A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.
- CVE-2020-5377 & CVE-2021-21514: Dell OpenManage Server Administrator Arbitrary File Read
- CVE-2020-13405: MicroWeber Unauthenticated User Database Disclosure
- CVE-2019-16116: CompleteFTP Server Local Privilege Escalation
- CVE‑2019‑16864: CompleteFTP Server Authenticated Remote Command Execution
- CVE-2019-9926: LabKey Server RCE Via CSRF
- CVE-2019-9758: LabKey Server RCE Via Stored XSS
- CVE-2019-9757: LabKey Server XXE
- CVE-2019-5678: Nvidia GeForce Experience Web Helper Command Injection
- CVE-2019-5674: Nvidia GeForce Experience Arbitrary File Overwrite
- CVE-2019-0227: Apache Axis Remote Code Execution
- CVE-2018-1000110: User and Node Enumeration Through Jenkins Git Plugin <v3.7
- CVE-2018-20621: MEmu Android Emulator Local Privilege Escalation
- CVE-2018-5757: Authenticated RCE in AudioCodes 450HD Phone
- CVE-2018-5758: XXE in Jive-n
- CVE-2018-8024: Apache Spark XSS vulnerability in UI
- CVE-2018-1335: Command Injection in Apache Tika Server
- CVE-2017-7279: Unitrends Enterprise Backup Solution Privilege Escalation.
- CVE-2017-7280: Unitrends Enterprise Backup Solution Command Execution
- CVE-2017-7281: Unitrends Enterprise Backup Solution RCE Via File Upload
- CVE-2017-7282: Unitrends Enterprise Backup Solution LFI
- CVE-2017-7283: Unitrends Enterprise Backup Solution RCE via Retore File
- CVE-2017-7284: Force Password Change Without Current Password
- CVE-2017-12860: Epson EasyMP Projector Hardcoded PIN
- CVE-2017-12861: Epson EasyMP Projector Bruteforce PIN
- CVE-2016-3053: AIX lsmcode Local Root Exploit
- CVE-2016-6079: AIX lquerylv 5.3, 6.1, 7.1, 7.2 Local Root Exploit
- CVE-2016-8972: IBM AIX Bellmail Local Root Exploit