Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

PHP

PowerShell

Elixir

R

CSS

F#

Nix

MATLAB

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Ada

Racket

Nix

PHP

Julia

Dart

Lua

C

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇻🇺 Vanuatu

🇦🇷 Argentina

🇲🇹 Malta

🇰🇳 Saint Kitts and Nevis

🇦🇼 Aruba

🇮🇹 Italy

🇨🇮 Côte d'Ivoire

🇳🇨 New Caledonia

All Countries Compare Countries

irsl/CVE-2020-1967

Stars
19
Rank 1,163,249 (Top 23 %)
Language
Created over 4 years ago
Updated 5 months ago

irsl/CVE-2020-1967

irsl

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967)

gcp-dhcp-takeover-code-exec

Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent

curlshell

reverse shell using curl

ADB-Backup-APK-Injection

Android ADB backup APK Injection POC

dfwfw

Docker Firewall Framework

jackson-rce-via-spel

An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions

CVE-2020-1313

Proof of concept exploit of Windows Update Orchestrator Service Elevation of Privilege Vulnerability

Huawei-Hisuite-KobackupCipherTool

Tool to encrypt/decrypt backup packages created by Huawei Hisuite.

CVE-2020-0728

Proof of Concept code for CVE-2020-0728

apache-openoffice-rce-via-uno-links

php-bypass-disable-functions

Demo project how to bypass the disable_functions security control of PHP on Linux

microsoft-diagcab-rce-poc

Proof of concept about a path traversal vulnerability in Microsoft's Diagcab technology that could lead to remote code execution

lgosp-poc

LG On Screen Phone authentication bypass PoC (CVE-2014-8757)

struts-any-results

Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.

golang-insecureskipverify-patch

Simple patcher tool to turn off TLS handshake validation in golang binaries

google-osconfig-privesc

Proof of concept about the privilege escalation flaw identified in Google's Osconfig

CVE-2022-20128

Android Debug Bridge (adb) was vulnerable to directory traversal attacks that could have been mounted by rogue/compromised adb daemons during an adb pull operation.

microsoft-diaghub-case-sensitivity-eop-cve

Proof of concept code about the Microsoft Diaghub case sensitivity Elevation of Privileges vulnerability

tcp-http-proxy

A potential solution for OpenWRT + Mitmproxy

gnu-patch-vulnerabilities

The GNU patch utility was prone vulnerable to multiple attacks through version 2.7.6. You can find my related PoC files here.

mysql-load-data-local-abuse

Abusing MySQL's LOAD DATA LOCAL feature

golang-http2debug-onthefly

Tool to activate http2debug feature of golang on the fly.

go-reproto

An experimental tool to reconstruct proto definitions based on golang binaries

cloud-sql-auth-proxy-iam-mitm

PoC tool to demonstrate an MitM attack against Google's Cloud SQL authentication proxy product.

pcap-proxy

A simple userland TCP proxy application that captures the network flow into a .pcap file

CVE-2022-3168-adb-unexpected-reverse-forwards

Proof of concept code to exploit flaw in adb that allowed opening network connections on the host to arbitrary destinations

icedtea-web-vulnerabilities

Hosting proof of concept exploit code of the remote code execution vulnerabilities in the IcedTea-Web Java webstart implementation.

postgres-proxy-cloudsql-iam-vuln

A PoC proxy script that allowed me to extract access tokens from the Postgres wire messages in Google Cloud SQL.

cloud-shell-ssrf

Google Cloud Shell SSRF feature PoC tool

grpcurl-for-android

gRPCurl precompiled binaries for Android

rdiff-backup

Simple docker image around rdiff-backup

raiffeisen-direktnet

Transaction parser for the Raiffeisen Direktnet banking website

hikvision-motion

SMTP server to receive HikVision camera/NVR notifications in order to post process the stream/images with GCP Vision AI (object tagging). Push notification to your device.

p1x1

Open-source web application for cataloging and archiving private photos in S3 compatible stores, protecting content via a full-browser, client-side encryption logic.

proftpd-mysql-password

Support for MySQL PASSWORD() in Proftpd's SQLAuthTypes