awesome-cve-poc - ✍️ A curated list of CVE PoCs.

  •        18

✍️ A curated list of CVE PoCs.Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you might also want to check out awesome-web-security.

https://github.com/qazbnm456/awesome-cve-poc

Tags
Implementation
License
Platform

   




Related Projects

tpwn - xnu local privilege escalation via cve-2015-???? & cve-2015-???? for 10

  •    Objective-C

xnu local privilege escalation via cve-2015-???? & cve-2015-???? for 10.10.5, 0day at the time | poc or gtfo

CVE-2018-7600 - 💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002

  •    Python

IMPORTANT: Is provided only for educational or information purposes. CVE-2018-7600 / SA-CORE-2018-002 Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.

VIKIROOT - CVE-2016-5195 (Dirty COW) PoC for Android 6.0.1 Marshmallow

  •    C

This is a CVE-2016-5195 PoC for 64-bit Android 6.0.1 Marshmallow (perhaps 7.0 ?), as well as an universal & stable temporal root tool. It does not require a SUID executable or any filesystem changes. By "SELinux bypass" I mean the payload will run in init domian even if SELinux is in enforcing mode, however, a patch to sepolicy is still needed for making init domain unconfined. Usually this means a modified boot image is required.

CVE-2016-0051 - EoP (Win7) & BSoD (Win10) PoC for CVE-2016-0051 (MS-016)

  •    CSharp

Proof-of-concept BSoD (Blue Screen of Death) and Elevation of Privilege (to SYSTEM) code for my CVE-2016-0051 (MS-016).


Am-I-affected-by-Meltdown - Meltdown Exploit / Proof-of-concept / checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a

  •    C++

Checks whether system is affected by Variant 3: rogue data cache load (CVE-2017-5754), a.k.a MELTDOWN. The basic idea is that user will know whether or not the running system is properly patched with something like KAISER patchset (https://lkml.org/lkml/2017/10/31/884) for example.

spectre-meltdown-checker - Spectre & Meltdown vulnerability/mitigation checker for Linux

  •    Shell

A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018. For Linux systems, the script will detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number and the distribution (such as Debian, Ubuntu, CentOS, RHEL, Fedora, openSUSE, Arch, ...), it also works if you've compiled your own kernel.

windows10_ntfs_crash_dos - PoC for a NTFS crash that I discovered, in various Windows versions

  •    

Type of issue: denial of service. One can generate blue-screen-of-death using a handcrafted NTFS image. This Denial of Service type of attack, can be driven from user mode, limited user account or Administrator. It can even crash the system if it is in locked state. Reported to Microsoft on July 2017, they did not want to assign CVE for it nor even to write me when/if they will fix it.

SpecuCheck - SpecuCheck is a Windows utility for checking the state of the software mitigations against CVE-2017-5754 (Meltdown) and hardware mitigations against CVE-2017-5715 (Spectre)

  •    C

SpecuCheck is a Windows utility for checking the state of the software and hardware mitigations against CVE-2017-5754 (Meltdown), CVE-2017-5715 (Spectre v2), CVE-2018-3260 (Foreshadow), and CVE-2018-3639 (Spectre v4). It uses two new information classes that were added to the NtQuerySystemInformation API call as part of the recent patches introduced in January 2018 and reports the data as seen by the Windows Kernel. An official Microsoft Powershell Cmdlet Module now exists as well, which is the recommended and supported way to get this information.

CVE-2018-8120 - CVE-2018-8120 Windows LPE exploit

  •    C++

Supports both x32 and x64. Tested on: Win7 x32, Win7 x64, Win2008 x32, Win2008 R2 x32, Win2008 R2 Datacenter x64, Win2008 Enterprise x64.

CVE-2017-8759-Exploit-sample - Running CVE-2017-8759 exploit sample.

  •    

Running CVE-2017-8759 exploit sample. If all is good mspaint should run.

CVE-2018-9995_dvr_credentials - (CVE-2018-9995) Get DVR Credentials

  •    Python

(CVE-2018-9995) Get DVR Credentials

CVE-2018-8897 - Arbitrary code execution with kernel privileges using CVE-2018-8897.

  •    C++

Demo exploitation of the POP SS vulnerability (CVE-2018-8897), leading to unsigned code execution with kernel privilages.

cvechecker

  •    C

cvechecker is an application that allows you to pull in the (latest) CVE entries and match these against your own system. The application attempts to discover the installed versions and lists those that are a potential target for an existing CVE.

cvebrowser - A CVE web browser

  •    Java

COMMON VULNERABILITIES AND EXPOSURES (CVEŽ) DATABASE BROWSER, CVEBROWSER A web search engine for the CVE dictionary, targeted to be used on a intranet. CVEBrowser uses Java Servlets / JSP and MySQL and its designed to work well on RedHat

CVE

  •    

CVE is a collaborative virtual environment for education, especially computer science, a combination of a Multiuser Online 3D world and a collaborative integrated development environment.

Heartbleed - A checker (site and tool) for CVE-2014-0160

  •    Go

A checker (site and tool) for CVE-2014-0160.See the online FAQ for an explanation of error messages including TIMEOUT and BROKEN PIPE.

heartbleeder - OpenSSL CVE-2014-0160 Heartbleed vulnerability test

  •    Go

Tests your servers for OpenSSL CVE-2014-0160 aka Heartbleed. WARNING: No guarantees are made about the accuracy of results, and you should verify them independently by checking your OpenSSL build.

pacemaker - Heartbleed (CVE-2014-0160) client exploit

  •    Python

Attempts to abuse OpenSSL clients that are vulnerable to Heartbleed (CVE-2014-0160). Compatible with Python 2 and 3. Subsequent lines full of NUL bytes are folded into one with an * thereafter (like the xxd tool).