WSO2 RCE (CVE-2022-29464) exploit and writeup.

Gather and update all available and newest CVEs with their PoC.

CSP Playground for CVE-2021-30682

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228

WordPress Plugin Update Confusion

PoC exploit for the CVE-2019-15126 kr00k vulnerability

Pwn stuff.

cve-search - a tool to perform local searches for known vulnerabilities

RCE 0-day for GhostScript 9.50 - Payload generator

A list of vulnerabilities or design flaws that Microsoft does not intend to fix. Since the number is growing, I decided to make a list. This list covers only vulnerabilities that came up in July 20…

Windows Privilege Escalation from User to Domain Admin.

Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.

Scheme flooding vulnerability: how it works and why it is a threat to anonymous browsing

cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs

⚠️ Browser fingerprinting via favicon!

🔪Browser logic vulnerabilities ☠️

Miscellaneous exploit code

Exploits for getting local root on Linux, BSD, AIX, HP-UX, Solaris, RHEL, SUSE etc.

Vulnerability Verification Environment based on Docker

💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002

Proof-of-concept codes created as part of security research done by Google Security Team.

DDoS attack tool for sending forged UDP packets to vulnerable Memcached servers obtained using Shodan API

A database of PHP security advisories

X41 Browser Security White Paper - Tools and PoCs

Exploit repository

PoC (DoS + scanner) for CVE-2020-0609 & CVE-2020-0610 - RD Gateway RCE

Zero-day and N-day security vulnerability notes, analysis, and proof-of-concepts

CVE-2019-5418 - File Content Disclosure on Ruby on Rails