Skip to content

Latest commit

 

History

History

pocs

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

❤ Be a Hero, tip a 🍺 🙂 ⟶ Ƀ: 1AZMeGVfCBbYwVYyG9s79pJDyocTZgiApa | Ξth: 0x438B38E30eF117C15fBfF833f9C2c70182925815

PoCs

Exploit PoCs for vulnerabilities disclosed by tintinweb.

CVE Description
nocve-2021-ipns-downgrading-and-takeover see readme
nocve-2021-jsipns-signed-message-malleability see readme
nocve-2021-jsipfs-api-cors-bypass-full-admin-write see readme
nocve-2021-jsipfs-html-injection see readme
cve-2020-26279 go-ipfs path traversal
cve-2020-26283 see readme
nocve-2021-ipfs-desktop-path-traversal-and-arbitrary-overwrite see readme
nocve-2021-remix_drive_by_and_remixd_path_traversal_and_rce see readme
nocve-2021-php-imap_mime_splitting_crlf see readme
nocve-2021-python-mime_splitting see readme
nocve-2021-python-smptlib_multiple_crlf see readme
cve-2021-21374 (mitre) In Nim before 1.4.4, Nimble fails to validate certificates due to insecure httpClient defaults
cve-2021-21373 (mitre) In Nim before 1.4.4, Nimble falls back to insecure http url when fetching packages
cve-2021-21372 (mitre) In Nim before 1.4.4, Nimble allows arbitrary code execution for specially crafted package metadatas
cve-2020-15690 (mitre) In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.
cve-2020-15691 (mitre) In Nim before 1.2.6, the standard library smtp is vulnerable to multiple newline character injections
cve-2020-15692 (mitre) In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands.
cve-2020-15693 (mitre) In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands.
cve-2020-15694 (mitre) In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.
nocve-2020-ethereum2.0-teku-gossipsub-dos Teku nodes are vulnerable to a resource exhaustion attack caused by allocating a buffer from an unchecked attacker-controlled length field causing a DoS condition that prevents them from participating in consensus.
nocve-2020-ethereum-trinity-neighbour_of_death An attacker may send (unsolicited) discv4 neighbour responses to trinity nodes, causing an exception forcing the node to shut down.
cve-2018-10058 (mitre) The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the addpool, failover-only, poolquota, and save command handlers.
cve-2018-10057 (mitre) The remote management interface of cgminer 4.10.0 and bfgminer 5.5.0 allows an authenticated remote attacker to write the miner configuration file to arbitrary locations on the server due to missing basedir restrictions (absolute directory traversal).
cve-2017-13208 (mitre) Android Open Source Project (AOSP) - In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67474440.
cve-2017-18016 (mitre) Parity Browser <=1.6.8 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin).
cve-2017-16930 (mitre) The remote management interface on the Claymore Dual GPU miner 10.1 allows an unauthenticated remote attacker to execute arbitrary code due to a stack-based buffer overflow in the request handler. This can be exploited via a long API request that is mishandled during logging.
cve-2017-16929 (mitre) The remote management interface on the Claymore Dual GPU miner 10.1 is vulnerable to an authenticated directory traversal vulnerability exploited by issuing a specially crafted request, allowing a remote attacker to read/write arbitrary files. This can be exploited via ../ sequences in the pathname to miner_file or miner_getfile.
nocve-2017-macos-oidparser-certtool certtool cuOidParser sprintf buffer overwrite
cve-2017-8798 (mitre) Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
nocve-2016-ethereum_mist_browser ethereum mist browser arbitrary command execution file read write delete and information disclosure
cve-2016-5725 (mitre) Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
cve-2016-3116 (mitre) CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.
cve-2016-3115 (mitre) Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7.2p2 allow remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related to the (1) do_authenticated1 and (2) session_x11_req functions.
cve-2016-2563 (mitre) Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.
cve-2016-0772 (mitre) The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
cve-2015-5477 (mitre) (poc only) named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
cve-2014-2023 (mitre) Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/.
cve-2014-2022 (mitre) SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request.
cve-2014-2021 (mitre) Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.