Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()
☆506Sep 30, 2024Updated last year
Alternatives and similar repositories for cnext-exploits
Users that are interested in cnext-exploits are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Generates a `php://filter` chain that adds a prefix and a suffix to the contents of a file.☆240Oct 8, 2024Updated last year
- A CLI to exploit parameters vulnerable to PHP filter chain error based oracle.☆328Jun 2, 2024Updated last year
- lightyear is a tool to dump files in tedious (blind) conditions using PHP filters☆112Jun 23, 2025Updated 11 months ago
- MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize☆1,368Nov 18, 2021Updated 4 years ago
- Some ReadObject Sink With JDBC☆246May 8, 2024Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- ☆1,033Jan 23, 2023Updated 3 years ago
- Java Vulnerability Exploitation Platform☆2,061Apr 29, 2026Updated 3 weeks ago
- 一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory webshell generation tool.☆2,191Aug 21, 2025Updated 9 months ago
- ☆97Sep 2, 2024Updated last year
- A (small) web exploit framework☆97Dec 26, 2025Updated 4 months ago
- 80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background serv…☆873Jun 24, 2024Updated last year
- 专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF☆1,275May 17, 2026Updated last week
- A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.☆766Dec 2, 2022Updated 3 years ago
- ☆351Jan 24, 2023Updated 3 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- ZKar is a Java serialization protocol analysis tool implement in Go.☆650Apr 19, 2026Updated last month
- This repository contains PoC for CVE-2024-7965. This is the vulnerability in the V8 that occurs only within ARM64.☆49Sep 16, 2024Updated last year
- 高性能 HTTP 正向代理工具 | A high-performance http tunneling tool☆2,718Feb 2, 2026Updated 3 months ago
- some fun php exploits☆81Nov 12, 2024Updated last year
- dotnet 反序列化学习笔记☆519Oct 19, 2023Updated 2 years ago
- cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具,可根据不同的Jdk生成出其所对应的xslt文件☆94Jan 17, 2023Updated 3 years ago
- CVE-2023-34992: Fortinet FortiSIEM Command Injection Proof of Concept Exploit☆27May 21, 2024Updated 2 years ago
- A CAT called tabby ( Code Analysis Tool )☆1,651Jan 17, 2026Updated 4 months ago
- A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-v…☆584May 4, 2026Updated 2 weeks ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- a rep for documenting my study, may be from 0 to 0.1☆2,268Mar 25, 2026Updated last month
- ☆158Jul 10, 2024Updated last year
- 纯 Java 实现的 MySQL Fake Server | 支持 GUI 版和命令行版 | 支持反序列化和文件读取的利用方式 | 支持常见的 GADGET 和自定义 GADGET 数据 | 根据目标环境自动生成匹配的 PAYLOAD | 支持 PGSQL 和 DERBY …☆829Sep 18, 2023Updated 2 years ago
- Exploit for the vulnerability CVE-2024-43044 in Jenkins☆189Oct 2, 2024Updated last year
- WebSocket 内存马/Webshell,一种新型内存马/WebShell技术☆1,493Apr 10, 2023Updated 3 years ago
- Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, in…☆2,446Apr 17, 2024Updated 2 years ago
- CTF-Java-Gadget专注于收集CTF中Java赛题的反序列化片段☆283Dec 13, 2024Updated last year
- 抽离出 utf-8-overlong-encoding 的序列化逻辑,实现 2 3 字节加密序列化数组☆141Mar 11, 2024Updated 2 years ago
- Fastjson姿势技巧集合☆1,846Oct 20, 2023Updated 2 years ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- A neo4j procedure for tabby☆136May 17, 2025Updated last year
- 一款专注于 Java 主流 Web 中间件的内存马快速生成工具,致力于简化安全研究人员和红队成员的工作流程,提升攻防效率☆1,465Apr 26, 2026Updated 3 weeks ago
- PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.☆3,809Sep 29, 2025Updated 7 months ago
- 通过端口复用直接进行正向socks5代理(非防火墙分流)☆113Dec 17, 2024Updated last year
- 哥斯拉webshell管理工具二次开发规避流量检测设备☆1,062Dec 2, 2025Updated 5 months ago
- PoC for CVE-2023-4911☆391Oct 4, 2023Updated 2 years ago
- A helpful Java Deserialization exploit framework.☆1,242Feb 17, 2025Updated last year