ly/3kLKPsc (+)
Exploiting Acronis Cyber Backup for Fun and Emails (CVE-2020-16171).
• https://www.digeex.de/blog/tinytinyrss/
Exploiting Tiny Tiny RSS (CVE-2020-25787, CVE-2020-25788, CVE-2020-25789).
• https://dozer.nz/posts/aruba-clearpass-rce
Aruba Clearpass RCE (CVE-2020-7115).
• https://bit.ly/3hBmsLz (+)
Java BoF w/ ByteBuffer (CVE-2020-2803) and Mutable MethodType (CVE-2020-2805).
• https://bit.ly/3hiXxw4 (+)
Abusing Shared Mem. to LPE on the Schneider E. Modbus Serial Driver (CVE-2020-7523).
• https://swarm.ptsecurity.com/grafana-6-4-3-arbitrary-file-read/
Grafana <= 6.4.3 Arbitrary File Read (CVE-2019-19499).
• https://sefod.eu/posts/web_proxies/
How to exfiltrate internal information using web proxies (CVE-2019-3635).
• https://bit.ly/324wIX4 (+)
Windows AppX Deployment Service Local Privilege Escalation (CVE-2020-1488).
• https://research.checkpoint.com/2020/dont-be-silly-its-only-a-lightbulb/
Don’t be silly – it’s only a lightbulb - ZigBee other-the-air exploit (CVE-2020-6007).
• https://bit.ly/3fOQoDa (+)
How I bruteforced my way into your Active Directory (CVE-2020-11518).
• https://symeonp.github.io/2020/12/08/phonebook-uaf-analysis.html
Discovery and analysis of a Windows PhoneBook UaF vulnerability (CVE-2020-1530).
• https://a2nkf.github.io/unauthd_Logic_bugs_FTW/
Unauthd - Logic bugs FTW (CVE-2020–9854).
• https://acru3l.github.io/2020/08/03/exploiting-activity-monitor-driver/
Exploiting SKYSEA Activity Monitor (CVE-2020-5617).
• https://github.com/renorobert/grub-bhyve-bugs
FreeBSD grub-bhyve bootloader VM escapes (CVE-2020-10565/CVE-2020-10566).
• https://swarm.ptsecurity.com/openfire-admin-console/
Vulnerabilities in the Openfire Admin Console (CVE-2019-18394/CVE-2019-18393).
• https://link.medium.com/z27jPxjKu8
Bypassing the OSX TCC Framework for unauthorized data access (CVE-2020–9934).
• https://accntu.re/2EsPcs4 (+)
Exploiting an arbitrary file move in Symantec Endpoint Protection (CVE-2020-5825).
• https://talosintelligence.com/vulnerability_reports/TALOS-2020-1088
Mozilla Firefox URL mPath Information Disclosure Vulnerability (CVE-2020-12418).
• https://bit.ly/2ZQHYq2 (+)
Remote Code Execution Against SharePoint Server Abusing DataSet (CVE-2020-1147).
• https://accntu.re/2OOeJhc (+)
An exploitation case study of CVE-2020-1062, a use-after-free vulnerability in IE11.
• https://www.karansaini.com/os-command-injection-v-sol/
Arbitrary OS command injection on V-SOL home routers (CVE-2020-8958).
• https://stazot.com/boltcms-file-upload-bypass/
File upload filter bypass to RCE in Bolt CMS <3.7.0 (CVE-2020-4040/CVE-2020-4041).
• https://secalert.net/from-zero-to-zeroday.html
From zero to zeroday (CVE-2016-3109).
• https://paper.seebug.org/1261/
Nexus Repository Manager 2.x Command Injection (CVE-2019-5475).
• https://securitylab.github.com/research/last-orders-at-the-house-of-force
Last orders at the House of Force - Sane (CVE-2020-12861/CVE-2020-12862).
• https://bit.ly/3eTPW73 (+)
Inductive Automation Ignition (Ignition) RCE (CVE-2020-10644/CVE-2020-12004).
• https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/
Exploiting Bitdefender Antivirus - RCE from any website (CVE-2020-8102).
• https://blog.envoyproxy.io/exploiting-an-envoy-heap-vulnerability-96173d41792
Exploiting an Envoy heap vulnerability (CVE-2019–18801).
• https://pentest.co.uk/labs/research/subtle-stored-xss-wordpress-core/
A subtle stored-XSS in WordPress core (CVE-2020-4096).
• https://xz.aliyun.com/t/7877
Spring Cloud Config directory traversal vulnerability (CVE-2020-5410).
• https://medium.com/tenable-techblog/exploiting-a-webroot-type-confusion-bug-215308145e32
Exploiting a Webroot Type Confusion Bug (CVE-2020–5754).
• https://talosintelligence.com/vulnerability_reports/TALOS-2020-1056
Zoom Client Application Chat Code Snippet RCE (CVE-2020-6110).
• https://bit.ly/2YpcLZg (+)
S3 bucket takeover and PGP signature bypass in fwupd (CVE-2020-10759).
• https://www.cyberark.com/resources/threat-research-blog/group-policies-going-rogue
Group Policies Going Rogue (CVE-2020-1317).
• https://github.com/francozappa/bias
Bluetooth Impersonation AttackS (BIAS) (CVE 2020-10135).
• https://github.com/chompie1337/SMBGhost_RCE_PoC
Remote Code Execution PoC for "SMBGhost" (CVE-2020-0796).
• https://bit.ly/2XxcWSV (+)
Apache Tomcat RCE by deserialization (CVE-2020-9484).
• https://bit.ly/2zYvkuY (+)
When it’s not only about a Kubernetes (CVE-2020–8555).
• https://byteraptors.github.io/windows/exploitation/2020/05/24/sandboxescape.html
Chronicles of a Sandbox Escape - Deep Analysis of CVE-2019-0880.
• https://mksben.l0.cm/2020/05/jquery3.5.0-xss.html
jQuery 3.5.0 Security Fix (CVE-2020-11022/CVE-2020-11023).
• https://bit.ly/2Wv62wW (+)
Symantec Endpoint Protection RU2 Elevation of Privileges (CVE-2020-5837).
• https://h0mbre.github.io/atillk64_exploit
PE in ATI Technologies Inc. Driver atillk64.sys (CVE-2020-12138).
• https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html
SMBGhost pre-auth RCE abusing Direct Memory Access structs (CVE-2020-0796).
• https://bit.ly/2Vck7ig (+)
Windows Local Privilege Escalation in many Ricoh Printer Drivers (CVE-2019-19363).
• https://bit.ly/34ozEhW (+)
Remote Code Execution Through .LNK Files (CVE-2020-0729).
• https://bit.ly/3dKSDrf (+)
Semi Universal XSS affecting Firefox for iOS (CVE-2019-17004).
• https://bit.ly/2WKYHdq (+)
Autopsy of the Most Stable MediaTek Rootkit (CVE-2020-0069).
• https://www.imperva.com/blog/the-resurrection-of-phpunit-rce-vulnerability/
The Resurrection of PHPUnit RCE Vulnerability (CVE-2017-9841).
• http://bit.ly/2U1B39j (+)
Horde Webmail Edition 5.2.22 — RCE in CSV data import (CVE-2020-8518).
• http://bit.ly/33f8UQE (+)
Understanding The Intel CSME CVE-2019–0090 Vulnerability for Mere Mortals.
• https://medium.com/@tobinmshields/qdpm-v9-1-authenticated-rce-exploit-f4b84e19df00
qdPM v9.1 Authenticated RCE Exploit (CVE-2020–7246).
• https://blog.rop.la/en/vulnerabilities/2020/02/25/bluegate-internals.html
BlueGate Internals (CVE-2020-0609/CVE-2020-0610).
• http://bit.ly/37NUqaJ (+)
Realtek HD Audio Driver - DLL Preloading and Potential Abuses (CVE-2019-19705).
• https://github.com/Voulnet/desharialize
Microsoft SharePoint - Deserialization Remote Code Execution (CVE-2019-0604).
• http://bit.ly/2HkkM9B (+)
Code injection in Workflows leading to SharePoint RCE (CVE-2020-0646).
• https://www.perimeterx.com/tech-blog/2020/whatsapp-fs-read-vuln-disclosure/
WhatsApp Desktop Platform Multiple Vulnerabilities (CVE-2019-18426).
• https://github.com/HE-Wenjian/iGPU-Leak
The iGPU-Leak Vulnerability (CVE-2019-14615).
• https://github.com/IOActive/AOSP-DownloadProviderDbDumperSQLiWhere
PoC for SQLi Injection in Android's Download Provider (CVE-2019-2198).
• https://www.crummie5.club/pwning-a-pwned-citrix/
Pwning A Pwned Citrix (CVE-2019-19781)++.
• https://github.com/UltramanGaia/Xiaomi_Mi_WiFi_R3G_Vulnerability_POC
Xiaomi Series Router login bypass and RCE (CVE-2019-18370, CVE-2019-18371).
• http://bit.ly/36ecGdz (+)
D-Link DIR-859 — Unauthenticated RCE (CVE-2019–17621).
• http://bit.ly/2PYAQmQ (+)
Unsafe deserialization in Apache Olingo (CVE-2019-17556).
• https://github.com/ryu22e/django_cve_2019_19844_poc/
PoC for CVE-2019-19844.
• http://bit.ly/35UMgNM (+)
DoS via Retry-After header in Apache Olingo (CVE-2019-17555).
• https://blog.tetrane.com/2019/11/17/Analyzing_an_Out_of_Bounds_read_in_a_TTF_font_file.html
Analyzing an Out-of-Bounds read in a TTF font file (CVE-2019-1244).
• https://amonitoring.ru/article/origin_lpe_disclosure/
Local EoP in EA Windows Origin Client (CVE-2019-19247 & CVE-2019-19248).
• https://www.ragestorm.net/blogs/?p=486
SetWindowsHookEx Leaks A Kernel Pointer (CVE-2019-1469).
• https://github.com/mame82/munifying-web
PoC for CVE-2019-13054 and CVE-2019-13054.
• http://bit.ly/2OTDeuv (+)
A macOS Catalina privilege escalation (CVE-2019-8805).
• https://blog.flanker017.me/examining-and-exploiting-android-vendor-binder-services-part1/
Examining and exploiting android vendor binder services (CVE-2018-9143).
• http://bit.ly/2Qh4qUT (+)
McAfee (MTP/AVP/MIS) - Self-Defense Bypass and Usages (CVE-2019-3648).
• http://bit.ly/37ntoIl (+)
Docker Patched the Most Severe Copy Vulnerability to Date (CVE-2019-14271).
• http://bit.ly/34ZdguH (+)
Pwn the ESP32 Forever - Flash Encryption and SBoot Keys Exfil (CVE-2019-17391).
• http://bit.ly/2NMg74t (+)
Exploiting the Android PacProcessor Service that may lead to RCE (CVE-2019-2205).
• http://bit.ly/2CLkyWI (+)
EoP via UPnP Device Host and Update Orchestrator Services (CVE-2019-1405/CVE-2019-1322).
• http://bit.ly/2qchqQY (+)
rConfig v3.9.2 (un)authenticated RCE (CVE-2019-16663/CVE-2019-16662).
• http://bit.ly/2NrrxcA (+)
Open Redirects In Improperly Configured mod_rewrite Rules (CVE-2019-10098).
• http://bit.ly/2BL3Ypn (+)
FreeBSD ELF Header Parsing Kernel Memory Disclosure (CVE-2018-6924).
• https://www.sudo.ws/alerts/minus_1_uid.html
sudo bypass of Runas user restrictions (CVE-2019-14287).
• https://dmaasland.github.io/posts/mcafee.html
Bypass McAfee Endpoint Security with McAfee (CVE-2019-3653).
• https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
Drop The MIC 2 (CVE 2019-1166) & Exploiting LMv2 Clients (CVE-2019-1338).
• https://blog.ripstech.com/2019/bitbucket-path-traversal-to-rce/
Bitbucket 6.1.1 Path Traversal to RCE (CVE-2019-3397).
• http://bit.ly/2lX3yI2 (+)
Another LPE Vulnerability Using Process Creation Impersonation (CVE-2019-1287).
• https://leucosite.com/Microsoft-Edge-uXSS/
Microsoft Edge - Universal XSS (uXSS) (CVE-2019-1030).
• https://www.vusec.net/projects/netcat/
NetCAT network-based cache attack on the processor’s cache (CVE-2019-11184).
• https://github.com/tim124058/ASUS-SmartHome-Exploit/
ASUS SmartHome Exploit for CVE-2019-11061 and CVE-2019-11063.
• http://bit.ly/2L3Sq69 (+)
QEMU VM Escape (CVE-2019-14378).
• https://blog.semmle.com/uboot-rce-nfs-vulnerability/
U-Boot NFS RCE Vulnerabilities (CVE-2019-14192).
• https://www.tarlogic.com/en/blog/vulnerabilities-in-ampache/
Vulnerabilities in Ampache (<=3.9.1) (CVE-2019-12385/CVE-2019-12386).
• https://zero.lol/2019-08-11-the-year-of-linux-on-the-desktop/
The Year of Linux on the Desktop (CVE-2019-14744).
• https://icyphox.sh/blog/fb50/
Picking the FB50 smart lock (CVE-2019-13143).
• http://bit.ly/2Mx0ygL (+)
LibreOffice - A Python Interpreter (Code Execution vuln. CVE-2019-9848).
• https://akayn.github.io/2019/07/25/PwningWebkit.html
Pwning Webkit (CVE-2019-8658).
• https://paper.seebug.org/990/
Analysis of CVE-2019-11229 - From Git Config to RCE.
• http://bit.ly/2GtMW1R (+)
COModo - From Sandbox to SYSTEM (CVE-2019–3969).
• https://github.com/vah13/Oracle-BI-bugs
Oracle-BI-bugs (CVE-2019-2767/CVE-2019-2768/CVE-2019-2771).
• https://github.com/mame82/munifying_pre_release
Logitech receivers AES link keys extractor (CVE-2019-13054/13055/13052).
• https://www.corben.io/atlassian-crowd-rce/
Analysis of an Atlassian Crowd RCE (CVE-2019-11580).
• http://bit.ly/2JN677F (+)
Discovering CVE-2019-13504/CVE-2019-13503 and the importance of API Fuzzing.
• http://bit.ly/2KXINHu (+)
Tale of a Windows Error Reporting Zero-Day (CVE-2019-0863).
• https://www.cyberark.com/threat-research-blog/outlook-for-android-xss/
Outlook for Android XSS (CVE-2019-1105).
• http://bit.ly/2x2tKmW (+)
The detailed analysis of WordPress 5.0 RCE (CVE-2019–6977).
• https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/
Breaking Out of rkt – 3 New Unpatched CVEs.
• https://habr.com/ru/company/pt/blog/448378/
DHCP security in Windows 10 - Disassemble critical vuln. CVE-2019-0726.
• https://rambleed.com/
Reading Bits in Memory Without Accessing Them (CVE-2019-0174).
• https://www.inputzero.io/2019/06/hacking-smart-tv.html
Hacking Smart TV - Supra Smart Cloud TV (CVE-2019-12477).
• https://github.com/LinusHenze/Keysteal
A macOS <= 10.14.3 Keychain exploit (CVE-2019-8526).
• http://bit.ly/2Ipk2Ab (+)
Build an easy RDP Honeypot for BlueKeep (CVE-2019–0708) with RPI3.
• https://github.com/OCSAF/freevulnsearch
NMAP NSE script to query vulnerabilities via the cve-search.org API.
• https://phoenhex.re/2019-05-15/non-jit-bug-jit-exploit
Non JIT Bug, JIT Exploit (CVE-2019-0812).
• https://whereisk0shl.top/post/2019-05-11
About CVE-2018-8550 (DfMarshal series vulnerability).
• https://bnbdr.github.io/posts/wd/
WD My Cloud RCE (CVE-2019-9950/CVE-2019-9951/CVE-2019-9949).
• https://zeropwn.github.io/2019-05-13-xss-to-rce/
A Questionable Journey From XSS to RCE (CVE-2019-11354).
• https://rce4fun.blogspot.com/2019/05/panda-antivirus-local-privilege.html
Panda Antivirus - Local Privilege Escalation (CVE-2019-12042).
• https://hackerone.com/reports/563870
1-click HackerOne account takeover on all Android devices (CVE-2019-5765).
• http://bit.ly/2LwQ1mK (+)
A closer (beginners) look at (CVE-2019–0539).
• http://bit.ly/2JaLkNv (+)
ActiveX Exploitation in 2019 (CVE-2018-19418/CVE-2018-19447).
• http://bit.ly/2Jbl0Da (+)
Write-after-free vulnerability analysis in Firefox (CVE-2018-18500).
• https://www.darkmatter.ae/blogs/security-flaws-uncovered-in-sony-smart-tvs/
Security flaws uncovered in Sony Smart TVs (CVE-2019-11336/CVE-2019-10886).
• https://medium.com/tenable-techblog/eight-devices-one-exploit-f5fc28c70a7c
Eight Devices, One Exploit OEM Vulnerabilities (CVE-2019–3929).
• http://bit.ly/2UHi2Yp (+)
Weblogic CVE-2019-2647 and other related XXE vulnerability analysis.
• https://blog.doyensec.com/2019/04/24/rubyzip-bug.html
On insecure zip handling, Rubyzip and Metasploit RCE (CVE-2019-5624).
• https://hackerone.com/reports/473888
Ruby on Rails RCE via Marshal as the default serializer (CVE-2019-5420).
• https://mp.weixin.qq.com/s/OissE9gAVkKmAXuiIUeOLA
Windows DHCP Server RCE Vulnerability Analysis (CVE-2019-0626).
• https://github.com/0x27/CiscoRV320Dump
Exploit for dumping Cisco RV320 Config&Debugging Data (CVE-2019-1653).
• http://bit.ly/2HjDsaQ (+)
BACNet JS Injection - Persistent XSS in BACNet devices (CVE-2019–7408).
• http://blogs.360.cn/post/Binder_Kernel_Vul_EN.html
The ‘Waterdrop’ in Android - A destructive Binder kernal vul (CVE-2019-2025).
• https://www.ambionics.io/blog/drupal8-rce
Exploiting Drupal8's REST RCE (CVE-2019-6340).
• http://bit.ly/2IGJKUf (+)
Nexus Repository Manager 3 RCE (CVE-2019-7238).
• http://www.jackson-t.ca/lg-driver-lpe.html
Local Privilege Elevation in LG Kernel Driver (CVE-2019-8372).
• https://gist.github.com/adamyordan/96da0ad5e72cbc97285f2df340cac43b
Jenkins RCE PoC (CVE-2019-1003000).
• http://bit.ly/2BCPZSX (+)
Bypassing MS Application Control Solutions (CVE-2018-8492).
• https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
ASUS Drivers EoP Vulnerabilities (CVE-2018-18537/CVE-2018-18536/CVE-2018-18535).
• https://gist.github.com/mehaase/63e45c17bdbbd59e8e68d02ec58f4ca2
OpenSSH scp arbitrary file write PoC (CVE-2019-6111/CVE-2019-6110).
• https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-store-rce-via-mitm-2/
Writeup – Samsung Galaxy Apps Store RCE via MITM (CVE-2018-20135).
• http://bit.ly/2sYg76j (+)
IE Scripting Flaw Still a Threat to Unpatched Systems - Analyzing (CVE-2018-8653).
• https://neonsea.uk/blog/2018/12/26/firewall-includes.html
Unsafe FW includes allowing for RCE on Inteno's IOPSYS devices (CVE-2018-20487).
• http://bit.ly/2Mudulx (+)
Gaining control of BMC from the host processor (CVE-2019-6260).
• https://github.com/fs0c131y/ESFileExplorerOpenPortVuln
ES File Explorer Open Port Vulnerability (CVE-2019-6447).
• https://github.com/Jacquais/BlinkVuln/
Blink Sync Module Vulnerability (CVE-2018-20161).
• https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/
Privilege escalation through Kubernetes dashboard (CVE-2018-18264).
• http://www.greyhathacker.net/?p=1041
Dokany/Google Drive File Stream Kernel Stack-based BoF (CVE-2018-5410).
• https://blog.cm2.pw/ms-edge-http-access-control-cors-bypass/
MS Edge – HTTP Access Control (CORS) Bypass (CVE-2017-11872).
• http://bit.ly/2SoL9iP (+)
Cisco Webex Desktop App Update Service DLL Planting EoP (CVE-2018-15442).
• http://bit.ly/2Q8Lzbb (+)
IDORs over Fortify Software Security Center (CVE-2018-7690/CVE-2018-7691).
• http://bit.ly/2LrTRKk (+)
NoMachine - The Road To Code Execution Without Fuzzing (CVE-2018-6947).
• https://www.corben.io/XSS-to-XXE-in-Prince/
XSS to XXE in Prince v10 and below (CVE-2018-19858).
• http://bit.ly/2RW53kT (+)
RCE in PHP or how to bypass disable_functions in PHP (CVE-2018–19518).
• https://medium.com/tenable-techblog/remotely-exploiting-zoom-meetings-5a811342ba1d
Remotely Hijacking Zoom Clients (CVE-2018–15715).
• http://bit.ly/2QcNf46 (+)
How I hacked Anda, the public transportation app of Porto (CVE-2018-13342).
• https://alephsecurity.com/2018/10/22/StackOverflowException/
StackOverflowException (SOE) - CVE-2018-8269 Analysis.
• https://github.com/JackOfMostTrades/bluebox
Automated Exploit Toolkit for CVE-2015-6095 and CVE-2016-0049.
• http://bit.ly/2C601gF (+)
Bitcoin Core Bug CVE-2018–17144 - An Analysis.
• http://bit.ly/2NC71nl (+)
PRTG Network Monitor Privilege Escalation (CVE-2018-17887).
• http://bit.ly/2C9esjR (+)
Authentication bypass vulnerability (W/PE) in WD My Cloud (CVE-2018-17153).
• http://bit.ly/2OUsLMP (+)
Malicious Command Execution via bash-completion (CVE-2018-7738).
• http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html
Intel ME Manufacturing Mode - Obscured dangers and Apple MacBook CVE-2018-4251.
• https://github.com/bazad/blanket
Mach port replacement vulnerability in launchd on iOS 11.2.6 (CVE-2018-4280).
• https://medium.com/tenable-techblog/advantech-webaccess-unpatched-rce-ffe9f37f8b83
Advantech WebAccess Unpatched RCE (CVE-2017–16720).
• http://bit.ly/2NZYf78 (+)
EE 4GEE Mini Local Privilege Escalation Vulnerability (CVE-2018-14327).
• https://github.com/omerporze/brokentooth
Brokentooth - PoC for CVE-2018-4327.
• https://github.com/s1kr10s/Apache-Struts-v3
Apache Struts RCE Exploiter (CVE-2013-2251/CVE-2017-5638/CVE-2018-11776).
• https://blogs.projectmoon.pw/2018/08/17/Edge-InlineArrayPush-Remote-Code-Execution/
Edge InlineArrayPush Remote Code Execution (CVE-2018-8372).
• http://hatriot.github.io/blog/2018/08/22/dell-digital-delivery-eop/
Dell Digital Delivery - Local Privilege Escalation (CVE-2018-11072).
• http://bit.ly/2MTheQP (+)
Analyzing and Exploiting an PE Vuln. in Docker for Windows (CVE-2018-15514).
• http://bit.ly/2o0Mm27 (+)
TerraMaster NAS Vulns Discovered and Exploited (CVE-2018–13354).
• https://landgrey.me/struts2-045-debugging/
Struts2-045 (CVE-2017-5638) vulnerability debugging and POC analysis.
• http://bit.ly/2KYQngG (+)
Bypass in Microsoft ADFS Multi-Factor Authentication protocol (CVE-2018-8340).
• http://bit.ly/2vyB2NU (+)
CVE-2017-2446 or JSC::JSGlobalObject::isHavingABadTime.
• http://bit.ly/2MdGmxp (+)
Exploitation of SSTI with Craft CMS plugin SEOmatic (CVE-2018-14716).
• https://github.com/quentinhardy/scriptsAndExploits
Oracle WebLogic Java Deserialization RCE (CVE-2017-3248).
• http://obtruse.syfrtext.com/2018/07/oracle-privilege-escalation-via.html
Oracle Privilege Escalation via Deserialization (CVE-2018-3004).
• https://neonsea.uk/blog/2018/07/21/tmp-to-rce.html
From writing to /tmp to a root shell on Inteno IOPSYS (CVE-2018-14533).
• http://asintsov.blogspot.com/2018/07/cisco-webex-teams-remote-code-execution.html
Cisco Webex Teams Remote Code Execution Vulnerability (CVE-2018-0387).
• https://www.peckshield.com/2018/07/12/tradeRifle/
The tradeRifle Vuln Identified in LBank Mobile Service (CVE-2018-13363).
• http://bit.ly/2O5x7k2 (+)
Google Chrome pdfium shading drawing integer overflow to RCE (CVE-2018-6120).
• https://www.ambionics.io/blog/prestashop-privilege-escalation
PrestaShop 1.6.x Privilege Escalation (CVE-2018-13784).
• http://bit.ly/2mfSKBI (+)
Dissecting modern browser exploit - case study of CVE-2018–8174.
• https://objective-see.com/blog/blog_0x34.html
A Remote iOS Bug (CVE-2018-4290).
• https://github.com/phoenhex/files/tree/master/exploits/ios-11.3.1
Safari exploit for iPhone 8, iOS 11.3.1 (CVE-2018-4233/CVE-2018-4243).
• https://rampageattack.com/
Vulns in modern phones enable unauthorized access (CVE-2018-9442).
• https://www.codewatch.org/blog/?p=453
PRTG < 18.2.39 Command Injection Vulnerability (CVE-2018-9276).
• https://srcincite.io/blog/2018/05/21/adobe-me-and-a-double-free.html
Adobe, Me and a Double Free :: Analyzing the CVE-2018-4990 Exploit.
• https://neopg.io/blog/enigmail-signature-spoof/
SigSpoof 2 - More ways to spoof signatures in GnuPG (CVE-2018-12019).
• http://bit.ly/2JAq4l3 (+)
Electron Windows Protocol Handler MITM/RCE (bypass for CVE-2018-1000006).
• https://blogs.securiteam.com/index.php/archives/3689
QRadar Remote Command Execution (CVE-2018-1418).
• https://neonsea.uk/blog/2018/04/15/pwn910nd.html
Abusing OpenWRT's printer server to become root (CVE-2018-10123).
• https://xiaodaozhi.com/exploit/117.html
UAF vulnerability in Menu Management Component (CVE-2017-0263).
• http://blog.redactedsec.net/exploits/2018/04/26/nagios.html
NagiosXI Vulnerability Chaining; Death By a Thousand Cuts (CVE-2018-873X).
• https://www.exploit-db.com/exploits/44553/
Oracle Weblogic Server Deserialization RCE Vulnerability (CVE-2018-2628).
• https://github.com/saaramar/execve_exploit
Hardcore corruption of my execve() vulnerability in WSL (CVE-2018-0743).
• http://bit.ly/2HsCqdK (+)
Breaking bad to make good - Firefox CVE-2017–7843.
• http://blogs.360.cn/blog/how-to-kill-a-firefox-en/
How to kill a (Fire)fox (CVE-2018-5146).
• https://blog.ice9.us/2018/04/stealing-credit-cards-from-fuze-bluetooth.html
Stealing Credit Cards from FUZE via Bluetooth (CVE-2018-9119).
• https://krbtgt.pw/windows-remote-assistance-xxe-vulnerability/
Windows Remote Assistance XXE vulnerability (CVE-2018-0878).
• https://ahussam.me/Leaking-WordPress-CSRF-Tokens/
Leaking WordPress CSRF Tokens for Fun (CVE-2017-5489).
• https://codewhitesec.blogspot.pt/2018/03/exploiting-adobe-coldfusion.html
Exploiting Adobe ColdFusion before CVE-2017-3066.
• https://goo.gl/ND8WeR (+)
Getting to the Bottom of CVE-2018-0825 Heap Overflow Buffer.
• https://github.com/iDaN5x/Switcheroo/wiki/Article
Exploiting CVE-2016-4657 to Jailbreak the Nintendo Switch.
• https://bazad.github.io/2018/03/a-fun-xnu-infoleak/
A fun XNU infoleak (CVE-2017-13868).
• https://github.com/hfiref0x/Stryker
Multi-purpose proof-of-concept tool based on CPU-Z (CVE-2017-15303).
• http://www.freebuf.com/articles/terminal/160041.html
Vulnerability Analysis and Utilization - Root Android 7.x (CVE-2017-8890).
• https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
LibreOffice remote arbitrary file disclosure vulnerability (CVE-2018-6871).
• http://www.greyhathacker.net/?p=1006
Exploiting System Shield AntiVirus (CVE-2018-5701).
• https://www.halfdog.net/Security/2017/LibcRealpathBufferUnderflow/
Libc Realpath Buffer Underflow (CVE-2018-1000001).
• https://goo.gl/8JYRYz (+)
Paperclip's Server Side Request Forgery (SSRF) vulnerability (CVE-2017–0889).
• https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip
7Zip - Multiple Mem. Corruptions via RAR and ZIP (CVE-2018-5996/CVE-2017-17969).
• https://blogs.securiteam.com/index.php/archives/3649
Oracle VirtualBox Multiple Guest to Host Escape Vuln (CVE-2018-2698).
• https://github.com/artkond/cisco-snmp-rce
Cisco IOS SNMP Remote Code Execution PoC (CVE-2017-6736).
• https://www.anquanke.com/post/id/94210
Microsoft fixes the first Office 0day vulnerability (CVE-2018-0802).
• https://goo.gl/Nkrdni (+)
Exploiting MS16-145 - MS Edge TypedArray.sort Use-After-Free (CVE-2016-7288).
• https://lanrat.com/tethr/
Tethr - Android Tethering Provisioning Check Bypass (CVE-2017-0554).
• https://www.fireeye.com/blog/threat-research/2017/05/gaining-root-on-lenovo-vibe.html
Gaining Root on the Lenovo Vibe (CVE-2017-3750/3749/3748).
• https://goo.gl/7i24Kk (+)
Elevation of Privilege vulnerability in QNX Qnet (CVE-2017-3891).
• https://msitpros.com/?p=3909
Bypassing Device guard UMCI using CHM (CVE-2017-8625).
• https://goo.gl/SF3fE2 (+)
Xplico Unauthenticated Remote Code Execution CVE-2017-16666.
• https://justi.cz/security/2017/11/14/couchdb-rce-npm.html
Remote Code Execution in CouchDB (CVE-2017-12635).
• https://edoverflow.com/2017/ruby-resolv-bug/
Bypassing SSRF filters by abusing a bug in Ruby's resolver (CVE-2017-0904).
• https://goo.gl/DD871b (+)
Apache James 3.0.1 JMX Server Deserialization (CVE-2017-12628).
• https://jesux.es/exploiting/blueborne-android-6.0.1/
BlueBorne RCE on Android 6.0.1 - How to (CVE-2017-0781).
• https://goo.gl/mJoCR2 (+)
Fake Crypto - MS Outlook S/MIME Cleartext Disclosure (CVE-2017-11776).
• http://www.geeknik.net/7k9et2d9e
Out of bounds bug in libcurl's IMAP FETCH (CVE-2017-1000257).
• https://github.com/nluedtke/linux_kernel_cves
Tracking CVEs for the linux Kernel.
• https://blog.doyensec.com/2017/08/03/electron-framework-security.html
Modern Alchemy - Turning XSS into RCE (CVE-2017-12581).
• https://github.com/g0tmi1k/debian-ssh
Debian OpenSSL Predictable PRNG - CVE-2008-0166 (Oldies!).
• https://github.com/matteyeux/triple_fetch
Remote lldb debugserver for debugging userspace procs on iOS (CVE-2017-7047).
• http://rh0dev.github.io/blog/2017/the-return-of-the-jit/
The Return of the JIT in Mozilla Firefox (x86) (CVE-2017-5375).
• https://goo.gl/djcEh1 (+)
Code Injection in VMware Horizon’s macOS Client (CVE-2017-4918).
• https://goo.gl/RmmyFJ (+)
From fuzzing Apache httpd server to CVE-2017-7668.
• https://blog.preempt.com/new-ldap-rdp-relay-vulnerabilities-in-ntlm
New LDAP & RDP Relay Vulnerabilities in NTLM (CVE-2017-8563).
• https://goo.gl/1HRwSB (+)
The Chakra Exploit (CVE-2016-7200/CVE-2016-7201).
• https://goo.gl/gJ1LiQ (+)
Privilege Escalation in VirtualBox (CVE-2017-3316).
• https://github.com/XiphosResearch/exploits/tree/master/Joomblah
Exploit for Joomla 3.7.0 (CVE-2017-8917).
• https://github.com/stealth/plasmapulsar
Generic root exploit against kde (CVE-2017-8422, CVE-2017-8849).
• https://goo.gl/4oruRY (+)
Trend Micro ServerProtect Multiple Vulnerabilities (CVE-2017-9032/37).
• https://github.com/embedi/amt_auth_bypass_poc
Intel AMT authentication bypass example (CVE-2017-5689).
• https://stringbleed.github.io
Stringbleed CVE 2017-5135 SNMP authentication bypass.
• https://goo.gl/SXXey1 (+)
Old School Phishing Vulnerability on Outlook for Mac (CVE-2017-0207).
• https://goo.gl/TvYytI (+)
OpenElec RCE via Man-In-The-Middle (CVE-2017-6445).
• https://github.com/theori-io/chakra-2016-11
PoC for Edge bugs (CVE-2016-7200 & CVE-2016-7201).
• https://saelo.github.io/posts/firefox-script-loader-overflow.html
Exploiting a Cross-mmap Overflow in Firefox. (CVE-2016-9066).
• http://netanelrub.in/2017/03/20/moodle-remote-code-execution/
Moodle – Remote Code Execution (CVE-2017-2641).
• http://jackson.thuraisamy.me/oracle-opera.html
RCE and PII Data Exfil in Oracle's Hotel Mgmt (CVE-2016-5663/4/5).
• https://github.com/tunz/js-vuln-db
A collection of JavaScript engine CVEs with PoCs.
• https://security.tencent.com/index.php/blog/msg/110
Android Voice mail forgery vulnerability analysis (CVE-2016-6771).
• https://filippo.io/Ticketbleed/
Ticketbleed - F5 BIG-IP TLS/SSL stack issue (CVE-2016-9244).
• https://goo.gl/MdCd6S (+)
Nagios Core < 4.2.2 - Curl Command Injection (CVE-2016-9565-2008-4796).
• http://blogs.360.cn/360safe/2016/11/29/three-roads-lead-to-rome-2/
Three roads lead to Rome (CVE-2016-7201).
• https://goo.gl/CTp8We (+)
Root Privilege Escalation in MySQL/MariaDB/PerconaDB (CVE-2016-6664/CVE-2016-5617).
• https://goo.gl/fb63MI (+)
Root Privilege Escalation in Nginx (CVE-2016-1247).
• https://goo.gl/zllfk3 (+)
GNU tar extract path Bypass Analysis (CVE-2016-6321).
• http://blog.skylined.nl/20161206001.html
MSIE jscript9 Java­Script­Stack­Walker Analysis (MS15-056, CVE-2015-1730).
• https://goo.gl/xvrb0T (+)
GitLab Vulnerabilities Analysis (CVE-2016-9086 and more).
• https://goo.gl/0wvoBX (+)
Adobe Reader Privileged JavaScript 0Days (CVE-2016-6957/CVE-2016-6958).
• http://blog.x1622.com/2016/01/poc-how-to-steal-httponly-session.html
Get httponly session cookies via Apache cookie overflow (CVE-2012-0053).
• http://www.ms509.com/?p=439
Exploit analysis and practical - From Crash to hijack PC (CVE-2015-3825).
• http://www.mbsd.jp/blog/20160921_2.html
Safari's URL redirection XSS (CVE-2016-4585).
• http://paper.seebug.org/58/
CSRF protection bypass on Django via GA (CVE-2016-7401).
• http://mksben.l0.cm/2016/09/safari-uxss-showModalDialog.html
UXSS in Safari's showModalDialog (CVE-2016-4758).
• http://lab.truel.it/flash-sandbox-bypass/
Flash sandbox bypass - local data exfiltration (CVE-2016-4271).
• http://goo.gl/x6TVjl (+)
Trend Micro Deep Discovery hotfix_upload.cgi filename RCE (CVE-2016-5840).
• https://sektioneins.de/en/blog/16-09-02-pegasus-ios-kernel-vulnerability-explained.html
PEGASUS iOS Kernel Vulnerability Explained (CVE-2016-4656).
• http://legalhackers.com/advisories/vBulletin-SSRF-Vulnerability-Exploit.txt
vBulletin SSRF Vulnerability (CVE-2016-6483).
• https://rol.im/securegoldenkeyboot/
Secure Golden Key Boot (MS16-094/CVE-2016-3287 and MS16-100/CVE-2016-3320).
• https://bazad.github.io/2016/05/mac-os-x-use-after-free/
Mac OS X Privilege Escalation via Use-After-Free (CVE-2016-1828).
• https://goo.gl/K7f9kF (+)
CVE-2016-5134 Chrome Firefox WPAD.
• http://mksben.l0.cm/2016/07/xxn-caret.html
Abusing XSS Filter - One ^ leads to XSS (CVE-2016-3212).
• http://goo.gl/CZ1Sii (+)
Ruby on Rails vulnerability commentary (CVE-2016-2098).
• http://srcincite.io/advisories/src-2016-22/
MS Office Component FSupportSAEXTChar() - Use-After-Free RCE (CVE-2016-0140).
• http://blog.knownsec.com/2016/06/php-5-4-34-unserialize-uaf-exploit/
PHP 5.4.34 unserialize UAF exploit (CVE-2014-8142).
• https://gist.github.com/sourceincite/985fd1476b7e1623cdbf7e22f3cc42e8
MS Office - FSupportSAEXTChar() Use After Free RCE (CVE-2016-0140).
• http://goo.gl/gOwiwL (+)
In-Depth Analysis and Reverse Engineering of IE CVE-2015-2444.
• http://drops.wooyun.org/papers/15430
Struts2 method call RCE Vulnerability (CVE-2016-3081).
• https://goo.gl/fBEuSF (+)
Analysis of Adobe Flash Player - Integer Overflow (CVE-2015-5560).
• https://github.com/talos-vulndev/advisories/tree/master/TALOS-2016-0088/poc
OS X Gen6Accelerator - Local Privilege Escalation (CVE-2016-1743).
• https://github.com/gdbinit/mach_race
Mach Race OS X Local Privilege Escalation Exploit (CVE-2016-1757).
• https://goo.gl/E6k81e (+)
Fun with Remote Controllers (CVE-2016-2345).
• https://github.com/mrsmn/ares
Library for an easy to use wrapper around https://cve.circl.lu.
• https://gist.github.com/nishimunea/5d06bf899198eb104238
Cross-origin Data leakage in Chrome (CVE-2014-6759).
• http://jeffq.com/blog/dteenergy-insight/
Unauthenticated "filter" parameter leak PII (CVE-2016-1562).
• http://blog.ptsecurity.com/2016/01/severe-vulnerabilities-detected-in.html
Severe Vulnerabilities Detected in FreeBSD (CVE-2016-1879).
• https://pierrekim.github.io/blog/2016-01-05-Ganeti-Info-Leak-DoS.html
Ganeti DoS and Unauthenticated Info Leak (CVE-2015-7944/CVE-2015-7945).
• http://www.payatu.com/from-crash-to-exploit/
From Crash to Exploit (CVE-2015-6086) Out of Bound Read/ASLR Bypass.
• http://www.icewall.pl/?p=732&lang=en
MS .NET/Silverlight Manifest Resource Info. Disclosure (CVE-2015-6114).
• http://goo.gl/tJ00NN (+)
Exploiting F5 ICall::Script Privilege Escalation (CVE-2015-3628).
• http://d.hatena.ne.jp/masa141421356/20150914/1442239071
CVE-2015-1729 fixed by MS15-065 XSS!
• https://gist.github.com/mak/bd71962aae98ab0b0441
CVE-2015-3113 from 205a625ebc3b0a9b286dc8f065845433.
• https://labs.integrity.pt/articles/xxe-all-the-things-including-apple-ioss-office-viewer/
XXE All The Things! (Including Apple iOS's Office Viewer - CVE-2015-3784).
• http://www.openwall.com/lists/oss-security/2015/08/04/8
Linux privilege escalation due to nested NMIs interrupting espfix64 (CVE-2015-3290).
• https://github.com/vlad902/hacking-team-windows-kernel-lpe
Windows kernel LPE 0day from the Hacking Team (CVE-2015-2426/MS-078).
• http://www.anti-reversing.com/1813/
CVE-0xFFFF-0xFFFF.
• https://cxsecurity.com/issue/WLB-2015050153
Apache Jackrabbit WebDAV XXE (CVE-2015-1833).
• https://git.hacklab.kr/snippets/13
Flash CVE-2015-0359 PoC.
• http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt
wpa_supplicant P2P SSID processing vulnerability (CVE-2015-1863 - DoS-RCE).
• http://bobao.360.cn/learning/detail/357.html
Adobe Flash FLV Aduio Nellymoser Decoding Heap Buffer Overflow Vulnerability (CVE-2015-3043).
• http://christian-schneider.net/ChromeSopBypassWithSvg.html
Chrome SOP Bypass with SVG (CVE-2014-3160).
• https://gist.github.com/worawit/33cc5534cb555a0b710b
"PoC" for Samba vulnerabilty (CVE-2015-0240).
• https://capsop.com/phpmyadmin
PHPMYADMIN PMA VULN CVE-2009-1151 (Yep Still the same!)
• https://blog.gaborszathmari.me/2014/12/10/wordpress-exploitation-with-xss/
WordpreXSS Real Exploitation using CVE-2014-9031.
• https://gist.github.com/worawit/84ab41358b8465966224
CVE-2014-6332 PoC to get shell (packed everything in one html).
• https://github.com/c0r3dump3d/wp_drupal_timing_attack
Python scripts to exploit CVE-2014-9016 (Drupal) and CVE-2014-9034 (Wordpress).
• http://tyranidslair.blogspot.co.uk/2014/11/whens-documenturl-not-documenturl-cve.html
When's document.URL not document.URL? (CVE-2014-6340).
• https://github.com/lnxg33k/misc/blob/master/shellshock.py
PoC for CVE-2014-6271 shellshock with Proxy/Tor Support.
• http://marc.info/?l=qmail&m=141183309314366&w=2
qmail is a vector for CVE-2014-6271 (bash "shellshock").
• http://pathonproject.com/zb/?5b343c33591c9cc9#Pc9t/zKg8zWJUNkqqvYhuuL7Lofz8PGTX7R3qat0i/8=
All About Bash Bug - CVE-2014-6271. (ShellShock!)
• https://github.com/arisada/stunnel_xp
Stunnel 4.56 (CVE2014-0017) proof of concept.
• http://hashcrack.org/page?n=21072014
CVE-2014-4699 - Linux Kernel ptrace/sysret vulnerability analysis.
• https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu
GKsu and VirtualBox Root Command Execution by Filename (CVE-2014-2943).
• http://hashcrack.org/index.html#190614
CVE-2014-4014 - Linux Kernel Local Privilege Escalation "exploitation".
• http://ccsinjection.lepidum.co.jp/blog/2014-06-05/CCS-Injection-en/index.html
How I discovered CCS Injection Vulnerability (OpenSSL CVE-2014-0224).
• http://pastebin.com/0EqWGmTi
iOS 7.1 Security Update Details (Name,Available for, Impact, Description and CVE/Author).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment