exploits
A handy collection of my public exploits, all in one place. (by 0xdea)
vulns
HN Security's advisories. (by hnsecurity)
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
exploits
Posts with mentions or reviews of exploits.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-01-18.
-
Nothing new under the Sun - Discovering and exploiting a CDE bug chain
I have identified multiple security vulnerabilities that are exploitable via the the setuid-root dtprintinfo binary from the Common Desktop Environment (CDE) distributed with Oracle Solaris 10. I demonstrated the possibility to chain together a printer name injection bug in dtprintinfo and a stack-based buffer overflow in libXm to achieve local privilege escalation to root on a fully-patched Solaris 10 system. The exploit is available at https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintlibXmas.c.
- [ITA] - Marco Ivaldi aka raptor
-
Multiple vulnerabilities in Zyxel zysh
The format string exploit written in Tcl/Expect (!) is here: https://github.com/0xdea/exploits/blob/master/zyxel/raptor_zysh_fhtagn.exp
vulns
Posts with mentions or reviews of vulns.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-01-18.
-
Nothing new under the Sun - Discovering and exploiting a CDE bug chain
Oracle won't be releasing patches. See https://github.com/hnsecurity/vulns/blob/main/HNS-2022-01-dtprintinfo.txt for additional details.
-
Multiple vulnerabilities in Zyxel zysh
The advisory with full details is here: https://github.com/hnsecurity/vulns/blob/main/HNS-2022-02-zyxel-zysh.txt
What are some alternatives?
When comparing exploits and vulns you can also consider the following projects:
WendzelNNTPd - A usable and IPv6-ready Usenet-server (NNTP daemon). It is portable (Linux/*BSD/*nix), supports AUTHINFO authentication, contains ACL as well as role based ACL and provides "invisible" newsgroups. It can run on MySQL and SQLite backends.
raptor_infiltrate20 - #INFILTRATE20 raptor's party pack.
arp-scan - The ARP Scanner
vulns - Named vulnerabilities and their practical impact
mg - Micro (GNU) Emacs-like text editor ❤️ public-domain