GithubHelp home page GithubHelp logo

Welcome to the Weekend Retreat of Matei "Mal" Badanoiu

This GitHub is used to post my CVEs and Security Research during my free time/weekends.

All materials present in this GitHub profile are meant for security research and etichal hacking.

I do not condone malicious behavoiur such as hacking systems without being authorized to do so, ransomare, or any unethical use of my work.

Whoami?

I am:

  • Matei "Mal" Badanoiu
  • Hacker
  • Pentester by day
  • Security researcher by night
  • Owner of +100 responsibly disclosed 0-days/CVEs

Additional Information

If you find any spelling/grammatical errors and/or other mistakes please open an issue in the respective repo. Thanks.

Q: Why do you write your CVEs as PDFs?

A: I use PDFs to responsably disclose the identified vulnerabilities to the respective software vendors. As I want to eventually post all +100 0-days, I needed a way to quickly modify and post them here without reworking them from scratch (rewriting them as Markdown is too labor intensive).

Q: Why do you (usually) not upload scripts and proof of concept code directly into repositories?

A: I do this because I want:

  • People to read the PDF and understand the mechanisms and inner workings behind the exploit
  • To prevent script kiddies from easily git cloning/copy-pasting and running the exploits without understanding what they do

Matei "Mal" Badanoiu's Projects

cupp icon cupp

Common User Passwords Profiler (CUPP)

cve-2019-10092 icon cve-2019-10092

CVE-2019-10092: Limited Cross-Site Scripting via "Proxy Error" Page in Apache HTTP Server

cve-2019-1332 icon cve-2019-1332

CVE-2019-1332: Reflected Cross-Site Scripting in Microsoft SQL Server Reporting Services

cve-2020-12625 icon cve-2020-12625

CVE-2020-12625: Cross-Site Scripting via Malicious HTML Attachment in Roundcube Webmail

cve-2020-12640 icon cve-2020-12640

CVE-2020-12640: Local PHP File Inclusion via "Plugin Value" in Roundcube Webmail

cve-2020-12641 icon cve-2020-12641

CVE-2020-12641: Command Injection via β€œ_im_convert_path” Parameter in Roundcube Webmail

cve-2020-13965 icon cve-2020-13965

CVE-2020-13965: Cross-Site Scripting via Malicious XML Attachment in Roundcube Webmail

cve-2020-8248 icon cve-2020-8248

CVE-2020-8248: Privilege Escalation via Zip Wildcard Exploit in Pulse Secure VPN Linux Client

cve-2020-8249 icon cve-2020-8249

CVE-2020-8249: Buffer Overflow in Pulse Secure VPN Linux Client

cve-2020-8250 icon cve-2020-8250

CVE-2020-8250: Privilege Escalation via Command Injection in Pulse Secure VPN Linux Client

cve-2021-20253 icon cve-2021-20253

CVE-2021-20253: Privilege Escalation via Job Isolation Escape in Ansible Tower

cve-2021-42559 icon cve-2021-42559

CVE-2021-42559: Command Injection via Configurations in MITRE Caldera

cve-2021-42561 icon cve-2021-42561

CVE-2021-42561: Command Injection via the Human Plugin in MITRE Caldera

cve-2021-46362 icon cve-2021-46362

CVE-2021-46362: FreeMarker Server-Side Template Injection in Magnolia CMS

cve-2021-46366 icon cve-2021-46366

CVE-2021-46366: Credential Bruteforce Attack via CSRF + Open Redirect in Magnolia CMS

cve-2022-20818 icon cve-2022-20818

CVE-2022-20818: Local Privilege Escalation via Partial File Read in Cisco SD-WAN

cve-2022-21392 icon cve-2022-21392

CVE-2022-21392: Local Privilege Escalation via NMR SUID in Oracle Enterprise Manager

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.