所有平台上10.7.1和11.1.0之前的所有版本的CrushFTP中存在服务器端模板注入漏洞,使得未经验证的远程攻击者能够从VFS沙盒外部的文件系统读取文件,绕过身份验证以获得管理访问权限,并在服务器上执行远程代码。
A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. (2024-05-06, Python, 0KB, 下载0次)
此Python脚本利用了Microsoft Edge中的漏洞(CVE-224-21388),允许通过私有API静默安装具有提升权限的浏览器扩展。
This Python script exploits a vulnerability (CVE-2024-21388) in Microsoft Edge, allowing silent installation of browser extensions with elevated privileges via a private API. (2024-03-29, Python, 0KB, 下载0次)
项目1 du cour 8INF917:Création dune Platforme Web浇注收集器les vulnérabilite s des objets
Projet 1 du cour 8INF917 : Création d’une plateforme Web pour collecter les vulnérabilités des objets (2024-02-19, Python, 0KB, 下载0次)
一种利用0天漏洞并允许在没有权限的情况下将视频发送到TV服务器的工具。
A tool to exploit a 0-day vulnerability and allow videos to be sent to the TV server without permissions. (2024-02-04, Python, 0KB, 下载0次)
FuzzMaster是一个强大的基于Python的快速web模糊器,旨在发现web应用程序中的隐藏目录。这个工具是你的目标…
FuzzMaster is a powerful Python-based fast web fuzzer designed to uncover hidden directories in web applications. This tool is your go-to… (2024-01-24, Python, 0KB, 下载0次)
Shellshock Exploit是一个旨在有效利用易受攻击的CGI服务器中的Shellshomp漏洞(CVE-2014-6271)的工具,...
The Shellshock Exploit is a tool designed to efficiently exploit the Shellshock vulnerability (CVE-2014-6271) in susceptible CGI servers, enabling a precise takeover of the target server. Shellshock is a critical security vulnerability that affects the Bash shell, allowing attackers to execute arbitrary commands on the targeted system (2023-12-13, Python, 0KB, 下载0次)
我的团队的HackUTD X项目的分析包,该分析包确定传感器是否正在检测甲烷泄漏的结果,给定天气...
An analysis package for my team s HackUTD X project which determines if a sensor is picking up the results of a methane leak, given weather data and methane concentration (2023-11-05, Python, 0KB, 下载0次)
numpy序列化器是一种很好的高级序列化numpy.arrays的方法,同时保留它们的形状和类型。
numpy-serializer is a nice and high-level way to serialize numpy.arrays while preserving their shape and type. (2020-12-24, Python, 0KB, 下载0次)
用于不安全反序列化、创建有效负载和通过cookie报头传递的Nodejs服务器允许RCE。请小心这个,因为...
Nodejs server for insecure deserialization, crafting payload and passing via cookie header allows RCE. Please be careful with this as is severly insecure. (2023-09-19, Python, 0KB, 下载0次)
CVE-2021-26855,也称为Proxylogon,是Exchange中的服务器端请求伪造(SSRF)漏洞,允许攻击者...,
CVE-2021-26855, also known as Proxylogon, is a server-side request forgery (SSRF) vulnerability in Exchange that allows an attacker to send arbitrary HTTP requests and authenticate as the Exchange server. (2022-07-04, Python, 0KB, 下载0次)
使用浏览器爬虫获取网站全链接扫描log4j2漏洞 Use a browser crawler to get the full link of the website and scan the log4j2 vulnerability,
Use a browser crawler to get the full link of the website and scan the log4j2 vulnerability, (2022-03-31, Python, 0KB, 下载0次)
CVE-2019-10149的PoC,该漏洞可以在4-87到4.91版本的Exim服务器之间被利用。,
PoC for CVE-2019-10149, this vulnerability could be xploited betwen 4-87 to 4.91 version of Exim server., (2019-06-18, Python, 0KB, 下载0次)
OASIS TC Open Repository:CSAF解析器工具,用于解析和检查通用漏洞报告框架(CVRF)con...,
OASIS TC Open Repository: CSAF Parser tool for parsing and checking the syntax of the Common Vulnerability Reporting Framework (CVRF) content (2022-07-14, Python, 0KB, 下载0次)
渗透测试漏洞管理器是Burp Suite的扩展,用Jython编写。它由Barak Tawily开发,旨在...,
Penetration Test Vulnerabilities Manager is an extension for Burp Suite, written in Jython. It was developed by Barak Tawily in order to help application security professionals manage vulnerabilities (2021-07-25, Python, 0KB, 下载0次)
DDoS抵御工具,用于向使用Shodan API获得的易受攻击的Memcached服务器发送刷新或关闭命令,
DDoS mitigation tool for sending flush or shutdown commands to vulnerable Memcached servers obtained using Shodan API, (2018-03-21, Python, 0KB, 下载0次)
使用模拟引脚检测漏水,使用车载温度监测器检测低温情况,并通过动作发出警报...,
Detects a water leak using an analog Pin and a low temperature situation using the onboard temperature monitor and sounds an alarm by activating a digital Pin and sends an alert over SMS using the Twilio API (2023-03-02, Python, 0KB, 下载0次)
这是hoppy,一个http方法探测器,它是一个python脚本,用于测试http方法的配置问题,以泄漏信息或...,
This is hoppy, a http method prober, it is a python script which tests http methods for configuration issues leaking information or just to see if they are enabled. (2019-03-18, Python, 0KB, 下载0次)
在某些情况下,Miscorosoft HTTP Server API在向服务器发送GET HTTP 1.0请求时泄漏内部ip地址。,
In some cases the Miscorosoft HTTP Server API leaks internal ip addresses while sending a GET HTTP 1.0 request to the server., (2023-04-02, Python, 0KB, 下载0次)
项目feito na FIAP com parceria com a Vivo。由gás móvel utilizando Python e覆盆子Pi.检测器组成。,
Projeto feito na FIAP com parceria com a Vivo. Consiste em um detector de gás móvel utilizando Python e Raspberry Pi., (2021-09-11, Python, 0KB, 下载0次)
氰化物是一种非常简单的窃取器,允许您获取Cookies、密码和Discord代币,
Cyanide is a very simple stealer that allows you to take Cookies, Passwords and Discord tokens, (2023-05-04, Python, 0KB, 下载0次)