>> CATEGORY: exploit

Backdoor.Win32.WinShell.50 malware suffers from a weak hardcoded password vulnerability.

Local privilege escalation root exploit for Polkit’s pkexec vulnerability as described in CVE-2021-4034 and known as PwnKit. Written in Go.

Local privilege escalation root exploit for Polkit’s pkexec vulnerability as described in CVE-2021-4034. Verified on Debian 10 and CentOS 7. Written in C.

Local privilege escalation exploit for a Linux kernel slab out-of-bounds write vulnerability. This exploit has been tested in an Ubuntu 21.04 Hirsute with kernel 5.11.0.

This archive contains demo exploits for CVE-2022-0185. There are two versions here. The non-kctf version (fuse version) specifically targets Ubuntu with kernel version 5.11.0-44. It does not directly return a…

TYPO3 femanager extension versions 6.0.0 through 6.0.3 and 5.5.0 and below suffer from a persistent cross site scripting vulnerability.

The H2 Database console suffers from an unauthenticated remote code execution vulnerability.

Online Project Time Management System version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.

Backdoor.Win32.Agent.uq malware suffers from an insecure permissions vulnerability.

Backdoor.Win32.FTP99 malware suffers from an authentication bypass vulnerability.