Original CVEs, exploit PoCs and security advisories
by @kmkz · boffsec-services.com · @kmkz_security
| File | Target | Type | CVSSv3 |
|---|---|---|---|
| CVE-2026-22191-SicuroWeb-ATI-chain.txt | SicuroWeb / Beghelli Sicuro24 | Advisory (3-CVE chain) | 9.3 |
| CVE-2026-22191-POC.py | SicuroWeb / Beghelli Sicuro24 | PoC (mitmproxy) | 9.3 |
| CVE-2026-22192-22199_Voltronic-Power_Preauth_root_RCE.txt | Voltronic Power SNMP Web Pro 1.1 | Advisory (2-CVE chain) | 10.0 |
CVE-2026-22191 - Template Injection (CWE-79, CWE-1336)
CVE-2026-41468 - AngularJS Sandbox Escape (CWE-94, CWE-1104)
CVE-2026-41469 - Missing CSP / persistence (CWE-693)
-> Chain: Template Injection -> sandbox escape -> no-CSP persistence -> MITM delivery -> persistent client-side RCE (SicuroWeb / Beghelli Sicuro24)
CVE-2026-22192 - Client-side auth bypass via localStorage (CWE-306, CWE-284)
CVE-2026-22199 - Pre-auth path traversal /etc/shadow disclosure (CWE-22)
-> Chain: auth bypass + path traversal -> hash crack -> SSH root RCE (Voltronic Power SNMP Web Pro 1.1)
Published April 22, 2026 - 120-day coordinated disclosure via VulnCheck - no vendor patch available
-> Full write-up
| File | Target | Type | CVSSv3 |
|---|---|---|---|
| CVE-2025-43300-POC.py | - | PoC | - |
| File | Target | Type | CVSSv3 |
|---|---|---|---|
| CVE-2020-0796_scan.sh | Windows SMBv3 (SMBGhost) | Scanner | - |
| File | Target | Type | CVSSv3 |
|---|---|---|---|
| CVE-2019-14251-TEMENOS-T24.txt | TEMENOS T24 | Advisory | - |
| PUBLISURE-EXPLOIT-CHAIN-ADVISORY.txt | Publisure Hybrid Mail 2.1.2 | 3-vuln chain | 7.2 |
PUBLISURE - exploit chain: access control bypass (pre-auth) -> SQLi -> unrestricted file upload RCE -> local admin
Published September 5th, 2019
| File | Target | Type | CVSSv3 |
|---|---|---|---|
| CVE-2018-10682 / CVE-2018-10683 | WildFly 10.1.2 | Unauthenticated RCE | 10.0 |
| CVE-2018-8495.html | Windows Shell URI handler (Edge/IE 11) | 1-click RCE | - |
CVE-2018-10682/10683 - WildFly unauthenticated RCE via anonymous access + .war auto-deployment
Published May 3rd, 2018 - with @Piosky1
| File | Target | Type | CVSSv3 |
|---|---|---|---|
| CVE-2017-5671.txt | - | Advisory | - |
| CVE-2017-5671-Credits.pdf | - | Credits | - |
| File | Target | Type | CVSSv3 |
|---|---|---|---|
| CVE-2016-1000300.txt | GRR <= 3.0.0-RC1 | Authenticated RCE via file upload bypass | 9.9 |
| CVE-2016-6175.txt | - | Advisory | - |
| cowroot_stable.c | Linux kernel (Dirty COW - CVE-2016-5195) | LPE | - |
CVE-2016-1000300 - GRR booking system, file extension-only filter bypass -> RCE + privilege escalation
Published January 7th, 2016
| File | Target | Type | CVSSv3 |
|---|---|---|---|
| FireEye-Malware-Analysis-System-6.4.1-Multiple-Vulns.txt | FireEye MAS 6.4.1 | Multiple vulnerabilities | - |
Older PoCs and research without a precise publication date.
| File | Target | Language |
|---|---|---|
| BigAnt_Server2.52-RCE.py | BigAnt Server 2.52 | Python |
| CodegateCTF_web500.pl | Codegate CTF Web 500 | Perl |
| ForgeZoneCMS_Exploit.pl | ForgeZone CMS | Perl |
| FreeFloatFTP.py | FreeFloat FTP Server | Python |
| FTPfuzz.py | FTP (generic fuzzer) | Python |
| SciteBoF_poc.pl | SciTE editor | Perl |
| make_3.81_pointer_dereferencing_poc.pl | GNU Make 3.81 | Perl |
| File | Language | Description |
|---|---|---|
| Full-payload-delivery-chain.ps1 | PowerShell | Full payload delivery chain (AMSI bypass + dropper) |
| RedisCredentialCollector.pl | Perl | Redis monitor-based credential harvester |
Exploits/
2026/
CVE-2026-22191-SicuroWeb-ATI-chain.txt
CVE-2026-22191-POC.py
CVE-2026-22192-22199_Voltronic-Power_Preauth_root_RCE.txt
2025/
2020/
2019/
2018/
2017/
2016/
2014/
Legacy/
Tools/
README.md
- kmkz/Pentesting - Pentesting tricks and cheat sheets
- kmkz/Assembly-language - x86/ARM sources for exploit dev
- kmkz/Sources - Offensive security source code
For professional engagements: boffsec-services.com