104 Open source projects that are alternatives of or similar to Cve 2019 12086 Jackson Databind File Read

A PHP version scanner for reporting possible vulnerabilities

Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

Resources for Windows exploit development

Faraday introduces a new concept - IPE (Integrated Penetration-Test Environment) a multiuser Penetration test IDE. Designed for distributing, indexing, and analyzing the data generated during a security audit.

CVE-2019-10149 : A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

Exploiting Edge's read:// urlhandler

Log4j Vulnerability Scanner for Windows

Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能

Public Disclosures

CVE-2018-8120 Windows LPE exploit

快速搭建各种漏洞环境(Various vulnerability environment)

Red Hat Dependency Analytics extension

Unofficial api for cve.mitre.org

Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)

With the hope that someone finds the data useful, we periodically publish an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database. See also https://github.com/CERTCC/Vulnerability-Data-Archive-Tools

This repository contains writeups for various CTFs I've participated in (Including Hack The Box).

The Correlated CVE Vulnerability And Threat Intelligence Database API

log4j2 remote code execution or IP leakage exploit (with examples)

The clever vulnerability dependency finder

🐱‍💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks

🔪Browser logic vulnerabilities ☠️

NVD/CVE as JSON files

IVA is a system to scan for known vulnerabilities in software products installed inside an organization. IVA uses CPE identifiers to search for CVEs related to a software product.

漏洞研究

Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance. #nsacyber

WebMap-Nmap Web Dashboard and Reporting

Extensible framework for analyzing publicly available information about vulnerabilities

Writeup of CVE-2020-15906

BootStomp: a bootloader vulnerability finder

The OpenSSF CVE Benchmark consists of code and metadata for over 200 real life CVEs, as well as tooling to analyze the vulnerable codebases using a variety of static analysis security testing (SAST) tools and generate reports to evaluate those tools.

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

patches for SNYK-JS-JQUERY-174006, CVE-2019-11358, CVE-2019-5428

Documentation and Sharing Repository for ThreatPinch Lookup Chrome & Firefox Extension

PatrowlHears - Vulnerability Intelligence Center / Exploits

Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.

Poc Collected for study and develop

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

The PHP Security Checker

Check linux sources dump for known CVEs.

🐈Medusa是一个红队武器库平台，目前包括扫描功能(200+个漏洞)、XSS平台、协同平台、CVE监控等功能，持续开发中 http://medusa.ascotbe.com

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15

No description or website provided.

ES File Explorer Open Port Vulnerability - CVE-2019-6447

Advisories and Proofs of Concept by BlackArrow

A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.

A Common Weakness Enumeration (CWE) Node.js SDK compliant with MITRE / CAPEC

A collection of curated Java Deserialization Exploits

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

A social experiment

A personal collection of Windows CVE I have turned in to exploit source, as well as a collection of payloads I've written to be used in conjunction with these exploits.

Vulnerability scanner using Nmap for scanning and correlating found CPEs with CVEs.

A simple framework for sending test payloads for known web CVEs.

🌴Windows Kernel privilege escalation vulnerability collection, with compilation environment, demo GIF map, vulnerability details, executable file

CVE Alerting Platform

RCE for old gitlab version <= 11.4.7 & 12.4.0-12.8.1 and LFI for old gitlab versions 10.4 - 12.8.1

cvebase is a community-driven vulnerability data platform to discover the world's top security researchers and their latest disclosed vulnerabilities & PoCs

Social Network Tabs Wordpress Plugin Vulnerability - CVE-2018-20555

Vulnerability Labs for security analysis

Tracking CVEs for the linux Kernel