bypazs's Projects
Coming Soon...
Config files for my GitHub profile.
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
An unrestricted file upload vulnerability in the Add New Assets function of Strapi v4.1.12 allows attackers to execute arbitrary code via a crafted file.
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module.
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module.
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module.
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Card content.
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content.
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Post content.
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the comment.
KLiK-SocialMediaWebsite v1.0.1 has SQL Injection Vulnerabilities at profile.php
Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.
Enumerate and decrypt TeamViewer credentials from Windows registry
file setup mods for dstserver linux
Trudesk version 1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the tickets `Create/Modify Ticket Tags` on admin role.
ChurchCRM v4.4.5 has SQL Injection Vulnerabilities at EditEventAttendees.php
Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This project is developed and maintained by @prateekg147. The vulnerabilities and solutions covered in this app are tested up to iOS 13.7. The current version is writen in Swift and has the following vulnerabilities.
:whale: Kali Linux Desktop Docker Image. Access via Webbrowser
This Kali Linux Docker container offers a full desktop experience by using the x11vnc to provide a VNC connection to the container and novnc for simple VNC access with your browser.
Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab
A small reverse shell for Linux & Windows