一些漏洞分析

Modified Nuclei Templates Version to FUZZ Host Header

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).

ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)

Red Hat Dependency Analytics extension

Vulnerability database and package search for sources such as OSV, NVD, GitHub and npm.

A Collection of Various Discord Bugs, Exploits, Un-Documented Parts of the Discord API, and Other Discord Related Miscellaneous Stuff.

Guest to host VM escape exploit for Parallels Desktop

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

A collection of my public security advisories.

All the IOC's I have gathered which are used directly involved coronavirus / covid-19 / SARS-CoV-2 cyber attack campaigns

A simple framework for sending test payloads for known web CVEs.

Some personal exploits/pocs

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

iOS 15 0-day exploit (still works in 15.0.2)

Extensible framework for analyzing publicly available information about vulnerabilities

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

NVD/CVE as JSON files

漏洞研究