update time: 2021-09-20 10:59:44.417014 total: 6726
A Vagrant VM test lab to learn about CVE-2021-38647 in the Open Management Infrastructure agent (aka "omigod"). : craig-m-unsw/omigod-lab create time: 2021-09-18T15:25:18Z
PoC CVE-2021-30632 - Out of bounds write in V8 : Phuong39/PoC-CVE-2021-30632 create time: 2021-09-20T09:49:51Z
Modified code so that we don´t need to rely on CAB archives : Edubr2020/CVE-2021-40444--CABless create time: 2021-09-19T19:46:28Z
OMIGod / CVE-2021-38647 POC and Demo environment : SimenBai/CVE-2021-38647-POC-and-Demo-environment create time: 2021-09-19T15:43:32Z
Converted Metasploit exploits for Adobe Flash vulnerabilities CVE-2015-3090, CVE-2015-3105, CVE-2015-5119, and CVE-2015-5122 to python3 script. : Xattam1/Adobe-Flash-Exploits_CVE-2015-3090_CVE-2015-3105_CVE-2015-5119_CVE-2015-5122 create time: 2021-09-19T17:49:56Z
Modifed ver of the original exploit to save some times on password reseting for unprivileged user : jayngng/CVE-2021-22911 create time: 2021-09-19T11:43:06Z
Scan for evidence of CVE-2021-30860 (FORCEDENTRY) exploit : Levilutz/CVE-2021-30860 create time: 2021-09-18T22:14:17Z
[CVE-2021-26084] Confluence pre-auth RCE test script : ludy-dev/CVE-2021-26084_PoC create time: 2021-09-18T07:33:24Z
PoC for exploiting CVE-2020-14386 : A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity. : AlAIAL90/CVE-2020-14386 create time: 2021-09-18T02:46:53Z
PoC for exploiting CVE-2020-14311 : There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow. : AlAIAL90/CVE-2020-14311 create time: 2021-09-18T02:46:50Z
PoC for exploiting CVE-2020-15705 : GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. : AlAIAL90/CVE-2020-15705 create time: 2021-09-18T02:46:46Z
PoC for exploiting CVE-2020-14308 : In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts during the boot process. : AlAIAL90/CVE-2020-14308 create time: 2021-09-18T02:46:42Z
PoC for exploiting CVE-2020-3238 : A vulnerability in the Cisco Application Framework component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance that is running on the affected device. The vulnerability is due to insufficient input validation of user-supplied application packages. An attacker who can upload a malicious package within Cisco IOx could exploit the vulnerability to modify arbitrary files. The impacts of a successful exploit are limited to the scope of the virtual instance and do not affect the device that is hosting Cisco IOx. : AlAIAL90/CVE-2020-3238 create time: 2021-09-18T02:46:18Z
PoC for exploiting CVE-2020-3204 : A vulnerability in the Tool Command Language (Tcl) interpreter of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker with privileged EXEC credentials to execute arbitrary code on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient input validation of data passed to the Tcl interpreter. An attacker could exploit this vulnerability by loading malicious Tcl code on an affected device. A successful exploit could allow the attacker to cause memory corruption or execute the code with root privileges on the underlying OS of the affected device. : AlAIAL90/CVE-2020-3204 create time: 2021-09-18T02:46:14Z
PoC for exploiting CVE-2020-3219 : A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of user-supplied input to the web UI. An attacker could exploit this vulnerability by submitting crafted input to the web UI. A successful exploit could allow an attacker to execute arbitrary commands with administrative privileges on an affected device. : AlAIAL90/CVE-2020-3219 create time: 2021-09-18T02:46:10Z
PoC for exploiting CVE-2020-3206 : A vulnerability in the handling of IEEE 802.11w Protected Management Frames (PMFs) of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to terminate a valid user connection to an affected device. The vulnerability exists because the affected software does not properly validate 802.11w disassociation and deauthentication PMFs that it receives. An attacker could exploit this vulnerability by sending a spoofed 802.11w PMF from a valid, authenticated client on a network adjacent to an affected device. A successful exploit could allow the attacker to terminate a single valid user connection to the affected device. : AlAIAL90/CVE-2020-3206 create time: 2021-09-18T02:46:06Z
PoC for exploiting CVE-2020-3217 : A vulnerability in the Topology Discovery Service of Cisco One Platform Kit (onePK) in Cisco IOS Software, Cisco IOS XE Software, Cisco IOS XR Software, and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient length restrictions when the onePK Topology Discovery Service parses Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol message to an affected device. An exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges, or to cause a process crash, which could result in a reload of the device and cause a DoS condition. : AlAIAL90/CVE-2020-3217 create time: 2021-09-18T02:46:02Z
PoC for exploiting CVE-2020-3218 : A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code with root privileges on the underlying Linux shell. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by first creating a malicious file on the affected device itself and then uploading a second malicious file to the device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or bypass licensing requirements on the device. : AlAIAL90/CVE-2020-3218 create time: 2021-09-18T02:45:58Z
PoC for exploiting CVE-2020-3221 : A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by sending a malformed Flexible NetFlow Version 9 packet to the Control and Provisioning of Wireless Access Points (CAPWAP) data port of an affected device. An exploit could allow the attacker to trigger an infinite loop, resulting in a process crash that would cause a reload of the device. : AlAIAL90/CVE-2020-3221 create time: 2021-09-18T02:45:49Z
PoC for exploiting CVE-2020-3225 : Multiple vulnerabilities in the implementation of the Common Industrial Protocol (CIP) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to insufficient input processing of CIP traffic. An attacker could exploit these vulnerabilities by sending crafted CIP traffic to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. : AlAIAL90/CVE-2020-3225 create time: 2021-09-18T02:45:46Z
PoC for exploiting CVE-2020-3226 : A vulnerability in the Session Initiation Protocol (SIP) library of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on received SIP messages. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service condition. : AlAIAL90/CVE-2020-3226 create time: 2021-09-18T02:45:42Z
PoC for exploiting CVE-2020-3228 : A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco IOS Software, Cisco IOS XE Software, and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because crafted SXP packets are mishandled. An attacker could exploit this vulnerability by sending specifically crafted SXP packets to the affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. : AlAIAL90/CVE-2020-3228 create time: 2021-09-18T02:45:38Z
PoC for exploiting CVE-2020-3230 : A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent IKEv2 from establishing new security associations. The vulnerability is due to incorrect handling of crafted IKEv2 SA-Init packets. An attacker could exploit this vulnerability by sending crafted IKEv2 SA-Init packets to the affected device. An exploit could allow the attacker to cause the affected device to reach the maximum incoming negotiation limits and prevent further IKEv2 security associations from being formed. : AlAIAL90/CVE-2020-3230 create time: 2021-09-18T02:45:34Z
PoC for exploiting CVE-2020-3235 : A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software on Catalyst 4500 Series Switches could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the software processes specific SNMP object identifiers. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: To exploit this vulnerability by using SNMPv2c or earlier, the attacker must know the SNMP read-only community string for an affected system. To exploit this vulnerability by using SNMPv3, the attacker must know the user credentials for the affected system. : AlAIAL90/CVE-2020-3235 create time: 2021-09-18T02:45:30Z
PoC for exploiting CVE-2020-3242 : A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to obtain the API key of another user, which would allow the attacker to impersonate the account of that user on the affected device. To exploit this vulnerability, the attacker must have administrative privileges on the device. : AlAIAL90/CVE-2020-3242 create time: 2021-09-18T02:45:28Z
PoC for exploiting CVE-2020-3307 : A vulnerability in the web UI of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to write arbitrary entries to the log file on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send incorrect information to the system log on the affected system. : AlAIAL90/CVE-2020-3307 create time: 2021-09-18T02:45:24Z
PoC for exploiting CVE-2020-3263 : A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by persuading a user to follow a malicious URL. A successful exploit could allow the attacker to cause the application to execute other programs that are already present on the end-user system. If malicious files are planted on the system or on an accessible network file path, the attacker could execute arbitrary code on the affected system. : AlAIAL90/CVE-2020-3263 create time: 2021-09-18T02:45:20Z
PoC for exploiting CVE-2020-3272 : A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this vulnerability by sending a crafted DHCP request to an affected device. A successful exploit could allow the attacker to cause a restart of the DHCP server process, causing a DoS condition. : AlAIAL90/CVE-2020-3272 create time: 2021-09-18T02:45:18Z
PoC for exploiting CVE-2020-3244 : A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption. : AlAIAL90/CVE-2020-3244 create time: 2021-09-18T02:45:14Z
PoC for exploiting CVE-2020-3283 : A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a communication error between internal functions. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause a buffer underrun, which leads to a crash. The crash causes the affected device to reload. : AlAIAL90/CVE-2020-3283 create time: 2021-09-18T02:45:10Z
PoC for exploiting CVE-2020-3304 : A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition. Note: This vulnerability applies to IP Version 4 (IPv4) and IP Version 6 (IPv6) HTTP traffic. : AlAIAL90/CVE-2020-3304 create time: 2021-09-18T02:45:06Z
PoC for exploiting CVE-2021-30686 : An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted audio file may disclose restricted memory. : AlAIAL90/CVE-2021-30686 create time: 2021-09-18T02:48:13Z
PoC for exploiting CVE-2021-30780 : An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A malicious application may be able to gain root privileges. : AlAIAL90/CVE-2021-30780 create time: 2021-09-18T02:48:08Z
PoC for exploiting CVE-2021-30779 : This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing a maliciously crafted image may lead to arbitrary code execution. : AlAIAL90/CVE-2021-30779 create time: 2021-09-18T02:48:05Z
PoC for exploiting CVE-2021-30654 : This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information. : AlAIAL90/CVE-2021-30654 create time: 2021-09-18T02:48:00Z
PoC for exploiting CVE-2021-30773 : An issue in code signature validation was addressed with improved checks. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. A malicious application may be able to bypass code signing checks. : AlAIAL90/CVE-2021-30773 create time: 2021-09-18T02:47:56Z
PoC for exploiting CVE-2021-30682 : A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information. : AlAIAL90/CVE-2021-30682 create time: 2021-09-18T02:47:52Z
PoC for exploiting CVE-2021-30777 : An injection issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges. : AlAIAL90/CVE-2021-30777 create time: 2021-09-18T02:47:48Z
PoC for exploiting CVE-2021-30776 : A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Playing a malicious audio file may lead to an unexpected application termination. : AlAIAL90/CVE-2021-30776 create time: 2021-09-18T02:47:46Z
PoC for exploiting CVE-2021-30768 : A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. A sandboxed process may be able to circumvent sandbox restrictions. : AlAIAL90/CVE-2021-30768 create time: 2021-09-18T02:47:42Z
PoC for exploiting CVE-2021-30781 : This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A local attacker may be able to cause unexpected application termination or arbitrary code execution. : AlAIAL90/CVE-2021-30781 create time: 2021-09-18T02:47:38Z
PoC for exploiting CVE-2021-30684 : A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A remote attacker may cause an unexpected application termination or arbitrary code execution. : AlAIAL90/CVE-2021-30684 create time: 2021-09-18T02:47:35Z
PoC for exploiting CVE-2021-1858 : Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds write issue was addressed with improved bounds checking. : AlAIAL90/CVE-2021-1858 create time: 2021-09-18T02:47:31Z
PoC for exploiting CVE-2021-30653 : This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution. : AlAIAL90/CVE-2021-30653 create time: 2021-09-18T02:47:27Z
PoC for exploiting CVE-2021-30689 : A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. : AlAIAL90/CVE-2021-30689 create time: 2021-09-18T02:47:23Z
PoC for exploiting CVE-2021-30695 : An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. : AlAIAL90/CVE-2021-30695 create time: 2021-09-18T02:47:19Z
PoC for exploiting CVE-2021-30690 : Multiple issues in apache were addressed by updating apache to version 2.4.46. This issue is fixed in Security Update 2021-004 Mojave. Multiple issues in apache. : AlAIAL90/CVE-2021-30690 create time: 2021-09-18T02:47:15Z
PoC for exploiting CVE-2021-30692 : An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. : AlAIAL90/CVE-2021-30692 create time: 2021-09-18T02:47:11Z
PoC for exploiting CVE-2021-30671 : A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to send unauthorized Apple events to Finder. : AlAIAL90/CVE-2021-30671 create time: 2021-09-18T02:47:07Z
PoC for exploiting CVE-2021-30694 : An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. : AlAIAL90/CVE-2021-30694 create time: 2021-09-18T02:47:04Z
PoC for exploiting CVE-2021-37422 : Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to SQL Injection while linking the databases. : AlAIAL90/CVE-2021-37422 create time: 2021-09-18T02:46:59Z
PoC for exploiting CVE-2021-37423 : Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover. : AlAIAL90/CVE-2021-37423 create time: 2021-09-18T02:46:57Z
PoC for exploiting CVE-2021-33909 : fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. : AlAIAL90/CVE-2021-33909 create time: 2021-09-18T02:46:37Z
PoC for exploiting CVE-2021-37414 : Zoho ManageEngine DesktopCentral version 10.1.2119.7 and prior allows anyone to get a valid user's APIKEY without authentication. : AlAIAL90/CVE-2021-37414 create time: 2021-09-18T02:46:33Z
PoC for exploiting CVE-2021-30691 : An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents. : AlAIAL90/CVE-2021-30691 create time: 2021-09-18T02:46:29Z
PoC for exploiting CVE-2021-30705 : This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted ASTC file may disclose memory contents. : AlAIAL90/CVE-2021-30705 create time: 2021-09-18T02:46:26Z
PoC for exploiting CVE-2021-1885 : An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution. : AlAIAL90/CVE-2021-1885 create time: 2021-09-18T02:46:22Z
PoC for exploiting CVE-2021-30703 : A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges. : AlAIAL90/CVE-2021-30703 create time: 2021-09-18T02:45:53Z
PoC for exploiting CVE-2021-1881 : An out-of-bounds read was addressed with improved input validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted font file may lead to arbitrary code execution. : AlAIAL90/CVE-2021-1881 create time: 2021-09-18T02:44:56Z
PoC for exploiting CVE-2020-3259 : A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. : AlAIAL90/CVE-2020-3259 create time: 2021-09-18T02:44:37Z
PoC for exploiting CVE-2020-3214 : A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device. : AlAIAL90/CVE-2020-3214 create time: 2021-09-18T02:44:33Z
PoC for exploiting CVE-2020-5398 : In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. : AlAIAL90/CVE-2020-5398 create time: 2021-09-18T02:43:51Z
PoC for exploiting CVE-2021-20117 : Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118. : AlAIAL90/CVE-2021-20117 create time: 2021-09-18T02:44:52Z
PoC for exploiting CVE-2021-20118 : Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117. : AlAIAL90/CVE-2021-20118 create time: 2021-09-18T02:44:48Z
PoC for exploiting CVE-2021-36870 : Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Vulnerable parameters: &dataset_name, &wpgmza_gdpr_retention_purpose, &wpgmza_gdpr_company_name, &name #2, &name, &polyname #2, &polyname, &address. : AlAIAL90/CVE-2021-36870 create time: 2021-09-18T02:44:44Z
PoC for exploiting CVE-2021-36871 : Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title. : AlAIAL90/CVE-2021-36871 create time: 2021-09-18T02:44:41Z
PoC for exploiting CVE-2021-30704 : A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges. : AlAIAL90/CVE-2021-30704 create time: 2021-09-18T02:44:29Z
PoC for exploiting CVE-2021-30701 : This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to arbitrary code execution. : AlAIAL90/CVE-2021-30701 create time: 2021-09-18T02:44:25Z
PoC for exploiting CVE-2021-30700 : This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to disclosure of user information. : AlAIAL90/CVE-2021-30700 create time: 2021-09-18T02:44:21Z
PoC for exploiting CVE-2021-30698 : A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service. : AlAIAL90/CVE-2021-30698 create time: 2021-09-18T02:44:17Z
PoC for exploiting CVE-2021-30699 : A window management issue was addressed with improved state management. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be able to view restricted content from the lockscreen. : AlAIAL90/CVE-2021-30699 create time: 2021-09-18T02:44:14Z
PoC for exploiting CVE-2021-30693 : A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to arbitrary code execution. : AlAIAL90/CVE-2021-30693 create time: 2021-09-18T02:44:09Z
PoC for exploiting CVE-2021-30696 : An attacker in a privileged network position may be able to misrepresent application state. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A logic issue was addressed with improved state management. : AlAIAL90/CVE-2021-30696 create time: 2021-09-18T02:44:05Z
PoC for exploiting CVE-2021-30697 : A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local user may be able to leak sensitive user information. : AlAIAL90/CVE-2021-30697 create time: 2021-09-18T02:44:01Z
PoC for exploiting CVE-2021-30688 : A malicious application may be able to break out of its sandbox. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A path handling issue was addressed with improved validation. : AlAIAL90/CVE-2021-30688 create time: 2021-09-18T02:43:57Z
PoC for exploiting CVE-2021-30687 : An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to disclosure of user information. : AlAIAL90/CVE-2021-30687 create time: 2021-09-18T02:43:55Z
PoC for exploiting CVE-2021-30468 : A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11. : AlAIAL90/CVE-2021-30468 create time: 2021-09-18T02:43:47Z
PoC for exploiting CVE-2021-31721 : Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage. : AlAIAL90/CVE-2021-31721 create time: 2021-09-18T02:43:40Z
PoC for exploiting CVE-2021-31810 : An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). : AlAIAL90/CVE-2021-31810 create time: 2021-09-18T02:43:36Z
PoC for exploiting CVE-2021-37576 : arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. : AlAIAL90/CVE-2021-37576 create time: 2021-09-18T02:43:32Z
PoC for exploiting CVE-2021-33193 : A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. : AlAIAL90/CVE-2021-33193 create time: 2021-09-18T02:43:28Z
PoC for exploiting CVE-2021-22939 : If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. : AlAIAL90/CVE-2021-22939 create time: 2021-09-18T02:43:24Z
PoC for exploiting CVE-2021-30860 : An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. : AlAIAL90/CVE-2021-30860 create time: 2021-09-18T02:43:17Z
PoC for exploiting CVE-2021-40346 : An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs. : AlAIAL90/CVE-2021-40346 create time: 2021-09-18T02:43:14Z
PoC for exploiting CVE-2021-28701 : Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1. Freeing such pages requires that the hypervisor enforce that no parallel request can result in the addition of a mapping of such a page to a guest. That enforcement was missing, allowing guests to retain access to pages that were freed and perhaps re-used for other purposes. Unfortunately, when XSA-379 was being prepared, this similar issue was not noticed. : AlAIAL90/CVE-2021-28701 create time: 2021-09-18T02:43:09Z
CVE-2021-40539 POC : DarkSprings/CVE-2021-40539 create time: 2021-09-17T02:51:40Z
Windows win32k ascension UAC poc : DarkSprings/CVE-2021-38639 create time: 2021-09-17T02:09:37Z
Exploitation of CVE-2019-5420 to gain code execution. : RyouYoo/CVE-2019-5420-RCE create time: 2021-09-16T23:44:14Z
Python script to extract embedded URLs from doc files (.doc, .docx, .docm, .rtf) : gh0stxplt/CVE-2021-40444-URL-Extractor create time: 2021-09-16T16:54:50Z
A PoC exploit for CVE-2021-38647 RCE in OMI : Immersive-Labs-Sec/cve-2021-38647 create time: 2021-09-16T08:33:02Z
no description : artsking/linux-4.1.15_CVE-2020-36386_withPatch create time: 2021-09-16T10:41:08Z
Proof on Concept Exploit for CVE-2021-38647 (OMIGOD) : horizon3ai/CVE-2021-38647 create time: 2021-09-16T02:11:36Z
CVE-2021-40444 - Custom CAB templates from MakeCAB : Udyz/CVE-2021-40444-CAB create time: 2021-09-16T10:14:08Z
no description : artsking/linux-4.1.15_CVE-2021-33034_withPatch create time: 2021-09-16T09:45:43Z
CVE-2021-2456 : peterjson31337/CVE-2021-2456 create time: 2021-09-16T09:14:09Z
no description : artsking/linux-4.1.15_CVE-2020-36386_withPatch create time: 2021-09-16T08:43:45Z
no description : quynhle7821/CVE-2021-2302 create time: 2021-09-16T08:27:30Z
no description : Mochican/CVE-2021-21300 create time: 2021-09-16T07:53:40Z
CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit : klezVirus/CVE-2021-40444 create time: 2021-09-15T22:34:35Z
no description : artsking/linux-4.1.15_CVE-2020-36386_withPatch create time: 2021-09-16T06:52:58Z
no description : artsking/linux-4.1.15_CVE-2020-36386_withPatch create time: 2021-09-16T03:56:23Z
no description : artsking/linux-4.1.15_CVE-2020-36386_withPatch create time: 2021-09-16T03:35:14Z
no description : intrigueio/cve-2020-2853-poc create time: 2021-09-13T17:27:02Z
Import the Neo4j DBMS Dump File, in your Neo4j Database. This file is an example of how GraphKer works and consists of CVEs from 2021 (with related CPEs) and all CWEs and CAPECs. : amberzovitis/GraphKer-DBMS-Dump create time: 2021-09-15T22:07:56Z
CVE-2021-38647 POC for RCE : midoxnet/CVE-2021-38647 create time: 2021-09-15T21:44:30Z
PoC for exploiting CVE-2021-1829 : A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.3. An application may be able to execute arbitrary code with kernel privileges. : AlAIAL90/CVE-2021-1829 create time: 2021-09-15T15:58:30Z
PoC for exploiting CVE-2020-27942 : A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. Processing a maliciously crafted font file may lead to arbitrary code execution. : AlAIAL90/CVE-2020-27942 create time: 2021-09-15T15:58:26Z
PoC for exploiting CVE-2021-1830 : An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory. : AlAIAL90/CVE-2021-1830 create time: 2021-09-15T15:58:22Z
PoC for exploiting CVE-2021-30858 : A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. : AlAIAL90/CVE-2021-30858 create time: 2021-09-15T15:58:18Z
PoC for exploiting CVE-2021-1831 : The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may allow shortcuts to access restricted files. : AlAIAL90/CVE-2021-1831 create time: 2021-09-15T15:58:15Z
PoC for exploiting CVE-2021-28560 : Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. : AlAIAL90/CVE-2021-28560 create time: 2021-09-15T15:58:11Z
PoC for exploiting CVE-2021-28564 : Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Write vulnerability within the ImageTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. : AlAIAL90/CVE-2021-28564 create time: 2021-09-15T15:58:07Z
PoC for exploiting CVE-2021-28561 : Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. : AlAIAL90/CVE-2021-28561 create time: 2021-09-15T15:58:03Z
PoC for exploiting CVE-2021-28565 : Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. : AlAIAL90/CVE-2021-28565 create time: 2021-09-15T15:57:58Z
PoC for exploiting CVE-2021-28559 : Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Information Exposure vulnerability. An unauthenticated attacker could leverage this vulnerability to get access to restricted data stored within global variables and objects. : AlAIAL90/CVE-2021-28559 create time: 2021-09-15T15:57:54Z
PoC for exploiting CVE-2021-1833 : This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to gain elevated privileges. : AlAIAL90/CVE-2021-1833 create time: 2021-09-15T15:57:51Z
PoC for exploiting CVE-2021-1832 : Copied files may not have the expected file permissions. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. The issue was addressed with improved permissions logic. : AlAIAL90/CVE-2021-1832 create time: 2021-09-15T15:57:48Z
PoC for exploiting CVE-2021-28553 : Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. : AlAIAL90/CVE-2021-28553 create time: 2021-09-15T15:57:44Z
PoC for exploiting CVE-2021-28550 : Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. : AlAIAL90/CVE-2021-28550 create time: 2021-09-15T15:57:41Z
no description : artsking/linux-3.0.35_CVE-2020-36386_withPatch create time: 2021-09-15T10:38:52Z
no description : madhans23/kernel_imx_4.1.15-CVE-2020-36386_noPatch create time: 2021-09-15T10:15:40Z
CVE-2021-33766-poc : demossl/CVE-2021-33766-ProxyToken- create time: 2021-09-15T09:09:20Z
no description : jaysharma786/CVE-2021-29003 create time: 2021-09-15T06:14:47Z
no description : security-dbg/CVE-2021-21220 create time: 2021-09-15T03:11:41Z
CVE-2018-15473 Exploit : MrDottt/CVE-2018-15473 create time: 2021-09-14T23:20:52Z
Scans Microsoft office documents for malicious xml entries : InfoSecPolkCounty/CVE2021-40444-document-Scanner create time: 2021-09-14T19:59:53Z
no description : k8gege/CVE-2021-40444 create time: 2021-09-14T17:10:48Z
Multiple SQL Inejection Vulnerability in Support Board Version 3.3.3 that allow remote unauthenticated attacker to execute arbitrary SQL commands via status_code, department, user_id, conversation_id, conversation_status_code, and recipient_id parameters to ajax.php which is connected to functions.php which the vulnerability is present. : itsjeffersonli/CVE-2021-24741 create time: 2021-08-28T18:34:40Z
partly working PoC, check lockedbytes PoC for full experience! : js-on/CVE-2021-40444 create time: 2021-09-14T13:45:36Z
no description : mr-r3b00t/2021-BadPewCVEs create time: 2021-09-14T11:38:33Z
Here you can find my relation about the project I made for the Internet Security course. Because I written it in Latex, you can also find the Latex source files. The project talks about Maltego vulnerability CVE-2020-24656, which allows an attacker to exfiltrate data via an XXE injection attack. : terzinodipaese/Internet-Security-Project create time: 2021-09-14T11:33:12Z
CVE-2021-32202 : l00neyhacker/CVE-2021-32202 create time: 2021-09-14T03:19:37Z
CVE-2021-36582 : l00neyhacker/CVE-2021-36582 create time: 2021-09-14T03:14:50Z
CVE-2021-36581 : l00neyhacker/CVE-2021-36581 create time: 2021-09-14T03:09:34Z
no description : aydianosec/CVE2021-40444 create time: 2021-09-14T01:37:25Z
CSRF in Qloapps HotelCommerce 1.5.1 : dillonkirsch/CVE-2021-41074 create time: 2021-09-13T19:55:57Z
no description : Immersive-Labs-Sec/cve-2021-40444-analysis create time: 2021-09-09T15:43:08Z
POC for CVE-2021-40444 : khoaduynu/CVE-2021-40444 create time: 2021-09-13T09:46:04Z
no description : sDreamForZzQ/CVE-2021-1234 create time: 2021-09-13T09:16:55Z
no description : sDreamForZzQ/CVE-2021-9999 create time: 2021-09-13T09:01:04Z
no description : sDreamForZzQ/CVE-2021-74123 create time: 2021-09-13T05:29:44Z
no description : sDreamForZzQ/CVE-2021-7799 create time: 2021-09-13T05:05:59Z
test : cckuailong/CVE-2021-1234 create time: 2021-09-13T05:06:48Z
no description : sDreamForZzQ/CVE-2021-6666 create time: 2021-09-13T04:28:08Z
no description : sDreamForZzQ/CVE-2021-1234 create time: 2021-09-13T02:09:32Z
This repo contain builders of cab file, html file, and docx file for CVE-2021-40444 exploit : aslitsecurity/CVE-2021-40444_builders create time: 2021-09-12T18:05:53Z
Exploitation of CVE-2018-18925 a Remote Code Execution against the Git self hosted tool: Gogs. : RyouYoo/CVE-2018-18925 create time: 2021-09-12T17:57:56Z
Mass exploitation of CVE-2021-24499 unauthenticated upload leading to remote code execution. : RyouYoo/CVE-2021-24499 create time: 2021-09-12T12:43:24Z
Python implementation for CVE-2021-1675 / CVE-2021-34527 : ly4k/PrintNightmare create time: 2021-09-12T12:31:39Z
2021 kernel vulnerability in Ubuntu : cerodah/overlayFS-CVE-2021-3493 create time: 2021-09-12T12:25:02Z
Reverse engineering the "A Letter Before Court 4.docx" malicious files exploting cve-2021-40444 : jamesrep/cve-2021-40444 create time: 2021-09-12T09:27:40Z
no description : R0fM1a/CVE-2021-40444-pocv create time: 2021-09-12T00:25:14Z
Demo/PoC for CVE-2021-40444 : kozmer/CVE-2021-40444 create time: 2021-09-11T17:39:25Z
A malicious .cab creation tool for CVE-2021-40444 : mansk1es/Caboom create time: 2021-09-11T16:31:05Z
Malicious document builder for CVE-2021-40444 : amartinsec/MSHTHell create time: 2021-09-11T15:33:41Z
Updating all CVE-details from the year 1999 to 2021 : techyrick/CVE-list create time: 2021-09-11T14:06:01Z
Hunting CVE-2018-13379 : nivdolgin/CVE-2018-13379 create time: 2021-09-11T13:12:31Z
no description : nightrelax/Exploit-PoC-CVE-2021-40444-inject-ma-doc-vao-docx create time: 2021-09-11T09:21:29Z
Strapi Remote Code Execution : D3m0nicw0lf/-CVE-2019-19609 create time: 2021-09-11T06:53:33Z
CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerability : FanqXu/CVE-2021-40444 create time: 2021-09-11T04:13:12Z
no description : Lagal1990/CVE-2021-40444-docx-Generate create time: 2021-09-11T02:56:23Z
no description : fengjixuchui/CVE-2021-40444-docx-Generate create time: 2021-09-11T02:49:37Z
no description : Lagal1990/CVE-2021-40444-docx-Generate create time: 2021-09-11T02:43:51Z
no description : alikarimi999/CVE-2021-40346 create time: 2021-09-10T23:02:45Z
EternalBlueTrojan(CVE-2017-0144) : Ali-Imangholi/EternalBlueTrojan create time: 2021-09-10T18:18:53Z
Reproduce steps for CVE-2021-40444 : lockedbyte/CVE-2021-40444 create time: 2021-09-10T16:55:53Z
Event logs from running CVE-2021-40444 samples : zaneGittins/CVE-2021-40444-evtx create time: 2021-09-10T15:36:43Z
no description : ricardojoserf/CVE-2021-40845 create time: 2021-09-10T10:23:55Z
CVE-2021-40444 Sample : Udyz/CVE-2021-40444-Sample create time: 2021-09-10T09:43:41Z
CVE-2021-40346 integer overflow enables http smuggling : donky16/CVE-2021-40346-POC create time: 2021-09-10T08:18:20Z
no description : koharin/CVE-2020-0041 create time: 2021-09-10T08:01:54Z
no description : vysecurity/CVE-2021-40444 create time: 2021-09-09T23:41:52Z
Something I wrote for CVE-2019-15107, a Webmin backdoor : darrenmartyn/CVE-2019-15107 create time: 2021-09-09T16:26:40Z
CVE-2020-9054 PoC for Zyxel : darrenmartyn/CVE-2020-9054 create time: 2021-09-09T16:16:34Z
no description : twentybel0w/CVE-2020-25233 create time: 2021-09-09T15:58:08Z
TP Seguridad Informática : fran-CICS/ExploitTensorflowCVE-2021-37678 create time: 2021-09-09T12:55:55Z
Confluence OGNL injection : dorkerdevil/CVE-2021-26084 create time: 2021-09-09T06:19:13Z
no description : itom-qe/itom-qe-2021-09-08-T-21-09-456-cveaj create time: 2021-09-09T04:01:42Z
no description : rfcxv/CVE-2021-40444-POC create time: 2021-09-09T03:15:57Z
CVE-2021-40346 PoC (HAProxy HTTP Smuggling) : knqyf263/CVE-2021-40346 create time: 2021-09-08T22:26:19Z
CVE-2021-26084 patch as provided in "Confluence Security Advisory - 2021-08-25" : nizarbamida/CVE-2021-26084-patch- create time: 2021-09-08T17:05:16Z
Exploit chain for CVE-2019-9791 & CVE-2019-11708 against firefox 65.0 on windows 64bit : Sp0pielar/CVE-2019-9791 create time: 2021-09-08T14:38:42Z
Patched Confluence 7.12.2 (CVE-2021-26084) : toowoxx/docker-confluence-patched create time: 2021-09-08T14:35:37Z
Exploit CVE 2021 26084 Confluence : dock0d1/CVE-2021-26084_Confluence create time: 2021-09-08T11:01:49Z
no description : Edgarloyola/CVE-2021-36563 create time: 2021-07-27T11:22:21Z
Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444 : ozergoker/CVE-2021-40444 create time: 2021-09-08T08:32:40Z
PoC for exploiting CVE-2021-21409 : Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final. : AlAIAL90/CVE-2021-21409 create time: 2021-09-07T23:01:56Z
PoC for exploiting CVE-2021-39371 : An XML external entity (XXE) injection in PyWPS before 4.5.0 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected. : AlAIAL90/CVE-2021-39371 create time: 2021-09-07T23:01:49Z
PoC for exploiting CVE-2019-10172 : A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes. : AlAIAL90/CVE-2019-10172 create time: 2021-09-07T21:51:57Z
PoC for exploiting CVE-2021-40153 : squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination. : AlAIAL90/CVE-2021-40153 create time: 2021-09-07T21:52:34Z
PoC for exploiting CVE-2021-28700 : xen/arm: No memory limit for dom0less domUs The dom0less feature allows an administrator to create multiple unprivileged domains directly from Xen. Unfortunately, the memory limit from them is not set. This allow a domain to allocate memory beyond what an administrator originally configured. : AlAIAL90/CVE-2021-28700 create time: 2021-09-07T21:52:30Z
PoC for exploiting CVE-2021-38173 : Btrbk before 0.31.2 allows command execution because of the mishandling of remote hosts filtering SSH commands using ssh_filter_btrbk.sh in authorized_keys. : AlAIAL90/CVE-2021-38173 create time: 2021-09-07T21:52:08Z
PoC for exploiting CVE-2021-29484 : Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter credentials and may not know they've visited a malicious site. Ghost(Pro) has already been patched. We can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a version between 4.0.0 and 4.3.2. Immediate action should be taken to secure your site. The issue has been fixed in 4.3.3, all 4.x sites should upgrade as soon as possible. As the endpoint is unused, the patch simply removes it. As a workaround blocking access to /ghost/preview can also mitigate the issue. : AlAIAL90/CVE-2021-29484 create time: 2021-09-07T21:52:01Z
PoC for exploiting CVE-2021-33560 : Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. : AlAIAL90/CVE-2021-33560 create time: 2021-09-07T21:51:53Z
Template Injection in Email Templates leads to code execution on Jira Service Management Server : PetrusViet/CVE-2021-39115 create time: 2021-09-07T09:03:35Z
Modified Verion of CVE-2016-0792 : Aviksaikat/CVE-2016-0792 create time: 2021-09-07T13:14:16Z
no description : alikarimi999/CVE-2021-21315 create time: 2021-09-07T14:31:20Z
Proof of Concept for CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207 : horizon3ai/proxyshell create time: 2021-09-04T15:34:03Z
A quick and dirty PoC of cve-2010-26084 as none of the existing ones worked for me. : GlennPegden2/cve-2021-26084-confluence create time: 2021-09-07T12:04:09Z
no description : artsking/sqlite-3.22.0_CVE-2019-20218_withPatch create time: 2021-09-07T06:50:17Z
Atlassian Confluence CVE-2021-26084 one-liner mass checker : 1ZRR4H/CVE-2021-26084 create time: 2021-09-07T01:15:16Z
no description : steefn/cve2018-6574 create time: 2021-09-06T13:55:42Z
A vulnerability can allow an attacker to guess the automatically generated development mode secret token. : RyouYoo/CVE-2019-5420 create time: 2021-09-06T12:28:05Z
CVE-2021-36798 Exp: Cobalt Strike < 4.4 dos : JamVayne/CobaltStrikeDos create time: 2021-09-06T11:49:03Z
asjhdsajdlksavksapfoka : p1gz/CVE-2021-26084-Confluence-OGNL create time: 2021-09-06T06:55:15Z
no description : Y3A/CVE-2021-3156 create time: 2021-09-06T06:48:08Z
CVE-2021-34371.jar : zwjjustdoit/CVE-2021-34371.jar create time: 2021-09-06T02:00:52Z
no description : Prodrious/CVE-2020-13942 create time: 2021-09-05T16:39:19Z
An OGNL injection vulnerability exists that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance : rootsmadi/CVE-2021-26084 create time: 2021-09-05T09:27:55Z
Wordpress Plainview Activity Monitor Plugin RCE (20161228) : Cinnamon1212/CVE-2018-15877-RCE create time: 2021-09-04T19:39:18Z
User enumeration wordpress. : kr4dd/CVE-2017-5487 create time: 2021-09-04T15:20:35Z
no description : Anonimo501/SMBGhost_CVE-2020-0796_checker create time: 2021-09-04T15:07:15Z
Setting up POC for CVE-2021-26084 : wolf1892/confluence-rce-poc create time: 2021-09-04T14:53:38Z
CVE-2021-34646 PoC : motikan2010/CVE-2021-34646 create time: 2021-09-04T14:19:05Z
script to exploit Confluence OGNL Injection written in golang. : march0s1as/CVE-2021-26084 create time: 2021-09-04T13:32:42Z
Exploitation of a vulnerability in Cisco's node-jose, a JavaScript library created to manage JWT. : RyouYoo/CVE-2018-0114 create time: 2021-09-03T13:11:28Z
Blind SQL Injection in ClinicCases 7.3.3 : sudonoodle/CVE-2021-38706 create time: 2021-09-03T20:46:11Z
Persistent Cross-Site Scripting (XSS) in ClinicCases 7.3.3 : sudonoodle/CVE-2021-38707 create time: 2021-09-03T20:44:20Z
Cross-Site Request Forgery (CSRF) in ClinicCases 7.3.3 : sudonoodle/CVE-2021-38705 create time: 2021-09-03T20:42:43Z
Reflected Cross-Site Scripting (XSS) in ClinicCases 7.3.3 : sudonoodle/CVE-2021-38704 create time: 2021-09-03T20:41:58Z
no description : BabyTeam1024/cve-2018-2628 create time: 2021-09-04T07:22:46Z
CVE-2020-6418 제로데이 취약점 : CYB3R-X3eRo0/CVE-2020-6418 create time: 2021-09-04T04:47:10Z
A Python replicated exploit for Webmin 1.580 /file/show.cgi Remote Code Execution : JohnHammond/CVE-2012-2982 create time: 2021-09-04T04:01:56Z
PoC for exploiting CVE-2020-28020 : Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header-length restriction. : AlAIAL90/CVE-2020-28020 create time: 2021-09-03T22:56:13Z
PoC for exploiting CVE-2020-15744 : Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 firmware version 1.2.2 and prior versions. : AlAIAL90/CVE-2020-15744 create time: 2021-09-03T22:55:53Z
PoC for exploiting CVE-2021-1588 : A vulnerability in the MPLS Operation, Administration, and Maintenance (OAM) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when an affected device is processing an MPLS echo-request or echo-reply packet. An attacker could exploit this vulnerability by sending malicious MPLS echo-request or echo-reply packets to an interface that is enabled for MPLS forwarding on the affected device. A successful exploit could allow the attacker to cause the MPLS OAM process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. : AlAIAL90/CVE-2021-1588 create time: 2021-09-03T22:57:06Z
PoC for exploiting CVE-2021-1590 : A vulnerability in the implementation of the system login block-for command for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a login process to unexpectedly restart, causing a denial of service (DoS) condition. This vulnerability is due to a logic error in the implementation of the system login block-for command when an attack is detected and acted upon. An attacker could exploit this vulnerability by performing a brute-force login attack on an affected device. A successful exploit could allow the attacker to cause a login process to reload, which could result in a delay during authentication to the affected device. : AlAIAL90/CVE-2021-1590 create time: 2021-09-03T22:57:02Z
PoC for exploiting CVE-2021-1591 : A vulnerability in the EtherChannel port subscription logic of Cisco Nexus 9500 Series Switches could allow an unauthenticated, remote attacker to bypass access control list (ACL) rules that are configured on an affected device. This vulnerability is due to oversubscription of resources that occurs when applying ACLs to port channel interfaces. An attacker could exploit this vulnerability by attempting to access network resources that are protected by the ACL. A successful exploit could allow the attacker to access network resources that would be protected by the ACL that was applied on the port channel interface. : AlAIAL90/CVE-2021-1591 create time: 2021-09-03T22:56:58Z
PoC for exploiting CVE-2021-1592 : A vulnerability in the way Cisco UCS Manager software handles SSH sessions could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management for established SSH sessions. An attacker could exploit this vulnerability by opening a significant number of SSH sessions on an affected device. A successful exploit could allow the attacker to cause a crash and restart of internal Cisco UCS Manager software processes and a temporary loss of access to the Cisco UCS Manager CLI and web UI. Note: The attacker must have valid user credentials to authenticate to the affected device. : AlAIAL90/CVE-2021-1592 create time: 2021-09-03T22:56:54Z
PoC for exploiting CVE-2021-32955 : Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code. : AlAIAL90/CVE-2021-32955 create time: 2021-09-03T22:56:51Z
PoC for exploiting CVE-2021-32967 : Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use the device with administrative privileges. : AlAIAL90/CVE-2021-32967 create time: 2021-09-03T22:56:47Z
PoC for exploiting CVE-2021-32991 : Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally. : AlAIAL90/CVE-2021-32991 create time: 2021-09-03T22:56:44Z
PoC for exploiting CVE-2021-33003 : Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm. : AlAIAL90/CVE-2021-33003 create time: 2021-09-03T22:56:40Z
PoC for exploiting CVE-2021-32983 : A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-controlled value supplied through the parameter keyword before using it as part of an SQL query. A remote, unauthenticated attacker can exploit this issue to execute arbitrary code in the context of NT SERVICE\MSSQLSERVER. : AlAIAL90/CVE-2021-32983 create time: 2021-09-03T22:56:36Z
PoC for exploiting CVE-2021-33007 : A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code. : AlAIAL90/CVE-2021-33007 create time: 2021-09-03T22:56:32Z
PoC for exploiting CVE-2021-33019 : A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execute arbitrary code. : AlAIAL90/CVE-2021-33019 create time: 2021-09-03T22:56:28Z
PoC for exploiting CVE-2021-3628 : OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter. : AlAIAL90/CVE-2021-3628 create time: 2021-09-03T22:56:24Z
PoC for exploiting CVE-2021-39375 : Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter. : AlAIAL90/CVE-2021-39375 create time: 2021-09-03T22:56:21Z
PoC for exploiting CVE-2021-27556 : The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System. : AlAIAL90/CVE-2021-27556 create time: 2021-09-03T22:56:17Z
PoC for exploiting CVE-2021-24667 : A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox (Version – 2.2.0 & below). The vulnerability exists in the Lightbox functionality where a user with low privileges is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of image parameters in meta data. : AlAIAL90/CVE-2021-24667 create time: 2021-09-03T22:56:09Z
PoC for exploiting CVE-2021-27913 : The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0. : AlAIAL90/CVE-2021-27913 create time: 2021-09-03T22:56:05Z
PoC for exploiting CVE-2021-27912 : Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets. : AlAIAL90/CVE-2021-27912 create time: 2021-09-03T22:56:01Z
PoC for exploiting CVE-2021-37608 : Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz allows an attacker to execute remote commands. This issue affects Apache OFBiz version 17.12.07 and prior versions. Upgrade to at least 17.12.08 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12297. : AlAIAL90/CVE-2021-37608 create time: 2021-09-03T22:55:57Z
Backporting CVE-2021-1748 patch for iOS <=14.3 : ChiChou/mistune-patch-backport create time: 2021-09-03T22:48:11Z
CVE-2021-40492 Gibbon version 22 Reflected Cross Site Scripting (XSS) : 5qu1n7/CVE-2021-40492 create time: 2021-09-02T15:33:12Z
cve-2021-26084 EXP : Xc1Ym/cve_2021_26084 create time: 2021-09-03T08:22:21Z
CVE-2021-26084 Confluence OGNL injection : Loneyers/CVE-2021-26084 create time: 2021-09-03T07:41:36Z
OGNL Injection in Confluence server version < 7.12.5 : mr-r3bot/Confluence-CVE-2021-26084 create time: 2021-09-03T07:33:20Z
no description : qiezi-maozi/CVE-2021-3019-Lanproxy create time: 2021-09-03T05:24:41Z
CVE-2021-26084 : p0nymc1/CVE-2021-26084 create time: 2021-09-03T05:14:46Z
Dell Driver EoP (CVE-2021-21551) : ihack4falafel/Dell-Driver-EoP-CVE-2021-21551 create time: 2021-09-03T01:47:03Z
no description : fu2x2000/CVE-2017-17058-woo_exploit create time: 2021-05-11T16:43:00Z
Just testing if some bot will do some action here LOL : zeroc00I/CVE-2021-40354 create time: 2021-09-02T17:03:26Z
no description : itwangjie/CVE-2021-2021 create time: 2021-09-02T14:56:30Z
no description : itwangjie/CVE-2021-2021 create time: 2021-09-02T14:52:21Z
no description : itwangjie/CVE-2021-2021 create time: 2021-09-02T14:37:42Z
This nuclei template is to verify the vulnerability without executing any commands to the target machine : BeRserKerSec/CVE-2021-26084-Nuclei-template create time: 2021-09-02T11:47:10Z
readme : mooneee/cve-2021-6901 create time: 2021-09-02T10:33:35Z
no description : DCKento/CVE-2021-40375 create time: 2021-08-31T11:13:14Z
XSS : DCKento/CVE-2021-40374 create time: 2021-08-31T11:12:49Z
PoC for exploiting CVE-2019-17571 : Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. : AlAIAL90/CVE-2019-17571 create time: 2021-09-02T09:49:19Z
PoC for exploiting CVE-2020-25649 : A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. : AlAIAL90/CVE-2020-25649 create time: 2021-09-02T09:49:15Z
PoC for exploiting CVE-2021-38385 : Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007. : AlAIAL90/CVE-2021-38385 create time: 2021-09-02T09:49:42Z
PoC for exploiting CVE-2021-39271 : OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code execution (RCE) during archive extraction via attacker-supplied Python code in the class attribute of a .bscw file. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3. : AlAIAL90/CVE-2021-39271 create time: 2021-09-02T09:49:38Z
PoC for exploiting CVE-2021-39117 : The AssociateFieldToScreens page in Atlassian Jira Server and Data Center before version 8.18.0 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability via the name of a custom field. : AlAIAL90/CVE-2021-39117 create time: 2021-09-02T09:49:34Z
PoC for exploiting CVE-2021-39113 : Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. The affected versions are before version 8.13.9, and from version 8.14.0 before 8.18.0. : AlAIAL90/CVE-2021-39113 create time: 2021-09-02T09:49:30Z
PoC for exploiting CVE-2021-39111 : The Editor plugin in Atlassian Jira Server and Data Center before version 8.5.18, from 8.6.0 before 8.13.10, and from version 8.14.0 before 8.18.2 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the handling of supplied content such as from a PDF when pasted into a field such as the description field. : AlAIAL90/CVE-2021-39111 create time: 2021-09-02T09:49:25Z
PoC for exploiting CVE-2021-26084 : In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can be accessed by a non-administrator user or unauthenticated user if ‘Allow people to sign up to create their account’ is enabled. To check whether this is enabled go to COG > User Management > User Signup Options. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. : AlAIAL90/CVE-2021-26084 create time: 2021-09-02T09:49:21Z
PoC for exploiting CVE-2021-31535 : LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request (intended for server-side color lookup) contains a flaw allowing a client to send color-name requests with a name longer than the maximum size allowed by the protocol (and also longer than the maximum packet size for normal-sized packets). The user-controlled data exceeding the maximum size is then interpreted by the server as additional X protocol requests and executed, e.g., to disable X server authorization completely. For example, if the victim encounters malicious terminal control sequences for color codes, then the attacker may be able to take full control of the running graphical session. : AlAIAL90/CVE-2021-31535 create time: 2021-09-02T09:49:11Z
PoC for exploiting CVE-2021-36159 : libfetch before 2021-07-26, as used in apk-tools, xbps, and other products, mishandles numeric strings for the FTP and HTTP protocols. The FTP passive mode implementation allows an out-of-bounds read because strtol is used to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for the '\0' terminator one byte too late. : AlAIAL90/CVE-2021-36159 create time: 2021-09-02T09:49:06Z
PoC for exploiting CVE-2021-22924 : libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths case insensitively,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. : AlAIAL90/CVE-2021-22924 create time: 2021-09-02T09:49:01Z
PoC for exploiting CVE-2021-22926 : libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the CURLOPT_SSLCERT option (--cert with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like /tmp), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake. : AlAIAL90/CVE-2021-22926 create time: 2021-09-02T09:48:58Z
PoC for exploiting CVE-2021-22922 : When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk. : AlAIAL90/CVE-2021-22922 create time: 2021-09-02T09:48:54Z
A basic PoC leak for CVE-2021-28663 (Internal of the Android kernel backdoor vulnerability) : lntrx/CVE-2021-28663 create time: 2021-09-01T22:59:29Z
This is exploit : maskerTUI/CVE-2021-26084 create time: 2021-09-02T07:05:23Z
ES File Explorer Open Port Vulnerability - CVE-2019-6447 : fs0c131y/ESFileExplorerOpenPortVuln create time: 2019-01-09T22:30:42Z
CVE-2021-33909 Sequoia : ChrisTheCoolHut/CVE-2021-33909 create time: 2021-09-02T04:51:54Z
Just run command without brain : smallpiggy/cve-2021-26084-confluence create time: 2021-09-02T02:41:49Z
Config files for my GitHub profile. : cveliz-2020074/cveliz-2020074 create time: 2021-09-02T01:05:34Z
PoC for exploiting CVE-2020-18913 : EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. This vulnerability allows attackers to access sensitive database information. : AlAIAL90/CVE-2020-18913 create time: 2021-09-02T00:47:22Z
PoC for exploiting CVE-2021-36934 : Windows Elevation of Privilege Vulnerability : AlAIAL90/CVE-2021-36934 create time: 2021-09-02T00:48:41Z
PoC for exploiting CVE-2021-20815 : Cross-site scripting vulnerability in Edit Boilerplate screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. : AlAIAL90/CVE-2021-20815 create time: 2021-09-02T00:48:37Z
PoC for exploiting CVE-2021-20814 : Cross-site scripting vulnerability in Setting screen of ContentType Information Widget Plugin of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), and Movable Type Premium 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. : AlAIAL90/CVE-2021-20814 create time: 2021-09-02T00:48:33Z
PoC for exploiting CVE-2021-23434 : This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === 'proto' returns false if currentPath is ['proto']. This is because the === operator returns always false when the type of the operands is different. : AlAIAL90/CVE-2021-23434 create time: 2021-09-02T00:48:29Z
PoC for exploiting CVE-2021-20813 : Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series) and Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series)) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. : AlAIAL90/CVE-2021-20813 create time: 2021-09-02T00:48:25Z
PoC for exploiting CVE-2021-20812 : Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type (Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series) and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. : AlAIAL90/CVE-2021-20812 create time: 2021-09-02T00:48:21Z
PoC for exploiting CVE-2021-28697 : grant table v2 status pages may remain accessible after de-allocation Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. : AlAIAL90/CVE-2021-28697 create time: 2021-09-02T00:48:17Z
PoC for exploiting CVE-2021-20811 : Cross-site scripting vulnerability in List of Assets screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. : AlAIAL90/CVE-2021-20811 create time: 2021-09-02T00:48:14Z
PoC for exploiting CVE-2021-20810 : Cross-site scripting vulnerability in Website Management screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. : AlAIAL90/CVE-2021-20810 create time: 2021-09-02T00:48:10Z
PoC for exploiting CVE-2021-28696 : IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696). : AlAIAL90/CVE-2021-28696 create time: 2021-09-02T00:48:06Z
PoC for exploiting CVE-2021-28694 : IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696). : AlAIAL90/CVE-2021-28694 create time: 2021-09-02T00:48:01Z
PoC for exploiting CVE-2021-28164 : In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. : AlAIAL90/CVE-2021-28164 create time: 2021-09-02T00:47:57Z
PoC for exploiting CVE-2021-34429 : For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. : AlAIAL90/CVE-2021-34429 create time: 2021-09-02T00:47:50Z
PoC for exploiting CVE-2021-35940 : An out-of-bounds array read in the apr_time_exp() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.* : AlAIAL90/CVE-2021-35940 create time: 2021-09-02T00:47:46Z
PoC for exploiting CVE-2021-28695 : IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Both AMD and Intel allow ACPI tables to specify regions of memory which should be left untranslated, which typically means these addresses should pass the translation phase unaltered. While these are typically device specific ACPI properties, they can also be specified to apply to a range of devices, or even all devices. On all systems with such regions Xen failed to prevent guests from undoing/replacing such mappings (CVE-2021-28694). On AMD systems, where a discontinuous range is specified by firmware, the supposedly-excluded middle range will also be identity-mapped (CVE-2021-28695). Further, on AMD systems, upon de-assigment of a physical device from a guest, the identity mappings would be left in place, allowing a guest continued access to ranges of memory which it shouldn't have access to anymore (CVE-2021-28696). : AlAIAL90/CVE-2021-28695 create time: 2021-09-02T00:47:43Z
PoC for exploiting CVE-2021-28698 : long running loops in grant table handling In order to properly monitor resource use, Xen maintains information on the grant mappings a domain may create to map grants offered by other domains. In the process of carrying out certain actions, Xen would iterate over all such entries, including ones which aren't in use anymore and some which may have been created but never used. If the number of entries for a given domain is large enough, this iterating of the entire table may tie up a CPU for too long, starving other domains or causing issues in the hypervisor itself. Note that a domain may map its own grants, i.e. there is no need for multiple domains to be involved here. A pair of "cooperating" guests may, however, cause the effects to be more severe. : AlAIAL90/CVE-2021-28698 create time: 2021-09-02T00:47:39Z
PoC for exploiting CVE-2021-28699 : inadequate grant-v2 status frames array bounds check The v2 grant table interface separates grant attributes from grant status. That is, when operating in this mode, a guest has two tables. As a result, guests also need to be able to retrieve the addresses that the new status tracking table can be accessed through. For 32-bit guests on x86, translation of requests has to occur because the interface structure layouts commonly differ between 32- and 64-bit. The translation of the request to obtain the frame numbers of the grant status table involves translating the resulting array of frame numbers. Since the space used to carry out the translation is limited, the translation layer tells the core function the capacity of the array within translation space. Unfortunately the core function then only enforces array bounds to be below 8 times the specified value, and would write past the available space if enough frame numbers needed storing. : AlAIAL90/CVE-2021-28699 create time: 2021-09-02T00:47:35Z
PoC for exploiting CVE-2021-37749 : MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16.6.2.66) allows blind SQL Injection via the Id (within sourceItems) parameter to the GetMap method. : AlAIAL90/CVE-2021-37749 create time: 2021-09-02T00:47:30Z
PoC for exploiting CVE-2021-36359 : OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFolder) calls eval on attacker-supplied Python code. This is fixed in 5.0.12, 5.1.10, 5.2.4, 7.3.3, and 7.4.3. : AlAIAL90/CVE-2021-36359 create time: 2021-09-02T00:47:26Z
PoC for exploiting CVE-2021-20809 : Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. : AlAIAL90/CVE-2021-20809 create time: 2021-09-02T00:47:18Z
PoC for exploiting CVE-2021-20808 : Cross-site scripting vulnerability in Search screen of Movable Type (Movable Type 7 r.4903 and earlier (Movable Type 7 Series), Movable Type 6.8.0 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.4903 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.44 and earlier, and Movable Type Premium Advanced 1.44 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. : AlAIAL90/CVE-2021-20808 create time: 2021-09-02T00:47:14Z
PoC for exploiting CVE-2021-39138 : Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Developers can use the REST API to signup users and also allow users to login anonymously. Prior to version 4.5.1, when an anonymous user is first signed up using REST, the server creates session incorrectly. Particularly, the authProvider field in _Session class under createdWith shows the user logged in creating a password. If a developer later depends on the createdWith field to provide a different level of access between a password user and anonymous user, the server incorrectly classified the session type as being created with a password. The server does not currently use createdWith to make decisions about internal functions, so if a developer is not using createdWith directly, they are not affected. The vulnerability only affects users who depend on createdWith by using it directly. The issue is patched in Parse Server version 4.5.1. As a workaround, do not use the createdWith Session field to make decisions if one allows anonymous login. : AlAIAL90/CVE-2021-39138 create time: 2021-09-02T00:47:10Z
PoC for exploiting CVE-2021-20793 : Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. : AlAIAL90/CVE-2021-20793 create time: 2021-09-02T00:47:06Z
PoC for exploiting CVE-2021-32778 : Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are susceptible to Denial of Service when Envoy is configured with high limit on H/2 concurrent streams. An attacker wishing to exploit this vulnerability would require a client opening and closing a large number of H/2 streams. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to reduce time complexity of resetting HTTP/2 streams. As a workaround users may limit the number of simultaneous HTTP/2 dreams for upstream and downstream peers to a low number, i.e. 100. : AlAIAL90/CVE-2021-32778 create time: 2021-09-02T00:47:01Z
PoC for exploiting CVE-2021-40145 : ** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) through 2.3.2 has a double free. NOTE: the vendor's position is "The GD2 image format is a proprietary image format of libgd. It has to be regarded as being obsolete, and should only be used for development and testing purposes." : AlAIAL90/CVE-2021-40145 create time: 2021-09-02T00:46:57Z
PoC for exploiting CVE-2021-32777 : Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the HTTP spec. However, only the last header value is sent. This may allow specifically crafted requests to bypass authorization. Attackers may be able to escalate privileges when using ext-authz extension or back end service that uses multiple value headers for authorization. A specifically constructed request may be delivered by an untrusted downstream peer in the presence of ext-authz extension. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to the ext-authz extension to correctly merge multiple request header values, when sending request for authorization. : AlAIAL90/CVE-2021-32777 create time: 2021-09-02T00:46:54Z
Draytek CVE-2020-8515 PoC : darrenmartyn/CVE-2020-8515 create time: 2021-09-01T22:47:54Z
no description : fu2x2000/CVE-2017-7529-Nginx---Remote-Integer-Overflow-Exploit create time: 2021-09-01T17:49:11Z
PoC for exploiting CVE-2010-4756 : The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. : AlAIAL90/CVE-2010-4756 create time: 2021-09-01T16:45:48Z
PoC for exploiting CVE-2013-1914 : Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in GNU C Library (aka glibc or libc6) 2.17 and earlier allows remote attackers to cause a denial of service (crash) via a (1) hostname or (2) IP address that triggers a large number of domain conversion results. : AlAIAL90/CVE-2013-1914 create time: 2021-09-01T16:45:26Z
PoC for exploiting CVE-2013-7423 : The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function. : AlAIAL90/CVE-2013-7423 create time: 2021-09-01T16:45:14Z
PoC for exploiting CVE-2015-0235 : Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." : AlAIAL90/CVE-2015-0235 create time: 2021-09-01T16:45:30Z
PoC for exploiting CVE-2015-7547 : Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. : AlAIAL90/CVE-2015-7547 create time: 2021-09-01T16:45:18Z
PoC for exploiting CVE-2016-1234 : Stack-based buffer overflow in the glob implementation in GNU C Library (aka glibc) before 2.24, when GLOB_ALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service (crash) via a long name. : AlAIAL90/CVE-2016-1234 create time: 2021-09-01T16:45:22Z
PoC for exploiting CVE-2020-19822 : A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. : AlAIAL90/CVE-2020-19822 create time: 2021-09-01T16:45:37Z
Reproduce CVE-2021-35042 : mrlihd/CVE-2021-35042 create time: 2021-09-01T16:59:42Z
PoC for exploiting CVE-2021-21853 : Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. : AlAIAL90/CVE-2021-21853 create time: 2021-09-01T16:46:52Z
PoC for exploiting CVE-2021-21847 : Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stts” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. : AlAIAL90/CVE-2021-21847 create time: 2021-09-01T16:46:48Z
PoC for exploiting CVE-2021-21846 : Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsz” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. : AlAIAL90/CVE-2021-21846 create time: 2021-09-01T16:46:45Z
PoC for exploiting CVE-2021-21845 : Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsc” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. : AlAIAL90/CVE-2021-21845 create time: 2021-09-01T16:46:41Z
PoC for exploiting CVE-2021-21844 : Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an atom using the “stco” FOURCC code, can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. : AlAIAL90/CVE-2021-21844 create time: 2021-09-01T16:46:37Z
PoC for exploiting CVE-2021-21843 : Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. After validating the number of ranges, at [41] the library will multiply the count by the size of the GF_SubsegmentRangeInfo structure. On a 32-bit platform, this multiplication can result in an integer overflow causing the space of the array being allocated to be less than expected. An attacker can convince a user to open a video to trigger this vulnerability. : AlAIAL90/CVE-2021-21843 create time: 2021-09-01T16:46:35Z
PoC for exploiting CVE-2021-21839 : Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. : AlAIAL90/CVE-2021-21839 create time: 2021-09-01T16:46:31Z
PoC for exploiting CVE-2021-21838 : Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. : AlAIAL90/CVE-2021-21838 create time: 2021-09-01T16:46:27Z
PoC for exploiting CVE-2021-21837 : Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. : AlAIAL90/CVE-2021-21837 create time: 2021-09-01T16:46:24Z
PoC for exploiting CVE-2021-21850 : An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “trun” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. : AlAIAL90/CVE-2021-21850 create time: 2021-09-01T16:46:20Z
PoC for exploiting CVE-2021-21849 : An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the “tfra” FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. : AlAIAL90/CVE-2021-21849 create time: 2021-09-01T16:46:17Z
PoC for exploiting CVE-2021-21848 : An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. The library will actually reuse the parser for atoms with the “stsz” FOURCC code when parsing atoms that use the “stz2” FOURCC code and can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. : AlAIAL90/CVE-2021-21848 create time: 2021-09-01T16:46:14Z
PoC for exploiting CVE-2021-21842 : An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. : AlAIAL90/CVE-2021-21842 create time: 2021-09-01T16:46:10Z
PoC for exploiting CVE-2021-21841 : An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. : AlAIAL90/CVE-2021-21841 create time: 2021-09-01T16:46:05Z
PoC for exploiting CVE-2021-21840 : An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input used to process an atom using the “saio” FOURCC code cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. : AlAIAL90/CVE-2021-21840 create time: 2021-09-01T16:45:59Z
PoC for exploiting CVE-2021-21836 : An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input using the “ctts” FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. : AlAIAL90/CVE-2021-21836 create time: 2021-09-01T16:45:55Z
PoC for exploiting CVE-2021-21834 : An exploitable integer overflow vulnerability exists within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when decoding the atom for the “co64” FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. An attacker can convince a user to open a video to trigger this vulnerability. : AlAIAL90/CVE-2021-21834 create time: 2021-09-01T16:45:51Z
PoC for exploiting CVE-2021-39159 : BinderHub is a kubernetes-based cloud service that allows users to share reproducible interactive computing environments from code repositories. In affected versions a remote code execution vulnerability has been identified in BinderHub, where providing BinderHub with maliciously crafted input could execute code in the BinderHub context, with the potential to egress credentials of the BinderHub deployment, including JupyterHub API tokens, kubernetes service accounts, and docker registry credentials. This may provide the ability to manipulate images and other user created pods in the deployment, with the potential to escalate to the host depending on the underlying kubernetes configuration. Users are advised to update to version 0.2.0-n653. If users are unable to update they may disable the git repo provider by specifying the BinderHub.repo_providers as a workaround. : AlAIAL90/CVE-2021-39159 create time: 2021-09-01T16:45:44Z
PoC for exploiting CVE-2021-32995 : Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute code in the context of the current process. : AlAIAL90/CVE-2021-32995 create time: 2021-09-01T16:45:42Z
PoC for exploiting CVE-2021-0114 : Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access. : AlAIAL90/CVE-2021-0114 create time: 2021-09-01T16:45:33Z
PoC for exploiting CVE-2021-33015 : Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write via an uninitialized pointer. An attacker could leverage this vulnerability to execute code in the context of the current process. : AlAIAL90/CVE-2021-33015 create time: 2021-09-01T16:45:10Z
PoC for exploiting CVE-2021-31989 : A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices. : AlAIAL90/CVE-2021-31989 create time: 2021-09-01T16:45:06Z
PoC for exploiting CVE-2021-36928 : Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36931. : AlAIAL90/CVE-2021-36928 create time: 2021-09-01T16:45:00Z
Reproduce CVE-2020-7471 : mrlihd/CVE-2020-7471 create time: 2021-09-01T16:05:56Z
PoC of CVE-2021-26084 written in Golang based on https://twitter.com/jas502n/status/1433044110277890057?s=20 : bcdannyboy/CVE-2021-26084_GoPOC create time: 2021-09-01T16:17:35Z
CVE-2021-26084 - Confluence Server Webwork OGNL injection (RCE) : taythebot/CVE-2021-26084 create time: 2021-09-01T15:19:19Z
Exploit for Elastix 2.2.0 and FreePBX 2.10.0 based on CVE-2012-4869 vulnerability working on Python3 : bitc0de/Elastix-Remote-Code-Execution create time: 2021-09-01T13:12:01Z
批量检测 : tangxiaofeng7/CVE-2021-26084 create time: 2021-09-01T12:36:52Z
CVE-2021-26084 Remote Code Execution on Confluence Servers : Osyanina/westone-CVE-2021-26084-scanner create time: 2021-09-01T12:28:41Z
Remote Code Execution on Confluence Servers : CVE-2021-26084 : Vulnmachines/Confluence_CVE-2021-26084 create time: 2021-09-01T12:19:53Z
PrintNightMare LPE提权漏洞的CS 反射加载插件。开箱即用、通过内存加载、混淆加载的驱动名称来ByPass Defender/EDR。 : mstxq17/CVE-2021-1675_RDL_LPE create time: 2021-09-01T11:25:04Z
no description : qianxiao996/CVE-2021-22223 create time: 2021-09-01T11:23:17Z
no description : qianxiao996/CVE-2021-2222 create time: 2021-09-01T11:10:36Z
CVE-2021-26084 Remote Code Execution on Confluence Servers : FanqXu/CVE-2021-26084 create time: 2021-09-01T09:50:26Z
Atlassian Confluence Pre-Auth RCE : Udyz/CVE-2021-26084 create time: 2021-09-01T08:18:44Z
Exploit example code for CVE-2021-33831 : lanmarc77/CVE-2021-33831 create time: 2021-08-22T14:27:29Z
CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection 远程代码执行可回显 : r0ckysec/CVE-2021-26084_Confluence create time: 2021-09-01T07:45:55Z
no description : allenenosh/CVE-2021-40352 create time: 2021-09-01T07:39:27Z
Confluence Server Webwork OGNL injection : h3v0x/CVE-2021-26084_Confluence create time: 2021-09-01T07:15:17Z
CVE-2021-26084 Remote Code Execution on Confluence Servers, reference: https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md : JKme/CVE-2021-26084 create time: 2021-09-01T02:35:04Z
CVE-2021-26084 Remote Code Execution on Confluence Servers, reference: https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md : gh0stkey/CVE-2021-26084 create time: 2021-09-01T02:31:35Z
no description : dinhbaouit/CVE-2021-26084 create time: 2021-09-01T00:50:30Z
no description : alt3kx/CVE-2021-26084_PoC create time: 2021-08-31T23:33:44Z
ProxyToken: An Authentication Bypass in Microsoft Exchange Server POC exploit : bhdresh/CVE-2021-33766-ProxyToken- create time: 2021-08-31T22:03:13Z
CVE-2021-40353 openSIS 8.0 SQL Injection Vulnerability : 5qu1n7/CVE-2021-40353 create time: 2021-08-31T21:51:14Z
Exploit code for CVE-2019-17662 : MuirlandOracle/CVE-2019-17662 create time: 2021-08-31T19:30:09Z
Block "itms scheme" / fix CVE-2021-1748 : tihmstar/itmsBlock create time: 2021-08-31T18:06:43Z
https://www.exploit-db.com/exploits/49757 : Gr4ykt/CVE-2011-2523 create time: 2021-08-31T17:31:30Z
CVE-2021-26084 - Confluence Pre-Auth RCE | OGNL injection : carlosevieira/CVE-2021-26084 create time: 2021-08-31T16:33:32Z
Remote code execution vulnerability in Ruby-on-Rails when using render on user-supplied data. : RyouYoo/CVE-2016-2098 create time: 2021-08-31T15:25:41Z
Remote Code Execution vulnerability in PHPMailer. : RyouYoo/CVE-2016-10033 create time: 2021-08-31T13:46:28Z
no description : yamory/CVE-2021-32804 create time: 2021-08-31T04:32:38Z
Strapi <= 3.0.0-beta.17.8 authenticated remote code execution : guglia001/CVE-2019-19609 create time: 2021-08-30T03:05:16Z
no description : guglia001/CVE-2019-18818 create time: 2021-08-29T23:30:15Z
Exploit for CVE-2019-19609 in Strapi : diego-tella/CVE-2019-19609-EXPLOIT create time: 2021-08-29T17:57:08Z
Strapi Framework Vulnerable to Remote Code Execution : dasithsv/CVE-2019-19609 create time: 2021-08-29T16:18:27Z
CVE-2020-25223 : darrenmartyn/sophucked create time: 2021-08-29T11:08:53Z
Citrix ADC RCE cve-2019-19781 : Vulnmachines/Ctirix_RCE-CVE-2019-19781 create time: 2021-08-29T05:22:47Z
no description : BabyTeam1024/CVE-2017-3248 create time: 2021-08-29T03:24:25Z
no description : BabyTeam1024/CVE-2016-3510 create time: 2021-08-28T05:15:59Z
no description : dinhbaouit/CVE-2021-36394 create time: 2021-08-28T04:21:44Z
CVE-2004-2687 DistCC Daemon Command Execution : k4miyo/CVE-2004-2687 create time: 2021-08-28T01:45:22Z
no description : stevenp322/cve-2021-21972 create time: 2021-02-25T18:22:34Z
no description : AssassinUKG/CVE-2021-29447 create time: 2021-08-27T19:20:20Z
A proof of concept for CVE-2016-6515 : jptr218/openssh_dos create time: 2021-08-26T17:44:03Z
no description : madhans23/curl-curl-7_64_1_CVE-2020-8169_noPatch create time: 2021-08-26T05:34:23Z
no description : madhans23/curl-curl-7_64_1_CVE-2019-5481_noPatch create time: 2021-08-26T05:17:30Z
no description : w16692926717/CVE-2018-8174_EXP create time: 2021-08-26T04:55:43Z
no description : security-n/CVE-2021-39379 create time: 2021-08-19T04:35:53Z
no description : security-n/CVE-2021-39378 create time: 2021-08-19T01:32:49Z
no description : security-n/CVE-2021-39377 create time: 2021-08-18T05:29:15Z
no description : W4RCL0UD/CVE-2021-39476 create time: 2021-08-25T17:37:54Z
Found multiple XSS vulnerabilities within PhoenixCart 1.0.8.0 : W4RCL0UD/CVE-2021-39475 create time: 2021-08-19T18:03:40Z
Exploit to Virtua Software. : LucaRibeiro/CVE-2021-37589 create time: 2021-07-28T10:27:09Z
Unauthenticated CSRF Account TakeOver in BigTreeCMS v4.4.14 : guusec/CVE-2021-39512-BigTreeCMS-v4.4.14-AccountTakeOver create time: 2021-08-21T00:58:38Z
Exploit script for SAP Business Objects SSRF : TheMMMdev/CVE-2020-6308 create time: 2021-08-24T08:36:11Z
CVE-2020-4464 / CVE-2020-4450 : silentsignal/WebSphere-WSIF-gadget create time: 2021-08-17T08:44:49Z
XSTREAM<=1.4.17漏洞复现(CVE-2021-39141、CVE-2021-39144、CVE-2021-39150) : zwjjustdoit/Xstream-1.4.17 create time: 2021-08-24T06:15:20Z
Automatic Explotation PoC for Polkit CVE-2021-3560 : aancw/polkit-auto-exploit create time: 2021-06-11T12:33:56Z
Kibana Prototype Pollution : dnr6419/CVE-2019-7609 create time: 2021-08-24T04:38:26Z
Remote Code Execution at Rittal : asang17/CVE-2021-RCE create time: 2021-08-04T16:10:05Z
XSS Vulnerability in Rittal : asang17/CVE-2021-XSS create time: 2021-08-04T16:09:24Z
no description : madhans23/curl-curl-7_64_1_CVE-2019-5482_withPatch create time: 2021-08-23T08:47:39Z
no description : madhans23/curl-curl-7_64_1_CVE-2019-5482_noPatch create time: 2021-08-23T08:28:03Z
no description : artsking/curl-7.64.1_CVE-2020-8284_WithPatch create time: 2021-08-23T03:08:35Z
my exp for chrome V8 CVE-2021-30551 : xmzyshypnc/CVE-2021-30551 create time: 2021-08-22T14:15:23Z
no description : rood8008/CVE-2021-35464 create time: 2021-08-21T22:53:39Z
An implementation of CVE-2015-3306 : jptr218/proftpd_bypass create time: 2021-08-21T17:42:05Z
no description : sujithvaddi/apache_struts_cve_2017_9805 create time: 2021-08-20T16:49:59Z
CVE-2021-3441 CVE Check is a python script to search targets for indicators of compromise to CVE-2021-3441 : tcbutler320/CVE-2021-3441-check create time: 2021-01-26T23:23:08Z
PoC for exploiting CVE-2021-38534 : Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6100 before 1.0.0.60, D6200 before 1.1.00.36, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.62, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6700v3 before 1.0.2.62, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7450 before 1.2.0.36, R7900 before 1.0.3.8, R7900P before 1.4.1.50, R8000 before 1.0.4.28, R8000P before 1.4.1.50, R8300 before 1.0.2.130, R8500 before 1.0.2.130, WNDR3400v3 before 1.0.1.24, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.40, and XR500 before 2.3.2.40. : AlAIAL90/CVE-2021-38534 create time: 2021-08-20T02:32:45Z
PoC for exploiting CVE-2021-34640 : The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4. : AlAIAL90/CVE-2021-34640 create time: 2021-08-20T02:32:41Z
PoC for exploiting CVE-2013-2763 : ** DISPUTED ** The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny PLC control functions." : AlAIAL90/CVE-2013-2763 create time: 2021-08-20T02:32:25Z
PoC for exploiting CVE-2013-6276 : ** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models. : AlAIAL90/CVE-2013-6276 create time: 2021-08-20T02:29:44Z
PoC for exploiting CVE-2016-4529 : An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. : AlAIAL90/CVE-2016-4529 create time: 2021-08-20T02:32:21Z
PoC for exploiting CVE-2017-6026 : A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The session numbers generated by the web application are lacking randomization and are shared between several users. This may allow a current session to be compromised. : AlAIAL90/CVE-2017-6026 create time: 2021-08-20T02:32:17Z
PoC for exploiting CVE-2017-6030 : A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections. : AlAIAL90/CVE-2017-6030 create time: 2021-08-20T02:32:13Z
PoC for exploiting CVE-2017-6028 : An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials could then be used to log into the web application. : AlAIAL90/CVE-2017-6028 create time: 2021-08-20T02:31:57Z
PoC for exploiting CVE-2018-7790 : An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC. : AlAIAL90/CVE-2018-7790 create time: 2021-08-20T02:32:09Z
PoC for exploiting CVE-2018-7789 : An Improper Check for Unusual or Exceptional Conditions vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to remotely reboot Modicon M221 using crafted programing protocol frames. : AlAIAL90/CVE-2018-7789 create time: 2021-08-20T02:32:05Z
PoC for exploiting CVE-2018-7842 : A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters sent to the controller. : AlAIAL90/CVE-2018-7842 create time: 2021-08-20T02:32:01Z
PoC for exploiting CVE-2018-7821 : An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated. : AlAIAL90/CVE-2018-7821 create time: 2021-08-20T02:31:46Z
PoC for exploiting CVE-2019-25052 : In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information. : AlAIAL90/CVE-2019-25052 create time: 2021-08-20T02:32:37Z
PoC for exploiting CVE-2019-10953 : ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. : AlAIAL90/CVE-2019-10953 create time: 2021-08-20T02:32:29Z
PoC for exploiting CVE-2019-6820 : A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2 : AlAIAL90/CVE-2019-6820 create time: 2021-08-20T02:31:53Z
PoC for exploiting CVE-2020-7524 : Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal. : AlAIAL90/CVE-2020-7524 create time: 2021-08-20T02:31:50Z
PoC for exploiting CVE-2020-7566 : A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. : AlAIAL90/CVE-2020-7566 create time: 2021-08-20T02:31:42Z
PoC for exploiting CVE-2020-7565 : A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. : AlAIAL90/CVE-2020-7565 create time: 2021-08-20T02:31:38Z
PoC for exploiting CVE-2020-28220 : A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified. : AlAIAL90/CVE-2020-28220 create time: 2021-08-20T02:31:34Z
PoC for exploiting CVE-2020-28214 : A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all references, all versions), that could allow an attacker to pre-compute the hash value using dictionary attack technique such as rainbow tables, effectively disabling the protection that an unpredictable salt would provide. : AlAIAL90/CVE-2020-28214 create time: 2021-08-20T02:31:29Z
PoC for exploiting CVE-2020-21564 : An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files. : AlAIAL90/CVE-2020-21564 create time: 2021-08-20T02:30:57Z
PoC for exploiting CVE-2020-28589 : An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. : AlAIAL90/CVE-2020-28589 create time: 2021-08-20T02:30:53Z
PoC for exploiting CVE-2021-3045 : An OS command argument injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to read any arbitrary file from the file system. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10. PAN-OS 10.0 and later versions are not impacted. : AlAIAL90/CVE-2021-3045 create time: 2021-08-20T02:32:33Z
PoC for exploiting CVE-2021-22699 : Improper Input Validation vulnerability exists in Modicon M241/M251 logic controllers firmware prior to V5.1.9.1 that could cause denial of service when specific crafted requests are sent to the controller over HTTP. : AlAIAL90/CVE-2021-22699 create time: 2021-08-20T02:31:25Z
PoC for exploiting CVE-2021-0002 : Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via local access. : AlAIAL90/CVE-2021-0002 create time: 2021-08-20T02:31:22Z
PoC for exploiting CVE-2021-38527 : Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects CBR40 before 2.5.0.14, EX6100v2 before 1.0.1.98, EX6150v2 before 1.0.1.98, EX6250 before 1.0.0.132, EX6400 before 1.0.2.158, EX6400v2 before 1.0.0.132, EX6410 before 1.0.0.132, EX6420 before 1.0.0.132, EX7300 before 1.0.2.158, EX7300v2 before 1.0.0.132, EX7320 before 1.0.0.132, EX7700 before 1.0.0.216, EX8000 before 1.0.1.232, R7800 before 1.0.2.78, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.36, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.6.2.4, RBS50Y before 2.6.1.40, RBW30 before 2.6.2.2, and XR500 before 2.3.2.114. : AlAIAL90/CVE-2021-38527 create time: 2021-08-20T02:31:18Z
PoC for exploiting CVE-2021-33595 : A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack. : AlAIAL90/CVE-2021-33595 create time: 2021-08-20T02:31:14Z
PoC for exploiting CVE-2021-33594 : An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A remote attacker can leverage this to perform address bar spoofing attack. : AlAIAL90/CVE-2021-33594 create time: 2021-08-20T02:31:10Z
PoC for exploiting CVE-2021-3050 : An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 9.0 version 9.0.10 through PAN-OS 9.0.14; PAN-OS 9.1 version 9.1.4 through PAN-OS 9.1.10; PAN-OS 10.0 version 10.0.7 and earlier PAN-OS 10.0 versions; PAN-OS 10.1 version 10.1.0 through PAN-OS 10.1.1. Prisma Access firewalls and firewalls running PAN-OS 8.1 versions are not impacted by this issue. : AlAIAL90/CVE-2021-3050 create time: 2021-08-20T02:31:05Z
PoC for exploiting CVE-2021-3046 : An improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 10.1 versions are not impacted. : AlAIAL90/CVE-2021-3046 create time: 2021-08-20T02:31:01Z
PoC for exploiting CVE-2021-38516 : Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 before 1.0.0.48, D6400 before 1.0.0.82, D7000v2 before 1.0.0.52, D7800 before 1.0.1.44, D8500 before 1.0.3.43, DC112A before 1.0.0.40, DGN2200v4 before 1.0.0.108, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, R6020 before 1.0.0.34, R6080 before 1.0.0.34, R6120 before 1.0.0.44, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.40, R6850 before 1.1.0.40, R6350 before 1.1.0.40, R6400v2 before 1.0.2.62, R6700v3 before 1.0.2.62, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7000 before 1.0.9.34, R6900P before 1.3.1.44, R7000P before 1.3.1.44, R7100LG before 1.0.0.48, R7200 before 1.2.0.48, R7350 before 1.2.0.48, R7400 before 1.2.0.48, R7450 before 1.2.0.36, AC2100 before 1.2.0.36, AC2400 before 1.2.0.36, AC2600 before 1.2.0.36, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, R7900 before 1.0.3.8, R7960P before 1.4.1.44, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8900 before 1.0.4.2, R9000 before 1.0.4.2, RAX120 before 1.0.0.74, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, WNR3500Lv2 before 1.2.0.56, XR450 before 2.3.2.32, and XR500 before 2.3.2.32. : AlAIAL90/CVE-2021-38516 create time: 2021-08-20T02:30:49Z
PoC for exploiting CVE-2021-38514 : Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72, D6000 before 1.0.0.72, D6100 before 1.0.0.63, D6200 before 1.1.00.34, D6220 before 1.0.0.48, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.52, D7800 before 1.0.1.56, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.108, DGND2200Bv4 before 1.0.0.108, EX2700 before 1.0.1.48, EX3700 before 1.0.0.76, EX3800 before 1.0.0.76, EX6000 before 1.0.0.38, EX6100 before 1.0.2.24, EX6100v2 before 1.0.1.76, EX6120 before 1.0.0.42, EX6130 before 1.0.0.28, EX6150v1 before 1.0.0.42, EX6150v2 before 1.0.1.76, EX6200 before 1.0.3.88, EX6200v2 before 1.0.1.72, EX6400 before 1.0.2.136, EX7000 before 1.0.0.66, EX7300 before 1.0.2.136, EX8000 before 1.0.1.180, RBK50 before 2.1.4.10, RBR50 before 2.1.4.10, RBS50 before 2.1.4.10, RBK40 before 2.1.4.10, RBR40 before 2.1.4.10, RBS40 before 2.1.4.10, RBW30 before 2.2.1.204, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6080 before 1.0.0.38, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.86, R6250 before 1.0.4.34, R6300v2 before 1.0.4.32, R6400 before 1.0.1.44, R6400v2 before 1.0.2.62, R6700 before 1.0.1.48, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R6900 before 1.0.1.48, R7000 before 1.0.9.34, R6900P before 1.3.1.64, R7000P before 1.3.1.64, R7100LG before 1.0.0.48, R7300DST before 1.0.0.70, R7500v2 before 1.0.3.38, R7800 before 1.0.2.52, R7900 before 1.0.3.8, R8000 before 1.0.4.28, R7900P before 1.4.1.30, R8000P before 1.4.1.30, R8300 before 1.0.2.128, R8500 before 1.0.2.128, R9000 before 1.0.3.10, RBS40V before 2.2.0.58, RBK50V before 2.2.0.58, WN2000RPTv3 before 1.0.1.32, WN2500RPv2 before 1.0.1.54, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNDR3400v3 before 1.0.1.22, WNDR3700v4 before 1.0.2.102, WNDR4300v1 before 1.0.2.104, WNDR4300v2 before 1.0.0.56, WNDR4500v3 before 1.0.0.56, WNR2000v5 (R2000) before 1.0.0.66, WNR2020 before 1.1.0.62, WNR2050 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, and XR500 before 2.3.2.22. : AlAIAL90/CVE-2021-38514 create time: 2021-08-20T02:30:45Z
PoC for exploiting CVE-2021-22098 : UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect vulnerability by social engineering leading to take over of victims’ accounts in certain cases along with redirection of UAA users to a malicious sites. : AlAIAL90/CVE-2021-22098 create time: 2021-08-20T02:30:41Z
PoC for exploiting CVE-2021-23420 : This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation. : AlAIAL90/CVE-2021-23420 create time: 2021-08-20T02:30:38Z
PoC for exploiting CVE-2021-32931 : An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5.88 and prior may be exploited while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution. : AlAIAL90/CVE-2021-32931 create time: 2021-08-20T02:30:34Z
PoC for exploiting CVE-2021-0062 : Improper input validation in some Intel(R) Graphics Drivers before version 27.20.100.8935 may allow an authenticated user to potentially enable escalation of privilege via local access. : AlAIAL90/CVE-2021-0062 create time: 2021-08-20T02:30:30Z
PoC for exploiting CVE-2021-38085 : The Canon TR150 print driver through 3.71.2.10 is vulnerable to a privilege escalation issue. During the add printer process, a local attacker can overwrite CNMurGE.dll and, if timed properly, the overwritten DLL will be loaded into a SYSTEM process resulting in escalation of privileges. This occurs because the driver drops a world-writable DLL into a CanonBJ %PROGRAMDATA% location that gets loaded by printisolationhost (a system process). : AlAIAL90/CVE-2021-38085 create time: 2021-08-20T02:30:26Z
PoC for exploiting CVE-2021-37694 : @asyncapi/java-spring-cloud-stream-template generates a Spring Cloud Stream (SCSt) microservice. In versions prior to 0.7.0 arbitrary code injection was possible when an attacker controls the AsyncAPI document. An example is provided in GHSA-xj6r-2jpm-qvxp. There are no mitigations available and all users are advised to update. : AlAIAL90/CVE-2021-37694 create time: 2021-08-20T02:30:22Z
PoC for exploiting CVE-2021-3047 : A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator's session. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.4. PAN-OS 10.1 versions are not impacted. : AlAIAL90/CVE-2021-3047 create time: 2021-08-20T02:30:17Z
PoC for exploiting CVE-2021-3048 : Certain invalid URL entries contained in an External Dynamic List (EDL) cause the Device Server daemon (devsrvr) to stop responding. This condition causes subsequent commits on the firewall to fail and prevents administrators from performing commits and configuration changes even though the firewall remains otherwise functional. If the firewall then restarts, it results in a denial-of-service (DoS) condition and the firewall stops processing traffic. This issue impacts: PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 8.1 and PAN-OS 10.1 versions are not impacted. : AlAIAL90/CVE-2021-3048 create time: 2021-08-20T02:30:13Z
PoC for exploiting CVE-2021-0061 : Improper initialization in some Intel(R) Graphics Driver before version 27.20.100.9030 may allow an authenticated user to potentially enable escalation of privilege via local access. : AlAIAL90/CVE-2021-0061 create time: 2021-08-20T02:30:09Z
PoC for exploiting CVE-2021-0012 : Use after free in some Intel(R) Graphics Driver before version 27.20.100.8336, 15.45.33.5164, and 15.40.47.5166 may allow an authenticated user to potentially enable denial of service via local access. : AlAIAL90/CVE-2021-0012 create time: 2021-08-20T02:30:05Z
PoC for exploiting CVE-2021-0009 : Out-of-bounds read in the firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow an unauthenticated user to potentially enable denial of service via adjacent access. : AlAIAL90/CVE-2021-0009 create time: 2021-08-20T02:30:00Z
PoC for exploiting CVE-2021-0008 : Uncontrolled resource consumption in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.3.0 may allow privileged user to potentially enable denial of service via local access. : AlAIAL90/CVE-2021-0008 create time: 2021-08-20T02:29:56Z
PoC for exploiting CVE-2021-0006 : Improper conditions check in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.4.0 may allow a privileged user to potentially enable denial of service via local access. : AlAIAL90/CVE-2021-0006 create time: 2021-08-20T02:29:52Z
PoC for exploiting CVE-2021-0007 : Uncaught exception in firmware for Intel(R) Ethernet Adapters 800 Series Controllers and associated adapters before version 1.5.1.0 may allow a privileged attacker to potentially enable denial of service via local access. : AlAIAL90/CVE-2021-0007 create time: 2021-08-20T02:29:47Z
CVE-2018-19320 LPE Exploit : hmsec/CVE-2018-19320-LPE create time: 2021-08-19T16:43:52Z
Cobalt Strike < 4.4 dos CVE-2021-36798 : M-Kings/CVE-2021-36798 create time: 2021-08-19T11:26:51Z
no description : artsking/curl-7.64.1_CVE-2020-8285_WithPatch create time: 2021-08-19T06:12:20Z
no description : artsking/curl-7.64.1_CVE-2020-8286_WithPatch create time: 2021-08-19T03:26:52Z
no description : evildrummer/CVE-2021-XYZ2 create time: 2021-08-18T20:26:01Z
no description : evildrummer/CVE-2021-XYZ create time: 2021-08-18T19:50:33Z
Documentation for cve-2021-39281 : grahamhelton/CVE-2021-39281 create time: 2021-08-18T17:49:20Z
CVE-TBD Stored XSS in TastyIgniter v3.0.7 Restaurtant CMS : Fearless523/CVE-2021-39287-Stored-XSS create time: 2021-08-17T03:01:38Z
no description : artsking/curl-7.64.1_CVE-2020-8285_WithPatch create time: 2021-08-18T13:26:01Z
[CVE-2021-22123] Fortinet FortiWeb Authenticated OS Command Injection : murataydemir/CVE-2021-22123 create time: 2021-08-18T10:54:27Z
no description : madhans23/curl-curl-7_64_1_CVE-2020-8169_withPatch create time: 2021-08-18T10:42:13Z
no description : artsking/curl-7.64.1_CVE-2020-8284_WithPatch create time: 2021-08-18T10:40:48Z
no description : madhans23/curl-curl-7_64_1_CVE-2020-8169_noPatch create time: 2021-08-18T10:27:15Z
no description : madhans23/curl-curl-7_64_1_CVE-2019-5481_withPatch create time: 2021-08-18T09:50:27Z
no description : madhans23/curl-curl-7_64_1_CVE-2019-5481_noPatch create time: 2021-08-18T09:10:51Z
no description : ttestoo/Jetty-CVE-2020-27223 create time: 2021-08-18T07:28:55Z
Two security issues identified in Sn1per v9.0 free version by XeroSecurity : nikip72/CVE-2021-39274-CVE-2021-39274 create time: 2021-08-17T15:50:48Z
no description : BabyTeam1024/CVE-2016-0638 create time: 2021-08-17T13:48:58Z
for n,e in pairs({(function(e,...)46a6347a9f739a97="This file was obfuscated using PSU Obfuscator 4.5.A | https://www.psu.dev/ & discord.gg/psu";local Y=46a6347a9f739a97 local j=e[((293569717-#("please suck my cock :pleading:")))];local i=e[((939710819-#("i am not wally stop asking me for wally hub support please fuck off")))];local O=e[(75464704)];local s=e[((762368846-#("When the exploiter is sus")))];local F=e[((457264554-#("[CW] icepools likes kids")))];local q=e[((341291578-#("why does psu.dev attract so many ddosing retards wtf")))];local t=e[(701905122)];local D=e[((#{294;216;375;694;}+430646878))];local B=e[(463178462)];local u=e[(495108270)];local h=e[((453592861-#("cCc cCc cCc cCc CCC 4 4 4 cCc VATAN cCc")))];local T=e[(263166872)];local M=e[((958457376-#("If you see this, congrats you're gay")))];local W=e[(480269586)];local V=e["OrQjp"];local X=e[(895492239)];local Q=e[(321374525)];local H=e['iDrHJlw'];local x=e[(254220684)];local b=e.fjSyrj8tWn;local d=e[((#{974;(function(...)return 207,799,671;end)()}+70077820))];local o=e[(865753153)];local I=e[((824210520-#("Xenvant Likes cock - Perth")))];local U=e.AQkXdpp;local R=e[((781635988-#("Hey reader, you're a sussy baka")))];local w=e['Scn8D'];local a=e.I0CLL2O;local p=e[(57492335)];local P=e[(150106732)];local r=e["U2G9b2ao"];local z=e[((869747004-#("@everyone designs are done. luraph website coming.... eta JULY 2020")))];local ee=e[((#{}+876638582))];local g=e[(567957394)];local L=((getfenv)or(function(...)return(ENV);end));local l,f,n=({}),(""),(L(t));local c=((n["\98\105"..e[o]..e[j]..e['oMeYI6Vsq']])or(n["\98\105\116"])or({}));local l=(((c)and(c[""..e[i]..e[P].."\111"..e[p]]))or(function(e,l)local n,o=t,r;while((e>r)and(l>r))do local c,t=e%a,l%a;if c~=t then o=o+n;end;e,l,n=(e-c)/a,(l-t)/a,na;end;if er do local l=e%a;if l>r then o=o+n;end;e,n=(e-l)/a,na;end;return(o);end));local C=(a^I);local m=(C-t);local k,,E;local s=(f[""..e[s]..e[x].."\117\98"]);local C=(f[""..e[i]..e['i6WXc']..e[o].."\101"]);local K=(f["\99"..e[g].."\97\114"]);local s=(f[""..e[x]..e['zVFL6R']..e[i]]);local f=((n["\117\110\112"..e[u]..e[F].."\107"])or(n["\116\97"..e[i].."\108\101"]["\117\110\112\97\99\107"]));local y=(n["\116"..e[h].."\110\117"..e[w].."\98"..e[d]..e[p]]);local S=(n[""..e[b].."\99\97\108\108"]);local v=(n[""..e[x]..e[o].."\114\105\110\103"][""..e[w]..e[u].."\116"..e[F].."\104"]);local Z=(n["\115"..e[d]..e[o].."\109"..e[d]..e[o].."\97\116\97\98"..e[B]..e[d]]);local w=(n[""..e[w]..e[u]..e[o]..e[g]]["\102\108"..e[h].."\111"..e[p]]);local G=((n["\109"..e[u].."\116\104"]["\108\100\101"..e[P].."\112"])or(function(e,n,...)return((ea)^n);end));local P=(n["\116"..e["i6WXc"]..e[b].."\101"]);local P=(n[""..e[x]..e[d]..e[B]..e[d].."\99"..e[o]]);local N=(n["\114\97\119\115\101"..e[o]]);local N=(n[""..e[b]..e[u]..e[D]..e[p].."\115"]);local J=function(l,n,e)return e+n or le end;local b=(c[""..e[i]..e['jHcykE9w']..e[h].."\116"])or(function(e,...)return(m-e);end);k=((c["\108\115\104\105"..e[T]..e[o]])or(function(n,e,...)if(e<r)then return((n,-(e)));end;return((n*a^e)%a^I);end));local m=(c["\98"..e[h].."\114"])or(function(n,e,...)return(m-E(m-n,m-e));end);E=(c["\98"..e[u].."\110"..e.UE90U])or(function(n,e,...)return(((n+e)-l(n,e))/a);end);=((c[""..e[p].."\115"..e[g]..e[D].."\102"..e[o]])or(function(n,e,...)if(e<r)then return(k(n,-(e)));end;return(w(n%a^I/a^e));end));if((not(n[""..e[i].."\105\116"..e[j].."\50"]))and(not(n[""..e[i]..e[D]..e[o]])))then c["\98\110\111"..e[o]]=b;c["\98\120"..e[h].."\114"]=l;c[""..e[i].."\111"..e[p]]=m;c["\108"..e[x].."\104\105\102"..e[o]]=k;c[""..e[i].."\97\110"..e["UE90U"]]=E;c["\114\115\104\105"..e[T].."\116"]=;end;local a=(n[""..e[o].."\97"..e[i]..e[B].."\101"]["\105\110"..e[x]..e[d].."\114"..e[o]]);local x=""..e[U]..e[ee]..e[q].."\100"..e.Yt1hfpp8..e[O]..e[U];local p=(n[""..e[o]..e[u].."\98"..e[B].."\101"][""..e[F].."\111"..e["jHcykE9w"].."\99"..e[u]..e[o]]);local a=(n["\116\97"..e[i]..e[B].."\101"]["\114"..e[d].."\109"..e[h].."\118"..e[d]]);local m=(((n[""..e[o]..e[u]..e[i].."\108"..e[d]]["\99\114"..e[d]..e[u]..e[o].."\101"]))or((function(e,...)return({f({},r,e);});end)));n["\98"..e[D]..e[o].."\51"..e["oMeYI6Vsq"]]=c;local n=((-X+(function()local c,n=r,t;(function(e,n,o,l)n(l(e,l,o,e),l(n,e,n,l),n(n,e,e,e),e(l,o,n and e,o))end)(function(l,o,e,a)if c>Q then return a end c=c+t n=(nz)%M if(n%W)<V then return l(e(l,e,l,e),e(e,a,e,a),e(o,l,o,o),l(e,e,e and o,o))else return l end return a end,function(l,e,o,a)if c>H then return e end c=c+t n=(n-R)%((43651-#("Perth Was here impossible ikr")))if(n%(1336))<=((692-#("[CW] icepools likes kids")))then n=(n-((#{869;693;943;(function(...)return 945,...;end)(895,953)}+180)))%((7488-#("when the constants are sus")))return o else return e(l(e,e and a,l,l),a(e,e,e,e)and l(o,e,e,e),e(l,o and a,l and e,e),l(l,o,a,l))end return a(a(a and e,a,a,o),a(o,l and l,l and l,o),a(o and l,a,o,e),l(o and l,o,o,o))end,function(l,a,e,o)if c>((#{958;}+232))then return a end c=c+t n=(n-((#{774;438;}+983)))%(26915)if(n%(682))<=(341)then return o else return l(e(e,l,o,e)and a(a,l,a,l),a(l,e,e,o and e),a(e,l,a and l,l),o(e,o,l,l))end return l(a(e,l,o,o),e(l,o and e,o,e),e(e,e,e,o),e(o,a,a,l))end,function(e,o,a,l)if c>((307-#("why does psu.dev attract so many ddosing retards wtf")))then return a end c=c+t n=(n-(161))%((33644-#("this isn't krnl support you bonehead moron")))if(n%(752))<=((455-#("Are you using AztupBrew, clvbrew, or IB2? Congratulations! You're deobfuscated!")))then n=(n(278))%((#{}+26534))return l else return e(o(e and a,e,a,o),a(l,o,e,l),l(e,l,e,l and o)and e(l,o,o,e),a(e,o,e,l))end return o(l(o,e,l,o),o(e,e and l,a,e),a(e,l,o,e),e(a,l and a,e,o))end)return n;end)()));local o,a=S(function(e)local n,l=e()local o,e=n(e(y),l)local l,n=n(J,r,nil,l)return y(v(n,x))-y(v(e,x))+t end,function(e)if e then return function(e)return e()end else return S,''end end) SrWIOfMWjmkWzUswBkuYS_CmHjFPQcy={"27u32LN1k320V328232LN2NQ27T1C328631352vD32L932g931HI32DY102152141D32152It1x1w32Mm27V27t1h1G2Yw278323F320v22s22s32bl2fZ321y27t2aC2hS321Y27723N32lC25z32Li2IY26K32Ay1031ot1432lM2Kc1N2ho27a2A732Lt2Ac32lW32L71621Y21Y32bl2hO320f32LJ31zs329i32m82HO246246268268321J31zS21l21L32m431Zy323H32M82Ac325z21t21T323y3209172GQ31Ze2ac32ON27632Mp2qE32IL31oP32NY2e332mp31k127727431Zs32Of32nL32nn14328y32Lt32p6328Q32P927A14328i32Pc27a2lO313531Zy32G132oG325z1532FO3135320423H23h326L2nW326P22r22r326S24o24o32Ce22c22C327021w21W32741Y1Y327823L23l32HA1e22b22B327g22z22z327K22I22i327o26626632l41531sH32Os1W2Ho32G1325Z31zl31zS326N32oD1523923932nx28w276321O32p3323I32P532pD32p81K32pa25032PG32pE24a32RI328E32PC27T23K23k32o91432p42BA32p632re32rg32nQ2H627D2102112qE27a326b32ry317732nC329d32S31432s51K2qe325z31771H24523m1621321227J2Km312Z32nh320432RT2qd31771625n25N32LT2QE317721D21D323y2T021821832BL31LB2Cd32s12lQ1o1O229229319g2LQ24D24D24H24H32tg192582582b7319G2qe32pV27632CX216316210320L3204323932m4320922H22H32bl31lk32r8310c2H027T3","PSU|1311102762772781414276112752782112101027E2761o1p27I2781K1l27J2761C1C121226J26J27621S21X1527622b21N17101r1B2311I28321K1a1L1h171D1E1J1m21g21o1D1l1I191t1V25V25627B1022821d1L1S2702491d2762262171H131o1T1P2122181j1p1e1n22H2191627622R1h1B19141r26Z2471327622121M21E24p26Z1J27622v121h2172171S1q1N141521n21I1d111B1Q1T1t1D22a22q22127622w1S1014132211l1022L28K22H2211e1T1S1T1N1N161M1N1h1C111Q29o1q22i22527U21u23G1R1929f1j23114171P2Bm2aa1E28E101L121822s21U1c181721t2bm2bO1p17131322q21U1p1K23b1r2941021u217171a15131E191w21f1j2aI23j21726q25921C26c22q1624F21622V2cl2391r1u121T1R1H161n21721K1i1S2562611a27622a2131R21p21i2aB1v1a161F23029l10220219141D1o1s1N2392Dq102A41H1q1B141J1N1M1724n25x2e32EF2dI1226R24c1827621y21B15192142141M1r25D24H2eW102392B92B81D191L24t25K27821S2672671021Y2e32371m1628g1R21a2261E2DR21j1B1a111n1x21i1H101t17191k25p2542e329N2aB28F21c22928W23b1M1J1S25s2552861022E21F2Di1r1t21s1721h2781021022S1L2282821022c21p1T1O1925O24U2Gq22C21D1T1C21I2191n23D1528W22F21e191823628G2Dr2gt131b29V23o2682F82FA2ba1","141Z2292p22Z91S112942aH2dD28s1l2Fc162382tN2v92vo1121n2192RT2di22n2102nT1023b152GV1h21M21O1f151P1I28I28K1R23a2oQ21T1Y2Q51V1N28f11312b27125u22B22823622z22x22F26D2cl21v21I2862Pv1Q2sJ31241j23b2hv1022X172c62Jy12152d92762311C1A1E21M214313M1t1l2cs191Q2Mf29m31171D21M314J1O2NQ151D2I71H2522PI1021x2171f315A1123w26b2Tn2RI21J2171115182BA2eI3121314S2xp2ba161U2332h62K02K221N2H527628Y1f2KM21l25s2v12761w23q2152Lj27622E14112yt25o24K2Cl2271621O16316c21K1S1522Y2Ak1723Y24n2It2ey2cp1y311U1117316131631826O2Je2762361N311o2OW1n2xk28w22621B2c523x26I1227622n1O1I22E2v12372di24Q22h23g24121V23M22k26B21v1K2Gi2lu1F311V25o24S316F2122m51524X2652H027626Q24q2672441J21e25U1F25S25z315y29M1H1j2qs1R2Ba2Ej1N22S312q27622S317m1n1I2612GP2A32a52Di1B1o24l2op27623b1i171H1s2c51e1H26524T28w31512902142uN2762r42E62302qe2OI2122C52182192271z2f82Z92G62g81k1P316E2ex21g2xN1822621p1M319e2Gf313O2182fQ2Em1n21m21l2Q31d2Q52J225S28v276315s2NM21K22A2Gq2uU2of1122t319n2wa2t72kl2682Jx29m2qN162t62nO315m1V1j21c316J1021w1X311k1D2182232TN2Hg2hi2VR2KR2633","1Bm2h721n10131j310K2pj2O81n1y2Ok25z2512tn2342DE2dG2Di2DK2dM23l26r1r27631ce131731ay1O31612Fe2132161A31A51821A2PL1l21d2cW2aI1724g264313j31A32cp2Q1315J1D1Q1g1c1t2f42Qv28321n2oU2lH316V10319P1627U29B2f0318t2H629n29p142Li2Oq2Up1J2Wc2Bb1n24A26J2V122T1m1326C2r227622t2m32AK22S1i28w31CL1C24C31f031122Kl25M2Ku29W2131q1Y21j2zu1G263319U2Or316M1T18181425a2T32s521n22F1O22N1h22J2mg132492hE3112311421p31A51l23t2yL31AN2c5311x2G52g72g922t2ob2L22152mp2lq21122b2a22KZ171R21D31BB2b92NP31Bf31bh31BJ1125J318u27623831592Ct22S1F2IT23631h131h331BC31h621f2cH21722v22B23o22T27223S1422a24431at2Nu2pd2Pf1u22U2MW2V927L141E311x2AB2Ek22h2K8316w31fq1p1G25225y2h62842fD1023O2uC2832n52M31B2152Ok2562ps2361J2MP1b1221921V2V121y191p21O2LS27622Q294131622O2eD22u318R2El1q2Ct2Vd1J313829521N2NN2NP2cV2pN1222S2ho2o5141l24c319d102yy2z021o2oE2eA24H31Im2762SP2b923x26l316f21d141c1u24b31IS103140102B9102b52ME3159312l1a2AB22p2yx21l1K21e2G431Aw2G92362s42E42131V2Bz1n21C2cO23331am1021v1531B22c525o2F731De21d171J2mR31BK24u2mG2ey151o1H1n2QG1Y315t315v26","O293316K21R2Kk2KM2Ko2rl25231DZ319V2dH28k1Q182Io2I8315A21131Ah2EE31ej1826P24E2Ed2yY1821G2Yt1f31L2312L31HN31Be311629423o2O42kZ317V311P172z62Tn22E21R1r2J21k1d21l2Vk22S1s2ed2j82VE31c62L81o1J22s2it2vg31JV2G221I311o1g31C42Oa2e331CE171g1R1Q1c23g2V12w31B25P24g2Oq23b29A1P1o131h12162112J62762242112uG2b52G81o2Q82IM1L2lG31m32UX1s1331N42MH2132qf2G821D31Ii1G2Vu2V122a21F1O26L317S31Ll31Ds10310c22721B2gJ2Rx1T24n2R92lU31H82Ms2gO2Gq2GS2Gu2ng22h316822P31fZ2Vd1R22Q1U2Kv2a531PT31KM1u26f2EV2L22l42L62L81D2532662cL22R315f21M2Hl2902mB1625231Q12cM2s71t21Q21q2s824F26p25u25z28W2382fD1L26324T31GZ2Z92A72A92zB2AE2AG2Ai2AK1D24Q2652iT2Ri21c1x1M2ob2fz15316m172622542p231JL311v2e0310a2RT111h2ZA2Gv21E2812762ki1D2172192GB2P22ef312z31311b31331v31352L921f22624921v1X22h23121222a25x2312gQ22i21H121f1B1C1m2xo23c2aq2AS2AU2AW102Zt31e631E81m2222bJ1221U2262N121Y22g31A431do2At1o22K1n2L71227427v2zc2bD31JH15161B1E1p1n22A2142jj22U1622z22W23h1521021223G2381j21k1O21M21222K23i2101W2151I21D21c1j22K22m1121O23B22722e22K28h1422922H2S82261222H1V","21n23H23521j2111m21i21A2141z21321q23C22f1122a1122R1t21c26k23N2m32FM1z27d2xM1D2aE1I313d2b72102Gz2qf1b1N31Sg2Oo2Oq22f2AF1721k1z2ax1121021Z2w22a52Wc319Y1923f31rg1t2T023n26f313J2u33109310B11317k2SV1726824a2It2j82pM2PO1G31Ug2nq31iJ1m2122251O28321M1427l28o2ms21o21F315L1S1621R2YZ2wD1931Aq23w31Kj312L31oR1M2n831JD102382KK1g1f31tb2OI21h2eK2nY2AM21627527D2h021121331862781U31pA31Sg2p21Y1Z1331j52192762n711132452452761y1W16141I28B1031zQ171524i24I31zp1w141625E25e3202151725X25x32022t03177320229p25F25F3202181A2442443202191B24N24N32021e1c23323332022vD21h2gz31Zw1w1C1E22n22N32022Qo26126132021I1g22x22X32021J1h24l24l32021G31fC28W31zQ319f23p23P32021m1K1a2ED31zq314423v23V32021k1m2492493202313525425432021Q1O320I32022N722o22O32021O1q22P22p32021p1R24Q24q320231Za26c26c32022ny22822832022VY26g26G320228s23y23y320231zq2I832021z1X25c25c32021w1Y31R932021x1Z22U22u32022122101e2iT31ZQ21321123O23O320231Uv26B26B320231z623n23n320221621423D23D320221721521931zI321321421622f22F3202215217235235320221a218262262320221B21925S25S320","q22Q328k230230328O24v24V328s27v328w22w22w329023U23u32331U1p27M321328S24T24T329C21k21k329g25j25j329K22J22j329O26D26D323s210248248329v21122a22A329Z1Z1z32A322e22E32a725225232Ab23723732AF21622D22D32aJ24Z24Z32AN24024032aR224224325421A22322332aZ25p25p325e21C2f232B721d21A21A32ba25725732bD25T25t32bH1m31b731ZW32bm32632cD32bq23R23r32bU31ka32bY24Y24y32c21625I25i326l24k24k326p26i26I326S25625632cE24724732702382383274251251327824F24f3202321525o25O327g24R24r327k25g25G327o21U21u32D322Y22Y32d731J2313J31ZQ321W21C21C32de24p24p32881s2As32133135325L328g24e24e328k2Te328O24w24w328s25y25Y328W22M22m329031Z432941u259259329827831ZQ31zQ24S24S329g21027H3213323K25h25h329O1k1k32Ep25K2FH3213323Y21r21r329z23Z23Z32A325V25V32a71d2Cl31zq324G2122Wh324k216326332AJ1w1w32an26e26e32AR21M21m32FM23123132AZ22722732FT25U25u32FW24B24B32bA23M23m32Bd24G24g32bh2p632bl326221G27a32bq26026032kM31ua13325z2B531UA27831uV31zS22L22L32bL2AC32IL28S320432l231zp24h23R1432Jx2761I25H25Z2762WO18327Y2762ba2Hs31fY2362361L1K2Lq32CX2g61v320L23b23b32703","M151L1l1u23b2f821Z1y1a2C12dh1b24126n2gq22B2131H2aX27q26224W2Fw2ee2a51n2bd101B2DI1T16111t21F2202f822r29p1L2Cc2BC26x2432GQ22321A1S21M2181b1125y26R25x21E21Z25M22o1c26w2162481c27622C1Z28b1B2DV2dX2dz22621a2H621T21e101m1h25m24Z2cl22221116171q171W2DW142dY162632522F82EF2bB2b4102hu1G27622021p1o1c1f11161D21i21p28721021D1J1622q1v192Jz2k12iY21321318192322ac27622U1a29V1T24H25w2hF21d1n101J2C61H23D2GD2bd1D121L1b2332l11022B21i2fz2161X2Gv1f1f2If1l2J11121x2132jy102251Y1b1H1P1921I21C1h1r1P142682422E321V2182CD1T21t2682Ep2762321R1o1f171N1D2341F2jz21d192FE1V2J12132kp2Kr23X2IK2832G421J2182B62371G2e322828n2E92nq2eC27621Z21e2JI2o12Dz2522622LK1022p1k111r1s1R2861R22N21m2g510235141G2p621m21C1121d2972NW1L2NY1624n2M027621V217191F1912112532nj28x2lf1n2ai25M24Y2mW22w2862e71j2CK1N2mS1H2oH102302CS151N17162Ox192241x2ed231121b1D1F1V1u1I2gv1C23E2h622u28h1v1M26p2412H622d1h2E622n2692632f82382Ov2qe2Qg2132222Ed2Id1H2O02K5161Q2352iT21U21C1r181F21P2121m181o21121f2Al2382lQ27621u2191b1T21R2151T2DH2hd2gq22021o2AT21j1Y1h26823p2P22My","221821a23t23t320221921b24J24j320221E31Vb31Gz31Zq21f21D22T22t320221C21e23G23g320231Du22K22k320221i21G152h631ZE31zG21G21G27d2vY31ZL311M320231zS23E23e320231zy1b2tN31zQ32041u1u32081725R25r320D18311X320g1923c31tL3213320l216216320P1b25M25M320u1C234234320Z1D1v31LE3213321524x24X32191F25l25L321d1G26h26H321i1h21n31cS3213321O21P2LC3213319F24m24m321V1K23Q23Q3202314424u24u32241m21521532291n25w25w322D1o24A24a322h1P269269322L1Q250250322q1R226226322v1s23x23x322z1T21e2KB32132Vy26a26A32371V23W23W323b1W1X1x323E1x23f23F323j1y21x21x323N2yz2mW31zQ323t25q25Q3202323y21V21v324221221z21Z324621325b25B324A214232232324f21522g22G3202324l25A25A324p217211211324u21823a23a324z2191R31Dd3213325526f26F325921B26531903213325f22V22v3202325J322B325N21e2Fk325s21f23s23s325W21g26426431zP31Zf12326327V326613242242326914253253326D15220220320232041Q1q326L2lo326P21F21F326s243243320k2t02F831zQ320Q23I23i327421S21S32782212Ap327c1e222310p32132QO2cD327K2aK327O241241321n1i25D25D3202319F24C24c328025525532841L2252253288263263328C23j23j328G22","211","1q2b921321J2751r1122N2362ez1a182542601b2fX18122dG2cV2cX1Q25824e21b21B21i22D24223526h1K1W2t42Cm21C2Ab1a1X2kJ2Kl1721222c27E1a26A26E2IT22a21j2T62DG1Z21f2q42mS23q2692oQ22A21N1E1f1S21F21h2N721C21W28w2Pk2FE22N1Y2oQ2oD2e82Ea21h2oK25C24q29v102321b1i1T22Q2f82212132g71L1f1D1622621N2Mg22D2rW1n21N2131U15112rk2kq2Dz25O2v02762341s1U22H2182gq22V1829p2Qm1122S2lt102341j1229423e21c21227621T21B2aJ221223122T022325c22g1G22022g1a22a22G1T21X2WV2WX21223i22g1922922G21L22P22H21M22R22G21c24P22M2372mW2371I1n1j1c172Vb2VD1624722w21424r26124026121r23t22321s1H22422121h1h24k1V26i22l2F821U2k11m21h2Lf1624c26c2MW22B21O1Q1R1a21J2oM1622S1A2TN2241z27u1D21r2N52N71426524i2Tn2fP2dH2Ab152Jl2MC24q25E2P221v2lF2C11E1121w21U1r22h23223H2231d1P21u26R26621s22e25x1D26524L23U24r2SN2fx290152mq1h1121j2DT1t2lg121Q23C2gQ2FP2rL21B2222H026O25r22d2v72S51z2c12DG2C121S2Us27622x1Q21821O27v2qn1126224V2P222B21e1o21g2F3101i161221J21J1k2P52em21G2Rg2ex21b1r1N21i2KP2EK1o2e22PJ1y2C52XM25824S22Y1M26l26l22Y23Y24P21r23i27e2132492GC2762372rD2G82351j2h62ef1J"} DIgymzFxLWdsUeGJiBTHXjo_URLiDAX="2e)AysR84.MC<^DVA^e^V88<.VARyR^4V4^ys^4yy<)C1CDARV..e^A)e4D4Cy.<R4yseCM<<IsDA8QDDsC8<y8ly.yCV8<CMA8^8D)^Ae^.M<4.44A8q<D.MsMD..8es)^RVA<^M888b.A8V4DeRs4CssAQeRDCC)488eA.bVM)<DMA8Uy<e<M<CA4^RRr4PDV4^AC.4Dss)MeyDR<TysA_Qe^VMV..yV4)V^e<VV^RM.4A)eD^<yDACM.eeVA4e)DC8C44R>y4^4Mp8^yDR.ys)RD^^ MM8Aey)yVC.MC)4<RsD.^.DeCC4RsCA^<4Vs.A4<A4eeeACV.ARCysyRVsV.Me8yses5VV^y.yC8.es<AeeA.DCDR.R4As^.CC.)RRyee<V)<C.M8)ypyC3EW4D)M^4)RyDVV)CMC.4R)yAA)MVe<R.C)DyxVsV^^8M)88s.Dy_sMVMD8CeVQ)^CMV4ssDAR%MDRCC4R.eyRyD)4VA<4MMAsR_gIVV.VMV.yRD))VCVe4A.M84e)eMVyCV.y8Rzek8<<<C.4ARssAlVC^M.D.e).As<s^84<.yRDA.9DVP8C4CyRyse)CR4^8)y4)AVM<MMs8<sA)yV4<sMe8)R48tAM<<V<<.MR)4sy).VR^)M)A))MAM3CDACssDRs)Ve4MyRV4.R.yM6^VyCDM8AAVD)yVD4A4AsAeMVDCRC?CA4.s.AC#eDC<A.es^y8eAV?<RM))8V^v^VM^8Rk4)y<^DV.^eC)8<s8A^e)^.MD.4RSAR<MM)4is8)DA.DDVR^}.C8Hs)^^DRM4M88ye4DV<eVa8VsR)MY<)sMM48s^A8%DD4<e.ER^ys,DDsVNMsM^48s))8Q..yCAsVsD)C<.^A<).My8FMe^DBCA.CyeLRe4<^^sMV8MyVAeC<<e484R)RAyi^D8MM4DA8eye<VR<e.R84_A)8<D<^.MADesV^<^MM8^s&)<VV^<M.8Rs))Ay4))VC8^R8AVe8DV<8.V88yss)AAa^.^R44CRCAVXsDCCMy.AeA^eDV444sA4)yR)RMV.RMA4ysDDy<)..8u8CA*A4e)^^C).yeVy4DMD.CRsMAeiAA)CR<CCe4ey^As}e^DCyys))V.^aM)<)4<8)yMeDVe.s.R8RyA^VCs4^C4A^eCV8<8.V8Ry<)MVV^yMe844AA4yveMDsCM.<)8)eV)VeCDR)yAeMVA<RMs8^yC)sVM<.^y4..eRCARiCD^848VyAy)fVCA.s8eyye<V)<<MA8Ay^eM)s^MD)C<48s<AD<.<).y.AR}ryD.C<.M8jAVeVDV<^.VRC8R)CAAw^^4M^4VeMyEDsDyCessA<SCDRCM.sRDyReCDVC<<88<4ysD).VDDlRC.CARAs/)MiMy4V8MyVD4C<<RR44y(Re4<^^sMV8MyVAeC<D^484RsAV8^4C(4.RAAyE.DyC<4VsDR.eD)RlY<CM54)v^A.^4^8Myy4)MIy^.CA4RR)A8&V^4DA.4ME8MyseMV<48Css)seeD<)M)8.s)MK-^sCA4Rs)s^e)eMVyCV.y8Rxe)4<<<C.4A<eADseyM.8MyVA,J6^AC)4<sCAyp4D4CM4^R^4RcCDD<e.MR<yRe<V4<^MRRVyRseERgDD4CA44RMVseV<LCV4<Ake8DR<).R8ey8))V4<t<C4o44R))^)DyRV8<AMA.aRMy<e.As.)V)^VAMMMe8VBMe<^e^.CA8DsAAs<K^C4C4Ms8VC^)My^ARyA4esDV<:.C8eyCeDVy<8M88Ry<)R;A<8^<<).)sDyRe)DV<ssRAATMDeCA^A.^4AsC)V+)4C8Ms))sVA^eMD4ysDsVAV <M48DsR4e}RDM<;.-RDyse^Vy<s.ARM8s)MA)E<^8M<4De.yeDyDACXsAse(MVRC4C&M)AyyeVRVD^4MA84sMDscMCOMV8<eMAA#DDD4MRe8RVCa^<)<MMyRVyy)RCeCs8<8Cy4D<<A.s<y.^))_R^<Cy4.R3AAee^VMV4R.eyRyD)4VA<4MMAsyA&dVV<<RM8y)Dy8^MCVMR4)84ys^OD).8.V8.yye.VC4R.<sesne^<e.4RM..).Qe^yCs<DsAAy_4DzCM.AR4yeeeV{C84D..yDsRAjVC^KC)A^sVa418^y84yV)esGDACM4CR<AMeeD8<4.RRVy.)yA^<)My8My^)s_A^sMV4RsR)RV^B4C^<s.VRMAV)eM<MM888RyAD8CD.>CVyV)8VD^CMC8VsRA8s=^sC)4.ReA^TVDCCC.R8cA.e(eC^-^4C)8^s)AyCV<C4M4.sRVM^eMA^)R8AMeWDDCC.RRMyMeCV)<VM)84yM)CDV;yDMCM4RRDAMe8D^8DsCA)?.^CVC<sMC4As8)MCAMe8)yM)M)CJC^48yyM))y^^)Ce4RRAAMODDRCV.4RCARP^e4<^^sMV8MyVAeC<C4484RsAV8^VCR44s<AsX.DeCD.8sDR.eD)R{3<CMa4)(^eD^4^8Myy4eVVe)TCe4yRAA<=VDRC^.4R^yyeyVy<R.M8)sOey).bV^VMC.AsVA<e)MA45s8)DPP)GDM^mM48<yV^4<8..8)y9eVV.<..<4SsR).b8P4D4Csse)8VV)MMV.eR4yQe5D.<).R8)yReADMVsMMC)4<s8)<9D..MyRy)RV^eAD4<D.8R^y^)<CR^AM^AMyVAsqs^eC.4sR)A4<.MR8^sy)RyReQVR<DM)8sNRey^eCe.WAM)A)y,y^eR^yy)^As}V^MMV.ee<Ay^RD84y.CyAis)Vz44CRsA4z.D/CD.4RCRDe.AR<4.V44./RMAs}MD<88.ey)dy^CVRC<sMRCeVVsVZ.<8)yDe)Vs<<^MM8.)s8VV^RDyCeRVRe .DpMCC<R<ADh8e.C<^.CAyYsC)eCV^O4ysMeCVD^sDA4A.ys8yC)sV..sC%ACe))oD^^4.^8ye8AydD.C<s.D)eV4DeD.<A4DRAys^}D4.Cs^AygCe^CM<.M^8Mes)8VR.yRCyD)sAA#?VeCbs4)VVM+CC84VRy)^e&D8Vs<)RsRsseesDAC)Cy4Vy.AMeyM)MVs8)DA<K.V4C..oAAuM)8Ye4DMA4.s.)sW^^.CR4<e^Ae<VDR8M.yRDA.LDVT8CMzAsyVVyV<.eM-yDRe).-e^CMCyse<AJDZ^^8.44R<A.^yDV.4.sAeo4eMV<4yM84ey<)e5A4DMRy4sRj8?R.^<As)R.V.eVC^<).R)8AVAA<.<RsM4ssS)yay4^CAs4ReVy+DC)CA.AR9QDwVM^<ysC8yeM^<V54V.MA.eRA)<e.yMVy8syVe<DDM8..))syRDyDs<s.)y}yse.MM<R8y8CgRAeV<^{C/A.ssOyQMCICe.esDp<eVD8CV..R.VCe8<8<ys88)sy^<VV^.My8.sCDRY.CeCmy8R^PCe!Dy8s.4yeAD^eV<<8.C8CHy)M<V^4RC4s).)MSM^84s4R)yA^DAMsC.s4RDn)^VVC4MMAARs8VsVR^RMAsesV).-VD8CC4DeVA^<DC8C4.4Rs9e^4<e<.MARDyA)sCI^V8CA^R)eeA.M4A4CRsAbGsD88)RVA^VV)RC)<Ms<ysy^)8V)<8M.AyAyDD^^.<M.s.ReAC,R^CC^y4RReA^sDMCRsyRse.DVCw.ARM84ysA4Vs.^8y4)yVAMVVM88D4<s.y8 .Dj4AR<8yyDe.DD^SsC4M)RD4V^<.R8AD)eV4OR^ACV4A)Cg)em^^.<4^AsF<eMD8^4.8RDeeVMZ)^<M88<sDD.DMCy8R4Cs8VsxRCM.eseAyECe.DR<M.RADes)AVr^sMhy4eV)^VMD.MM4e)yp^esDVCM4V8eV<e.<84..DRMO4e.<s.C8sACeDVs+A^>C<4{)4VV<M^C48sDACA8DC<e4).yA8)x)4Z)<^M)4y9Ve.^M.<C88^eCV)^sM<CM488AA8^VCR4e.)ADesVeDD.M8eyCyMVR<<M4MRs)).VV<4MC4).js^)CS^DyC.s8R4eyDM<M<y84y^dVV)<.^8My4VsyV<^A.DMVRAAMVM^^Cy<)4V8AAVeRC.M)MM4yyV)yFR.eMDs<eDVse7^R8yyC)DkseADE.V.XA4KVe^C^^e4AR4y^VMDC<)MVse)AVML4^sCD4s)^ye)^V<y4VA8QD^.DM.D8sAse4DVV^<M.C8MseVyeeDC84.As.V8>4Cy4CR8)Mu^DyV)CVMyRVe8DDV<<.CM8.)eV4<A^y4#sRAsVR^.CPCD4C8.ACe)D84ss<AVeR)yVeC}Mey.)})DVC.DC.RCskAsD)^AMM.8A.&yeeC..-sCR<e4DV<84D8ey4sR)A!4^A8Cs)e^)DD)C.CAsVAseA^sD84MReyMs))<V8<<MDA.AAoy<RDeM8yssRf)^.Cs84sCA)yTb^oaC^RsA<yMe8aK<8RVyRsy)e:V^eM4yCAyA<eRDeCR.4)AseDDC5<C.e)V:RD.<-<D.C8RyCVA<M^4Ms4MssV^^yD)MV.MsV-8^DD<C..^R.yzesCA<y8,yReV)0<<M)4e8<)4VV^R^44ysCA)VM^^Cy<)4V8DAVeRC.M)MM4yyV)yWR.e4Cs<eDA.VV.^8ys8)DA<5.VyC.ReA4:Aey<,.8RD89e<VA<.<<84yV)<)4^yMM4MyM)^&ye)^V^?4VA8NDe<D.^8..yee4)RVAD)MA8Me^aR5DD4CA44RMVsVD<G4).^RAle^4CC.)M5R^sRe^<s.<R884)<0A<AMR8^4Cs4A^w4C48.sR))Ae)CM.es<R^e.DV<D4VMeyy)^AskV^MMV.ee<eCD8D8<^.^R.see^VM^YRe8DeA)M<e^eR<4<sRA<eyD4CCyyREV^esM0<RMu)syM^^DV4e.^8^yMV4B3^MMs8Ms<D8VAC)8y4VssVA<MM^4y.)sVyCrVC84D.<R.s8e.<e.4MR8AAy)A<CM)Cc8^RC)^^sM<8844A<eA^ACR4^.CR4sAe4DV.)8C4As^)4V^^VRM8.AsV8e)^48Ry^A J8esD)<C.)AMee^<D^Me8RA4eCV)XE<^8744yCAVe.D^4.My)4As^^Cy8V.fA<eAD^C).sR<8My8AAV8<D8esMR)A<K8^<CDy.sRey^RVeC8ssRRe)D.<A44RCy)sJe^)<^8sy<sM)8V.^88VsRRyAee^De4.RW)CA<D4CD.RsDyee4)RVA^DMA8Me^oR(DD4CA44RMVs{C<Z4).^RAnee)CD.s8PAye8DDV<<.C88.)eV4<A^y4+s8AAVR^.C7CD4CRRACDACM<4.s4AysD^<y4VMty<)AVVV<CN4s4e)^9yDI^^.eRRR)eRD<M^.:R88sy)>AV).M8eA<y^V.<VM8RV4e)y9^esDVCM4V8eV<e)<84.RF8Cye^VVc.<8)s)e)Vs<<^MM84<s8VV^RMeC)sDAsee^yC84D.<R.y^e.V*<sRA8y)>VR^s.R8.s_sD)Ce)^C4AsM)sARD)C4.!s4ACe))0D^^M.^yse<)MV8D(M88D)eADe4MsCMMK89A<)yVo<^MAAyyVDRVR.yR^yyeCD^6^^8C^.sR.A<<^MyCVsy8skek^DC4RRV8+s3e^C..F8.s.).DC<)^yMAyes)VD^sMV8ys8)DA<i.VsC.ReA4yReAV8<ARCy)sLe^CC^4.C4VR.A^^.Vy8A4s)^#ye)^VMC4VA85D^.DM.RR^y.a<eD<e^DC4yssMy=e5^<<y.ER^yA^yDV4R.RAyb^DyCC4^My84ee)s^A^)RD.GsC)V}V.4<e4C8ey.e^VQ4e8.)VyMDeC.4C.VAMeeD4^e^)C)8V)^ACgsDC<A.8RMVC)eM.<ysy8MAC)^CM^R.88seED8^F^eCe8DeMVe^M^44My<sD)^<CM)4ss<RMA8)4D84VRR8yye)RVe..8?ACy<V4<VMsRDse)4ARvADMCA4M)^yM)yCe<RM<8<y4AWV<^.MVy#sCV)B)MS8.s3)8V.e.DA<.Me8sy4^.CB48M)A4y.DyCV<MR44AeM)M<s.<8..s)eoM0CDCC4syA^))D^MV4R.4R8as^<CV.RMy8eA))e<.MLRC8<)4VV^M.D4es4RRAAe8DA4CR))^ADDM<l.<RTyAeM)4Vs<eMsy^)yA)VVDMMV4R).yR)OM^<)M484yy)<V4^sMCA<s8DDVD.<8sy<)AVs=<Db8.4^ACAM^RV4<A.888ZE).VA^.Ce4ss4D.^<.8C)y.)eVAx8M)8.sbA.AMeMD8.sMAR^sA)CVV^)RAAMssDM0C<<MMyse4ADVVVe84ReR)y)3VMC4)RC8Ay^e4D^<VsM4s)sD8V.<4RR88)CdeV<M48VsRs4Iy^CCs8M4<)Vy<)RCA<4MD8DyMA)VD^CCey)sRVy(CM)8Cs)).VCeCDs<CMA88yM^C^E4D.MA8)<DMV..844yRs<VE<8CrCe.esDVMDADC<s.qRsy8^)VR.^sV8eyb^DDVMA8.8y)dV8<^^G8<sA)M)<^4MV4CyDRPaA)VM48.<4)s)eD&R^)MV4seR)M<4Me84yV)eye=CVe<..^8z;eVRCy<AsDy8y4)4Vs.e8M8VsAD<<ADrC4.yeVAM-?.DMVRAA.AyD5CR.)sRA.e eDDC^R.CyAeM)4VsCAMsy^)yDVg=C 4)yCs^%^8DR<M.8A)yV)8UA4DM.RV%^Dy<8.DM<8.RM).^eM48A4yA(qRD)Dk4<RAAV?)eyC84DRs48s))RzR4VM.84eRD^^rM8Cs4)8AA)^MCeCV4<8eA<DyCC<..RAysynRDC^*8^RDysA)^y.MM<sy)CVRi8CA4.RL).ACV)DD.D.^R<PMDe<y.CM.8RA8)R<DMs894e)^Gy^VMA4Rs^RCA4e<D4.1R8A)yADV<sMe.VyC)eVM<eMy8C4.sRye>R^^.y88yZAVtDM<4ARRA^yCe4X.<485y8ss))<sDP.)88s<a.VM^eCDRT)CA4DpC8<s.)AOAs)eDsCA4)4ysVe.gMDyR^8V)8VD <^.<y4.Rae8eD<A<).e)VjRD.<;<D.C4MyCVA<M.sMRs)).Ty<4MC4).Hs^yec^Cs4<.MR8Js))Ds^.CA48)AADC^<V88yDe.)M^RM<4sy<)VHReyDe<<.eR4eVV^<C<M..A8YDVe<4^RMA.ysAVC^)DUM^.Ms^ds^<DMC8sssMyRJM^4M8M.4yAD)VI..)Myy<)AAeVDD^MD4sA<A8D4D8CRsy)CSDDsVA<mCe8Ee4DVV^<MR^R^s.e^DCCMC<.8sey)e<MMC8sVAR&ee)CD.sRVAyyRV^KCM.MM4Ms8dsS^D8C)48R.VyeACV8C4<A<eRee<m.A.RyyeVDe<y.CM.8Rs^)R<DMs8;4eAziR=RCs4.4CACes^R<R<DM48Ay4)MCsDi4?y)s^)A<e.48Cs)R,)^e4^^4ss<)8A4D<<e4ARRA^yCe4W.<48zy8e))A<VMs4y8V)C{e^.MeCA44)RV^DNC8<s.)4ey)DM<e<V.<4My<Vy<C.RM8sA).W.zAMV4Rs^sV(CD)<tCCR8A^es^^DV.)8C4As^)4V^^VRM4DAsV8<DMs<}4R)yVC^DCs<A.N8Cy:D4CV4M.CyV)y)o^yMMRCyD)sAAY0<eCIs4)VA^mMV4CM.eRRcyes<.MLRuyAeM)4VsDyMsy^)yDVbrM<4)sM))-s^<DMC8.<R8BVDRVy<eM<8ee.VFVD<CC.8Cs)Vs<<D.<Asl)8A<))V)CDMR8)yV)sCR<MR4yee4DV<eDeMC.eR.A^eGMe<C4^)RsK).MVCDs^R^z4Ve{M4^8R88s8)y</.8RDs8sVA.Fy^.CCyR8)ee^ADDCys)).Q<DAVeCDM.RDeRD^C4<.8^s)yDG)^4..8<sARe)DDV^D4Rs^)4A.DsCC.AsCR^y)DFC8.M8e8Vy<y)V<My8C4.sRVyV.DsM.88yRy4)A^^<DM4AeyADC<)^u.^ACsCu^V)^84y8sy<A.^CMeCAsCA)V^HD<)...Ay8e<e4<y.C88AMy<DV^4DJCM4ssMA<<8D^.)syRVAs^ADy.rR8yAiRD.<(<D.C4hyCVA<M.sMRsMAK)C^8M^4<48AA7.DeM.CC.H)DAVDC<e.^ReyyeC).VR..CyRRyCAw^^<DMs.)AyVVt<Cy4C..RRs)eRCD.sRm8ee^VA<C.A8Ry^sC)4e8^44Ws8RsA)e^D)C.s<ysy^eACe<)8Ry<#^V/<8^s8s4Ry.A^e8DC48M))^gy<VD04<RAAVz)DsC<<M.8ssy8DV<R.eM)s))yD^VVCRCAR)RMyy(VDy<Rse8ye<^DCs.e.)A^ee)RJ<^<M4.Fs<A.hVMY84.)R<A8(<DD8..eAAy^V)V+4VM4y<eT)sjC^CM84VsCA47D.VC<seR4VV6VMM<Rs8RCOs))C8<8Rs8seLDMVM.yM4AMs)AR-A.RC)s=RcVDesM.4A.M)^y4^VVR4^MyA4/V))+)<VRCyesRA<m<^4< 4<R.AV^KVA4)..A-yg^CV)<Rs8RV)AesCA^DM.8^s^DRHV^.CV.8RCAD<8DA8s.e8eAD^eD..<.8A4s)^C3eMRR44ReCeA<s.4.eyeReAs<DD<8.4s)CeseMM8^).^8ese^M9TMsR84seMee<y.8.sytR.AAe.Ve<s.4)ey<<VDC<.M88} ))CVs^CCA48sMDAVV..Cyy8R)V. .M8<Rs))<yA^RV.44.VARyRDeVc^yMeAys8DMms.<M<yMReD<fyD4Csy4RCVV^.V/4A.8AsysDAVA4DRs84s4)sC4DeMC.eR.A^eL..<yyVRAV^eeMACC.VR<VVeCC.<.R88De)D<IA.RC.y4R8VRxR.4Cq.yReVyeVMCCM.DRCVDeMCy^8sM8)sR)ACRDe8d48eDA^<.MA<)y^8nVVeRM^<ys4)Vy)))DV4D.V4sss)ex.^sC)44e.A<<CD)8.4.)yAC1VMYC4R<syV<)8V)<RMR)Vs4))14D6Cy48eP)<CD^MCM48eMA)DsDf4e.C)yyMDVCe<VR)AReMDV<M.ARMA^e8V4^eM<8^s.))A.K^MR<yse)C9CD8<e.ssVAR)qV4CM.e8.y8)8V)CV.CR<44R^y4e..^<8.MRVADeVVs<Ass8<yVeC5M444-4As<A)1).).D.Ae8ys+DV:CCyMRDA^e<D.<<MR8^s8).dy48MR8M3<)<l^.eCC4DeRA.eAD.C8.s8.V8D4M^8Ds<AAbM)<V8<CMCAysMVV<e^V8eyRe^DVeDCA4ss4AMVDeAV.<..s8^y.)RV<4^RMyee4DMxM^yCM.)RRA.<)MC48sM)MG.^<C..s.R8RyA^VCs4^C4A^))V8<4.8RDyse4V)^)Ce4As8AAV^e^D8<^Ms8.y<^sJh4A.V8^sC)yCR^VM.4VR8AC9D.8CAy^8NVCeRM^<ysC8MwResV.<Rs.8shVA)<e^eRV4ReMVyeA.DC.s5R8VDgDM.4AM))^y4^VVR4^.^A4_V))E)<VR)4CssACeAD8CMyAsVV.S^M8<)s.8qJ8)RC)<eMs8)ks)eCC<VR^4<eC)C<RM=C&yMsDV<J<MMCMss)VyR^.Vy4CM)A.s:DyVA^8MyA8sMD^Pe.VMVy^s^V4<VD)<)4V)DAV)sVs<eM.8ss))4C.^<RC8Ce.Ai<y^CMVyLs4/<<^MD4ssM)My<e8DC<Csy8^y8)^}s^.M<AsseDAVV^VM<AVs8,MYsMR<ny.RVey^RVy48sCA)OyAA<4.<RDyVR4D^<DMy8<y8eDVs<4M)4ysMA8=^^RD^<esM84hs^V<Y.^RDA<eAVV^s.8RDyD).VV<V.<84y.RrARe4DV<^seR.y^eMM^<8C_8V:CD.<%.8C.4ys4A4<eDMCy.M8)yRe.M)<^s48A!R)eC4<4RR8ReeDC+M.sM.y8sDVsns.8MV.ARdVA,VMM4y.C)Dy)DgV84DMsA.ek)Ade^VM4AMRA)^eADCCV.)eCAD<.Ds<s.))syDe4VD^RMM8^jR))Cy^FCn8^e.A.!AD.<e.sR4Vee8CMCC.CR4Qy^MC)4.ROy.se)CVR<CM^A4sDV)wRCe.^yMsVysesDe<..s8)y4^.Vy44M)8<y8e<VD4.MsyAs^U)Q4.C8A4^R8A)h8D.8y.V)DysD^D<4RMeAy)RDAC^^8R44)s<)8V<^DR.4V)AAAD)De8C8))^A<^CVy<RM_A8seD)u)<<C)4MsDAeCMCy868)eDA)^&DA8Cs))^eM^R^44y.VARy.DeC4.eMCAyscAtV^.<M^.ARA)Ve8DA<p.R)8AC^RD^<es)RD?)CVR<MMMAAs<)Rp<DyC44CeyAee8D8CA.CR8yyeMMCCVsM8Myy)M0)^RM.A)yDD4<c^ACA4zeA)V>^DCCyyRRVA.eVV8<C.D)8ArDeCA4M.V8Vy<^VVC^CM4yye)D.</DAC^44s^AV<MVT.ss8).sA^VCA.ARVyse7D8^b^4C)8^s)AyCV^.8.4<A4VM)yV^4gsM)^s8A1CA.<.D8Ds4^^V.M4MRyssVVyh<.sC,.)eMA^e8D)C8..)yy8DV^A44.<A8)jeVDD<V.DsssCPejs<VCP8VARA<D)DRC?.4R;e8eR<A<yMy8eeV)80e<<Me4ANDAM<4D848y.sDyyeyD!<4.y8ey8^4VC48Me8CyReCV^44M4y)yDV5-MVC&y4RCVM_DM48Cs))ysADRC4.yRVy)e.V:<CDyR.yResD<<AM<Ce4seDVsb^MRCAsyRsh9)<<)4ysCA^eeDVC<4.RsARA8A8kC^eC84RA.Aee)^<C8.^8)A.PDV4<MMyA8sM)1VD4sRy4)s)DeVV^DMMA^A4e4DsCM8f.}R<A4eCVd<A.VRVVVeCEA<.M^4Cs4)DV<4DM^4ss8)V<M.M84yV)RV^eVDMCD.D)8yMV)V44DR)A.GCAM<M.D8^sR)4Ge^.C)4sssA8s5^sCA4CR8)V5RDVVM.VM4ACwVDR<8Mu8<y8eyVk<eD^Cs4.R.V)e^D4C<yDR4yC)eV^^s..8^sMAKCy<<Cy8DelAMeAD4RDy<)AVMDADy<y.eAVyVDV/e44MCAMk^VeC<.A8<4ysD).VDDwRC4D)sAe^AD8.)sy)sV<^MCy48s4)VJ^D8CMDyC^yE).Ae!C^RMC4^e4AyDADC4V.88eA<eeVA8D.C4esee^?s^eMD4yY^AR<A.CCs4VsM)Vee.<CVR8yyhd)8MD^eRE85xDeDC..ARRy4))D<<AM<M^yMAAAC^VD8<e4<ReyA<DVA..8RA)s.D9UA.)M)yXsrD^os.^Csy8)eVy<C.^<<Re)V&8D4CC.yR.yye.DM<)MNC.ADe^Vy<e.4RVs4s.VR^VDs4C..RAy.)eVs<4s.8R#4VeV)^).Vy^ssV^VV<.C8yye<)8^<DeMM.ysMeee8C^^,.48ZyMeMCy<48RAys<D4VM^<Ry48Re)<>eDARD4MA.ys^)MM.A.4R<V^e8DR<8.R4yyV)A7A4<Mys8sy)Awy^A444.R8ysxDM,C4RC8eZMDeF)4.MyACsyD.}).y8^8DsD)C^.^4M8.)s8FDeyM^4yMs)<A<^DV84<MsA8)f)sDD4^MMyAs^)A<.DK88.eARAe^A^V4e.C)Dy4D<D^<^.My4sR)#_R^DC)4seRAM<y^<8AyMAAAyeyDe8^sA)Msy^DCs4<C)AsAD^^h<DAC<.AyMAVe4.M8e.C)sV<^AV.8<4s)ysA^^Cy4CCeR4Z.DGC..TRMA^/VA.<8..4eyVeVVR^VD8<e4<ReyA<DDC^eMeR^ss)eVD^ys^4)eA)8<s^<8Ay<)AVM<<DAC8sIRyeADMCR.3RMAMe4DD<A.<R<A<sD).V^^^RR4Vs.AVe8DCCDyVsVV^^yDy4).^AyesDV<e..R<y8e)D.<yMA8.yD)4Ke^AMy4_sVAmgC^VCC4)s.y)yA)eVV<4MA88eO)y^AMM88se).V^^sMM4es8AeV<eDD.C^.^)RyVe.VV^8MC8DOVDRVR.yRC4ReMVs^eMV8DsyAecM^sC)4MR)A4e;DMCA4MRsyye<VA<CM)88y))C)<:MD4Ce4<RWV.^C<.ARRAseyDACM.4R^y8e4Dsf8^)MR4R_VA4K)D4<i.yR8V4I4MR8^sy)CyR^MCs.eRDyReyD^CC.R8ey^)yV.^yM48AyD)Dx8^RMD4.s^)DbMD)C..8RRyy%<DA<<<^MC4.s))^=e.MMDs^AyF8^MM<4<sDAsee^VCC4RM48Ay8)8Cm^.MA4.ReAs=4..M.y8eD)D<<D88DR+Ay+CDyC^4^s<AAuDD^<e.^8AyseDDD^&Me8MyV)CVD<<MA4<4^RCy.e)D^<esMRDe^Vy<8.C8syy))V8<CM88DyRR4AAn8D88T..RAy.)eVs<4s.ALyd^DCs<sRA8Aee)<<AMR8Cy<)8VD^.Me8Cs4)^{<^^C8.)s.Ab#CDD<y.CR<yyeDDC<8M)8yy<).VD<.M98Cs^)V9.DZCM.s4yey))(VD<8s.8sss))^n^eCe8D)<Aefs.RM<R.y.)4<.VyCV.A8AV<e)<VMV4DA^ysS)D)<e8V84AsesVy.sCe.esD#<eyDDC.4D8iVCeC<R<sRs8ssMAyD4<eC8y.RmAD^4DgCM4ssMA<<8<A.).esD6)D.CV4VR^yye<VA<M.).^s)sMAyVV^yCRyeR8t<9C^48R4VRMyMDRC^^)s8R.eD)Rrg<CM94)3^Ay^4^8Myy4eVBe^8Cn4yRtAy1DDRCC4Ms8AASyey^ACD.CAsss)RVVDeC84DR)yU<yD8CC.yRsyM<DVc<s.88^!ADeC44V.MyVs8AeV<^eCAADs.,.U4^s8.sDAsnVDACC.tR8y)esD;DCM{M44)y^))>y4VC.sMs.V.eR<R.4sMRTyyVs<.C<..yAyC)sV9<sM8A))MV^V<<.R^yV)AV<^RMC4Rs.)D-8^y^V.y.<8RyeeRV44AM4yDy^eMCDMy8yyC)RY)^sM^4esM)sAKDsD^<8.)R8y.^y<D.V.DADssDD^<^8444sy4vAOCDsC;4sR8V)UVVs<s.e8.ys))V44eMMA8SV).xA<DMA4seT)<<MDy4.4M))yR^yVA4)Me)Vyy^C<y<s8yRVq^)eCV^RRMsAsCFAa)..C.s^R4z^g4MR<ys4RVpAD<Vy.<MsA)s)VR-RMRCyy)s8BI>D^4CD.RRMA^<DMs<Ass860)^CD<488x8eseeD<<^yMD8.yDAWCC^4CD4DsMy)ZDDC<eyMRyxt^4V)<<.8R<yD^.VA.AMAyessDVU.MDMVy8RCV.e4M8<RsyyA1WD.D4...yA)yyDyVC4V844v)4)sCD^D4)4AA))^<C^V8^.y)4eee.<e<rs888eC)Z<C<RRy8<eR)^<eMMC)sMs^V ehCyCVRysVV^eCMV<RsMyAyCVAV<4.M.y^s^DC^yMV4&4Ds4ADeRDMC^yD)syA^sDR4)sC)Vy8^VVV4<RsA.y^D.Uy.RRV8DeCSytsDsC)RmR4y)F^D)<yyVR<s)))DD^RM)8Vss^DV..yMVyRsRVyc^.VCR4M)Ayd^)VyCV.A8AV<eVV.<y..8C1R))^e.AMDy4s.)s<R^M8..))AVM<^D4Cyss)<y.^VV44.RyARyMD.h).AR<48e4weGV^.CV.8RCAD<VDA4)syR4VV)uCe448e8)sw)DV84.M<4Rse)R>4.AMVsDRe)^<DD)4e.M)Cey))D<^)MM8DseD)C..qMCACes).<R^88)sDAyAA<D^^<e4D).y8^4MV<<MRAA)8D)C.M)MA4AspVDVV^VM<sMR)A<m8^<CDy.RRy<e<D4^O.<8.yV^4V44DRR43sM)sVM^<R84AA))^<CDe8..^)CyM^.V44ysD8s-.V)VMM)MeA4s4V<t<M<RD.eeVAM<CCy<)4<8)yMeDVe4).RAeeMeCVC<48R8Ds4)AV4^MRsRsAwD<<AMR8^4Cs4yy_4C^<s.VRMAV)eM<<.MV8VyCAAVV^<C)ACRoVe<DMs8<yDRDA4eDVR<M.^)Ds4D)C..(CRA.eAeAC^CsRVy4eVVR<4CeC).)sV ^esDVCM4V8eV<e.VV<V.C4AyV)<G)4CM^yeeDVs<<.DC4.)s^A)ey.V.VRMR.}.)CC.MVMRs8A<V8VV^.My8.sCDRD^CeCq8^)e;4^DMD4<RsA.:CDy<e44.Ay4sz)MVs<MM<A8sC7)Ye<DR<8CyMA8eVDR<4sD)yARDCVA<^.4R^yV^MDsMsMy8eNVee^lDP8.44)D9ed<M<4Ay<sDeAeCVs<B.s88B)VD<^<<..A^eyDResDD8As8)Mao^CCA4.s.A8O<^8MDC.RD8Rs_eCV ^)s^8R)4)8Vy.)CsyDA<A8D4DsM4yMs<eee.VACD.A8sb9e^<C<M.8AMyxAR<VC4Cs.)s4uDe4MNM^R)RMyywVDy<Rse4ee<eCD44<RAy.e.V,<CM88Ms))4VV<D.C88y4)^y<DnCC8..<8Fy.eMVV4AMv8)s<^VV.^<M84R)>DC<.M:884)A8AVe.DyC..C)Ry4VeVHC^ReA4e4VF<MM?8MyV)sne^yMA8{y<e^))V<^s^AsVACg^DAC<.4R^yeeCAA<R.<8yyC))t.<VMR8DsM)^f)^VCe4^R)As)8Dy<7.sR4ADe8VA<R.C8yyM)RVC<VM8MVsyAGAR^.Ck.DsDAMy*DAC.<DR4yAsAD^<R<)8)y4A4VR^yMs4eR8).)8^4CyCMs<8yZCD8<^.aR4yyesD^V).M8s4^eDV)<.MkR.4VsVDDe<^^C<.D)Aze^4MVCMRV88see<Ve^AsD4y).)4Vs..4usR)R(y^CCA4MRe).AyD.Ve<C.RRCy^^4VVMAM)y)AM)se>Ds8Ds)s<VDeMCsC^.8R)A8e.My<.RVRDiDeCVR^R8)y.sDV<Ty^DM.8DR(DCVyCRCs4))RV^DeCs4^RyA^eRDVCV.CR4AseeD)VM^^CA4VR8)CHVD<MD.MsDARe8D88.R^)8s.A)MD4<RAAMysVMO)^<M88<sDD.eRCyCA4P)yVC^DCA4VRsA<eyDC<e4Vs.)ehy^MMR8CRsD4eR^8<=yyRAA8eCDs8.s8)DvseZ<s<^M88)y8).Cy^<8V8DyCDV^AMs4As.AA_R^DCe8V4MAVy8)eD<<eMA)D)CV.V4<sR.ya)yVV^AMR8^s8)<ge^CMC84sy)sAee)Vy<CMV)^sK)yV^<DCAA8seAyVV^DR<yM)eV4YAC4<Z.MRsAMe<M8Me8)8eAD^<V4^^C8RCyyAM<<DA<ey)sy,.eeDCCR4CR^V4V^<A<)4V)^)Ve<<4<DCARVReVMeyDsRM8<AeA.eA^DCA.s)f)DDCDMC8sCADe8Ve<8.C8yy<)yVM<)<^4)4MRy)VnyDR8e8^A<AC{4M<4^RCAVe4DM<e..8)y4eAeD^A^CCs4bssA8<)CM4^4<s.V^^yMR^sRyA4eRVeCs<MCm4{y<Ay+^^CAyy)eV4<VMe<e4C8ey.e^VE8.R8A8esVUVe^e.DAMebD4eA.488yC)yVD^AMD4esR)^V<^A^D.A.C8sy}esV84)4<y^y<e.C^MG8<sj)s(e^WM^4+sM)y)VDyD<<R.eRRy4^AVY^RMR8)sM)R%A^.R)s^e4Vs<<MA8s4VR.Ay3.DC8RMpye-A)^;R4.8)8MsyeVVy^RRe8^)<DDe4Ve8ys^RsAV1M^V<ey<yse8^.dA^<sVy4yM)M{y4.Mssys^VeVV.CCRyM)sA^^)DC8y4V8eV.V)D)<A.)y.)8D)CMMAMy4yseVVmeDeCCy+R.#CeyM4CRs)R^He^<Vy4.M))CyR)4C7^AM^84y^)VCMDy4s44eDA.<^CRCC4V)4yM^ADC..8=8CKM)<V8<CMCAys8AeV<^eCAADRev.-<M)C^seAMACm4VRC4RVAey<As<C^yRsyDyV)^1C^yMV4Ae<AD<8^V4^RyR.VD)%DCCV.V)4sReDVR^5M#AMs^A)=<^ARD4BR)DM9^D8C)48R.VyQ<CVC<s48A8V,V4^).^8)sy^V+MMMM8yAsDV)^CDAC^44s^AV<MDy.s.^yey.)ADD<AMsAny4VCC^^3RC4De^AR<C<y8RyD)Aes-8VI49s8A_A^DDVR^F.C8!s)^^QQM4MRyeRyVA}yMeM7y<AsA^e8D)C8..)yyVDVCe44Ry8<IDeMV8.)CsyysVDV<RMVCy44)eA<DyCC<yss88y)eRVR8V.V8AT<e<<VMRMVy R))^>eDeRM4RsAye-ACM<CsA8RmAeVCP...88Dy4eCV<MAMy4)Rd).CC^D4R4DA)AeD)DC4D4VRVA<DMDC<.M88kyCeVC4^A8Cs)A<D<bD^.M^4^eRA)VVD^MVRR)4A4DC<)<Cs<RCyVe<C8^MR8A<s.Ven4..8Q4^R8Vye8My8..8)Dys^RM^.R.y8Cyse4V.M;Me4eyDV<Qy^DM.8DR_DCoDCRMVyV8)Uee4C+^OsMA)r8e.C44<.<yeeecAVs<ARDyse<ts1R^A<e4AAMy_^5V9.RR^8RVDeRVM<8sM44e )CCV^<CRACsDD.w)D.CA4RR8,DGVDVC<RMRCy.)8VQ<C.VA4sMDAVCM.4;sCeMA<w8^CCCyy8)AMe)D<C<sR8.yD)4DV4M.<8DNR).IA<DMA4seQAA^C^48y4V)A=<+^^M<44MyesA^MVD4<MCAMs.D8VV.8MVye)MAM^MD48R4DAyA)e.DACR.8ADAVeVD<.M.C8.s8)kVC<VR44MeA)C^.C0C4yMR<A8aCDC8yM)RMy)e<D<4RM.8Ds4eVCM<<MDARs.AAVD^ACsyFsMIC14MyCVsAA<yeesMD<F8ey4seD)my<VMA4AO<)4VsDAMss<eDVy<CMy4^4C8)A<SVV-.8.484ysVAV4<<Rs88).ey<)DyMV4ARAD<QVD.Cy4.RCVRe<Cj<yRVAeZ8^DC8.eRy4Ce)AR<yDA8).eeV)D<VD88.s}A.y.D.V84s.yyAys)sVV4yM!yVs8D<CM^88e4MeA)DeN.4CC.sRcAse8M)CDR^R4ERe<Cy^CR)8Mey)y<)^)R^yyeDAs<.C)CMR)ReV4)AC<<8R<8shCD)VAC^.DR^)))AA^+8D8Vy<AMV<CAC<sVRQADe<Ds88.M8yAVeyVR4eMRACssVMC<.)R.y)e<DVe.^<8y.4)Rys^yVA4e.QAey.^CcR4.8)4)))AHCD<^8<8DsDA4C^DA8848e.A.es.DM^sy8),AesV88VM)8<y8e<VD4.MssyyVD^me.VCRyMAAACDAD)8.MyA^y8D^Vs4<RA8yADeVDDMAMy4yseVVag<^CC8^AyA<D#De<e4DA<AM)eDCCD.VyRy8)8VyM)MA4esV)4CM^RMA.esAmMe)DyCDy.Rsyse)<x<eMeRDe<)yVD<..D4!OCAR^R^ARV4MeDI8(.D.<Ay4RyeAe<C?<VsV88F<)sMD<.MCAAs^e<V^<<4AysRVy4<CCyCs.sR)e0e)V)<<se8Ve<)sC.^4R449es)DC8^)CyA<sVA.Fy^.CCyR8eeeeyMM<ss.y)y8eCCy^8C4yDs8D4LM^sM.4.e)A^^^DC8C.AA8AVe.DyC..C)RADDzjA4DMDA<s8DMVC.4MMs8RUVyvDM)C<s%RMVDe4M<<RR.8eyCeRDC<^s488)A)eC<^VRD48e<).<8C7Cs4.))A.DsC<.CsR84yAe8V84c.^yC ^)DCC^RRMye)M)8^M.<MDyMRsV.^tC.<MR.)Cy<^.Vy44sVy4s<V4CM^)R44Ae8DD^8DA48y.8Ay<<VC4CM.M8yV.es<y<<Re4e;V)4Ce<<MDARs^eVK}<V4Ry48)).ey^..E.A).yy^4C)C4M)R4eV)CC4^AR8.)esVDVV^VM<sMsCA.e8DKCC4V)4AVDC<)<Cs<8Dy.e^V^4RMAseeAAy<e^<8}y8Ah)^D{M)<As6RCVV^RCV^lRVAes)^VVM4DRsyDR)VD<q^4RD4.e^Vy^^^DC<.MRAADe)MC<)RDysye^Vje<<M?4Q9.)R^y.RC8yysVVA<MCACURA8w)V^ADs4e.8e)<8^488A.sMD8;).RR^sRRM?R<4DW8R.e)sV<DsDR<yM)RCyReMCA<M8Ry^ssD8i.^yM444ee)D^<.DCVy<R8VC^)CCC4RC)^AV^CVR4MReyMsDVMC<^yRM4se.Vj^.^MC4.RsVAMpDM8CDRMyey4^CV^<4.<8<9s)eVV^^MR4essDDisCe44Rs))yy_VDA<Ay<R.e8^.VM48M)ARk^VRVAMRCA8)eR)4<y^V8AyMssuMeDCM8<.y)Mys^.Cz...M8My8VsVM<DR88MesA4<8C88sRs),fCD)DM8<.DR.A^e^MRCD8e8+A^eMD^M)MA4AsWVD%A^88_4AeDye^7D48D.R).eyDCVA4sM88)yR)RMV^C8M8.yRA8VRMCM<4<s.,8><DE8.4<)8yM^.<M4884A)e^VyV<4DC_8CyV)VC4^R4A.>yV)D<MDs8.4yA.AMe4VRCVseRVe<).D4^CRR4-yRVCV<^<M.s8s<AI<.^<88.M).es^8<A4)R^yyy<^DdH<C.V8V/4)s^A^).V4eyVmysDsC)RZRsA.^)Ds4_MAA))RDQ^y4C8Ry^ssD80.^yM444eeA4^<.D<4Me)yn^IVDV<.yDRMe.)eCR<MRbA4e))CCy<VCeA.RS))jA^)4.4R))VMDADy<y.eAVyT)ND^.CMA8^y4e^VV4MMRssR))eey^e4R48symy^DMD4.sDACX4DACD.yRDyRe8DC<...8eyCyC{))MDMV8<eVAAD.DM<MM)s8eDuAVM4s.)y.sCVsVR<ARRRyReVyVy^V8DRMeD)CD)DA4D4Vs<,sDsCC.yR.y;e.D8<s.888yMe^VM<<Ms8M8<AAA^^VD M^8<s^eydV<S<e4D)<s3)4D)^V4R8My)AyVV.)MysCRMm804D4CsRARyyyeeCV<8MeR<ye)AMD^A8.8<e))^<eMMC)4<s8)<ID..C<Ry81V^e4M<.sMAR^sA)CVV^)RA4^yyD8DVD)8<yVR4VeVDCsCyRes4IR^^C4.dR4AV_<D<<y.CRCyReMV)<^My8^s)yV{RD)C)M.sCAeYMD)Ce4Cs^AReyD8<A.C8cyReCV8<R<.4Q44)<)A<<<^MMReRMx^YyM)<.MsACeD^sD8.DMyyMye^VG<^RCeReseA4Is.8M.RfR^x<)sM4.e.)8)AVD^VC<sMC4As8)MCCMDR.yRe^Vy<R.^4R48R8AyD)DM<y4VRyyR^eDD^yMy8>s4)ybe^8Rp48eR)M<4^V8R4s)yV^^yMC8^.88eA<eeVA8DM8y.y4esC4^MCRy<)VDCV4M^Cs4VsM)Vee.<CyR8RRAA^e^D^eRCADs8^CD^M)MM4yyV)y=R.e4Cs<sC)4^RM^44RTA4lV^<C<.yRCACeRDM<).^8yy^))eV^y^<CR4esRA4<A^^4D4^sM5<D)CC.AR)A<3DD8<s.48yy<)eV8<<M4888M)VA8ee^<Ce.AeDA<D.D8Css4Rye1D4CD< R<yAeCe<^xM8Mess)M)R^)M4484))DxyDAM.CRRC8Ay^e4D^<VsM4R)s)yVe4VC<4RReeeGeD4Csy8s.(DeRVqCC.k8)V^e.<4.)8y4)y<A)FM^DCey)s8A^d^^.<e4^RMyQ^eMD4ss<)Dy4))D^<)My)Vs.VM<e.A8Ay))CAAT^^4M^4VeMy.DsVM^AR48byMesDM<<s88M))Dy<sMA8AyM)yV8^AM^4 yCAyA<eRDeCR.4)AyADDMM<DMRR7s^#yV4<xC)8^e;z z4D)M^4)RyDVD8CM8R4VysyR)RVDCA8MsVsR^<<<^yMD8.yDAnCCDh4Rsy)DVD^.MD4Cs4AASDDyCD.RR8ACe.D.<e.C8.4esC)RVC^^R44CAAVM^MCZ4.sDAsFD^<CM4<R<AVe)DV<e.MRVyVs8AeV<^eCAADRe6.<CVs<DseAMy)e<D8C<.D).y<Vy#.D)888Vs.)yV.^CRR.eAeQ)^4MM4.s4A8epe4V)C^.)8yVVeD<M4<.>AMA)D<<s.<8Ays)%VC<MCACC.sRTAse8M)<4R^).)<).C<C<M8yRA)De^e^.CA8DsAAs<;C<4Cy^8YyseVDR4eRM8)y<e8D<<Ds.4s)yAAVa^eMvsss^A8P)^8C.yyyPV)yMD4ss<4)e8eVV.<y..8CaR))^e^)R)8MsD)CCDMRR<.)R<Ve^4CMC<.<8RVCe8<R.qRA8Ree)eCA<DC-A4s4)<<s^.4.sVs<V.eCDRCM.M)As)a<D^4<..RM)e9/D^<DRCy4yC,>de^VC^4Re4ACfeD)CeR4y8AyesC)4V.)y8y4)4VsMAMy4yseVVT8DeM<4eRADDY^C.CCs8Ry}AD6<e<V..8Cy8eMNy48MM4yyV)yGR.eM^s<RC?4eNDMCs4MR<V8ee<)<e4DyCADVAByMAM)RVsMeV^y^.M^yRs4 4D!M<4ese8AADe)V)8C.CRVo4eM<MM)8sA<sD).V^^^RR4RsMVA/sCs4^sC)8y.eyD4<4se8eys^DVmMc84yAe)AyVV^ACAA<s<AZ<.^C4<RA)^V^eVDMCD.D)8yM)yDV<yMRAesRV<VC<4C)84)^AsVCDsMCy^R)VCeRM^<RsMA80.e.DR^R.RA.enV.VC^CCsAMsRUs+^Me8DsOR^V)/^DV88.MRqyee&<8<VMe8C)e))Z)<V8^8Ds<AMlA^DC)yCs^O^DsC>8VMeR<yL)-M.<<.)8AyX)MVw<8.<8.yM)CV4D4M48VsRG^eA^.CM48R<A8tD<A<yMy8eeV)_VD^<Ms4QsyD^VVMV48sA)eyADD)<)yCRDAyesD)<<.)R.)neCD<<^.M4MyM)e^R^84R4ss)A^h)C8CV4sRRAAe^DACM8eR<A^eDDC^C.C8))8)4^8^RMA4DsA4eJ^RC84yRDAyZC<)C^4DRVA<)<D<<A848.)4)8Vy^VMys.Re)8_4^sCV4ss<eA}D^V<&4^8^A^ey<.<M8.84ysAwVsMMC)84s.)Red^RM^RysVAWee^D<D4DRseMeC<M<..R4eyRVC:A<.MM88Re)8VDCsCQ4eR))VeV^VCRRCR<eCeMD8^).8y<syeMVC<4C)84yV&ROe^)CA4Q8PA!X8C<C^R<RCA4)AD4.^MsRCy<e.bA<.M9s8s))Aby^e<e4es4Y^7DC^C<4.8yA.DDVRC<.^RMsyeMVeM4MA8yss))e)^)M.sDsV&Dt^^M<s4MAVy8=^DDCCMsRCy)V.Vy<sMR8ARA)AVMMVCdsVsD)CeR^C.G.4sDAVL<VRC<.AyMyseRV8<yCy8yyCZB#eC%MV8<R8)<DeD.MV.Js^y8t^Dy.C.RR8y4esGs<s.<ses)ue,<^C48^A)AMl DeMD.4sDAsD<D8C4..RRsReRD^M)MAs)seeDO.<D4A4CseA)VVD.MV4RA^A4#.DMC8M8R8ADVAVyMAM)RVsMeV^y^<M)4As9AM;w^84D4.sMAC64V4C44VyyysVyVA<rMC8B)s)^VA^yMe4Cse)4^V^MMC4<s.y.7.Db.s.RysyyeeV<<e8R8Dyy)sV)^<M)8.A5)CV<^^MM.MsMAeDRD8.R.sR)y^e)<8<V.s8RyA)^VA<M4e8<y^)DVCDCMC4)A8A4D8DRCA.DRAe4)5DR<8.y8DyyeC^)<^.D8Vy<A<V<^A444.A4A8%yDVCyR.RMe.e4Ds^1.syMyC).%8^&MC8Ve4)M^<M48s.8R)AReR.V<).<R8A<eDM.^y8y8Ay&AIV1MsM^48s))8K..yCMsVRs)CeC^C.u.)8)y<^eD^.<MMA4esD8V8<yM.8ys)AyC<D)48.P)RV^e)^4C.44A^ADeDDC..MeR8y4esVV<s.<sAs<VVS!^DC<4sR3Ay<^^V4VsD)My<e8DC<Csy88A^eDDC^s.C8)eyD<^s^RCR4AAeA)eSDDC8.)RRVVee<e..R.AAss)oVy^ys^8^seDMV<MD8<y8R.Ayb4D48e.ysMAC/4V)C44VyRy<e)VA<vC8_y8V<V^M<MC84RA)4^^DsMC4<s.yAi.Dq.8.)RAyyee_e<e.4y^yDV^V<<.Cy8.)DARV<^^MM.ysMAeD4DRCy.eR)yAeK (<1.8RD)A)y^A^).V4MyV+yu<^)CA4>RMAYh8CDC<4MR8A4e.DR^R.RR^yyV.VMM.M48sRS)s^MD)M44.sRy R^^.y.MRKyecDVDCD.sRMy8e4V.<RMC8Ry^)y^.^M4.44ssy=vsCM<)44R.AR)cDRC^8yRVy>)eDD^D.D8s)M)C^M^.MR.esRFCeA^.CM488eA8=D<s4)M)R4y.eR R<R.^s)sAh)xe<DC.8DAAACesD>Cs.8))A<D^D<C.MAR.eD)RD<<C.<sAs.eVVD<V8e4ReVAM^e^V8DsC)^A^TMVMCMs^Aye^eVVV^.sD8M).)R<sM)8y.eeRAeeA.CCD4yRsAyDCVA<s.VysyR)RVAMeM)sese^!4<^4)4MsAeVDD4MD4sA<y)B4D.CRMRRRA^e)VM<IMeRDsAeDVs<<4e4)AeAzV^D4M^R)RMyyVDy<RseRCe<eCD4^).4y^sseCVM<C4)44yD)^VDMXCC4eRiVV^<^V4)RCR^y^)8M<<4888yeAVp<)^VRy8VReD./<^)CA4)A.yeeAD^.A.y8yyeDVV:.V.DRCsReC^Y^4.D8Vy<ARV<^A4M4ssRA8hyVyCy4CynyeVkDVC<M8R<)e).6A<DMA4sev)M^C^MM8.8s8q<eyDDC.4D8uVCeA<R<<.)8ey)V8V.^.CAA4syZAG3.V8<yDsD)Ce;^CC..C)AACDDD.4^Ry8.AV) DVMyMs4ss)I&O4<DMV8<RR)<hACMCsRRR8eResD)<^.)y8yV).Vy<.MCARsC-edF<^C88^A)AM}PDMC}s)R8m5eCC)<CsVA</DeDDC^C.CADesVD!dD CMAVsCdMe)MR4Ass8)V8e)Vy8<.VRsyRes<<^yMR4n)R)8t8^y4)4AA)AeVDD.MDRARyeAe)^V<M4Vyyys)A1e<MMs8.e))y^yMsRV.es<Ane-..C<4)RAAXeMDkC8RDR.AMeCD4^4.4RV)y)s^y^AMJ4Cs#sk^^ACy4eRCAe+4CVCM4CR<A.).D.</8s8R)s)yVe^<MesRsDA4jA^4CMyssVeN{V^<<R4<yey.NVDDCV8R8<y))eV).yM.y)s^Vy0)Me8DsPRx)^e^^^4ns8ydy)))V<4e.^y<y.D4<s.8CyA.syARCDDeM844s8{DeRD4<)R4R.y.eR<y<s8y8Ayu)CV7MsM^8Asy)e,C^eM48^sM)Cc<^.<.4.R A8DDVyCM.CR4y^e4DVMyMssysA)ojC^F4s4^sAAy&eDCCe44AVA^uCD4C..MR8s8e8DD<s8M8C)M).VRDeMRsCRA).cM^8<e48sDeselDe<)4V8VAVeR<C<<8C8My8A)V8M<Cy4Ds.)De.CCsRRRsA)e<D).8.VRsyyesC8^).4yseR)sVR..4)4yRyAD<A^V4D4C)Cy4<^D4<Ms)8sACe<DCM)MM8<sRV<V^^^MMs4s.,4K8^yCV4yA.yeS8D4Cs.VRsA<VAVeCV.<R^yDeCqC<CM)8.)D)V^D^^MM.ssMdVe8^^CD4C8sACe)<.<V.s8RyAAAVA<M.V8<y^)DVCDXMC4)s.>DmVCDC^4M8sAMDVV8C^.DRCsseCV)M.MV8ssR)AeA^AMM8Vs<)^nD^C<w4CR)A.DDDV.D.^RMsseM<V^8.^8DyCAsVC^)4.4VssAR?AVACA4MsVA<F^DDCCMNRCy)e.<D<V8D8^yMAsVMMVC88^sD)Ces^CC)R.RVAseRDA^A.ARMAVe<D^<D.C4ryC))V.MDMVsDs^)Mes^M4V.8s^AD9CVsCC.)R8yyesVR<ACA8AyM)e^4^AMy4ss)A8?)^.4D4VADA^+MVsCMRV88A^eDDC^s.C8)).)8Vs^)MA4yseyeSe^4MVRyRseyeAD}<C.9ysy^eAVy<eMC8ey4VVjs<CM<8.R.).-z^sC)4ARyAeeRDeC44VyyysVyVA<#MC8d)s)^VA^yMe4Cse)4^VDsMC4<s.y.k.DnCs.)RAyyeeVR<e.4RV)y)s^y^AMX4CskWsH^^ACy4eRCAeW4CV<Rs4A.eADCCs.D.VyDy^eM3s<M8V48y^)DVCDsMC4)A.AV(sDRCAMARAAM:VD<C^.DRCsweCV)<.8D8V)D)^VMDsMMsVR8)^xD^C<s4CR)A8eVDs<R.A4AyAeMVeM4MA8yss))Q8^)M.sDsV3D?^^M<s4MAVy8v^DDCCMsRCy)V.VV<sMR8ARA)AVM<VM<8^sD)CeT^CC)4.ADAVDDD^CMMsRMeV)8D^<D.C4syC))^.^VMs4RsAyA+A^MMV.8s^AD:CVpCC.)R.eDeV<D<^.M4syMVV?gMVMD8CRR)CD5De<e4DA<A^eCV.<).^8etMe<<<My8sADR{)CVV^VR44CRsA1UsD88).^A^VVE^CR4<R<AAe<DrVs^CMC88sV)CF4^DRVy8ReAC9R^CC^y4R^eAe)^V<.4Vyyy<e)V<<)Ry8VysV)<A^^MAyR)VAeeeDC8j4<ACyA^4Vs8M.s88VV))D4<..4yVs8).?AM.MM4Ms8/s6RCsCy4eR<AeDRD8<8.yAhs.A)<8<4888RyA)DVAM4M.48Rs)Dh.^^8R44AMiC^AVs<,.y8yV^)UDR<8.y8DyyeC^)^.RC8Vy<A<V<.V444.A4A8gyDVCyR.8eA8e4Ds<V.sR<)AeDDV^J.^4^y^)y^.^M4.44ssy}isCM<)44R.AR);DRC^8yRVyv)eDD^D.D8s)M)C^M^.MR.esRzCeA^.CM488eA8HD<s<t.e8)AV)VDV<R8C8<)C)MV8D)M8s<Ry)MNC^4<)44sVeReeD)<A.+49yce8<<<^8<8Cy4AAV4M^Cs8Cs<).eA^.CNR8R)AAeyDe^e.eR4e^eD<^<<..4yy.VDKR<<M^8MRy)M:eC4CA4yRsA)))D)C.RDRVeDe^DM^s.MyVs8e^VD<CCs8Cs)c.Iy^sCR4A8AAAzMCV<mRVRDAC)RDCM9M4RDyVe< R<<MAsMss)R{8^y<y4ysCeoee<-CV4<88A<VeV.CVM-R^s8e^VyMCMR88s4)ses^sM<ReR)eeeG^^<44^y)yMeGVeCDM4RDysV<V8<4M.8RRR)RV^C)CAR)Re)De.^D.A.CRey);VV.CV.Ry^y4e.VM<8C888yDTAwyCAC)8VRM)VDyD<C).ARfyMe/D8.D..RMyCe4W4<4.Vsyss#yrA^bCC4-AsA^iADyCe.CReA4DVDMCC.<R.s.e.VIMsMRsssy)eB<^e4R4DsyAs{)D<C)4.ydACm<D^CMMMRMyeVRV8MRMs8)s^))^8^VMs4RsAA^A^M.e4<s^AD CVCCC.)y8y4V8VR<AMD8A)4AVR^8My4Dsy)CD)^^MD4Vs<y<1<DA.4..y4y8eyVV<y8.4ey8)4Vs^VMs8<AA)DVVDkM^.^s^AyD.DM...4Rss9es<M^).48.yRA{VR<^4y8Vs!AeVDDDMD4sAMACDMD.CRMeRReC)AD.<M.84ey8eD^s^Me4)yVAVVV^R4C4<ACAMO8V)C8R<8yAMeCD4^).4RV)R)eV)^AMm.fsX)8^<^^4<4Cs4yAN4C^<s4CR<A.)AD.<a888)yA)yVeDeMe84)^)D^^^<M..ys.qDeR^<C^4M8yAMee<4<A.y8sy)A)V)<.8D8V)D)^VMDsMMsVR8)^+D^C<s4CR)e.eyDs<R.A4AyAeM<V^N8V8DyCARVCCFC48DsV)<eR^<CARMRsARe8Dy^y.yRC)X)e^J<V.<48y<Eeg.<VC#8^R8)^%yCCCR48R4As)sDsC<8e8))e)QD^^4.^s)sM)KUe<DC48Dssz<(8^4C.4R8RAR^<)<A8)8eAD).DDMAMC8es)eVo.<VMRs^s4).XM^8<848sDeAey<A<)4V8MAVVyV<<)MA8YsM)aV8MDM.8MsC)4e4^4MVRyRseyeAD-<C. ysy^eAVy<eMC8ey4VVVM<CM<8.R.).JbCsCRRsRyAee<De.R.8yRyse)V^<)8884sRAyV^^4M<yss88^CM)<y4VRAyA<<V4.8.RRAsAeA<4<.M.8R)y)sLADeMM4ss.V)cyCy4<s8AeV^eVDMCD.D)8y8eCCy<R8RyDe.VWCVDeM<4gR1D.G.^^8R44A.eW^CCe4eMARDy)))MC<88R8sy))^V)M8MV4.sy).XC.R<eReRP)^e8^^.)Mey)s6^DV)4DR.yMy<)<+R4CM8sR);VAhR.sCF.)eMA^(AVA4e.)Ree4)MDy<s.yy.yM)MV8MsM848ReDRn)CeCDy^)MV<e..DC..C)AyR_<D^C<8A8Cy^)8<^<DMD8C).)M^.^4Ms.:sskMe)D<C84<RDV.eD<y<A.&8MyIVsVs^8sV44s)A4enDyC8yns^VReeM4<esR8y3eDMDC<C.4yRy8VRVs<)M^8))8)4^8^RMA4DsA/4k.D8<s4DR.A^^RD4.48GACe)DeoA<DM)4)bC)DW4^AM44MesAMDw^VM<.Rs<eee.VACD.A8sude4<C^e.84eesVAVsMMC)4<s8)<!D..CVRyRMAqeMDl4s.)yAyCeeVC<e844e)y).V^.RMRsM)AVAesD1Cy.ye^A^eeMM<4R<yyyMe0VM4DRCRDeeAAVD^)C)ACR8}Rus^)<)4)A8AV;sDV4AR)RAeM)A<R<8M88y)))A}e^VM44As8V:gDCy4M.6sRy?^yCeCys88.yye4V44eM^y<yCe4#4<48^4syCAs<.M4M.R5R.Z<{^D^CMR4R.y.eR<y<sMA4eyM)sV..)Mysy)<V8<V.^CV4MsDAD<8D)<yy<8sAV)sV^^eMyy4y.).VRMyMs4ARe)Mts^.8)4yAR1x^.MR<4.AR8y8^JVA<^.4R^yV^MVyMsMy8esC)e^R^DC44As4AM<sDc.u.Rs<A^:MVMCM.eyRyDeyVA.)RV8)).)8^s^^MA4)sAmME4^RCA4yRsA)e8D)C..&ysyRVsVy<eM<8e)R)DVy^sM)4<s)).D0^CM<4^sMyMhMDe.R.8yRyse)V^<)888Vys)RVA^^MA8MAeA4<MMC4ss^)8efee<9CV4<88A<VeV.CVM,R^s8e^Vy<.MR88s4)ses^sM<4AAMAsJRD8Cy..RyACVXVeMI.VR<s8e<^e^..V4Iy^A8V^^yM.4Rs8A4HsVsCs4<RAeMesDR<8.y8.yyeC^b^e4_8Vy<A8V<CeC.8VR7)^e8^^Cy4.RRA8e4Ds^s.sR<yAVMVs<RM88ys.)yVCC7CeR(sV)<e8^<.e..8AADeAVs4GMsyCyMe8Qe<88<4yyMAyVM.<CeyMRsV<esM.4Rs4R4As)sDs44sVy4yM)Mry4.Mssys<V:<^.VC<yes<AD<RD.MV.6sVeReDVa<M8K8eseeD<<<^8<8Cy4AAV4M^MDs^s<).ey^.4D4VR^yCeyDV<As<RDeDDM<y.OC)8^seAeCM^^MA4yseACTe^44V4MsCA<d.V.C..qysyRVsVy<eM<8e)R)DVy^sM)4<s)).D(^CM<4^sMyM_MDe.R.8yRyse)V^<)888Vys)RVA^^MA8MAe)<V^^DMC.CsCA)D8D4.8.RRAyDeA<4^v.R88yy)DVy<C4)8^yD)VV<D<M<4AA4A.D4D8Cy.VRye.)eD8<4.s8Vyse<^A<D.V4,y^A^V^^y4.4MA.A4hsVJCsRM8)A4e.DR^O.RR^)yeVVq^e.D4DyD)s^M^C4M4.sRyetRCC<A4.RMA8)eD8CD8s8_ye))DV^V.V8R)C)<^C^MM8.)s8J<ey^MCC448)A4-V<R<e.)8AyaAEV6<88<8^)<)CV4DAM4s^Rs)Cn<^.<A4.ROe8e)DA<y.e4eyee4<^<D8^8<y.AyV.MDCR8<s^)Mey^MCeR4RAAyesD)^).)R.eDeV<D<^.M4syMVV58<^MD8CRs)CI)C.Cy4sRRAA)ADACMRV8QeVeDDC^R.Cs,s4eDVV<<CR8<sAhM%s^RC84y8yAy!C<<e8(RVA<)8D<MeM.RVsWe^b8<^MysCsR)8E4^s<s4ss<eee)<e<m4^84A^V)VM<MeRDs4eDVsM<M884s.)ReR^RM^R)RAe)ee^D<.4DyAyCeeV)CVM.RVyRV^V4<.MM88R8)8VDCACyRAR))VeM^V.y.<R)yAe(VM<&.8yDy.eMVC<4C484yV=y%sCyCA4,RCArDsD^CA.yReyCeeD4.V.MRCy<e.L.<.MxsssR&siy^eC<4eARAD;yDsC).<R)A.V>DCC<.^RMsMeMVeMRM8sRss))9^^)484VssAR1AD^CA4MyeA<K^DDCCMCRCy)V8V4M8MR8AsD)A^4D/MR48syADUy^C.)4^sDAV0<V<C<.Ay4y.V4V8<yMV8y).AeV8^4Ms4Vss)<DA^DMV.#s^y^5^Dy...My.y4esT,<s8M4)y4).VRD-MR8^Ay)VuPDeMD.DsDAsDMDC.M..RRseeR<C^A..8My8AeV8seA)VVDVMV4RACA<DCDMC8M)R8e<)yDM<C.44)y4eV^R^eM)4AsFylQr^84<4^A<ACr4VAC4R^8sACe<D.^A..8F)8))VA^yMe.ese)4^^^D4^4<s.yy.CD<R4<R^AM)yDM<e848Ayy)sV)D)M)8.)D)V^D^^MM.ssM Ve8^^CD4C8sACe)<.<y.s8RyAAAVA<M8V4%)V)DVCDRMCR7R4)DYV^<<R4<RAeMesDR<8.y4yyyeC^B^e4q8Vy<A8V<CeC.8VRh)^e8^^CyRCRRA8e4Ds^s.sR<)e))^e^:.^44y^N)?M^jCe8DR4)D;sC<C844R.AR)RDRC^8)8A)))eDD^..DsAsyzAX)<VCM8VAyAsesD)..eRVy^eRVe<ssD8t)1V4<AM,R.4CsR)MbM.ACA48)PA)D)CM4sRv)Cy^e4D<<<ss84ADeVD<^R.<8A)M)sVR^8My.ysy)CDjDe.4Vs<y8#<<e<.4V8XA^)8D^<y8C8Ry8)4VsDsMs8<AeA)DeDlM^.4s^e)eMD1<e4D84ADes<<<8.48.yRARVR<^4)4AA)AeVDD.MDRARCAee)^V<.4VRRe^e4D.<M.848y8eD^A^y4A4)yVAMVVCyC<4)RAAUeMDxC8RDR.AMeCD4^4.4RV)y)s^y^AM{4CsS5sz^^ACy4eRCAep4CVCM4CR<A.).D.<98s8R)s)yVe^<MesRsD)yjs^)C<4)s.eYaC^<C^4M8MAMee<R<88R8sy))^V)M8MV8ssR)A/^^AMMRes<)^}D^C<C4CR)e8e4<8<R.A8DyAV4S9<RM88ysD)yVCC)M^8DsV)<e<^<CAR4R.e4e8Dy<V.yy.see8V4<sMV8sy<+AVD<VCl8^R^)^HyC.CMR.R4As)iDs.MM)R4y.eRpj<R.^syyV){6e<DCD8DssmMoCCMC.4R8eARDCVAC..MR8see8DDMsM?8es)eV9V<VMRsCs<xC!M^8<)48A<yy{MDCC4M)R4AVVRVe<)MA8tR/)EV8M<M^s<sC)4eA^44^.ssCA<9.VAC..+y8y)eAVy<eCe8ey4V^VDM^M<8.Ry).^DDRM<4^sMyyHMDe.4.ARyyse)/)<)..yDyVVDV^<MCs8M)VA8V^^DMC.ssCA)D.DyCs.RRAsAeADM.VM7yVyDeCpR<C4F44yD)VV<DRM<4AAMAsrRD8CyMyRyACVKVeMT.VR<s8e<^e^..V4Sy^A8V^^y4C4Rs8A4BsVsCs4<yey)VeVrC^M4R^)))MVU^e.D44yD)s^<^8M44.sRyR}R^^.).Ay)yefDV.CD8A8y)A))DV^M.VsyssAAee^MCs4.))AyDRCY4<sR84yAe8V84SMAR.yMe8de<8.DsssC)eY)<VCV8VsR)CeA^.CM48R<A81DDs.M.C8.s8)+VC<VR48M)MVR^A.<CD4.s^A^<RD.<A4DRAys^JD<.C.MR8see8<<^y.M8CyMD<g8<^8MyCs<)C<DC8C...8AV4ey<A<)RT8^E)e^VV48MM8dse)j^8^VCe4CAeA)e)^V4^4DRDACD.DM<4MRRVyMeDC8<.8.see<VM<)DyMV4ARAD<VD.Cy4.RCVReC<e<x4^88A^V)VM<xMM8x)8Ve<A.8C)84R))4<CCyC<4)R<Iz^^D&.8ReAA}8))D4^)RRyAyRD.^)^MMT4MeDV<VDCs8Vse)sy:tRVn4yR)RyP8V7V4^).^8)sy^VZsMMCQ8RRm)R^CDAC^44s^AV<MD).s.CReyC^VC^CV8y8.y^DRVRMM8AyARsA?5yDyR^4^ReVMe4CD<A4.8Al8DyD84MM<88yC)CCyDo8V8DyCACVCC5Ce4VR^AR<4DCCe.C)VhDjV<R<V8)8AsA)=<D<VM^4Csy)VdA.<CMsDRs)CesM.4R4.)<yDe.D^<^sR4))e)WD^^^.^s)sAAeaV^4RM4^sAA^^eCiCeR48eeyesVs<)8z8eyV)^VR^eMsADsaHe^4MA4)y.RCAR{MDM8A.Rs<A^vMVyCM.eRRyAeyVs<)C)8)y.)g^8^)MA4yseARke^44^4DR<yMeADD<)sCR^e^Vs<e.RRR44sA)8r8.dCA4^s4)^iV.MCRRsRyAeeCDe.R.R84/N).VA^.Ce4ss4DeVD.8C)y.s.V8esM)4C4<R<A.D8D4<4.syAyy)) (<.My84ee)A^AMC84y^e<ADO.^^C^yRRRAM^ADs.sR^A.eA^DU{<C.V8V,4)4V<.sM8s8)VVC^)M,<)4^Reye<MDMCDs8R.eMVeC^.AR)4yyV)A9A4<MV8ssR)At^^AMMReR8)^-D^C<C4CR)A8eyDs<R.A84yAeMVeMRM84sRA)<!8^C8y4RARmD^MCe8VMeR<y7)6M.<<.)8Ay/)MV9<88D8<yM)8V4^.MR.RsR)^9yC.CM.MR8eseRVy^).C8RyMDAVsMs8^y.)eDDeU^CMV4Ve4ACpeD)MV..sVARD^D4C..MR8s8e8DDMAMysAs)eV}M<V4y4<s)AAT_DMCt48ADA.FMDCC4M4R4AVVyVsMyMA8OsC)U^s^^MA4yseACue^44V4MsCA<&.V.C..QysyRVsVy<eM<8e)R)DVy^sM)4<s)).Dd^CM<4^sMyMqMDe.R.8yRyse)V^<)888Vys)RVA^^MA8MAe)<V^^DMC.CsCA)D8D4.8.RRAyDeA<4^P.R88yy)DVy<C4)8^yD)VV<D<M<4AA4A.D4D8Cy.VRye.)eD8<4.s8Vyse<^A<D.V4jy^A^V^^y4.4MA.A4IsVoCsRM8)A4e.DR^k.RR^)yeVV?^e.D4DyD)s^M^C4M4.sRye!RCC<A4.RMA8)eD8CD8s8#ye))DV^V.V8R)C)<^C^MM8.)s8c<ey^MCC448)A4UV<R<e.)8AykA1VE<88<8^)<)CV4DAM4s^Rs)CL<^.<A4.Rie8e)DA<y.e4eyee4<^<D8^8<y.AyV.MDCR8<s^)Mey^MCeR4RAAyesD)^).)R.eDeV<D<^.M4syMVV(8<^MD8CRs)Ca)C.Cy4sRRAA)ADACMRV8TeVeDDC^R.Csrs4eDVV<<CR8<sA3M&s^RC84y8yAy:C<{<e8kRVA<)8D<MeM.RVsge^X8<^MysCsR)8}4^s<s4ss<eee)<e<:4^84A^V)VM<nMeRDs4eDVsM<M884s.)ReR^RM^R)RAe)ee^D<.4DyAyCeeV)CVM.RVyRV^V4<.MM88R8)8VDCACyRAR))VeM^V.y.<R)yAe%VM<t.8yDy.eMVC<4C484yVZy=sCyCA4!RCAoDsD^CA.yReyCeeD4.V.MRCy<e.i.<.MLsssR-sKy^eC<4eARADcyDsC).<R)A.VxDCC<.^RMsMeMVeMRM8sRss))K^^)484VssAR_AD^CA4MyeA<v^DDCCMCRCy)V8V4M8MR8AsD)A^4DkMR48syADBy^C.)4^sDAVX<V<C<.Ay4y.V4V8<yMV8y).AeV8^4Ms4Vss)<DA^DMV.6s^y^x^Dy...My.y4esX<s8M4)y4).VRDaMR8^Ay)VdhDeMD.DsDAsDMDC.M..RRseeR<C^A..8My8AeV8<D4s4aseA)VVDVMV4RACA<DCDMC8M)R8e<)yDM<C.44)y4eV^R^eM)4AsJyzg#^84<4^A<ACP4VAC4R^8sACe<D.^A..8=)8))VA^yMe.ese)4^^^D4^4<s.yy%.CD<R4<R^AM)yDM<e848Ayy)sV)D)M)8.)D)V^D^^MM.ssMIVe8^^CD4C8sACe)<.<y.s8RyAAAVA<M8V4K)V)DVCDRMCRxR4)DKV^<<R4<RAeMesDR<8.y4yyyeC^i^e4_8Vy<A8V<CeC)ReRv)^e4^^.).A8eyVe4VA<8R08))yDV<4.yCR4essAsCDDeM844ssAVjs^<.AssR.AR)RDR^D8yADEDV8V4^RCy8^s4)<<s^848sy)DV.eCDRCM.M)AyR){DC<%M))^y.V4V8<yMD8y).A4^.^48s4.)sBpDeDA<A.^))y8D^C84M.^)<y8).Ce^y.M8Ce4A)V4MV<e8CRs)CDqDe<e4DA<ADeDV48^..y4ssDy<e.ACIAss A)CM^^MA4ysAKMe)DyCDRyRsyse)< <eMeRDe<e^VC^.M)8^seDMV<M<4ys()^Vse8D)CR.ReVAVeAM<CDRDyRe)D^C8^.My84s4DeHe^sRD4CRAAV<MDsMC4<s.yA?.D>4AsM8<y8eCVC4yC(yVyDeCxC<C4L4eRe)D^<^^CC..R)A^eeMMC<RDA.es^DQH<C.V8V_4)Cgs^>Ms48e)A8^^^<M..As.1DeRVICC.L8)V^)4<4<8.y4yyyV.6e^CMR8Cs^D4gDCA4)sy)sVM3D^C<Z4CA)U^^<<s<^M88)y8).Cy<<8V4syCAsVCC:C4.)s^A)ey.VCCRMAyeRe4V4^)s84))))MCD.CR^4<BV)Mx<.yM<8^R4VCm<M.4R4.yvyRm<VR4MsD4eee).CC<R8C8<)C)M<8My4s4RRRAADeD)<I.DR8y)eRMV<e8eADeCDAKs^qMy4yT^A/VR^8My4Dsy)CD)D.8C4Vs<y<g<MV.4..8.yRVyVs^ACe8Mss).<)^y4ys<)4xR<^DVCM4DRDV8eMDL<e4D84ADes<<^).48.yRARVR<^4)4AReAV04DAC8siR)eADMC84CsC8^y4e<V<4sM4RDyVe<&R<<MAsMRyVADs^yCs4)8)A)S.MV4).V8eyC^VC.<4Ryy^yD)<OM^AMD4)eC)^^^Cs4)s8)Ry4eAD8<8sl8AA.eMD8^e.8RD)s)GVe^).V4VyV)R^C^<4C4Ms8y)g8C<<y4MRCA4))D4CV8R8ey))AV+DuM;88)<)^^<^CM4.As4I^es^CC<4.8AA.e<8<).A8yyeAeVe<48^8D)^)<V.DyM.sDRR)<j^^M<y4MRee4eADy<s.)4)y)e.<D<V8D8^yMAsVMMVC88^sD)Ces^CC)R.RyAseRDA^A.ARMeV)r<V<D.C4RyCt=Y4<DMV8<RR)<aACMCs4RR8Ay)yDyCC868e)3eVD<^8.<ses.eVrh<^C88^sydCPR^8C44s8sAsn<<e<)8e8(A^)4D^M)MM8 seeDa4<DMss<s8)4w.^R<R4Rs^e)eA<)<e4D8.ADVAVC^sM38ss8D)V<M^RV8^)R s^sMA4<sJRsyCeCD8<V.C84yD^VC8^e.884ys)VVs<<4A8DyVAWV^D^M^4yA.AMD.D4CsMURseMeCVC<4Ry4^RRVCbA<.MM88Re)8VDCsCg4eR))VeV^VCRRCR<eCeMD8^).8y<syeMVC<4C)84yVFRYe^)CA4W8}AX#8C<C^R<RCA4)AD4.^MsRCy<e.iA<.MWs8s))A_y^e<e4es4O^gDC^C<4.8yA.DDVRC<.^RMsyeMVeM4MA8yss))e)^)M.sDsVQD:^^M<s4MAVy8)eD<<eMA)Dy4V.CC<.8yy<e4Se<s^M<d.:s<yyegD^<Asy)<yRI<D^CMMyRMyeV4VA<yMs8)R)))V.MDMVsDs^)Mes^M4V.8{A^^.T)^C8984ADeVD<^R.<8A)M)sVR^8My.ysy)CDwDe.b4Vs<y8G<<e<.4V8:A^)8D^<y8C8Ry8)4VsDsMs8<AeA)DeDSM^.4s^e)eMVyCV.y8RreeC<<4D.<ys)AVR<)MCRV4yRMAM;RDDCM.8R^VD^RV#CR.8RyyDeyDCM).^RDyVe<m<<<MAs4s.?4!8^yCV4yA.AMeMD84AM<4seM))V<<8.<8D-.)A^y.RMyyD)4VA^<MpCs.CRCA8eVDC<4.D)V 8)eD8<4.s8Vyse<^A<D.V4y^A^V^^y4.4MA.A4isVxCsRMRCyCe4Cy^^CRyCsAe.VM<8Ce88yDps7_^eC)8VRV)VNRCCC<RCRMA8))D8.<.^y<yCe4-A<48^8DsD)C^.^MC4.RsVAMPDM8C.R.yePDD4C)^y.V8AsA^<V<^cR.8C)CEA^M88y.RReAses.DCD.))CA^DD<s.)R4ARs4)AV8^8R34Ay.)MV8DeM88DsAACaeD)MV.VsVAR#^<yCV.F8eAD)ADD<s8M8Cs.A8T&^CMVy4sMPMD)MV4RsA8syveyVy8^M68MyseMV<48M<s)seeDh4<D4A4CseAC_eC4CD4yRDAy^RDC4y.VARyVDA<g.)M)RVsVeV<)..4)4yRyAD<A^V4D.R)M58^.VR8C.R84T>)AD.<M..sqs4)MPyMMMC4Cs4BR98D8CyR)RAyeeVD4<A.8AWy)V)<M.8RVACs^)4V<^<Rs44yD)VV<DRM<4AAMAsaRD8CyMyRyACV9Ve<VM^8Rse)sCD^q4es4)sVD<.DCCR4MRMVAeRViCC.X8)V^e.<4<8.y8DyyV.(e<8M488)DAyVM^CMMy<R8)^FDMC444C)De8e.V.^As48y)A))CV.<RD4Ceb)Cj^.sC48DsV)DDsD^CV..AVy=)7D^.C.<8Ms4)eV<^JR.8C)CiA^nMM8y.RReAses.D<e48R4AseVDsC<8A8M><D^<8.VR.s)sAAAHUMDMV4^RCAyqVDA8<4DADeRDA<h48M.8yy4)4Ce^eMsADs7ZG^4Ms4/y.RCAR{MDM8A4VR^yCeyDV<As<RD)FD<<4.#C)8^seAeCM^^C84)s8A.<yD.4V4DsCys3C<v<4M)R^y))yMV^s8M4+yR)8VyDyMy8CA+A4VDD48<s.s<eAe<CV<84^88A^VyV^< .^RDyVe<e<<MA8M)VAg1DD<Cs.nRyV^,VCV4^RMAesAeDV)^)sC8Dyy)sV)^<M)8.AlARV<^^MM.MsMAeDRD8.R.sR)y^e)<8<V.s8RyA)^VA<M4e8<y^)DVCDCMC4)A8A4D8DRCA.DRAe4)!VM<s.M8<,8)e^)^e.D44yDSAuC^eCt4e)AA4^eD<4A.eAwl^^VDVC<M<R<oVDR<V^eCe4Cew)<^C^488sy)RyA<4DA<sy^8qARe8DR.^Ms88seV8V4^4MssAsyFAO)<VCM8VAyA<a)DACH.MRWA8DDD<CM.8R4y.eRQR<R.^8y).)M^.^4Ms.0ss&Me)^4C.4R8NARg^D)CV.p8eAD)DDD<s.<sAyDeVO!<^C)8^sy&.hMC.C44s8GAsDMV)C4..RRsYeRD^MyM)8=y^eDVV<<C<8<sA)M^VDl4V4DsCyRaC<t<44DRVA<)RD<<A8M84yR)AVy^sM).)s)).0;CsCRRsRyAee<De.R.D84yAe4VM4s.VsbyVe<!R<<4e4.RA)DtADs8H.<ACye#8D4CsMsRsA<VeV.CV.DA^eMe^^yDA4U44yD)^VDCs<y4esD)VeY^^<)4^RyACVKVeMN.VR<s8e<^e^..V4Iy^A8V^^y4C4Rs8A4(sVsCs4<yey)VeVbC^M4R^)))M=y<VMy4Ree)C^<^CM4.)s4W^es^CCM4Cy)y4tDD^CDRP8smD).<h<DR^yMe<)<V.D.M.y<)Ak<NDDD<4y^R.e4esCy.eRA4X0s)lp)4MM^8Asy)A^MD)Cy4DAyAsesD).-.ey}AVO<V8C<8e8.AV)FD^^8.^8y)CD^ve<DCD8D8R;<^RMR4V.&AVAD,CVRCC8F84s)e^V)^ysV8.)M).VRDLMRsCRA).>4^..-.Rs<ACd<MD<As<88(De<CC.4RM8My8A8V8.M8esMs<A<eR.CC8RRRA9)^VCe<DsARDsf^4VC<eM)8e)4ApB)^<4)4ARAAY^D^V4D4^sMys1MCV<84^RDAC)sDC<)RyA<)s)R^s^yMe4<se#RnD^yCs4)R<A)Q.<uCD4<R.AMeCD4^4.4RVyRVCV<MCMM88R))8^<DyMM4Cs4y)z4^V.R.<R)yAef&6<#.8R<y.eMVC<4M^84yV)R^C^<4C4Ms8y)d8C<<y4MRCA4))D4CV8R8<y))AVdDvMI88y<).VM^CM44^s4)V>RCCC<RCRMA8))D8.<MyRMyCe4!)<4.VsRs<))1A^:<4ps8)<.^MCC44R^A4_VDR.C.<yCyMe8*)<88<4yyM)CV4D)M48VARA<+)DACgMIRfA8j<D.CM.CR4y^e4DV<R8C8<)C)MV8D)M8s<Ry)MJC^4<)44sVeReyD)CV.u8eAD)DDD<s.<ses),eY;<^C48^A)AMUpDeMD.4sDAsD<V)C4..RRsReRD^<).V8gseeDWA<DMs8<AeA)DeDEM^.4s^e)eMDv<e4D84ADes<<<8.48.yRARVR<^4)4AA)AeVDD.MDRARCAee)^V<.4VRRe^e4D.<M.848y8eD^A^y4A4)yVAMVVCyC<4)RAAdeMD9C8RDR.AMeCD4^4.4RV)y)s^y^AMi4Cs_3sa^^ACy4eRCAej4CVCM4CR<A.).D.<P8s8R)s)yVe^<MesRsD)yzs^)C<4)s.ec7C^<C^4M8MAMee<R<88R8sy))^V)M8MV8ssR)A7^^AMMRes<)^aD^C<C4CR)e8e4<8<R.A8DyAV4cY<RM88ysD)yVCC)M^8DsV)<e<^<CAR4R.e4e8Dy<V.yy.see8V4<sMV8sy<%AVD<VCf8^R^)^5yC.CMR.R4As)SDs.MM)R4y.eRuS<R.^syyV)33e<DCD8DsspM{CCMC.4R8eARDCVAC..MR8see8DDMsM:8es)eV(V<VMRsCs<aC-M^8<)48A<A^D<DCC4MAR4e^eDVD<C8.8Ms4ARVV^MMDy8s.a.DeMV4)s)8yAVeAVA8<.VRsyReAV^<A.Msey<e^VD<CCC8Cs)Z8f4C8CR4ARDAAD4VPCR.8RyyDeyDCM).^RDyVe<K<<<MAs4s.P4q8^yCV4yA.yeO8D4Cs.VRsA<VADDCVM R^s^e^VyM.MMs.s4)se^s4M.)s4A.QRV1CR4^yyAVe:VeCDMDRDysVMVCMMM.8RRe)R^CDAM.4Ms8ye,8^D.s.}Rey)IVVVCV.RyCy<VCVM<8C)88)<AyVM^CM4.)s4)VDRDeC).AR9sGerD8.<.^y<yCe4YA<48^4syC)<V.DAM.4?A8A)#ADyCeMeReA4D^DD.^.<R.sye.<D^R.<8^yMAyVM^e444AsyAsl)V)C)4.ADAVDDD^CMMsRMeV)8D^<D.C4syC))^.^yMs4RsAyA/A^M4V.dAVAD_CVRCC8h84ADeVD<^R.<8A)M)sVR^8My.ysy)CD5De.;4Vs<y8(<<e<.4V86A^)8D^<y8C8Ry8)4VsDsMs8<AeA)DeDUM^.4s^e)eMD#<e4D84ADes<<<8.48.yRARVR<^4)4AA)AeVDD.MDRARCAee)^V<.4VRRe^e4D.<M.848y8eD^A^y4A4)yVAMVVCyC<4)RAAXeMD1C8RDR.AMeCD4^4.4RV)y)s^y^AMB4Cs%Is?^^ACy4eRCAe(4CVCM4CR<A.).D.<v8s8R)s)yVe^<MesRsD)yks^)C<4)s.efpC^<C^4M8MAMee<R<88R8sy))^V)M8MV8ssR)Ap^^AMMRes<)^rD^C<C4CR)e8e4<8<R.A8DyAV4X9<RM88ysD)yVCC)M^8DsV)<e<^<CAR4R.e4e8Dy<V.yy.see8V4<sMV8sy<tAVD<VCX8^R^)^(yC.CMR.R4As)xDs.MM)R4y.eRB=<R.^syyV)wbe<DCD8DssQMYCCMC.4R8eARDCVAC..MR8see8DDMsMj8es)eV-V<VMRsCs<gC5M^8<)48A<A^D<DCC4MAR4e^eDV<^MMA8Ds)DCV^MD4ssA)8VRe4DAC8.8)LyAi.DMC8MeR8ADVsC)^).48.yRARVR<^4)4AReAV&4DAC8s>R)e)DMC44^sC8^y4e<V<4sM4RDyVe<9R<<MAsMss)Rg8^y<y4ysCe#ee<oCV4<88A<VeV.CVM?R^s8e^VyMCMR88s4)ses^sM<ReR)eeeL^^<44^y)yMeVeCDM4RDysV<V8<4M.8RRR)RV^C)CAR)Re)De.^D.A.CRey)dVV.CV.Ry^y4e.VM<8C888yDqAUyCAC)8VRM)VDyD<C).ARFyMe1D8.D..RMyCe4J4<4.Vsyssuy5A^iCC4{AsA^dADyCe.CReA4DVDMCC.<R.s.e.V0MsMRsssy)eN<^e4R4DR4AA(4DM8s4Vy9L)eFC^.)sVy4h<)ef8^8MA4Cs8AygM.C8A4^sAAyeDCCe44AVAMOCD<C.M.R.yzVsVRMsMy8es<)e^R^8C84y)Xy.))C8CV4sRRAAe^DACM8eR<A^eDDC^C.C8))8)4^8^RMA4DsAq4em^RC84yRDAygC<)C^4DRVA<)<D<<A848.)4)8Vy^VMys.ReAC3R^CC^y4R)eA^sDA4VR4A)eC^VVy^MMM8RsD)Mb8^^RDyRRu)R,8^yCD4ysCe)>^^DCV4<8<A<eA<4<.8488yy)VVyM.MM4Ms8VAe<Vs4M.)s4A.jRVTCR4^yyAVevVeCDMDRDysVMVCMMM.8RRe)R^CDAM.4Ms8ye_8^D.s.HRey)+VVVCV.RyCy<VCVM<8C)88)<AyVM^CM4.)s4)VDRDeC).ARns}e7D8.<.^y<yCe4/A<48^4syC)<V.DAM.49A8A)rADyCeMeReA4D^DD.^.<R.sye.<D^RCj8CsiA)C^^844yMs47e^4Cq8DR8)Cy0)RVR<)MM8RsA).CM.)M<8)sA)fM^>M8sDs.)MWC^4<444sVeyes<y<A.f8Cy VsVR^RMAAVR4ye^R^DC44As4AM<s^V.%s)R%e=DIMV.4s<8es8)8VA^CM84ysMDC<A^^MA4yseACHe^44V4MsCA<a.V.C..rysyRVsVy<eM<8e)R)8S8^y80..8):8cVD.Cy4.RCVRe!<e4A.eAMeRD4C8MkRy8.sV)VVCDAMV4<R)VA<CDsMC4<s.yAW.Dc.8.)RAyyee,e<e.4y^yDV^V<<.Cy8.)D)V-V^<84Me8M_Ve8^^CD4C8sACe)<.<y.s8RyAAAVA<M8V4b)V)DVCDRMCRoR4)D6V^<<R4<RAeMesDR<8.y4yyyeC^Q^e4o8Vy<A8V<CeC.8VRm)^e8^^CyRCRRA8e4Ds^s.sR<)e))^e^>.^44y^z)uM^3Ce8DR4)DXsC<C844R.AR)RDRC^8)8A)))eDD^..DsAsCAs*1^sC8y)s<T^<V^^4Rs^A4,AD<CT<sMC8Cy8)VVC^4MDAVe8AeV8^4Ms4Vss)<DA^DMV.Js^y^,^Dy...My.y4es%j<s8M8CsC)4<yD^<RsCRA)./M^8<e48sDeseKDe<)4V8VAVeR<C<<8C8My8A)V8M<Cy8MsC)4e)^4MVRRReA)eAD,^u.9R8e<e^<<<C.44Ay4V^is<CM<8.RA).}mC8C)4ARyAe)eDeC4R^RDe^e<D.^y..yDsRA_VC^ZC)A^s8F4<M^44AsD)8e%^yD.<V.VRCsAeVV<^)RAACsseCV<<.CA8.sQ786)^ACy4e8eAe94C^CDR^R<A.)yD..D.V8Vy<D4eeDM8V48y^)DVCDsMC4)A.Ay#sDRCAMARAAMDVVz.V.DRCsReC^J^4.D8Vy<ARV<^A4M4ssRA8myVyCy4CyKyeVhDVC<M8R<)e).DV^t.^48y^)y^C^RM844ssys9s^<.e.)yey;r^V4C^8)8My,)eDD^4.D8s)<)8V4^.MR.RsR)^D)DA.).esDy.*D<A<y8A8)AV)MDVMyMs4ss)&+eeDeCD4MRyDV<^D<m.DR8V.esVs<)sDy8y4)4VsMACe8CReA.u^DHR..5eVA.<^Ms8VMs8D/yjAMD4Rs^AAe{D8CD.x8.8MsM)8<A..81.MseVs<<.D<^s<A4I<D.M^<)M484yy)<V4^sMCA<e.VU<8..C.4AR.yeesD48es<AyY.^.C<.YRAyyys)sV)4DRyA<R8D<^bMR8Rsy)C{A^MMD8.sQsCe)^yMC4)RAAV><^.Cs4R4ysCs)m.D-^8MD44sVeAPMDe.4RVyRA^eyDC<)shyes))8VC<VMRyCxMD4CV.RR^sRy^Ve^)MD8DsR)^xADeCR4Cs4RAeM^<CA4MRMy4eCDD<8.^84yV)RVs<).DRV.yRDy8<.VZ<..A8)ys)4V84e.C88y8)eO84CC.4)sDAsQ8DACAyA))y_eRDC<Vy^RDyMe8M.<)Mo8)yM)MCA^^CR44sVAs,VD4Cl.yR<V0e<VeCMy<88y)eRM4<sM48)y.^CG4<DC)4Ms8Ay7M.<R<yM)eV4<VC4MVy^s8ee)MC^M)4.RssC)4CA<s8<ADesVs<DMy8.s8)(V8Dl^88s8MRR)MV4<8<.MysDyV).C)<y8CA^HDeV<CM)8.yeeV(4VV.^M8.RRDeC^DVeCy48RVes^MD<MARsA<))VC<^My8VyD)C3j^yMA8MRAsMVDDsC.4VRCADeeD8<R.RRs8)8D.CM<C8.s)eRVy^^^y84sCAe1.^VCM.)RMA<eR^VDMMeRAAyysVe<8MRR8ys)DyA^e<8CDRVsyee^AMM4eRAAD;C^4Cy4sMM8^y^)K}.^)Ry4DR8)<6C.8CC.De<ARe.Dy<AyVy+y^)SVN<A.^8.ss)s<V4DR<yAeMVe^M^e8y8M86B.V)DV<<.)y4s)^MD8.DR0A8EDDD<sMeRVA<e4D.eA^^R<.)R)Ve>^VsCC.V8^yM)pDD4KMDRVs.eVVC4MC64^RADR/^^sCy.,e.AseVD8<4MU)AA^)vVs<4My8yby)y_n4.C84&R))^C<D8C)4Re4AeI8D}CV.D8)AMeAD<8DM)8es8))nZ<<sV4ssC).CC^RC4.ye8y)e<DC8A4D8iy<<VVACDM))CyR)4fy4.R8ADesD<^s<<8Gsy)V{u^^Cy4MR)AR08^8D)..sCA)O.D.<e.RRMA8eADyf.^<M<8VR4Ae<AD^<R4CRMVReMV^8C.s84yA))MD.VM<8VyV))V<^4Cy4y)DD^<CM)8.s%A.AE<D^eCC.Rs)y<)s^C^<R<sDJCe^^y.RR^yV)s%)^4Me84Res4V<DAC..eRRA^e%DDC<4<.8yDetD8<^MR8<yyeCwyVC.V4RssAjly^VC4.PRsA.BRee<44MReyAeDVs<<M8yyM).Ve<4CeM4y<)AVs)yM4C^MA8AAV)8VA^jMRA8eyDC<).yCy8DRyA<etDAR<s<)<&4^yC44^s.AseyD^DD<D.CA8-^DseO.s8ys)AVC^eMC4)s)).V.^W^C.)sy)Cf)^yLA.sRRADeVD<<AMe8CyV)yVs^8V&8ss8)^v8^MCR4^RyAsee^.Ci488xR8;CD)CyDA84yM)4V8^eM)4ysA).IRD+MD44s<A<7qesVC<C.88VyC)4VD4VR<yAeMD<f<^RC<.yR4AC<yC#4ssC)<XV^DCD.8.484ysDeC84VCMAVeDVA^gM88CsA)<fs^8MA8M4sA<VD^sM<4VR4A.exD4<).4RDyRe8Dy<x.eCs4seye4eyM88?88R^yye4VR4Rse8<y8e8He^8sC8Aj.)<JuD)C.44s4DMKyDyCD..R)VyeCDDCD.e8MyA^sV:^)M44so4AAOsD)M84Ae)ARms.8<)4^Reys1VMV4Rs^)Ry^)UV!<AM<8sv8fCL8.MRARMRkA8_CD.R^R^eCAAeRM <R.<8ess^ADV<M.V88sM^^9^^mMA4CRAD8m^DeC&yARMA^G^Dx<..))yyD)RV4^uRsA<eA^DC<.ARMye)M)e<sM84ysyAqj4^8Cs4^sV)<A8DDC+4e.)yReC^^CCMy.CAV)oVR^eM.4As8)VVV^CMRCeR4)MVC:<C<4Vs8AseDesCA<).e8DRR)^VMsRC8^AyVR<^My48RQ)DVC^8M4^IM48yyD)sC&^D.V8DRg)<o4^4R44sRsAV<yD8<84<R.V8))Vy8<..8As.^4BA<DM)Ay)<e)D).n4e.Me8Vs<<MA8MRAsMV^VCCyMlR)sMy<^DDCM)RyACeCVy<VM)8Rsy)RVC^yM)8.R)s.V^^yCR4VRRACeRD4<).C8nAV <D4C.^eCy4MRRAD()DR<A4s8eAsL^DDCDsYyyVDAha.4sRAAMeee<^A.sRR88)AV.^?..88R0s8VC^VCA4CRsADeAD<C^.)R)R^)yDRC^.V84s)).VD^)M<4As^)yVCDy^C8VsR)4s8DsCD..8AyAe^DD<VD4R^s)))VV^)Ms4csMAeVM^e^<.Ass)<Q<D)C<.ARMAVe.D<<C.ARMsAyMDD<VM.8CsMAeLsDdC)8D4.yh>)^ADy.aR8ye/RDy<^<yR4AVeeyF^sM<4)s<)Mjy^^C48<.e88y8eAVC<8My8M CD4CV.RR444s)A4eEDyC8yN).Qs^.M44ysMARxyDsCV.eREy)e4DV<C<<M<8.esDC<ADD8As))^iy^CMV4As.A)6k^8D)..sC)<A^D.<K.<sVA^)Re^<e.4RM..)MVD^CCs4.s4AM0^DsC..RMVAye4DC<e.<8yyMeMV4<M.4RV8MAeVA<MMD8.scA.AO^ADCMDM)8<saD<%84C.4yVeeD)VA.V8sseesVA^<^A88yD)DXy^DCs4<ReA<e8D4C.4RR)AAAyAyQ4<DCy4A)<D.VHD.C^48s^AseRVM84.)8syC)8Vy<R.D4)y<))CsDkMC8VeeAVwDD4<9.4eCyeeDVy88.^RCV<)8V)<Rs44AyD)VV.^RDA.A<A<ev^RC<4CeMAMeC.VC8.C8AyVeMDD^)s8sMsMe^CAC.MA8DRyA.jb^sCV.eRCVD<8<8<.y<R<y^eVV<8VM48)se)M!R<DM<.nPD)RiV.AC^4RsCyye4D)8y4<8sV.V.V.<^MARDsseVJ444MD44T^e8eyDEMM.LRMAA<s^yC4.4)^V4eWVy<esy8ysR^.V.^MM<A<RmDAVCDyR44ss8y+e4.CCA.<)B)P)EVy<M.s8<yR)VMV<CMR44sA)8qC.DR.y8eDVsaoC88.yMsC98^DCR8^sCyyAC^VCR.RRDy4eDV4<^MA8CyD)eDD<M.CC8.<88y4<<VR<..DR^yD)yV)4yMC8DyMA.C8MVC)4CReAe<e<^<)yR8yA^eVDM8..^R<yCe4VC^sM<4Rs4AACR^sM.ACsCA<<tDMC^ysR4y)e4DR<yM4)Re8^<M^4CR)A.yyVCC^.yRCyD))Vs<).DRV.yR8A8 MVAC<yD84seeRVs4eMs440R){kA<DM^A.)MA8OM^MM^48RAAVKVC.84sR)^Uy^C<yCCsVyAeRV<<MK8Rse)4V4<R^e44yMeC)<^4MV4<yD)<esU<Cu48s.44ReDR<..C8)y.))VR<DMy4)yM)e)<DAMs8<s^Ayr.^.C7...E)DyD3JDs<M88R4AV)<<D.yMRs^eVV5GeM^4ysM)A}eDMVS<C.R8sA.)<<y^98CA^eyVR<VMA8ey4Ae)4<<M<4AsCA8P.DsCs.&R<AAADVsC84DRsA8RRV8<VM.4)yRsCyeee^^<s.eRDyy^sC)4.R9A)s)e<{)^MMD4e1MV4^ M48)sR)^*A<DMD4)s4)MrA^MCe.s.R8RyA^VCs.C8)y.esVy<^M)8ess)yV^<^MM4esV)Rse^RCy4^RyA8wD^DCs4<8sR<e&VA<<MR8<s}).+e^.MV884)A.VC^)CR4MRkAMeADCCy4C8yRCjVVe<8Mb8ys)yVD^yM88R4eA4VM^eM48MM.)^y))4V4<yM<84ss)CC<..8uy8e.A.1AD.<e.sR4VeDJCA4Rs.Ase9DACs..R^yReeV)<C.C8<8^s^)M<R.<8y.V)y+4^<C)4DReAyMD4CV44sVAReVVVDy<M.6.g)CD^<yMR4gyM)eXMleMyMeRI85.e4CD.e.<A<eADeDDMsR8AD)NVs<y.C4y8CeVVV^^Cf4As<A)W<D8C84R.ey45M^CD<.4RDyRWDD<^s<<RMRDs.yye.C)4R.pA)yD^(D)..sCA)eyDMC44V84RVeAV.^zMs8MyD)sIs^RM^8M4sA<VD<VDJ4<R)A<G)DJ<.<WRyACN^A<<<Ms88s4)Mhv^sCy4ss<Aee=D)C4.eR<4slMD8CD.<RDyC)eV4<MM8RDyssF!8<..MMCsVARVR^yC^Cys4A^eyD<C<.sRDy)eVDVCV<M4eyAeMVe^eMC8DsM).VR^)MAM4.y84see<MCC..M4A}8)RVM^DM4AMsMAsHVDs<f.8RyAyesDs88.88PyD^sCA4MReA4)ee4C<MA8.y.)8zZ^yMR8Vs<)A)DDsM88DsVAy_VD.C)4.8)R./^DyCRDs8)yV)AGeeM.V8<ssAz+A^8Cs48s<AyxA^MDs.<sD)VyjD<<y..R)y7).)9<y.C8Ds.)DJ)^.Cy4ssCA4aR^AMV4i8s8es.eV&ADeMD4ys)DyVV^8C<4.sDA<e4.<Cy.<RRV4eAVs<C..A.i))s3s^..V4ssyDAee^RMM.)sVye(..CCs.4R^yUe<D<4MReA40V^4Vy^M.DAyAse8Ds<.R8sE)sVD^A.<8Mse)4AADMM<4AsMACeRDMCC44RyAss.).C4C<C4yCeyeCeeD4C<.M)MVs)iDCCCMs8CVVe8M^^QMy4Rs^)<V<4DM444R)A^xR.4CV.)R)AseDD88..y8Ry<).M<^8M.4RyC)8CR^MM.ACRRAe1sD.CAsA)M}e<MVe<y.yR8s_e.MCMVMCAD08Dry^CMV4^eeeeCV^8CMyyRMytesV.88.ARDyAeCVD4eCe8yy8)V984CCe4ssyD80DDeCe4yR^AR<4V)<M.<8y}.D_C84)R&A8TDDs<D<sR.y0e)ye^eM<4_s^Aei4^VC.48sDAyes^.DD^yMy8=s4)yhe^8R4yse<VA<sDsMV.sR^yeey.^4MRAAszs^DCs4<8v8eseeDCM.H88y8))VZ<^MM8Vy.8yV.^MMD4Rs^AR6VD4CR4Vs^AyAVVRC44V8Ayse<VA<A.M4A8MeDZR^^MV4As<AmE4DsCD4s.Ny87.DqC84.C4ys))V.^yM48Ms8Afy.<DMD4ys<A)9^DsC^4VR8A)t.Dk<.C).VyCseARV)Dy8^.8R4v4<MMe84sCAA&)<VMC8<448?yy)yM^^4MA88Y.)s!V^DCe4Cs<ADTRDMRV4V8wVyeDV8<<s)A>08^DCs.D.sAAyVAyJD<).C.e)AAMe4..MCR))yVC^<MM4eRMRemsD8CD.)R^y4eDV8<R.DR<88)DVW<8M.4RsRA)0M^.C84VRe)DBsDDDs4A.e4)AC1s<^<D.)ACy^qy<R.^8yyR8syD^ACe4MRs)^ay^C<yCCs.8)y^)^<.MuCsAMy<oA<s.<8<yC))C6)MR4CReAy?<DMC<.RR^yx=^e4<V.eR4yM)AVM<VMM8<sR)^is<VMR4V4R)MJeD8<m.)R.yyeAVe<)MeR<A.esDRm8D8CC4eR8AR<sDs<RyMRVy8)RMR<eMA4)s7^. s^sC)8Ds4DA&DRCM.AsDA)eR.C<K.48yyLeeDM8<..8.sA^4Vq^ys^8.s4)8lC^8M<4<s4ys<AD8C).)RDy4<^V8< .s8Ds))B9)^Ds<44sM)sV.DAMCAVe^Vy<C^R4^yV)&Ae^^CA4DsAAeeMeeCs4<sD4^RRDC<M.D88se)Rpe^yM.4)yV)RAeD4MM4es4)Ms.^^V)^4M48ys<)4Qs^CR<y.)HV8<.D.CA..8eyse4Me.7ReADF.D4<A.y8y8sss))CD.yR<.8e<VM<4.V8RsVsRVM^eCy.pRyA.esDy<).)R4A<m.DsCR^CCs4De+A8eB^MC.4<RVAD<4D)CD4DR4yD^);&<.Ms8<yD)MVM4MR.48s^A)eR.yCs.esDVw}.D8C..e8eVM)yV^<VMR8<sR)VV8^CCAA8RAA4de.ACD4.s^DVi<DVC..F))yVesV.^e.D8CseDACA.eR4AVyMQe<A.M4}sR)4d8^RCs8<sAA<AA^8C<4^R4yAeCVu<e.C8)ADy.5N<)..8MsA)DVV^CMy8CRysCVVD)C.4<RRAVe.Ve<R.^RR8e)4DM<e.48^sA)4V.<RM)8A8e)RyA<^V)<MMR).y.eDV<^yMD8<s4)4C4D4Cs.))-DC0VV)8RCyCy4<<Dy<<.R)4ys)CV.^GR.A))<)es.sC.A<A8e8<eDsCyRse^)8eAVe<4My)8yCeMM<<ysM8Rss)WVV^.8DACsV)DJ^C8CC4MR.&ee<DM<4yV)DeV).VD<CM88ssMAeCs^eCe4CRRAeee^VC).8eCyee8D<^qs8)8Gs^<CA4M8ARM7DDsC8DR88sn)AF)<VMD4)sD)DGM^VCM4DReA4eR)VCy.eR4AVe.DV<yM)8eyee4)A^M.<8As4Awg)^CCy4.RoAseA^MCe.M.eAys4:4^M.<M)4RA8uCVD^C8e8DAsV8<DCA4.RZAs_V^.C9...oAye.DV<..<84yV)RV4<<.CMRs^eVVH{eM^4As<)AgeDMDe4ss<)Ds^DV<eM)8syC)AVD<<My8<sM8AV4^RM^4Rs.A4ev^DC8.ys<AAADVsC84DRsy.e<VR^)MR8^yD).Te^&.^8.yMy)y)eRV)<)s)R<y<e4V<<<R4AAs))MV<^yRR.es<A9<)DyC.4C8ebe<<VR<..DR^yD)yV)^8sC4esDAy>C<VRs4)s<A4?s.4<4.s8)U)^.My4)s.AKH8VpD84MM0RC)e)4DM<z8<8Ae.)R^^.V8RsRA);4^AMM.A4M)DusDsCC.sR<yReVDD<DM}8-A^e.DMV8^CCC.Ms<yie^M3MA.88Yye)RMM<yM88)se^^<e4C.)8DR)ACZR.88sy<)A)DDsM88DRyACeLDsC..U8uyee4DsC<Ms.<yNe8V<^eM<8<ss)^z8^<CR4)yV)CV< sVb<ysRRAsAAAV8^sR;4+ReDs/VD4C^yA)eV4<V^M.esA)Mhe^A_)4R.C4esee^Js^eMD4yesV)<.M68).)s<y)eMDD<eyMAyeeD)C).)R4yye^eDVD<CR8A^esyq<sMA8Cs4eVVR<^CRM^se)4VM).CC4VRRyse)DC<)Me8ey4e<V^<<M)8Ds.e^A)e4D4Cy.<R4yseCM<4.R0A81.).VA^.Ce4ss4De<..V8Ds4s.A.lRM)84st8CZw^VC.4DR4ACe8D<CV4^RyRV)RD4CV.RR4.8)CV^^yCA44s4Ay3V^DC^^RsCA<IVD4C^.sR^yRe<VeCV.RR^sRy^Ve<4.M<.s^)D74DsCM4^RyyeoDD4CC.^Re8Rs<)<V4DGM<4.sVVo<^My8Cy^R^A8e^Vs<..<)se)DACC4^RVy8e<V4V.^.MRy)e4VYeCM(8DsR)Vk.^MMV4MReAM1y^CDR.^sVARL^^VmD.D8My4)MV8^RMV4Asy)<HC^4C(4sR8)Cy:)RVR<)MM8RsA).CM.8RDyse8A8GeD8CV.ARRDV^MM^44s8AMbDD)<)<D)CMDsRMy8eDV<<DMC4es4)Mxs<DMs8<RssCs)e.DD<A8eAAOMDe<AM(RVy<eVV&C^..RM48RMyeeyDD4<s4)VyD)sV<4MM<8.sR)<>y<4M)y)yDAefR.VCD8VR.)V?CC.<8RsyCy4e8CRMAMAy#s4)4^V.^sDA<eADM<eMMMeyse<DDe^M^4.sMA.5<DsCs.sRAA^}VVeCs<MC=4,y<Ay(^^CAyy)eV4<VMe<e4C8ey.e^VP8.RyyI;VDe<7.sRVA^eDDC<y.C8)sRs8A8IyMN8Rs8)V&A^RCs.}R4)VsM^V<A.)RDy)e^VA<D.<R<yAyDts<8.D8sy88RVMOVVs<s.e8.ys))V44.RRA^eyDR&R^BCR4DR)AsCDM.4ess)Rd8^.Ce4)sCA) .D^DD<D.CA8k^Vt<8M)RM.seMV4^)My4AsM)Dv.^4M88DssADAVe4V)Cs..y))eDACM.^8sy8e8DD^8<D8)s))^Fy^^MD4yR)Asu^^.Dy.Cs^AypC^^d<.V8syD)4ye<RMC4JsA)lV8<DC8MDy<RV?4VRVeM).VR)ryeR<^4VRRA^}VADe8.<8Cy4eVVR^V^R8Ms<AsVDRCC4VR.ygeMDeD<MARsARy8VA<.M.R.y8AQA<D^D8<8R^8A)ReDD<.4sMAe>4D4<8..RVyye8Dy<b.eM.4<R))D7AD^8B.DsVy4<<DCCVMAR^Je^VCR4^Ryy^yyD4CV.e<6..eDde^eM44AsVA) M^DC84)s.RyeC^^Cy.sRVy8eeD4^e<4R<yAesyy^8MV8DROAxM^<C<4VR4ADe4D4<y.M8yA4y^AAtA<VC84AREAR<8My8Cs))yyybDVy<<Mf8AV<D<<e.4RyyRe8Vy<V^ Ck8^e.DV<8V)88s8)< 4^DCs4^R)A.!y^CDR.^sVARX^D^<A.D8syse)DDCVDyCD.8e.{^Dy.DCC.e8UA<)p&e8V.DRDs)))Ze^DCyA.e8DD<s.<4s8<eVeyD4Dy4R.8R.))I:<d4s.)y.kCD)C..C8sy8eMD8<A.y4M.)s<DDeDDC<4yM8RyCe4Vy<ysyy<s<)^>s^84G48seAM<R.eMC4CR<)VeRD(<.ss)UyR)WMsMs8sA<)p^4^)^sMC8Cs^)Ar^DsCA8VR.Ase)D4<yy.eV)Ve<V.4)MyRDN0eCVA^y.D8.sVAyVC^NCM4)s4D<<yM)8.s>)8e#t8MC4DRMy=eyD8<s.<8yy)e)e^^y.RR^yD)sV^<MMe4M4e)s+M^^CC.eR/y6e=DD<p4<.8yDe>D8<4.D8.se)CVV^8M84AyD)s?D{sM.4^R4A<{VDR<r.y8)y4eJeC^).yRCs)eMVe^M^e8sy<)VI4^.CQ44R)A8oDD4C84yRfAeye16DC<4R)4)sA)<qDDyCC4VR^VeeyD4<e.)88VCe^V)<yMMA0!DDsC<<88DyHee))<DMy4)yy))jCO)MR4CR)A<eFD4C^.yRVy)1^e4<V.eR4AVeeyi^AM88Ms<)Dt4^VC44<s<A^fCDAC4..s^8)s4)4Vy^<M44ssCD<<.Ml88y.R.AAe.Ve<s.4)eeeDRCR4.RRA<esDs<A.M88sgseAeVD.M8/y48AV4^sCe4.R+A8+.^DCD4ss<AAe<eACR<DMZRRA<AMW;C8MD4<e<).DHM)8.sX))seDRC^4^R^AVe8DD<..D8AyM)sAD<AMA8Ds+)ycY^yMC43sD)8VD^sCDCss.A<eRD4CV.RRVys))V.<N<C4)yyeCVC^8Ce4syV)RXV{RMM4esA4)e#D<<%.D8AyM),VM<^Ms8ssReM)VesDsCe..Rsy)e4M.4Rs^AymR)RV ^RMD4)ss^D<D.^88sssRARFA.V8sy^84V^^^C)4CRyAD=VDMCV.eReA4yAVMC<.ARMyD)RV^<C.48yysA<yReRVy8RMRRssseAV84#MC8^s4Aebe.4RVyRkVVAC^^MCU4RsDy)g4DM88ss)<mA^M<ACMsDyeeMDD<y.^8sy.)sVM<s^(48y.)1%s^DCs8^syA^Ay^4MV4eCWyXeCDV<<.<8yy8)4V^<^M44yy4s^yAeA^V<8.A8GyR^8Cy4CR)AysyeDay^<C=4A+<V<<VM48yss)C+y^?Ca4ssD)<m.DvC444ReA4xVVAVy^yMeA^eAV4<MM)8Asy)<Fh<VC)44sC)CL.^VC.4yMVAye)D<<).D8)y<eDVM<^.4RV8MAeVA<y^s4es4AAV8^sCDCss.APeRD.<).yRDyy)eV4<8.CR4yyesyAe_D^RV4M8)yeeCD8C^s_RMy^)AVV^8.C8Vs<A)CR<VC^ACR)AC9.Ds<)4DRMAM<MVs<n.y)Ryee.VD<8MC8.y4)MVDDRM44<Ap-8^D.RC.4ssVACkDVA884V8AyF^AVe<RMR4As)));e^CcA.RAACVVDACmyAs^A^,^DB<4y^8Cyi^)Ve<eM^8A-se^CA^eMR4Rs4ACe?.yCy.Je.yy3VDA8s4D84yAe^D<<4My8ye)^^CC.)R.8y)CD^<y.CR^.<)DxR^^C44ss^AReyD4CD.e87Ayy.)VVV<CCA8Vs<A)<AMc88yD)7yt0MVp<4.<RVV4D)CM.sRV8qsLe^C.4VR8.)e8Vs<VMs4ess)Vj)^yM^8Cs)).e)Y.M^4yR4ACeyD.<e..8)y<)gDVC<.4R..eR.AsrVDR8e.VRXAV)eD^<...).yR)R,Q4sM444y^)MC4DACsA^sMAyeM..<y4VRAVsD^^AMAsey)sC^4CR4^RyRV)RD4C.<M8DsyesVA^<^A88yD)VN^DeCM4<RAA<esDsC.4RR)AAA4e)DCD.8sse)AV.^)MD4As8Aey.^<C)4MReA4eVDsC<.y8_yAe4Vs<8MA84yCA^VM^RMC8Dsy)^H.^<Ce4MRKA<eeDsC^<sRMyRy<DV<RCy8ysKsRV.<VDy8Ds.R.WA^<^444sDyD <DMCC.88^AVA^DD<M^x8)4M)eV^DAMR8DsM)C An4Cz4CMAAy&4^VCR8VMs8sGyA)VA^)CyA.e8DD<s^j48y.)IHy^4MR8^RRs^VCV8VVCy4DRAsyVV^4CyRe8A)MD<<A.MR<.C)M5yDlV.8DR)AslV^4MV4RRVRREMDV<sMT88y8))V4^)M)8e8<AAVs<<M^4yR)).S>D.Dn4ysCAVeeDV<s.V8)y^eVDVC<.4R.8)s^Ae<A<MCR.M8)yseCMy^).M84 +).VA<RMZ4RvMAsTL^4C.A^s^AD<)DlCeM!) VD^sM<C8RDAjE8DVCR4^8RR^eeD4CMD.8<sr)DV<^yM^4MsMAAwyDRMMCVMs8sye).Vs^)M4A.eRD^<y.RCR40RRADe)DsRDs8AAEMDsDR<R.A)V{s^^944^RVy8e.V)<CM088y<)RVe<4^A4My<e^)D^MC)44s9)De8!DC)4.R<y8e.D^<..^8yy^)ZVy<e.^RD.ARRARm.V)CCy^88sTesVy4aMy48?seV})<^M<A4).ARk.^.M<4RR)AD#DC488ss)<WAYD<s48s4R.esD<<C4CR.s)RCDD<4Me84yV)ey<<VDe<AyC8yAD)yV<^,MA)<y4^MVR^RMAse" local o=(#Y+(165));local i,x=({}),({});for e=r,o-t do local n=K(e);i[e]=n;x[e]=n;x[n]=e;end;local u,a=(function(l)local c,a,e=C(l,a,(3));if((c+a+e)=((#{847;271;(function(...)return 808,446,391;end)()}+243)))then n=n+((#{828;}+132));o=o+(225);end;l=s(l,(5));local n,a,c=(""),(""),({});local e=t;local function d()local n=y(s(l,e,e),((#{751;451;}+34)));e=e+t;local l=y(s(l,e,e+n-t),(36));e=e+n;return(l);end;n=x[d()];c[t]=n;while(e<#l)do local e=d();if i[e]then a=i[e];else a=n..s(n,t,t);end;i[o]=n..s(a,t,t);c[#c+t],n,o=a,a,o+t;end;return(p(c));end)("PSU|23g1610276277278141427611112772112111027D27I111i1I27k27k21l21L27O276210210276121227827J102222222771627527S1027G28721421527D27E2761n1n1027X101s1S2772801021n21N28727U27W27Y278277171727C28e28827H28o28B28d27728g287131229627621P21P28727Q28s27v28i28v28u27623t23T27722H22H28w26o25R21J1829027F27H23o23O2771e1928Z29K29y27d131327i27K111g1H29627d29827J2A929b2AK1128Q29I27i29A2781E1E27623223228w1y22q21A2ay2781O22g23M25e28W1K22C23S25P15276234121r171Q22J21B28w1W22O24S26k28w182201P29S2781s22K2B229T25r1a22e22R27622D21N1F132A421X22c1r22721x1B1t16171n2cC1s1D21x2212BJ1H121L1R1T1D22h2271921y22c2CN21X21v1C1b112211c2211F21y22h1m1Q22D2D21117152232dI1q22b22f1m1i22B21T21T225141q171l1A1E2D92D5111q1L121N22C234131623921W111J1j19131V1l1n112162bW27721222U2b728w1g2282c027821022S21x2be28w21s24Y26x1B27622S2DJ1N1I21z21w151L1l22j1i21429Y2762892an2aa1023O23p28E21721h1U2762fQ27O2AL1123o23n1727d1e1g2fX10152f32FP1129b1d1c27d1Y1z29627x132gE11151427x1y1w2AM102Aa2gn29B182Ej131Y1X2gn27E27a2gy11142gq141Y2121427J2Gb2H81b1a2gB1Y2131527j2852H829A2851Y2101627J28Y2H827i28y1y2112g527E18182H82I5181Y2161827J192Ej2go17162iF1Y2171927j1a1a2h82cj2ip1y2141A27J1b1b2h81A2Iy1B1y2152D72j127D21q21R2AH2aO28R2Fq1921A21327w2Gn1X1Y2Ab28I28I1s1K29X2g0112i628I2JJ2JL27w2jo1h1d29Y2gx2AB27J27a21g21G27O2Hh2AM27e27D21F21I2Ho29128T112gg28W27727A2fM2922992k42912AP28o28t29K26K2bR2812272F322E21j1d1p1g24t25q28621v2182Aa1T21t26m2602F322V121H1j1425a25x2jr2Li1H101H141c1U21822i2F3237131H1M1p24m25D1927623b1I171h1S1c181E1H23Q26P2Jm22t1m1324t25Y2F8102241z1C121D21o21O1d1O1S1N25625Z1v27621W1D21A1U1K1n21o21Q21g1R21f1n21221c1y1D1Z2171m1S1G21e1521c1a171u211219151P1722J27B1022f21e191825z2502A621Z21h1J1N1v2Cw24k25V2aV1022A21j2hj111N1x21I2lR1t17191k21y21F28622p18141F1d1r22C2132a622321a1s21m2182d721X21n1R2N62H4171K1p1O21j2IM1L2132162NV1h1821a2pR21D21F1J1B2dy21Y21q2Mq23015172d711131f2qA1121d21o22X2761w22u22J21C23C21C21E22L22J22t22l21p22N22W22t23023023321y2qZ2R123b22A22t23A22T2362372rA21422R21822w21821422U23923222R23822X23323228B22w21P22s21722w21n23622T2382392362321W22W2192qO21c21d1w22t23222S21528B21522T21p22T2172S821d21n22x22u2sb2112S821e29e2s821c1W2382qy2s423T23M2mQ2ms2Mu1d21r21c1h1R1p1421722F2Jr22c21D2iF1l2oH1627123O2k1102262171h131o1T1p2122181j1p1E1n21922e2M72O521i1D1721K1z1l27I1G2321Q2762361N2AG171S22622f1V191L2ii1522G22621P22z220220112302382242hj2552612o42381d2uR1h22Z2N51022b1x2111u162152171Q21p2Ii21O21921B2HE21H2152LW1a1C1s21a2111y2181M1121e1q1d23I1A27622A2131r21P21i1N141V1A1621m2Ly27622U171D1V1m21X2112F322C1z27N1b2262152U622x1Q21821o27x1b1d2Ao22H28622x171T1m1N2tM23q1F2762th2TJ2TL2132WG2Wi2wK1h21L2252wo2uX2UZ132321629e2UY22012233162Y4102311021e1T22A1G2uz101P131Q220221111R132uW2Y42Y02Y22xy2y52y72y42v12YC2ye2yG2202Yi1221u21s1c1l2Ym27E1p1Y171C2xM2wY101B2wf2wh2wJ1624726u2O423b1m181t26I2472u622B2T928H1B21521e1S22Q162Tp22R2X81D21m2191N1l2cn121622821e2A62xE182zE28i26p23S1M27622R1H2wh1l1h2Pe1M161M2cK21M21l1J1r1d1n2Ci1126O2482862lq161n122562622a62tH1T1C21i310c24w25r2a621V2im1F1929b1g236286220219142mz1S26923k2U622P1k2Yo1s2BI101r26I2412XL2oM21J310e151A2Ct2AG1Y21B1r2dJ21722b2zf1022w28z31233115311731192262102zQ2Uq1l21q21Z2TP22821R2Cj2dy1W2xR2ZM25y25a2TP222211313e17313G2ZL2wK21b2212jm2321B1i21p21W2OL21U21C1r181F21P2122zS1O21121F2Cw23i1F2o422S1h2TV23m2f72Wb29w2BH1H1W2Q12Q321t21d2O422R1B191j22A212286237310z1H171r26f23w2f32342PW312s26l23z2lR102251y1q311021321j27E312s22n23621B312M182522V72762312Z81S25125t312W2212131O2Tc1e21I2XR2Of2192o32762382CJ1g21M22c2t421L1K21E2oT102Ov2oX23c132Jr21u2192cH21q2Q61t2642522F322821d1f2dy24U2lG27622b21N28Z1R271248315g2LQ1S2kJ27i1b1u121T2eL2xi1D22421l312W2371I1n1j1c2Xf2dZ2p51625425q1j2uI315621D2W3311031123114311631182HW26O24b2f321y21G317Z1824726b315G22U1f1R2xi1f315T1F111H1h311F2cV26z23x2v81T1a1822o318027622e2p01N2cV21S25C2732TP21V21I28z1N2q321J1Y2mE317y27325A1w276230132t622421y22J21y101622922f31A631a82LS319z2Mv22421Z22i1G1t2uZ111A26r25n2jm2371A1n2652542MQ31422Wh1a2vH313O26l2402Ol2oN18314o1z21F318F31332172mq31641u2HO21n2193145311F25825C2Jr314W2ur172M11C24l261315G22b21e1O21G214310r1I161221j21j1K141G311127123U2Jm317t1K21q2xC2762202151F31981921X2X22762282MY2n01N21h310326231722c61h312222n26n311J2763153313R1624t311r31cO31Cq2n11121L2262O422621b2me26k319527622n1Q1B2N02L02Xm314U2LV24U26328631742Of2q32te2LP2lj2UK1T28m23c1d31dw31Da1n21Z21j28v22N1O317S2L9319r18317y22c1y28H1021Y2Gk2Oq1J1D21N21I1i31bF28g21021H31A51R1B2eN1H22821n2ol21Z1Y1h21c1X1m1g162hj1531761731du28622r2GH1d2CT23j31E72Ui1j31CJ1B1226C23P317v1M1H1P181H2fH1l2cA1924726W2wa102lQ31Dn142oF311131e027621u2wY1M21H21D1j2752352F321t21e1031G127123R2OL2363189318b31111N21M21F1P31CD316D10318S318u2222bm27829u1A21i2JM22V182Zj2eq1021S26726721G311Z31D32ii2BI1922a1H29J319Y31A022022D1D31Aj1a22F31Ac317s22122c22n22h2241v2gP31CL22c316G21x21W1b1R2372A631HL314x122d726K23y311s2pR2Ls2AE23D2TP315Y2E121M214152cv31G72a424t25G312w22B21O1Q1r1a21j313H2wK31Cm2U622e2hf31JL2Wl2tF27621Y315S1921431bY1R31082U62FA162mU2Tw151922831hj31d3311F21p224318731Gd2lj2172171s1Q2Wh1531eU2XA2q31t2OI315W10319y1e1521w31cN2oM31F71F1S21F21H2Tb21M2252a62UJ31C5312C1N25y25128621z2122me21821926Y24431gc314W31E731B4318Y161O25W24T27823K25G1425L317G314m312l312N310w1121J2wD1T31gQ2Lj23j2mq3153319131kM2D72cT24K31791023831jA1926Z2492A622P31761T2i61421e22A2TP2361h2gH31e4132uR2bH2BJ26i24A2O422Q2k11324x31d2102La1T1N1y310326823Z2L915318M31di31GZ27622621n1o2qE2OR21i31C51G2x9318431mL310t314X2tD31hA2Zr1j1s22t31Ak2762mS1821G31jR25431Ml22C2121j181524k31D81021X2172c92a42AE23h2U623B31J81T2tT318W31mp311C2762391R1u2CS31oH2382172Qk21X22g31I62z31b22731mo22321z2XF2xh1622K2yr31aJ23023521w171o2dx31mA182Cj192272762682BD2bf31n71q21q31dE31CO21d310E24G25Y2G91w22431Ia22422222F1u21s22g31iG31Ii21X22022C22e21T1r31Aj1H31In22723J22G2A622b21331G5101l112462zp276311t2Ur21q22431fM1h31O72CE21B312I21521S31Id22121U2212CG1a21W31Ry22n26E2lo31CG21p1O1C31LS1d22931ka31eo191P24k26Z2U631Ri2EH2E8310U26Z23n31gC31kV151N31hw2ow21z2192tp22s21i21l21A31911k1j21B22I31kR1722b23G2JR31642ov1l318325y2562u621t1y31a5310R1S1T1B31lV2KL102652ok31ju21B171a312Q312S172pq2GP1824S25l28E21326n31an27622121M21e26q31cw102fA2ck1I21K2Wn315h315J311031Tg2u62Wx2Wz2132132h02272pu315x31IU1D1f1v1u1I2CV26L312H276311e1j2dF31g431G631G826Z2462jR31MF316p2ow1K23L314l10310t1j31V51R2xH31gg1n24v318631d331g131ki31KK31km31ko1131KQ2Oi31NG319D31922ld23K31Ug317B2yo1621731MZ31p831pa317O1r31MG21721k1i1s22131uy31EO312R1N31692WH2OF1623C312W31lH2ME31692OU31vl24u2mp319C21r1R2Hw1k1d21L314831Ea21r31GC21z310321M31jR25Y258312I31p12CV310X21o318w1p1i1d1E31Vb1G2342O422D31cy31Mx2271G31S531s731s921i29F1R21031GP1625831jd276315I1B31g21921i2t92tB1421q21S31gC22N102171r1S31st1926X31p7102321r31nX2cK21Z2q631Qa1t31wm311F31wo31WQ24h2m631CG2132n52EM21C217172652oB2uI1n31o131112TH315g31Mf317J2K131w5317n317P2Em310626f318j27622t28h31KR219316j31Vz318C31H52x72K11o23b2JM2341s1u22A31Wt31Hc1n2Df2A42p52242P931V92lJ1j31iU1o26G315f27623531c61G316H21c2qg2Ts2Xo2CI22C21E27N2vf21k1a310W2Wq31y01m21g2MY1l1I19317P22u319b2om2p0132IZ31GD1r31y91022d31Xh21n21331Bd112xq31d524T31u62761a21s31QE31Ot31Yz1o26631At27631F91H31U215182XH1b31as2MQ31NV31z91n314Q311v1225y31ZT102X42182vO31g522C21c2f3317B2va101o31TA322q1Y312n31g431FG236314f317a21I141L21731Um23432122K121F31R727622i21h121F1B1c1m26y31iX32101h2oV2H022s2Zi317a2131631Hx21D2L32l526k23L2jr2393110317R2Ur26z23Y3225310831V031XN31Pz1n1d153255310W2543162310S31O331Lr2WQ151v1j25y2572jr2242111E31l2316Q2193140325b1932341G15311F2L431c721L21u31tB2131Q1y324O1g21x3151310s310U323U3190323K31MM31Z031z221Z320Z31KG1H1i32211o27331No2Pk171g1r1q26y2T331Dr311M322D2Xs2ZN24h22B31ZU2Ul2Un21Y3131318g1121Y2222262272272372l32M7132151z327j314A21j2eh2EN2xh22M1C2UP31bN161522K1c22031pz31Q131oo31Q422621X31QN21W2Ym31pi31aJ31E42zA1B25v2342482qk2QM2s821f2Qs2Qx2R42r2328p2r62R82RA2Rc2362Re2Rg2RI2rK2rm2rO2rq2rS2Ru2RW2ry2s02S22s42s62SM2sB2Sd2Sf2152152qV2rJ2rl2Rn2RP2rr21522v21p22V2Sl2qp2sN2rz2s12s31w22V329D2sE28b2Sp329y2sv2qP2sq2Sz2SC32A431uu2SI2Sw21C21n22q2rZ22P22z32a032a021N1W26Q319j31gK31Zq2Hk31g8314Q2q21q21t31SC2Xe1q27131Dk31gd31k41824t25i2Ol2Lq1n2Gh2zi311f31191T25c32372TH28H31OO172261Z2jm22A21F1O21f22a1O317a21M1431661d1L311921O21f32561s1621R2mT2mV1931lK21W2wv2wo2iq316P316c2O422c2Jd325L2f3313M1d21721931rF2o431z7151331x131ir2Lj311F31Do25h24j322531jV151o310U31hX2il31Ow2In25z325J31p8324U1M2Fg1l26g312731gk316W1T21r21531P3318425W31p02TV2po2m1310g26k32dK1031TJ31181v310D2ag24S25e31xk31Fa32702Zm1h326E31Gl121831wM32EF22m323e2pK31C11D22v316t2WO327931191422z2KC29128928J21D21D277122Gn1s23f22V29y27X2151421929B131s1i2oL310g141s2142k828i2dK1s2662B828i14161s24q25227W2Q91S21q31TK28I31981S23223627W314X1s24v24z27w181a1s24t24X27w191b1S23J2C528i1E2VY25z25n27w2P51s24m25627w1c1e31z12pj28i31v11s25B24j27W1i1g1S25324R27W1j2MC22K21s27w1G31wQ24323z27w2Lk1S1P2f3121M1k1s25624m27W310d1s21K29J121k2np24E23m27W2EM1s22J21z27w1Q2N032Ga27W2TB1s22822427w1o1Q1S25724N27w1p31Z021021k27w1U28L22n21v27w2Oh1s26225i27W320p1S31q027W317P1S24623U27w2gt1s24f23N27w1Z1X1s25h26127w1W1Y1S26s26g27W1x1z320P28V122122101s21l27h28I2132111s27226A27W2102121S24L25527W2112131S23k24C27w2162141S22X23927w2172151s24y24U27w2142162cn315G122VL1S26425C27w21A2181S21s22K27w21B2191s26v26J27W2182Pc25924H27w2Vr1S25024O27W21E21C2n12mQ1221F21D1s2SZ27w2Qq1S23123527W2Q01s22522927w21i21g1S23r24b27C27i27x21831bw32fc1S22222e27W1632Fi227327432FM151s32bx27w32Fs1S24123X32FX2um21o319W32g2181s322932g7191S23p24932GC32gE25j26332Gi32gk25t25P27w32Gp1S24A23Q32gt1d1S25I26232gY32h024K25427w32h426y26e32h832ha21127R28i32Hf1s2o032hj31WQ25p25T32Ho31Ob22v23F27W32hu1s21721j32HZ310e21u22m27W32I51s25E26632I91n1S23x24132iE2N023Z24332Ii1P1s21z22J32in32iP312d28i32Iu1s24r25332iy28l22622a32J331e421w22g32j832iz181k32Jc1V1S24j25B32jh1w1S2k032jm32JO21x2bw1232jT1s22c2Z328i32jz1s31bX27W32K41s23b22z27W32kA2vz31GV28i32Kg1S22D22132kl32kN25824g32kr32KT23423032Kx32KZ22u23e32L332L521d21927W32L921e21A32Ld32LF2s332LJ32LL24G25832lp2pc25d26532lU21b1s1y21Q32LZ32m124O25027W32M532ib32iD28i32Ma26325j32mE21F1S22y23a32MJ32ML27026827C29a32mR32Mt2qc1s25F26732my32Fi23v24727w32fN22w23832n732FT1l2u61232Fy24X31Lw32NG1S25224q32Nk1S22R23J32NP1S25N25Z32nt1s23C324h32go2Vy26X26D32o21S24223Y32o71S22B31q632H331l21F31kF1232H91S26025G32HE2mc25k25W32On1S2482A228i32hp24p25132OV32Hv21221M32P01S24H25932p42Np22m21U32p91s24923P32PE1s21Y22i32Pi1s22h21X32Pn1S23Y24232it31Z024723v32PV1S22e28328i32J422l21t32Q32pd21232q71S21P1X32Qc1S2PQ32qG1s25R25v32js32Ju22T23D32jy32K021I21632Qt32K523023432qY32Kb1Z21R32KF32kH2eK32r71s2352YB28I32kS31WR22d32Rf32c52Uh28I32L41S23H22p32rN31KJ26125H32Rr1s26U26i32ru1S23u24632Ry31l331hF1232Lv25C26432s71s23m24E32sb32m61T28E1232Ma24C23K32SJ1S25424k32sO1S22G21w27C32f232Su21G32Mu24W24S32t01S22422832T432N426525D32T81s24d23l32nC1s22A22627W32g31m31gc31Iu32Nl24u24y32To25524l32Ts1w21o32nX2Vy23l24d32u025v25r32u425x25L32oB31l228m32of316024P32uh1S21621I32UL26Z26f32oR1S23723332uT317j1T32uX1E321J32i42np26W26C32v532M828I32IF1S25g26032Vd24s24w32vh22Q23I32Vl1s21328r28I32IZ1s26t26h32Pz1S24n25732VX27326b32w01X29F28I32JI26725f32W723i22q32WB1s22z23B32Wf1s25O25s32wJ1s23E22u32wn1s21821C32WR1S25S25O32wU1V2JM1232WZ23g22o32X222322f32Rj1S2VU32xa1S22F22332XE25u25q32xi23N24f32xM32C732s21S23a22Y32xT1g312w32M432M6315K32M9310325A24i32y522O23g32y925y25M27C2Gq32yf32mU1a310r27i2ha32mR21b2h52Gw132fH28I32mz1s23D22t29y2gb21G21h2GE32N8333s27623N23R141K26Q32oE1025Z32Tr32ng1x22I32oU27i31e42i62Ib2iD27E2if21G21j29a32GD1s23T24532Nt1X26O32OQ32Tw31Fd32OZ27I22n327t1C1Y21A2MU32gU334027o2aU21k21M2Gv1c1C1W21A1e2kJ335e2MU28I2ix1b28532Tw1s23q24A27C2Gg2iP2nE2IW2i921f21l1a334227B334927626f3300333p14334C334e1122K22l27a2HD2hf27E333v334N1232N824I25a29y27A31l42hW2h614215218151232Fn32jf32Ys22P23h32YW24b23R32Z032nh32jk32tk32Ur32mp2H9142182112iN336J15336W336Y32N832J632yW233237337832ku32kw28i32g823S24432TO24423s337d2Gb218212312N32FS1X23922c2762FS1128521R25D27227627027032t81x26R25u29Y2852Kn32tC171x22122W27C2s92i12i3338C28y21r21P2gn2Ac27e2je29X27E338S1x1k31F027O2I621g21c2hf2H028y2eh333m10192iB2KC2J1335E336m162A110335e2121D2162I52in334x339D29Y1D1d21g21d2ho1f32gP1C339m2Je2Nn2KC1H2af2CS32fS339W319031lI21727e325n33Ai33ak339U31AK313X1i339u23o2461i3190217311427E33AJ33972Ab191o1G32Ev2ls1H31Jy28I32Hk1x23i31yX27o2Eh333o2kc1k1k333O2Cj112fh1c2xA27731901133BR33bq21c24f24V27j27M1W21G1k32111X26f32j727i33Aj33bq33aV27e2FH21g2121I27J2eh21F2121l33An1H21221l1U27e1U31Ih339n192OG339r1b31Sk32fs27J33bQ33BG32mZ2cT1L32Gz29L33Bq102eH33C01L28521O2oO2E81l33cc33cE318Z31c71m33cI31rC1l2ju339W33bQ2121E28c1021321233B8339o21A33E627I1I31gQ1633dm2qB33Be2Iy2Fr23Q12335E216339Z27e21733A133ej336Z172162182G51031LK339a2Q9339c339E27j339G33aa2Jt2a51733aF33B922521x33D4339T33AM2A2339y22q33Fd2yC21f339a32Gp1X25932kq27i25l25k335E33542gH2J133a733DV335E335P1121921833a733Fw23o25L22533A72191H21p27e21k21l2Kc325n33g6335523o23T1d24824821E1E33gE1021M21n2kc26826933GK1c23o32UM33Gb1g21o27e21O33Gt2JE21H33gT32461D33DQ32o7338u338w27I2s92AU2W2335I2j11F1f33DV33a71W31rQ339w33a721233fj27E21v21U33e71922233i133eS28Y2161q21d27e31Im33f0338t251337y2Fr2fT339223B2yn1021Z21Y33id1x22a337r334B2wg32tk23O328I27O2Ip33BS2gr2IY31S82jM339O2m72ip327X319Z335E2P32772ip33J5102I627j33A721g21f2i4102AU33Jj172mV31l225l25X32Zr22i31A432Oj2mc2392Qj33bH31wq25M25y330124023W33051c322533dO1s24529P28I32p5122G92CT32Pa23W24032v92uR27c2pO33Hp21Q317527j2au33g233aR1E338r32H422S23c32Of1X2152JR1232hf33Hh27C23423531901Y21f2cS33Bi334d27C336E27m1y21c33aY2lk33L927I21e2Q11j1y31GP33ku1e1D1U1J33JH1d33jd33bt2au1c192f3339x2gH27e33HP21g21r33Eg33a721F31XV2kU29j21h21h"),(#Y-(90));local function o(e,n,...)if(e==27521776)then return(l(((n)-798272)-905468,582721));elseif(e==768839925)then return(l(l((l(n,204843))-157437,771735),970422));elseif(e==11834467)then return(l(l((l(n,581773))-744551,168627),718549));elseif(e==179934626)then return(l((l(n,312967))-126568,752960));elseif(e==579097340)then return((l(l(n,295892),576178))-560405);elseif(e==527525884)then return(l(l(l(l(n,805962),288331),16521),890775));elseif(e==187477455)then return((((n)-197329)-137087)-167915);elseif(e==877573869)then return((l(l(l(n,354277),173513),183021))-427805);elseif(e==288646430)then return(l(l(l(n,335357),914084),748936));elseif(e==34721917)then return((l(((n)-790956)-899602,264267))-331734);elseif(e==643526873)then return(((l(l(n,759637),56453))-689320)-682599);elseif(e==893249219)then return(((l(((n)-211403)-11670,188804))-968791)-574347);elseif(e==998109310)then return(l(l(l((l(n,804219))-854568,580714),808940),274337));else end;end;if _ENV then _ENV._ENV=_ENV end;local B=e[((#{(function(...)return...;end)(401,580)}+846113343))];local o=e[(159216645)];local i=e["PqLYvf"];local r=e[((#{546;853;}+533198869))];local p=e[(370022249)];local y=e[((#{755;301;847;}+662132778))];local h=e.I0CLL2O;local D=e['U2G9b2ao'];local t=e[(701905122)];local function d()local e=l(C(u,a,a),n);n=e%o;a=(a+t);return(e);end;local function c()local i,t,e,c=C(u,a,a+i);i=l(i,n);n=i%o;t=l(t,n);n=t%o;e=l(e,n);n=e%o;c=l(c,n);n=c%o;a=a+r;return((cp)+(eB)+(to)+i);end;local function i()local e,t=C(u,a,a+h);e=l(e,n);n=e%o;t=l(t,n);n=t%o;a=a+h;return((to)+e);end;local function r(l,e,n)if(n)then local e=(l/h^(e-t))%h^((n-t)-(e-t)+t);return(e-(e%t));else local e=h^(e-t);return(((l%(e+e)>=e)and(t))or(D));end;end;local k=""..e[y];local function b(...)return({...}),P(k,...);end;local function S(...)local L=e[(827339274)];local B=e[(478872806)];local v=e.uUXvBWo;local S=e[(481358654)];local T=e.JiZrY3CeQQ;local W=e.uEpL0;local j=e[((#{496;645;819;348;(function(...)return;end)()}+28934617))];local Y=e[((672247207-#("guys someone play Among Us with memcorrupt he is so lonely :(")))];local A=e['PqLYvf'];local k=e[((159216688-#("https://www.youtube.com/watch?v=Lrj2Hq7xqQ8")))];local y=e.r1cqs9N;local V=e['go8gB5'];local D=e["I0CLL2O"];local _=e[(221971850)];local P=e[(334076821)];local U=e[((492894815-#("psu 34567890fps, luraph 1fps, xen 0fps")))];local b=e["c2kzP"];local o=e[((#{110;(function(...)return 557,748,399,623,...;end)(522,896,616)}+701905114))];local I=e.COtNSuo1d;local p=e[(824210494)];local t=e['U2G9b2ao'];local f=e[(409837454)];local m=e[(533198871)];local F=e[(405893950)];local function E(...)local h=({});local e=({});local g=({});for e=t,c(n)-o,o do g[e]=E();end;for i=t,c(n)-o,o do local h=d(n);if(h%f==W)then local n=d(n);e[i]=(n=t);elseif(h%f==Y)then while(true)do local c=c(n);if(c==t)then e[i]=('');break;end;if(c>S)then local t,d=(''),(s(u,a,a+c-o));a=a+c;for e=o,#d,o do local e=l(C(s(d,e,e)),n);n=e%k;t=t..x[e];end;e[i]=t;else local o,t=(''),({C(u,a,a+c-o)});a=a+c;for t,e in N(t)do local e=l(e,n);n=e%k;o=o..x[e];end;e[i]=o;end;break;end;elseif(h%f==B)then while(true)do local l=c(n);local n=c(n);local c=o;local a=(r(n,o,U)(D^p))+l;local l=r(n,f,j);local n=((-o)^r(n,p));if(l==t)then if(a==t)then e[i]=w(nt);break;else l=o;c=t;end;elseif(l==P)then e[i]=(a==t)and(n*(o/t))or(n*(t/t));break;end;local n=G(n,l-T)*(c+(a/(D^V)));e[i]=n%o==t and w(n)or n break;end;elseif(h%f==o)then while(true)do local n=c(n);e[i]=s(u,a,a+n-o);a=a+n;break;end;else e[i]=nil end;end;local l=c(n);for e=t,l-o,o do h[e]=({});end;for w=t,l-o,o do local l=d(n);if(l~=t)then l=l-o;local p,C,u,f,s,a=t,t,t,t,t,t;local x=r(l,o,A);if(x==o)then a=(i(n));s=(d(n));f=(c(n));elseif(x==t)then u=(i(n));a=(i(n));s=(d(n));f=(i(n));elseif(x==D)then a=(i(n));s=(d(n));f=h[(c(n))];elseif(x==B)then u=(i(n));a=(i(n));s=(d(n));f=(c(n));p=({});for e=o,u,o do p[e]=({[t]=d(n),[o]=i(n)});end;elseif(x==y)then elseif(x==A)then u=(i(n));a=(i(n));s=(d(n));f=h[(c(n))];end;if(r(l,m,m)==o)then a=e[a];end;if(r(l,,_)==o)then C=h[c(n)];else C=h[w+o];end;if(r(l,B,B)==o)then f=e[f];end;if(r(l,y,y)==o)then u=e[u];end;if(r(l,F,F)==o)then p=({});for e=o,d(),o do p[e]=c();end;end;local e=h[w];e['SPfUPXt6aY']=f;e[I]=C;e['mjoXdcTBH']=a;e['GocnwzQt']=p;e[-L]=s;e[b]=u;end;end;local l=d(n);local n=i(n);return({[-112688.21283445797]=h;["mSdcTDIs"]=g;["U5Z"]=l;['bhrm63xxU']=t;['anBiVyU2j5']=n;[-v]=e;});end;return(E(...));end;local function C(e,d,h,...)local a=e[-95848];local c=e["U5Z"];local r=e['anBiVyU2j5'];local l=0;local s=e[-112688.21283445797];local D=e["mSdcTDIs"];return(function(...)local u=-(1);local i=956105;local x=({});local e=(true);local o=255595;local y={...};local t="SPfUPXt6aY";local p=(P(k,...)-1);local n={};local e=(989897748);local B={};local s=s[l];local F='GocnwzQt';local l="mjoXdcTBH";local w=-293769;local e=1;for e=0,p,e do if(e>=c)then B[e-c]=y[e+1];else n[e]=y[e+1];end;end;local p=p-c+1;repeat local e=s;local c=e[w];s=e[o];if(c<=31)then if(c<=15)then if(c<=7)then if(c<=3)then if(c<=1)then if(c>0)then n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];e=e[o];elseif(c<1)then local l=e[l];local a=n[l+2];local o=n[l]+a;n[l]=o;if(a>0)then if(o<=n[l+1])then s=e[t];n[l+3]=o;end;elseif(o>=n[l+1])then s=e[t];n[l+3]=o;end;end;elseif(c==2)then n[e[l]]=n[e[t]][n[e[i]]];elseif(c<=3)then n[e[l]]=d[e[t]];end;elseif(c<=5)then if(c>4)then n[e[l]]=n[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];local c=e[l];nc;for e=c+1,r do n[e]=nil;end;e=e[o];n[e[l]]=m(e[t]);e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];e=e[o];elseif(c<5)then local e=e[l];n[e]=ne;end;elseif(c>6)then local l=e[l];nl;for e=l+1,r do n[e]=nil;end;e=e[o];e=e[o];elseif(c<7)then local e=e[l];n[e]=ne;for e=e+1,r do n[e]=nil;end;end;elseif(c<=11)then if(c<=9)then if(c>8)then s=e[t];elseif(c<9)then local e=e[l];ne;for e=e,r do n[e]=nil;end;end;elseif(c>10)then local a=e[l];local t={};for e=1,#x,1 do local e=x[e];for l=0,#e,1 do local e=e[l];local o=e[1];local l=e[2];if((o==n)and(l>=a))then t[l]=o[l];e[1]=t;end;end;end;elseif(c<11)then local e=e[l];n[e]=ne;for e=e+1,u do n[e]=nil;end;end;elseif(c<=13)then if(c>12)then local l=e[l];local o,e=b(nl);u=e+l-1;local e=0;for l=l,u do e=e+1;n[l]=o[e];end;elseif(c<13)then local t=D[e[t]];local c=e[F];local o={};local a=Z({},{__index=function(n,e)local e=o[e];return(e[1][e[2]]);end,__newindex=function(l,e,n)local e=o[e];e[1][e[2]]=n;end;});for l=1,e[i],1 do local e=c[l];if(e[0]==0)then o[l-1]=({n,e[1]});else o[l-1]=({d,e[1]});end;x[#x+1]=o;end;n[e[l]]=C(t,a,h);end;elseif(c>14)then e=e[o];local a=(_95);(function()n[e[l]]=(e[t]=0);e=e[o];end){};d[e[t]]=n[e[l]];e=e[o];n[e[l]]=d[e[t]];e=e[o];do return ne[l];end;e=e[o];local l=e[l];do return f(n,l,u);end;e=e[o];e=e[o];elseif(c<15)then if(n[e[l]]=a[e[i]])then s=e[t];end;end;elseif(c<=23)then if(c<=19)then if(c<=17)then if(c>16)then n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];local c=(_68);(function()n[e[l]]=a[e[t]];e=e[o];end){};n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];local c=(_61);(function()n[e[l]]=a[e[t]];e=e[o];end){};local c=(_99);(function()n[e[l]]=a[e[t]];e=e[o];end){};local c=(_81);(function()n[e[l]]=a[e[t]];e=e[o];end){};local c=(_183);(function()n[e[l]]=a[e[t]];e=e[o];end){};n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];e=e[o];elseif(c<17)then n[e[l]]=n[e[t]]+a[e[i]];end;elseif(c==18)then local e=e[l];u=e+p-1;for l=0,p do n[e+l]=B[l];end;for e=u+1,r do n[e]=nil;end;elseif(c<=19)then local l=e[l];local t={nl;};local o=e[i];local e=0;for l=l,o do e=e+1;n[l]=t[e];end;for e=o+1,r do n[e]=nil;end;end;elseif(c<=21)then if(c>20)then n[e[l]]=m(256);elseif(c<21)then local l=e[l];n[l]=0+(n[l]);n[l+1]=0+(n[l+1]);n[l+2]=0+(n[l+2]);local o=n[l];local a=n[l+2];if(a>0)then if(o>n[l+1])then s=e[t];else n[l+3]=o;end;elseif(o<n[l+1])then s=e[t];else n[l+3]=o;end;end;elseif(c>22)then d[e[t]]=n[e[l]];elseif(c<23)then e=e[o];n[e[l]]=d[e[t]];e=e[o];do return(n[e[l]]);end;e=e[o];e=e[o];end;elseif(c<=27)then if(c<=25)then if(c>24)then e=e[o];n[e[l]]=(e[t]=0);e=e[o];d[e[t]]=n[e[l]];e=e[o];n[e[l]]=a[e[t]];e=e[o];do return(n[e[l]]);end;e=e[o];e=e[o];elseif(c<25)then n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];e=e[o];end;elseif(c==26)then n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];e=e[o];elseif(c<=27)then n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];local c=(_18);(function()n[e[l]]=a[e[t]];e=e[o];end){};n[e[l]]=a[e[t]];e=e[o];local c=(_60);(function()n[e[l]]=a[e[t]];e=e[o];end){};n[e[l]]=a[e[t]];e=e[o];local c=(_5);(function()n[e[l]]=a[e[t]];e=e[o];end){};n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];local c=(_179);(function()n[e[l]]=a[e[t]];e=e[o];end){};n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];e=e[o];end;elseif(c<=29)then if(c>28)then n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];e=e[o];elseif(c<29)then n[e[l]]=a[e[t]];end;elseif(c==30)then n[e[l]]=n[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];local d=e[t];local c=n[d];for e=d+1,e[i]do c=c..n[e];end;n[e[l]]=c;e=e[o];local c=e[l];n[c]=nc;for e=c+1,r do n[e]=nil;end;e=e[o];local c=e[l];n[c]=nc;e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=h[a[e[t]]];e=e[o];n[e[l]]=h[a[e[t]]];e=e[o];n[e[l]]=n[e[t]][a[e[i]]];e=e[o];n[e[l]]=h[a[e[t]]];e=e[o];n[e[l]]=n[e[t]][a[e[i]]];e=e[o];n[e[l]]=h[a[e[t]]];e=e[o];n[e[l]]=n[e[t]][a[e[i]]];e=e[o];local a=e[l];local c,t=b(na);u=t+a-1;local t=0;for e=a,u do t=t+1;n[e]=c[t];end;e=e[o];local l=e[l];n[l]=nl;for e=l+1,u do n[e]=nil;end;e=e[o];e=e[o];elseif(c<=31)then n[e[l]]=n[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=h[a[e[t]]];e=e[o];n[e[l]]=h[a[e[t]]];e=e[o];local c=(_164);(function()n[e[l]]=n[e[t]][a[e[i]]];e=e[o];end){};n[e[l]]=a[e[t]];e=e[o];n[e[l]]=#n[e[t]];e=e[o];local c=e[l];n[c]=nc;for e=c+1,r do n[e]=nil;end;e=e[o];n[e[l]]=n[e[t]][n[e[i]]];e=e[o];local c=e[l];n[c]=nc;for e=c+1,r do n[e]=nil;end;e=e[o];n[e[l]]=a[e[t]];e=e[o];local c=e[t];local a=n[c];for e=c+1,e[i]do a=a..n[e];end;n[e[l]]=a;e=e[o];local l=e[l];nl;for e=l+1,r do n[e]=nil;end;e=e[o];e=e[o];end;elseif(c<=47)then if(c<=39)then if(c<=35)then if(c<=33)then if(c==32)then local l=e[l];n[l]=nl;for e=l+1,r do n[e]=nil;end;elseif(c<=33)then n[e[l]]=h[a[e[t]]];end;elseif(c==34)then n[e[l]]=n[e[t]][a[e[i]]];elseif(c<=35)then e=e[o];local t=e[l];u=t+p-1;for e=0,p do n[t+e]=B[e];end;for e=u+1,r do n[e]=nil;end;e=e[o];local l=e[l];do return f(n,l,u);end;e=e[o];e=e[o];end;elseif(c<=37)then if(c>36)then elseif(c<37)then do return;end;end;elseif(c>38)then n[e[l]]=d[e[t]];e=e[o];n[e[l]]=n[e[t]][a[e[i]]];e=e[o];n[e[l]]=d[e[t]];e=e[o];n[e[l]]=n[e[t]][a[e[i]]];e=e[o];n[e[l]]=d[e[t]];e=e[o];n[e[l]]=n[e[t]][a[e[i]]];e=e[o];n[e[l]]=d[e[t]];e=e[o];n[e[l]]=n[e[t]][a[e[i]]];e=e[o];n[e[l]]=d[e[t]];e=e[o];n[e[l]]=n[e[t]][a[e[i]]];e=e[o];n[e[l]]=d[e[t]];e=e[o];n[e[l]]=n[e[t]][a[e[i]]];e=e[o];n[e[l]]=d[e[t]];e=e[o];n[e[l]]=n[e[t]][a[e[i]]];e=e[o];n[e[l]]=d[e[t]];e=e[o];n[e[l]]=n[e[t]][a[e[i]]];e=e[o];n[e[l]]=d[e[t]];e=e[o];n[e[l]]=n[e[t]][a[e[i]]];e=e[o];n[e[l]]=d[e[t]];e=e[o];n[e[l]]=n[e[t]][a[e[i]]];e=e[o];local a=e[t];local t=n[a];for e=a+1,e[i]do t=t..n[e];end;n[e[l]]=t;e=e[o];do return(n[e[l]]);end;e=e[o];e=e[o];elseif(c<39)then if(not(n[e[l]]))then s=e[t];end;end;elseif(c<=43)then if(c<=41)then if(c>40)then n[e[l]]=m(e[t]);elseif(c<41)then n[e[l]]=(e[t]=0);end;elseif(c>42)then if(n[e[l]]=n[e[i]])then s=e[t];end;elseif(c<43)then local l=e[l];local a=e[i];local o=l+2;local l=({nl;});for e=1,a do n[o+e]=l[e];end;local l=l[1];if(l)then n[o]=l;s=e[t];end;end;elseif(c<=45)then if(c==44)then local l=e[l];local o=e[t];local a=50*(e[i]-1);local t=n[l];local e=0;for o=l+1,o do t[a+e+1]=n[l+(o-l)];e=e+1;end;elseif(c<=45)then if(n[e[l]]==a[e[i]])then s=e[t];end;end;elseif(c==46)then local c=e[l];nc;for e=c,r do n[e]=nil;end;e=e[o];n[e[l]]=h[a[e[t]]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=d[e[t]];e=e[o];n[e[l]]=n[e[t]];e=e[o];n[e[l]]=d[e[t]];e=e[o];local l=e[l];nl;for e=l+1,r do n[e]=nil;end;e=e[o];e=e[o];elseif(c<=47)then n[e[l]]=m(e[t]);e=e[o];n[e[l]]=a[e[t]];e=e[o];local c=(_169);(function()n[e[l]]=a[e[t]];e=e[o];end){};n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];local c=(_31);(function()n[e[l]]=a[e[t]];e=e[o];end){};n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];local c=(_129);(function()n[e[l]]=a[e[t]];e=e[o];end){};n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];local c=(_93);(function()n[e[l]]=a[e[t]];e=e[o];end){};local c=(_22);(function()n[e[l]]=a[e[t]];e=e[o];end){};n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];local c=(_87);(function()n[e[l]]=a[e[t]];e=e[o];end){};local c=(_188);(function()n[e[l]]=a[e[t]];e=e[o];end){};n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];e=e[o];end;elseif(c<=55)then if(c<=51)then if(c<=49)then if(c>48)then n[e[l]]=C(D[e[t]],(nil),h);elseif(c<49)then n[e[l]][a[e[t]]]=n[e[i]];end;elseif(c>50)then local l=e[l];nl;for e=l+1,r do n[e]=nil;end;elseif(c<51)then if(a[e[l]]<=n[e[i]])then s=e[t];end;end;elseif(c<=53)then if(c>52)then n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];local c=(_24);(function()n[e[l]]=a[e[t]];e=e[o];end){};n[e[l]]=a[e[t]];e=e[o];local c=(_163);(function()n[e[l]]=a[e[t]];e=e[o];end){};n[e[l]]=a[e[t]];e=e[o];local c=(_159);(function()n[e[l]]=a[e[t]];e=e[o];end){};n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];local c=(_156);(function()n[e[l]]=a[e[t]];e=e[o];end){};n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];e=e[o];elseif(c<53)then n[e[l]]=n[e[t]];end;elseif(c==54)then d[e[t]]=n[e[l]];e=e[o];n[e[l]]=d[e[t]];e=e[o];do return(n[e[l]]);end;e=e[o];e=e[o];elseif(c<=55)then n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];n[e[l]]=a[e[t]];e=e[o];e=e[o];end;elseif(c<=59)then if(c<=57)then if(c==56)then n[e[l]]=#n[e[t]];elseif(c<=57)then local e=e[l];do return f(n,e,u);end;end;elseif(c>58)then do return(n[e[l]]);end;elseif(c<59)then local c=e[l];n[c]=nc;for e=c+1,r do n[e]=nil;end;e=e[o];n[e[l]]=h[a[e[t]]];e=e[o];n[e[l]]=n[e[t]][n[e[i]]];e=e[o];n[e[l]]=n[e[t]];e=e[o];local l=e[l];nl;for e=l+1,r do n[e]=nil;end;e=e[o];e=e[o];end;elseif(c<=61)then if(c==60)then n[e[l]][n[e[t]]]=n[e[i]];elseif(c<=61)then do return ne[l];end;end;elseif(c>62)then if(n[e[l]])then s=e[t];end;elseif(c<63)then local t=e[t];local o=n[t];for e=t+1,e[i]do o=o..n[e];end;n[e[l]]=o;end;until false end);end;return C(S(),{},L())(...);end)(({[((#{(function(...)return 17,907,...;end)(622,436,324)}+495108265))]=(((#{206;941;947;}+997482263)));[((110248106-#("The Voxel is sus")))]=("\58");[(704491465)]=("\108");[((#{699;19;544;49;(function(...)return 303;end)()}+478872801))]=(((#{860;(function(...)return 896,466;end)()}+2)));[(898302821)]=("\105");[(715479886)]=("\37");[((#{64;}+662132780))]=(((97417837-#("luraph is now down until further notice for an emergency major security update"))));[((701905154-#("The Person who reads this is gay")))]=((1));[(824210494)]=(((139-#("I'm not ignoring you, my DMs are full. Can't DM me? Shoot me a email: mem@mem.rip (Business enquiries only)"))));[((#{203;}+370022248))]=((16777216));[((430646917-#("unluac.exe in.txt > out.txt winning")))]=(((898302895-#("psu premium chads winning (only joe biden supporters use the free version)"))));[((#{}+47990351))]=(((191-#("when the constants are sus"))));[(605464520)]=((233));c2kzP=(((#{784;950;953;}+956102)));[(327209039)]=("\111");[(997482266)]=("\97");['OrQjp']=(((838-#("Luraph v12.6 has been released!: changed absolutely fucking nothing but donate to my patreon!"))));[(979538621)]=("\103");[((533198931-#("woooow u hooked an opcode, congratulations now suck my cock")))]=(((57-#("Cling clang, hide the kids, someones outta find you.."))));Scn8D=(((#{}+565203252)));['go8gB5']=(((#{591;724;(function(...)return 310,199;end)()}+48)));[(492894777)]=((20));["iDrHJlw"]=(((#{829;411;803;(function(...)return 5,791,89;end)()}+340)));[(494037456)]=(((277-#("Perth Was here impossible ikr"))));[(923177392)]=("\115");[(827339274)]=(((293836-#("@everyone designs are done. luraph website coming.... eta JULY 2020"))));[(863208763)]=((752));JiZrY3CeQQ=(((#{237;502;(function(...)return 639,908,654,...;end)(984,952,663)}+1015)));[((#{507;351;(function(...)return 759,662;end)()}+96949728))]=(((#{42;119;25;(function(...)return 394,260,477;end)()}+26528)));[((922805348-#("unluac.exe in.txt > out.txt winning")))]=("\104");[((#{537;251;309;}+70077821))]=(((#{772;167;982;845;(function(...)return 319,766,300,186;end)()}+762824387)));[(565203252)]=("\109");[((263166901-#("Bunu yazan tosun... - federal")))]=((834822766));[((15938870-#("[CW] icepools likes kids")))]=((1336));[((#{184;733;31;}+159216642))]=(((#{}+256)));[(958457340)]=(((#{(function(...)return 417,228;end)()}+7943)));['uUXvBWo']=((95848));[((#{486;}+190852216))]=((33602));uEpL0=((9));[(75464704)]=((202074714));[((#{749;288;17;}+846113342))]=(((#{766;970;}+65534)));[((#{623;}+663362031))]=(((#{95;842;755;(function(...)return 908,660,128,210;end)()}+83)));[((#{}+194348571))]=("\51");COtNSuo1d=(((255648-#("Cling clang, hide the kids, someones outta find you.."))));[(956899809)]=((341));[((57492442-#("I'm not ignoring you, my DMs are full. Can't DM me? Shoot me a email: mem@mem.rip (Business enquiries only)")))]=(((780692646-#("PSU|161027525v21222B11273172751L275102731327523d27f22I27f21o26o24Y21J1827F1X27f1r27F23823a26w1... oh wait"))));[((416931187-#("who the fuck looked at synapse xen and said 'yeah this is good enough for release'")))]=((255));[((28934726-#("PSU|161027525v21222B11273172751L275102731327523d27f22I27f21o26o24Y21J1827F1X27f1r27F23823a26w1... oh wait")))]=((31));[(567957394)]=(((922805387-#("psu premium chads winning (only joe biden supporters use the free version)"))));[((#{216;356;(function(...)return 843,629;end)()}+876638578))]=((927128303));UE90U=("\100");[(865753153)]=(((918350490-#("who the fuck looked at synapse xen and said 'yeah this is good enough for release'"))));[(762368821)]=(((#{652;272;644;829;(function(...)return 997,412;end)()}+979538615)));[((202074729-#("concat was here")))]=("\41");i6WXc=("\121");[(869746937)]=((793));[((481358673-#("constant_table = {}")))]=((5000));[((#{66;275;642;}+672247143))]=(((36-#("When the exploiter is sus"))));[((#{332;(function(...)return 973;end)()}+409837452))]=((21));[(811587745)]=(((371-#("Luraph v12.6 has been released!: changed absolutely fucking nothing but donate to my patreon!"))));[(79830066)]=("\98");[((#{}+387676409))]=("\112");[(480269586)]=(((1569-#("Are you using AztupBrew, clvbrew, or IB2? Congratulations! You're deobfuscated!"))));[((#{694;381;477;}+918350405))]=("\116");[((#{848;}+780692540))]=("\114");[((#{}+182086789))]=((225));[((492761477-#("psu == femboy hangout")))]=((668));[(341291526)]=((715479886));[(463178462)]=((704491465));[((856255394-#("Hey reader, you're a sussy baka")))]=(((7481-#("constant_table = {}"))));["r1cqs9N"]=((6));[((29671414-#("this isn't krnl support you bonehead moron")))]=(((56-#("0x59 likes fat cock."))));oMeYI6Vsq=("\50");["SQpm8iR"]=(((#{129;683;103;}+130)));[((#{388;}+221971849))]=(((#{569;109;}+6)));deh8lN=((186));[((#{65;513;288;894;(function(...)return;end)()}+293569683))]=((194348571));[((77144460-#("balls and cum")))]=("\120");[((#{510;114;325;}+834822763))]=("\102");[(939710752)]=(((#{}+79830066)));[(825726076)]=((376));[((#{(function(...)return...;end)(0)}+321374524))]=((272));jHcykE9w=("\110");[(781635957)]=((646));fjSyrj8tWn=(((#{123;767;889;469;}+387676405)));[(453592822)]=((327209039));[(927128303)]=("\40");[(150106732)]=(((#{(function(...)return 56,93,810;end)()}+77144444)));[((#{142;120;97;168;(function(...)return 143;end)()}+895492234))]=((2546));[((26869071-#("When the exploiter is sus")))]=(((#{125;905;273;413;}+26911)));["Yt1hfpp8"]=("\43");[(146286062)]=("\99");[((389322660-#("anofrillsguidetolua51instructions.pdf")))]=(((1038-#("Cling clang, hide the kids, someones outta find you.."))));[((#{658;634;38;(function(...)return...;end)(908,218,616)}+334076815))]=((2047));[((#{}+762824395))]=("\101");["PqLYvf"]=((3));[((405894024-#("psu premium chads winning (only joe biden supporters use the free version)")))]=(((#{113;296;547;546;(function(...)return 604,683,...;end)(808,365)}-1)));[(254220684)]=((923177392));[((97417786-#("IIiIIiillIiiIIIiiii 🧌")))]=("\35");['I0CLL2O']=(((#{196;868;735;}-1)));["U2G9b2ao"]=(((26-#("when the constants are sus"))));["zVFL6R"]=("\117");['AQkXdpp']=(((#{140;387;71;162;(function(...)return 722,278,...;end)(701,812)}+110248082)));[(233258420)]=(((43641-#("constant_table = {}"))));[(457264530)]=((146286062));J0JbS=((682));[((#{924;510;438;}+626377435))]=(((283-#("oh Mr. Pools, thats a little close please dont touch me there... please Mr. Pools I am only eight years old please stop..."))));}),...)})do return e end; : Gothsmane/Anti-kick create time: 2021-08-17T11:17:18Z
PTLabs : R3dAlch3mist/cve-2018-6574 create time: 2021-08-17T09:09:48Z
CVE-2019-11932 : Tabni/https-github.com-awakened1712-CVE-2019-11932 create time: 2021-08-17T08:35:11Z
no description : security-n/CVE-2021-38710 create time: 2021-08-16T04:22:29Z
no description : l3ouu4n9/CVE-2018-6574-POC create time: 2021-08-16T15:06:58Z
CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability : phamphuqui1998/CVE-2021-34473 create time: 2021-08-16T11:27:13Z
Sudo Heap Overflow Baron Samedit : 0x7183/CVE-2021-3156 create time: 2021-08-13T14:23:09Z
CVE-2021-25790-Multiple-Stored-XSS : Multiple Stored XSS in House Rental and Property Listing : MrCraniums/CVE-2021-25790-Multiple-Stored-XSS create time: 2021-08-16T11:46:02Z
Multiple Stored XSS Online Doctor Appointment System : MrCraniums/CVE-2021-25791-Multiple-Stored-XSS create time: 2021-08-16T11:25:30Z
A tool to crash MySQL servers with CVE-2017-3599 : jptr218/mysql_dos create time: 2021-08-16T10:39:44Z
CVE-2021-3707 , CVE-2021-3708 : HadiMed/firmware-analysis create time: 2021-05-29T12:24:04Z
CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability : whichbuffer/CVE-2021-34473 create time: 2021-08-16T08:14:33Z
Sudo heap-based buffer overflow privilege escalation commands and mitigations. : Kleptocratic/CVE-2021-3156 create time: 2021-08-16T01:10:34Z
Stored XSS in TastyIgniter v3.0.7 Restaurtant CMS : HuskyHacks/CVE-2021-38699-Stored-XSS create time: 2021-08-12T22:32:18Z
Multiple Reflected XSS in TastyIgniter v3.0.7 Restaurtant CMS : HuskyHacks/CVE-2021-38699-Reflected-XSS create time: 2021-08-12T21:12:04Z
The Heartbleed bug CVE-2014-0160 is a severe implementation flaw in the OpenSSL library, which enables attackers to steal data from the memory of the victim server. The contents of the stolen data depend on what is there in the memory of the server. It could potentially contain private keys, TLS session keys, usernames, passwords, credit cards, etc. The vulnerability is in the implementation of the Heartbeat protocol, which is used by SSL/TLS to keep the connection alive. : pierceoneill/bleeding-heart create time: 2021-08-15T11:05:23Z
tools for automate configure Ubuntu 20.04 enviroment for testing CVE-2021-28476. : sh4m2hwz/CVE-2021-28476-tools-env create time: 2021-08-15T11:10:40Z
check if Azure AD Connect is affected by the vulnerability described in CVE-2021-36949 : Maxwitat/Check-AAD-Connect-for-CVE-2021-36949-vulnerability create time: 2021-08-14T21:05:30Z
TastyIgniter 3.0.7 allows XSS via the name field during user-account creation : Justin-1993/CVE-2021-38699 create time: 2021-08-14T20:57:00Z
An implementation of CVE-2020-1938 : jptr218/ghostcat create time: 2021-08-14T17:32:51Z
WordPress File Upload Vulnerability, Modern Events Calendar Lite WordPress plugin before 5.16.5 : dnr6419/CVE-2021-24145 create time: 2021-08-14T02:56:50Z
Rewrittened CVE-2019-0708 poc and exp : c4dr01d/CVE-2019-0708 create time: 2021-08-14T01:56:54Z
Rewrittened CVE-2021-31166 poc and exp : c4dr01d/CVE-2021-31166 create time: 2021-08-14T01:56:12Z
Ampache XSS : dnr6419/CVE-2021-32644 create time: 2021-08-14T01:50:32Z
no description : charlesbickel/CVE-2021-38619 create time: 2021-08-13T02:42:25Z
WpDiscuz 7.0.4 Arbitrary File Upload Exploit : meicookies/CVE-2020-24186 create time: 2021-08-13T11:32:47Z
WpDiscuz 7.0.4 Arbitrary File Upload Exploit : meicookies/CVE-2020-24186 create time: 2021-08-13T10:58:20Z
no description : y-f00l/CVE-2020-14364 create time: 2021-08-13T07:44:50Z
this is a test : FirDragon/cve-2021-0000 create time: 2021-08-13T07:00:22Z
cve-2021-1908 : FirDragon/cve-2021-1908 create time: 2021-08-13T05:48:22Z
cve-2021-12312 : FirDragon/cve-2021-12312 create time: 2021-08-13T05:02:38Z
cve-2021-123123123 : FirDragon/cve-2021-123123123 create time: 2021-08-13T04:52:24Z
CVE-2021-123123 : FirDragon/CVE-2021-123123 create time: 2021-08-13T04:48:46Z
no description : KielVaughn/CVE-2021-38603 create time: 2021-08-12T21:08:54Z
no description : KielVaughn/CVE-2021-38602 create time: 2021-08-12T03:55:27Z
CVE-2021-38601 - Reflected XSS in Pepperminty-Wiki 0.23-dev : hmaverickadams/CVE-2021-38601 create time: 2021-08-12T18:55:02Z
CVE-2021-38600 - Stored XSS in Pepperminty-Wiki 0.23-dev : hmaverickadams/CVE-2021-38600 create time: 2021-08-12T18:44:05Z
Exploit for CVE-2021-36934 : chron1k/oxide_hive create time: 2021-08-12T18:01:21Z
Exploit for CVE-2021-36934 : chron1k/oxide_hive create time: 2021-08-12T17:50:36Z
Exploit for CVE-2021-36934 : chron1k/oxide_hive create time: 2021-08-12T17:19:59Z
Exploit for CVE-2020-8277 (educational purpose) : progfay/CVE-2020-8277 create time: 2021-08-12T06:14:15Z
cve : e0mlja/cve202014883 create time: 2021-08-12T03:09:43Z
no description : charlesbickel/CVE-2021-38583 create time: 2021-08-11T20:19:39Z
Zeek Package to detect cve-2017-2741 : dopheide-esnet/zeek-jetdirect create time: 2021-08-11T20:39:05Z
Check patch for CVE-2021-34481 : vanpn/CVE-2021-34481 create time: 2021-08-11T16:56:10Z
no description : puckiestyle/CVE-2019-15107 create time: 2021-08-11T12:39:45Z
no description : RaouzRouik/CVE-2021-34473-scanner create time: 2021-08-11T12:20:07Z
no description : puckiestyle/CVE-2020-35606 create time: 2021-08-11T10:54:22Z
no description : Jerry-zhuang/CVE-2017-1000117 create time: 2021-08-11T07:09:26Z
no description : Jerry-zhuang/CVE-2017-1000117 create time: 2021-08-11T07:07:19Z
CVE-2017-1000117漏洞复现使用,含有恶意指令,非复现请勿使用 : Jerry-zhuang/CVE-2017-1000117 create time: 2021-08-11T06:41:43Z
no description : OlivierLaflamme/CVE-2021-36934_export_shadow_volume create time: 2021-08-10T19:39:28Z
nuclei scanner for proxyshell ( CVE-2021-34473 ) : cyberheartmi9/Proxyshell-Scanner create time: 2021-08-10T15:01:02Z
CVE-2019-11043 : jptr218/php_hack create time: 2021-08-10T14:06:27Z
[CVE-2021-27905] Apache Solr ReplicationHandler Server Side Request Forgery (SSRF) : murataydemir/CVE-2021-27905 create time: 2021-08-10T07:49:47Z
Windows Font Driver Type 1 VToHOrigin stack corruption : KaLendsi/CVE-2020-1020 create time: 2021-08-10T03:10:39Z
no description : yinfeidi/CVE-2021-31655 create time: 2021-08-10T02:32:00Z
CVE-2021-2109 basic scanner : dinosn/CVE-2021-2109 create time: 2021-08-09T11:02:45Z
no description : BabyTeam1024/CVE-2021-2394 create time: 2021-08-08T16:12:17Z
pentesterlab challange : prizoner627/CVE-2018-6574-go-get-RCE create time: 2021-08-08T13:26:50Z
no description : julio-cfa/PoC---ES-File-Explorer-4.1.9.7.4-CVE-2019-6447- create time: 2021-08-08T02:54:25Z
PoC for exploiting CVE-2020-27153 : In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. : AlAIAL90/CVE-2020-27153 create time: 2021-08-08T01:08:51Z
PoC for exploiting CVE-2020-26558 : Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. : AlAIAL90/CVE-2020-26558 create time: 2021-08-08T01:08:45Z
PoC for exploiting CVE-2021-0129 : Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. : AlAIAL90/CVE-2021-0129 create time: 2021-08-08T01:08:40Z
ACE poc exploit for glibc cpio 2.13 through mmap chunk metadata curruption (CVE-2021-38185) : fangqyi/cpiopwn create time: 2021-07-19T20:10:13Z
PoC for exploiting CVE-2019-10156 : A flaw was discovered in the way Ansible templating was implemented in versions before 2.6.18, 2.7.12 and 2.8.2, causing the possibility of information disclosure through unexpected variable substitution. By taking advantage of unintended variable substitution the content of any variable may be disclosed. : AlAIAL90/CVE-2019-10156 create time: 2021-08-07T20:07:06Z
PoC for exploiting CVE-2019-10206 : ansible-playbook -k and ansible cli tools, all versions 2.8.x before 2.8.4, all 2.7.x before 2.7.13 and all 2.6.x before 2.6.19, prompt passwords by expanding them from templates as they could contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them. : AlAIAL90/CVE-2019-10206 create time: 2021-08-07T20:07:01Z
PoC for exploiting CVE-2019-14904 : A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected. : AlAIAL90/CVE-2019-14904 create time: 2021-08-07T20:06:49Z
PoC for exploiting CVE-2019-14864 : Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data. : AlAIAL90/CVE-2019-14864 create time: 2021-08-07T20:06:33Z
PoC for exploiting CVE-2019-14846 : In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process. : AlAIAL90/CVE-2019-14846 create time: 2021-08-07T20:06:10Z
PoC for exploiting CVE-2020-14365 : A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability. : AlAIAL90/CVE-2020-14365 create time: 2021-08-07T20:07:14Z
PoC for exploiting CVE-2020-10684 : A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection. : AlAIAL90/CVE-2020-10684 create time: 2021-08-07T20:07:10Z
PoC for exploiting CVE-2020-10685 : A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble. : AlAIAL90/CVE-2020-10685 create time: 2021-08-07T20:06:57Z
PoC for exploiting CVE-2020-1746 : A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality. : AlAIAL90/CVE-2020-1746 create time: 2021-08-07T20:06:53Z
PoC for exploiting CVE-2020-1735 : A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. : AlAIAL90/CVE-2020-1735 create time: 2021-08-07T20:06:45Z
PoC for exploiting CVE-2020-1739 : A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs. : AlAIAL90/CVE-2020-1739 create time: 2021-08-07T20:06:41Z
PoC for exploiting CVE-2020-14332 : A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality. : AlAIAL90/CVE-2020-14332 create time: 2021-08-07T20:06:37Z
PoC for exploiting CVE-2020-1733 : A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p
"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc//cmdline'. : AlAIAL90/CVE-2020-1733 create time: 2021-08-07T20:06:29ZPoC for exploiting CVE-2020-1740 : A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and the method write_data is called to write the existing secret in the file. This method will delete the file before recreating it insecurely. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable. : AlAIAL90/CVE-2020-1740 create time: 2021-08-07T20:06:24Z
PoC for exploiting CVE-2020-1753 : A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files. : AlAIAL90/CVE-2020-1753 create time: 2021-08-07T20:06:18Z
PoC for exploiting CVE-2020-14330 : An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality. : AlAIAL90/CVE-2020-14330 create time: 2021-08-07T20:06:14Z
PoC for exploiting CVE-2020-10729 : A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups of the same length generate the equal value as the template caching action for the same file since no re-evaluation happens. The highest threat from this vulnerability would be that all passwords are exposed at once for the file. This flaw affects Ansible Engine versions before 2.9.6. : AlAIAL90/CVE-2020-10729 create time: 2021-08-07T20:06:01Z
PoC for exploiting CVE-2021-20228 : A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality. : AlAIAL90/CVE-2021-20228 create time: 2021-08-07T20:06:05Z
CVE-20210-485 : Ch0pin/CVE20210485 create time: 2021-08-07T18:03:30Z
PoC for exploiting CVE-2020-3391 : A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain unencrypted credentials on an affected device. An attacker could exploit this vulnerability by viewing the network device configuration and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices. : AlAIAL90/CVE-2020-3391 create time: 2021-08-07T15:35:54Z
PoC for exploiting CVE-2020-3387 : A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit this vulnerability by sending a crafted response to the Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to access the software and execute commands they should not be authorized to execute. : AlAIAL90/CVE-2020-3387 create time: 2021-08-07T15:35:49Z
PoC for exploiting CVE-2020-3398 : A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service (DoS) condition due to the BGP session being down. The vulnerability is due to incorrect parsing of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause the BGP peer connections to reset, which could lead to BGP route instability and impact traffic. The incoming BGP MVPN update message is valid but is parsed incorrectly by the NX-OS device, which could send a corrupted BGP update to the configured BGP peer. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system. : AlAIAL90/CVE-2020-3398 create time: 2021-08-07T15:35:45Z
PoC for exploiting CVE-2020-3379 : A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain administrative privileges. : AlAIAL90/CVE-2020-3379 create time: 2021-08-07T15:35:41Z
PoC for exploiting CVE-2020-3383 : A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper input validation of paths that are embedded within archive files. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to write arbitrary files in the system with the privileges of the logged-in user. : AlAIAL90/CVE-2020-3383 create time: 2021-08-07T15:35:37Z
PoC for exploiting CVE-2020-3444 : A vulnerability in the packet filtering features of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected device. An attacker could exploit this vulnerability by crafting a malicious TCP packet with specific characteristics and sending it to a targeted device. A successful exploit could allow the attacker to bypass the L3 and L4 traffic filters and inject an arbitrary packet into the network. : AlAIAL90/CVE-2020-3444 create time: 2021-08-07T15:35:33Z
PoC for exploiting CVE-2020-3441 : A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby. This vulnerability is due to insufficient protection of sensitive participant information. An attacker could exploit this vulnerability by browsing the Webex roster. A successful exploit could allow the attacker to gather information about other Webex participants, such as email address and IP address, while waiting in the lobby. : AlAIAL90/CVE-2020-3441 create time: 2021-08-07T15:35:29Z
PoC for exploiting CVE-2020-3451 : Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory. : AlAIAL90/CVE-2020-3451 create time: 2021-08-07T15:35:24Z
PoC for exploiting CVE-2020-3452 : A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. : AlAIAL90/CVE-2020-3452 create time: 2021-08-07T15:35:20Z
PoC for exploiting CVE-2020-3426 : A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition. : AlAIAL90/CVE-2020-3426 create time: 2021-08-07T15:35:16Z
PoC for exploiting CVE-2020-3429 : A vulnerability in the WPA2 and WPA3 security implementation of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect packet processing during the WPA2 and WPA3 authentication handshake when configured for dot1x or pre-shared key (PSK) authentication key management (AKM) with 802.11r BSS Fast Transition (FT) enabled. An attacker could exploit this vulnerability by sending a crafted authentication packet to an affected device. A successful exploit could cause an affected device to reload, resulting in a DoS condition. : AlAIAL90/CVE-2020-3429 create time: 2021-08-07T15:35:12Z
PoC for exploiting CVE-2020-3435 : A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to modify VPN profile files. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. : AlAIAL90/CVE-2020-3435 create time: 2021-08-07T15:35:08Z
PoC for exploiting CVE-2020-3434 : A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process, causing a DoS condition on the device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. : AlAIAL90/CVE-2020-3434 create time: 2021-08-07T15:35:04Z
PoC for exploiting CVE-2020-3477 : A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible. : AlAIAL90/CVE-2020-3477 create time: 2021-08-07T15:34:59Z
PoC for exploiting CVE-2020-3475 : Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. : AlAIAL90/CVE-2020-3475 create time: 2021-08-07T15:34:55Z
PoC for exploiting CVE-2020-3472 : A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one Webex Meetings site could exploit this vulnerability by sending specially crafted requests to the Webex Meetings site. A successful exploit could allow the attacker to view the details of users on another Webex site, including user names and email addresses. : AlAIAL90/CVE-2020-3472 create time: 2021-08-07T15:34:51Z
PoC for exploiting CVE-2020-3465 : A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames onto the Ethernet segment. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. : AlAIAL90/CVE-2020-3465 create time: 2021-08-07T15:34:46Z
PoC for exploiting CVE-2020-3453 : Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory. : AlAIAL90/CVE-2020-3453 create time: 2021-08-07T15:34:42Z
PoC for exploiting CVE-2020-3471 : A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session. The vulnerability is due to a synchronization issue between meeting and media services on a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. A successful exploit could allow the attacker to maintain the audio connection of a Webex session despite being expelled. : AlAIAL90/CVE-2020-3471 create time: 2021-08-07T15:34:38Z
PoC for exploiting CVE-2020-3470 : Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the API subsystem of an affected system. When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system (OS). : AlAIAL90/CVE-2020-3470 create time: 2021-08-07T15:34:34Z
PoC for exploiting CVE-2021-28966 : In Ruby through 3.0 on Windows, a remote attacker can submit a crafted path when a Web application handles a parameter with TmpDir. : AlAIAL90/CVE-2021-28966 create time: 2021-08-07T15:34:29Z
PoC for exploiting CVE-2021-31799 : In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. : AlAIAL90/CVE-2021-31799 create time: 2021-08-07T15:34:25Z
PoC for exploiting CVE-2021-20786 : Cross-site request forgery (CSRF) vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to hijack the authentication of administrators via a specially crafted URL. : AlAIAL90/CVE-2021-20786 create time: 2021-08-07T15:34:20Z
PoC for exploiting CVE-2021-32558 : An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur. : AlAIAL90/CVE-2021-32558 create time: 2021-08-07T15:34:17Z
PoC for exploiting CVE-2021-35478 : Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page. : AlAIAL90/CVE-2021-35478 create time: 2021-08-07T15:34:12Z
PoC for exploiting CVE-2021-21295 : Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (HttpRequest, HttpContent, etc.) via Http2StreamFrameToHttpObjectCodec and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: HTTP2MultiplexCodec or Http2FrameCodec is used, Http2StreamFrameToHttpObjectCodec is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom ChannelInboundHandler that is put in the ChannelPipeline behind Http2StreamFrameToHttpObjectCodec. : AlAIAL90/CVE-2021-21295 create time: 2021-08-07T15:34:08Z
PoC for exploiting CVE-2021-28165 : In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. : AlAIAL90/CVE-2021-28165 create time: 2021-08-07T15:34:04Z
PoC for exploiting CVE-2021-29425 : In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. : AlAIAL90/CVE-2021-29425 create time: 2021-08-07T15:34:00Z
PoC for exploiting CVE-2021-28169 : For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. : AlAIAL90/CVE-2021-28169 create time: 2021-08-07T15:33:56Z
PoC for exploiting CVE-2021-35479 : Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page. : AlAIAL90/CVE-2021-35479 create time: 2021-08-07T15:33:51Z
PoC for exploiting CVE-2021-32610 : In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193. : AlAIAL90/CVE-2021-32610 create time: 2021-08-07T15:33:46Z
PoC for exploiting CVE-2021-36004 : Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. : AlAIAL90/CVE-2021-36004 create time: 2021-08-07T15:33:43Z
PoC for exploiting CVE-2021-31878 : An issue was discovered in PJSIP in Asterisk before 16.19.1 and before 18.5.1. To exploit, a re-INVITE without SDP must be received after Asterisk has sent a BYE request. : AlAIAL90/CVE-2021-31878 create time: 2021-08-07T15:33:38Z
PoC for exploiting CVE-2021-36754 : PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception. : AlAIAL90/CVE-2021-36754 create time: 2021-08-07T15:32:29Z
PoC for exploiting CVE-2021-28674 : The node management page in SolarWinds Orion Platform before 2020.2.5 HF1 allows an attacker to create or delete a node (outside of the attacker's perimeter) via an account with write permissions. This occurs because node IDs are predictable (with incrementing numbers) and the access control on Services/NodeManagement.asmx/DeleteObjNow is incorrect. To exploit this, an attacker must be authenticated and must have node management rights associated with at least one valid group on the platform. : AlAIAL90/CVE-2021-28674 create time: 2021-08-07T15:32:25Z
PoC for exploiting CVE-2021-36983 : replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to gain root privileges via a symlink attack on /tmp/replay-sorcery or /tmp/replay-sorcery/device.sock. : AlAIAL90/CVE-2021-36983 create time: 2021-08-07T15:32:21Z
PoC for exploiting CVE-2021-22898 : curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. : AlAIAL90/CVE-2021-22898 create time: 2021-08-07T15:32:17Z
PoC for exploiting CVE-2021-36217 : Avahi 0.8 allows a local denial of service (NULL pointer dereference and daemon crash) against avahi-daemon via the D-Bus interface or a "ping .local" command. : AlAIAL90/CVE-2021-36217 create time: 2021-08-07T15:32:13Z
no description : CyberCommands/CVE-2021-3156 create time: 2021-08-07T08:38:50Z
Cockpit CMS 0.11.1 NoSQL Injection to Remote Code Execution : 0z09e/CVE-2020-35846 create time: 2021-08-05T18:48:52Z
Chikitsa Patient Management System Stored Cross-Site Scripting (XSS) : jboogie15/CVE-2021-38149 create time: 2021-08-06T09:01:40Z
no description : w33vils/CVE-2020-35847_CVE-2020-35848 create time: 2021-08-06T09:19:01Z
no description : Pastea/CVE-2017-1000486 create time: 2021-08-05T17:42:54Z
CVE-2018-8120 : nanabingies/CVE-2018-8120 create time: 2021-08-05T16:55:50Z
This repo contains some POC's and exploits I have written for some targets. : nanabingies/CVE-2019-16724 create time: 2020-08-25T06:47:51Z
SyncBreeze Enterprise Remote BufferOverflow [CVE-2017-14980] : Xcatolin/SyncBreeze-BoF create time: 2021-08-05T16:06:57Z
no description : artsking/Sqlite-CVE-2019-20218 create time: 2021-08-05T05:13:50Z
222222222222 : woliujizhou/CVE-2021-29900T create time: 2021-08-05T02:40:14Z
hallo : woliujizhou/cve-2021-2998 create time: 2021-08-05T02:23:38Z
An implementation of CVE-2017-5638 : jptr218/struts_hack create time: 2021-08-04T17:27:55Z
Oracle Web Logic Deserialize RCE (CVE-2018-2628) : 0xToast/CVE-2018-2628 create time: 2021-08-04T14:54:48Z
Windows Elevation of Privilege Vulnerability CVE-2021-36934 : shaktavist/SeriousSam create time: 2021-08-04T10:37:41Z
no description : s4dbrd/CVE-2020-9496 create time: 2021-08-04T06:48:31Z
no description : s4dbrd/CVE-2020-9496 create time: 2021-08-04T06:20:31Z
PoC for CVE-2021-3492 used at Pwn2Own 2021 : synacktiv/CVE-2021-3492 create time: 2021-06-28T09:43:31Z
CVE-2021-37832 - Hotel Druid 3.0.2 SQL Injection Vulnerability : dievus/CVE-2021-37832 create time: 2021-08-01T00:38:56Z
no description : dievus/CVE-2021-37833 create time: 2021-08-01T00:34:27Z
An implementation of CVE-2016-8740 : jptr218/apachedos create time: 2021-08-03T10:45:59Z
POC of CVE-2021-2394 : freeide/CVE-2021-2394 create time: 2021-08-02T04:19:11Z
no description : woliujizhou/CVE-2021-2999899 create time: 2021-08-03T05:31:12Z
no description : AssassinUKG/CVE-2021-22204 create time: 2021-08-02T18:56:16Z
POC experiments with Volume Shadow copy Service (VSS) : grishinpv/poc_CVE-2021-36934 create time: 2021-08-02T13:47:17Z
no description : whitetea2424/CVE-2020-27955-LFS-main create time: 2021-08-02T12:32:08Z
test : 0pen1/CVE-2021-56666 create time: 2021-08-02T10:59:48Z
test : 0pen1/CVE-2021-99999 create time: 2021-08-02T10:39:20Z
Local exploit for CVE-2021-1675 : tacbliw/PrintNightmare-LPE create time: 2021-08-02T09:03:07Z
no description : PenTestical/CVE-2021-22204 create time: 2021-08-02T09:11:27Z
no description : xiaofeihahah/CVE-2021-21300 create time: 2021-08-02T08:21:11Z
Exploit for Authenticated Remote Code Execution on OpenPLC v3 Webserver : h3v0x/CVE-2021-31630-OpenPLC_RCE create time: 2021-08-02T04:48:24Z
no description : xiaofeihahah/CVE-2021-21300 create time: 2021-08-02T03:09:52Z
POC of CVE-2021-2394 : lz2y/CVE-2021-2394 create time: 2021-08-02T02:22:04Z
The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, and from version 8.14.0 before version 8.15.1 allows remote anonymous attackers to obtain gadget related settings via a missing permissions check. : f4rber/CVE-2020-36287 create time: 2021-08-02T01:52:39Z
no description : zeronohacker/CVE-2018-20250 create time: 2021-08-02T01:24:01Z
SeriousSAM Auto Exploiter : websecnl/CVE-2021-36934 create time: 2021-08-01T19:54:31Z
no description : PandatiX/CVE-2021-28378 create time: 2021-08-01T13:16:53Z
no description : ErnestZiemkowski/cve-2018-6574 create time: 2021-08-01T12:47:02Z
N-day exploit for CVE-2019-18634 (local privilege escalation) : aesophor/CVE-2019-18634 create time: 2021-08-01T10:50:55Z
Full unauthenticated RCE proof of concept for Rocket.Chat 3.12.1 CVE-2021-22911 : optionalCTF/Rocket.Chat-Unauthenticated-RCE-CVE-2021-22911- create time: 2021-07-30T21:44:18Z
Polkit D-Bus Authentication Bypass Exploit : 0Day-dev/CVE-2021-3560 create time: 2021-07-30T11:41:34Z
WordPress Backup Guard Authenticated Remote Code Execution Exploit : 0Day-dev/CVE-2021-24155.rb create time: 2021-07-30T11:28:53Z
Exploit for CVE-2018-3810 : nth347/CVE-2018-3810_exploit create time: 2021-07-30T10:06:04Z
A Powrshell script to scan for CVE-2021-34470 : technion/CVE-2021-34470scanner create time: 2021-07-29T23:50:31Z
CVE-2021-36934 HiveNightmare vulnerability checker and workaround : irissentinel/CVE-2021-36934 create time: 2021-07-29T20:35:22Z
no description : chompie1337/Linux_LPE_eBPF_CVE-2021-3490 create time: 2021-06-24T18:50:17Z
Techniques based on named pipes for pool overflow exploitation targeting the most recent (and oldest) Windows versions. (including a poc for CVE-2020-17087 and an off-by-one overflow) : vp777/Windows-Non-Paged-Pool-Overflow-Exploitation create time: 2021-07-02T16:03:16Z
Exploit for CVE-2019-10149 : Stick-U235/CVE-2019-10149-Exploit create time: 2021-07-29T16:44:08Z
no description : ikramimamoglu/AmIAHuman-CVE-2021-33909 create time: 2021-07-29T16:58:19Z
Google Chrome Use After Free vulnerability reported by S4E Team : s4e-lab/CVE-2021-30573-PoC-Google-Chrome create time: 2021-07-29T12:53:13Z
no description : xmco/sdwan-cve-2021-1480 create time: 2021-07-29T12:17:50Z
Proof of concept for CVE-2021-27965 (Stack-based Buffer Overflow) : Crystalware/CVE-2021-27965 create time: 2021-07-29T09:32:56Z
no description : hanchen666/CVE-2021-XXXX create time: 2021-07-29T08:25:46Z
Shellshock exploit aka CVE-2014-6271 : b4keSn4ke/shellshock create time: 2021-07-29T04:51:43Z
CVE-2021-1239 : wuyoukm/CVE-2021-1239 create time: 2021-07-29T05:16:12Z
CVE-2021-1238 : wuyoukm/CVE-2021-1238 create time: 2021-07-29T05:13:40Z
CVE-2021-1237 : wuyoukm/CVE-2021-1237 create time: 2021-07-29T05:04:22Z
CVE-2021-1236 : wuyoukm/CVE-2021-1236 create time: 2021-07-29T04:52:21Z
Proof of concept code for CVE-2020-9014 : Crystalware/CVE-2020-9014 create time: 2021-07-29T04:37:09Z
CVE-2021-1235 : wuyoukm/CVE-2021-1235 create time: 2021-07-29T04:49:48Z
CVE-2021-3438 : wuyoukm/CVE-2021-3438 create time: 2021-07-29T04:01:17Z
CVE-2021-3438 : wuyoukm/CVE-2021-3438 create time: 2021-07-29T03:50:23Z
CVE-2020-14882 : wuyoukm/CVE-2020-14882 create time: 2021-07-29T03:45:40Z
CVE-2020-5248 : Mkway/CVE-2020-5248 create time: 2021-07-29T00:46:26Z
CVE-2018-9276 PRTG < 18.2.39 Reverse Shell (Python3 support) : A1vinSmith/CVE-2018-9276 create time: 2021-07-29T01:17:22Z
Exploit for CVE-2018-12636 : nth347/CVE-2018-12636_exploit create time: 2021-07-28T16:30:05Z
Local Privilege Escalation via snapd (CVE-2019-7304) Remastered PoC exploit : f4T1H21/dirty_sock create time: 2021-07-28T13:06:41Z
no description : zoukba0014/cve-2021-123456 create time: 2021-07-28T13:06:01Z
no description : dorisroot1/CVE-2021-412999 create time: 2021-07-28T12:24:39Z
no description : dorisroot1/CVE-2021-4121442 create time: 2021-07-28T12:12:22Z
no description : dorisroot1/CVE-2021-2197075 create time: 2021-07-28T12:10:45Z
no description : dorisroot1/CVE-2021-42892849 create time: 2021-07-28T12:07:30Z
no description : dorisroot1/CVE-2021-3214124 create time: 2021-07-28T12:05:39Z
no description : dorisroot1/CVE-2021-41241412 create time: 2021-07-28T12:03:41Z
no description : dorisroot1/CVE-2021-5128108 create time: 2021-07-28T11:59:26Z
no description : dorisroot1/CVE-2021-1258008 create time: 2021-07-28T11:53:08Z
no description : dorisroot1/CVE-2021-9878724 create time: 2021-07-28T11:50:00Z
no description : dorisroot1/CVE-2021-23142414 create time: 2021-07-28T11:46:29Z
no description : dorisroot1/CVE-2021-1594398 create time: 2021-07-28T11:43:55Z
no description : dorisroot1/CVE-2021-4124214 create time: 2021-07-28T11:41:02Z
no description : dorisroot1/CVE-2021-123324125 create time: 2021-07-28T11:37:54Z
no description : dorisroot1/CVE-2021-12523214 create time: 2021-07-28T11:34:12Z
no description : dorisroot1/CVE-2021-324213341 create time: 2021-07-28T11:28:24Z
no description : dorisroot1/CVE-2021-57834782 create time: 2021-07-28T11:25:43Z
no description : dorisroot1/CVE-2021-3020142 create time: 2021-07-28T11:21:49Z
no description : dpredrag/CVE-2020-28502 create time: 2021-07-28T11:01:56Z
no description : dorisroot1/CVE-2021-1908U77 create time: 2021-07-28T11:11:47Z
CESHI : dorisroot1/CVE-2021-98098098 create time: 2021-07-28T11:07:49Z
TEST : dorisroot1/CVE-2021-20119090 create time: 2021-07-28T11:05:09Z
no description : dorisroot1/CVE-2021-10909099222 create time: 2021-07-28T10:56:19Z
no description : dorisroot1/CVE-2021-1232123321 create time: 2021-07-28T10:51:38Z
no description : dorisroot1/CVE-2021-2321084 create time: 2021-07-28T10:49:19Z
no description : dorisroot1/CVE-2021-112333212 create time: 2021-07-28T10:34:36Z
no description : dorisroot1/CVE-2021-3211233 create time: 2021-07-28T10:31:49Z
no description : dorisroot1/CVE_2021-123321 create time: 2021-07-28T10:13:02Z
一个测试项目 : dorisroot1/CVE-2021-90000000000 create time: 2021-07-28T09:51:03Z
no description : TobiasS1402/CVE-2021-3438 create time: 2021-07-28T09:36:42Z
no description : dorisroot1/CVE-2021-990909090 create time: 2021-07-28T09:36:34Z
第一个项目在测试中 : dorisroot1/CVE-2021-000000 create time: 2021-07-28T09:35:14Z
测试 : dorisroot1/CVE-2021-1000000 create time: 2021-07-28T09:21:50Z
To fight against Windows security breach PrintNightmare! (CVE-2021-34527, CVE-2021-1675) : Tomparte/PrintNightmare create time: 2021-07-28T07:55:42Z
poc : anmuxi-bai/CVE-2018-11790 create time: 2021-07-28T06:18:30Z
NYCY_homework_&_meeting : BizarreLove/CVE-2021-3560 create time: 2021-07-28T06:05:46Z
An implementation of CVE-2017-12617 : jptr218/tc_hack create time: 2021-07-27T13:06:16Z
no description : HaboobLab/CVE-2019-13764 create time: 2021-07-27T08:30:00Z
CVE-2021–36934. Exploit allowing you to read any registry hives as non-admin in powershell : wolf0x/PSHiveNightmare create time: 2021-07-26T15:58:59Z
HiveNightmare aka SeriousSAM : exploitblizzard/CVE-2021-36934 create time: 2021-07-27T06:54:30Z
Proof of concept code for CVE-2021-3438 : Crystalware/CVE-2021-3438 create time: 2021-07-27T06:05:08Z
no description : haiclover/CVE-2021-21972 create time: 2021-07-26T18:48:28Z
no description : magichk/cve-2021-22146 create time: 2021-07-22T06:50:34Z
no description : 0x0D1n/CVE-2021-36934 create time: 2021-07-26T08:01:08Z
no description : deathflash1411/CVE-2021-35448 create time: 2021-07-26T07:10:10Z
CVE-2021-3560 (Polkit - Local Privilege Escalation) : deathflash1411/CVE-2021-3560 create time: 2021-07-26T07:08:36Z
Exploit code for CVE-2021-33909,Just a dump of removed https://github.com/AmIAHuman/ repo : bbinfosec43/CVE-2021-33909 create time: 2021-07-26T03:24:35Z
This PowerShell script will take the mitigation measures for CVE-2021-36934 described by Microsoft and the US CERT team. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934 https://kb.cert.org/vuls/id/506989 USE AT YOUR OWN RISK -- BACKUPS MAY BREAK. : jmaddington/Serious-Sam---CVE-2021-36934-Mitigation-for-Datto-RMM create time: 2021-07-25T18:00:35Z
CVE-2021–36934, Exploit allowing you to read any registry hives as non-admin. : wolf0x/HiveNightmare create time: 2021-07-25T14:39:31Z
HiveNightmare/SeriousSAM(CVE_2021_36934) : AttackTeamFamily/HiveNightmare create time: 2021-07-25T13:19:50Z
no description : NHPT/CVE-2021-88888 create time: 2021-07-25T12:41:44Z
Python PoC for CVE-2020-35846 targeting Cockpit 0.11.1 : JohnHammond/CVE-2020-35846 create time: 2021-07-25T05:05:14Z
PoC for CVE-2021-36934 Aka HiveNightmare/SeriousSAM written in python3 : Sp00p64/PyNightmare create time: 2021-07-25T00:31:11Z
Spotweb 1.4.9 - 'search' SQL Injection : bousalman/CVE-2020-35545 create time: 2021-07-24T18:12:35Z
PoC for exploiting CVE-2019-10181 : It was found that in icedtea-web up to and including 1.7.2 and 1.8.2 executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox. : AlAIAL90/CVE-2019-10181 create time: 2021-07-24T12:33:56Z
PoC for exploiting CVE-2020-14409 : SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. : AlAIAL90/CVE-2020-14409 create time: 2021-07-24T12:33:49Z
PoC for exploiting CVE-2020-14410 : SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. : AlAIAL90/CVE-2020-14410 create time: 2021-07-24T12:33:43Z
PoC for exploiting CVE-2020-13959 : The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks. : AlAIAL90/CVE-2020-13959 create time: 2021-07-24T12:33:37Z
PoC for exploiting CVE-2020-13936 : An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. : AlAIAL90/CVE-2020-13936 create time: 2021-07-24T12:33:32Z
PoC for exploiting CVE-2020-36277 : Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c. : AlAIAL90/CVE-2020-36277 create time: 2021-07-24T12:33:26Z
PoC for exploiting CVE-2020-36280 : Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c. : AlAIAL90/CVE-2020-36280 create time: 2021-07-24T12:33:20Z
PoC for exploiting CVE-2020-36278 : Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c. : AlAIAL90/CVE-2020-36278 create time: 2021-07-24T12:33:14Z
PoC for exploiting CVE-2020-36279 : Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c. : AlAIAL90/CVE-2020-36279 create time: 2021-07-24T12:33:08Z
PoC for exploiting CVE-2020-36281 : Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c. : AlAIAL90/CVE-2020-36281 create time: 2021-07-24T12:33:02Z
C# PoC for CVE-2021-36934/HiveNightmare/SeriousSAM : cube0x0/CVE-2021-36934 create time: 2021-07-24T12:55:05Z
PoC for exploiting CVE-2021-28906 : In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. : AlAIAL90/CVE-2021-28906 create time: 2021-07-24T12:32:56Z
PoC for exploiting CVE-2021-28905 : In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617). : AlAIAL90/CVE-2021-28905 create time: 2021-07-24T12:32:50Z
PoC for exploiting CVE-2021-28904 : In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash. : AlAIAL90/CVE-2021-28904 create time: 2021-07-24T12:32:43Z
PoC for exploiting CVE-2021-28903 : A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash. : AlAIAL90/CVE-2021-28903 create time: 2021-07-24T12:32:37Z
PoC for exploiting CVE-2021-28902 : In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash. : AlAIAL90/CVE-2021-28902 create time: 2021-07-24T12:32:31Z
no description : Hydragyrum/CVE-2019-20933 create time: 2021-07-24T11:12:13Z
This Repo is PoC environment of CVE-2014-6271(https://nvd.nist.gov/vuln/detail/cve-2014-6271). : mochizuki875/CVE-2014-6271-Apache-Debian create time: 2021-07-24T07:47:55Z
no description : NHPT/CVE-2021-test create time: 2021-07-24T04:17:45Z
no description : azu/msgpack-CVE-2021-23410-test create time: 2021-07-24T01:05:02Z
Exploit Analysis of The WhatsApp Double-Free Vulnerability (CVE-2019-11932) Using the GEF-GDB Debugger : k3vinlusec/WhatsApp-Double-Free-Vulnerability_CVE-2019-11932 create time: 2021-07-23T21:29:56Z
https://www.zerodayinitiative.com/advisories/ZDI-20-712/ : k3vinlusec/R7000_httpd_BOF_CVE-2020-15416 create time: 2020-10-09T23:42:50Z
This is a RCE bluetooth vulnerability on Android 8.0 and 9.0 : k3vinlusec/Bluefrag_CVE-2020-0022 create time: 2020-07-01T00:23:33Z
Exploit for HiveNightmare - CVE-2021–36934 : FireFart/hivenightmare create time: 2021-07-23T06:36:08Z
no description : 3t4n/samba-3.0.24-CVE-2007-2447-vunerable- create time: 2021-07-23T03:19:10Z
CVE-2021-36934 PowerShell scripts : bytesizedalex/CVE-2021-36934 create time: 2021-07-22T21:54:45Z
A script to generate malicious snap package, and gain reverse shell connection, simulating CVE-2019-7304 attack : RyouYoo/dirty_snap create time: 2021-07-22T14:47:38Z
Windows Elevation of Privilege Vulnerability (SeriousSAM) : VertigoRay/CVE-2021-36934 create time: 2021-07-22T14:53:09Z
no description : zoukba0014/cve-2021-44444 create time: 2021-07-22T14:47:06Z
no description : KISH84172/CVE-2019-11933 create time: 2021-07-22T13:45:00Z
no description : haerin7427/CVE_2020_1938 create time: 2021-07-22T12:34:12Z
CVE-2021-36934 PowerShell Fix : tda90/CVE-2021-36934 create time: 2021-07-22T12:24:24Z
A capability to identify and remediate CVE-2021-36934 (HiveNightmare) : WiredPulse/Invoke-HiveDreams create time: 2021-07-22T12:10:41Z
no description : NHPT/CVE-2021-test create time: 2021-07-22T11:35:07Z
see https://github.com/cube0x0/CVE-2021-1675 : hahaleyile/my-CVE-2021-1675 create time: 2021-07-22T10:49:30Z
no description : NHPT/CVE-2021-121212 create time: 2021-07-22T09:25:27Z
HiveNightmare a.k.a. SeriousSam Local Privilege Escalation in Windows – CVE-2021-36934 : romarroca/SeriousSam create time: 2021-07-22T07:49:29Z
no description : 1111one/laravel-CVE-2021-3129-EXP create time: 2021-07-22T07:35:04Z
PoC for CVE-2021-36934, which enables a standard user to be able to retrieve the SAM, Security, and Software Registry hives in Windows 10 version 1809 or newer : WiredPulse/Invoke-HiveNightmare create time: 2021-07-22T03:07:56Z
Small and dirty PoC for CVE-2021-36934 : Wh04m1001/VSSCopy create time: 2021-07-22T00:55:23Z
Bypass intended access control in Plex Media Server (CVE-2018-21031) : manmolecular/tautulli-cve-2018-21031 create time: 2021-07-21T18:02:41Z
no description : zyeinn/CVE-2020-23934 create time: 2021-07-21T18:26:23Z
This module fixes an issue in the kernels filesystem layer (CVE-2021-33909) by kprobe-replacing vulnerable functions during runtime : baerwolf/cve-2021-33909 create time: 2021-07-21T18:22:55Z
Detection and Mitigation script for CVE-2021-36934 (HiveNightmare aka. SeriousSam) : n3tsurge/CVE-2021-36934 create time: 2021-07-21T17:24:44Z
Sequoia exploit (7/20/21) : Liang2580/CVE-2021-33909 create time: 2021-07-21T04:04:49Z
Fix for the CVE-2021-36934 : JoranSlingerland/CVE-2021-36934 create time: 2021-07-21T13:06:51Z
Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation : HuskyHacks/ShadowSteal create time: 2021-07-20T22:16:49Z
Sequoia exploit (7/20/21) : AmIAHuman/CVE-2021-33909 create time: 2021-07-20T23:00:44Z
no description : cseasholtz/CVE-2021-36747 create time: 2021-07-20T18:45:30Z
no description : cseasholtz/CVE-2021-36746 create time: 2021-07-20T18:45:12Z
Atlassian Jira unauthen template injection : PetrusViet/CVE-2019-11581 create time: 2021-05-04T06:30:47Z
no description : madhans23/libpcap-with-Fix-CVE-2019-15165 create time: 2021-07-20T08:57:09Z
no description : madhans23/libpcap-without-Fix-CVE-2019-15165 create time: 2021-07-20T07:18:17Z
no description : Winter3un/CVE-2021-1675 create time: 2021-07-20T06:26:45Z
no description : madhans23/libpcap-without-Fix-CVE-2019-15165 create time: 2021-07-20T05:41:47Z
An extended proof-of-concept for the CVE-2021-21551 Dell ‘dbutil_2_3.sys’ Kernel Exploit. : mzakocs/CVE-2021-21551-POC create time: 2021-06-02T05:13:07Z
ETS5 Password Recovery Tool is a PoC for CVE-2021-36799 : robertguetzkow/ets5-password-recovery create time: 2021-07-18T13:59:43Z
PoC of SQL Injection vul(CVE-2020-9483,Apache SkyWalking) : yukiNeko114514/CVE-2020-9483 create time: 2021-07-19T06:50:17Z
CVE-2021-222123131 : TheCryingGame/CVE-2021-222123131 create time: 2021-07-19T03:34:50Z
no description : Henry4E36/CVE-2021-99999 create time: 2021-07-19T03:27:20Z
TEST : Henry4E36/CVE-2021-99999 create time: 2021-07-19T03:04:47Z
no description : 3hydraking/CVE-2019-16278 create time: 2021-07-19T00:45:07Z
no description : 3hydraking/CVE-2019-9053 create time: 2021-07-18T20:37:30Z
no description : 14601/CVE-2020-14882 create time: 2021-07-02T09:38:21Z
systeminformation : MazX0p/CVE-2021-21315-exploit create time: 2021-07-18T01:18:31Z
pendingintent vulnerability : MazX0p/CVE-2014-8609-POC create time: 2021-07-17T16:29:58Z
no description : yuhaishenedc/CVE2016_off_path create time: 2021-07-17T00:53:07Z
no description : cgwalters/container-cve-2021-22555 create time: 2021-07-16T19:12:57Z
no description : thalpius/Microsoft-CVE-2021-1675 create time: 2021-07-16T18:06:05Z
Tool to check whether a PGP client is affected by CVE-2021-33560 : IBM/PGP-client-checker-CVE-2021-33560 create time: 2021-07-16T15:24:11Z
no description : 1stPeak/CVE-2019-2725-environment create time: 2021-07-16T07:14:53Z
no description : 3hydraking/CVE-2017-7269 create time: 2021-07-16T07:02:27Z
CVE-2021-3493 Ubuntu漏洞 : derek-turing/CVE-2021-3493 create time: 2021-07-16T04:02:54Z
CVE-2021-22555 Exploit : JustYoomoon/CVE-2021-22555-Exploit create time: 2021-07-16T01:40:52Z
no description : 3hydraking/CVE-2009-2265 create time: 2021-07-15T23:14:11Z
no description : 3hydraking/CVE-2015-6668 create time: 2021-07-15T21:58:15Z
no description : JoneyJunior/cve-2021-22555 create time: 2021-07-15T10:17:42Z
no description : fkm75P8YjLkb/CVE-2012-1870 create time: 2021-07-15T04:33:10Z
no description : fkm75P8YjLkb/CVE-2021-26690 create time: 2021-07-15T04:38:43Z
no description : fkm75P8YjLkb/CVE-2021-26691 create time: 2021-07-15T04:37:58Z
no description : fkm75P8YjLkb/CVE-2021-30641 create time: 2021-07-15T04:31:58Z
no description : fkm75P8YjLkb/CVE-2021-3516 create time: 2021-07-15T04:29:56Z
no description : fkm75P8YjLkb/CVE-2021-34496 create time: 2021-07-15T04:23:58Z
Exploit for CVE-2020-15778(OpenSSH vul) : yukiNeko114514/CVE-2020-15778-Exploit create time: 2021-07-15T01:04:24Z
no description : puckiestyle/CVE-2021-30461 create time: 2021-07-14T19:20:11Z
no description : TheWay-hue/CVE-2017-5689-Checker create time: 2021-07-14T14:26:29Z
no description : hacker-ali-17/CVE-2021-50126 create time: 2021-07-14T12:29:21Z
no description : 1stPeak/CVE-2020-0796-Scanner create time: 2021-07-14T06:38:05Z
no description : Mochican/CVE-2021-10086 create time: 2021-07-14T03:38:36Z
no description : alexzorin/cve-2021-34558 create time: 2021-07-13T06:15:21Z
CVE-2020-25134 Authenticated Local File Inclusion in settings/format : ynsmroztas/CVE-2020-25134 create time: 2021-07-13T05:29:30Z
no description : Karma2424/cve2019-2215-3.18 create time: 2021-07-13T02:40:09Z
A patch for PrintNightmare vulnerability that occurs to print spooler service for Windows machines [CVE-2021-34527] : 0xIrison/PrinterNightmare-Patcher create time: 2021-07-12T14:14:29Z
A fix for PrintNightmare vulnerability that occurs to print spooler service for Windows machines [CVE-2021-34527] : 0xIrison/PrinterNightmare-Patcher create time: 2021-07-12T13:51:21Z
no description : huydoppa/CVE-2021-24347- create time: 2021-07-12T09:02:47Z
CVE-2021-34527 - PrintNightmare LPE (PowerShell) : galoget/PrintNightmare-CVE-2021-34527 create time: 2021-07-12T08:18:40Z
CVE-2020-24148 Proof-of-Concept : dwisiswant0/CVE-2020-24148 create time: 2021-07-12T02:01:26Z
no description : 3hydraking/CVE-2015-1635 create time: 2021-07-12T00:37:54Z
no description : 3hydraking/CVE-2015-1635-POC create time: 2021-07-12T00:23:30Z
no description : aristosMiliaressis/CVE-2021-21985 create time: 2021-07-11T20:38:19Z
Scanner for CVE-2020-1938 : yukiNeko114514/CVE-2020-1938 create time: 2021-07-11T14:38:21Z
no description : k8gege/cve-2021-1675 create time: 2021-07-11T03:48:25Z
no description : AndrewIjano/CVE-2020-8277 create time: 2021-07-10T20:42:11Z
no description : 3hydraking/CVE-2011-1249 create time: 2021-07-10T19:27:23Z
no description : IlRabbino/Internet-Security-Project---CVE-2021-26814 create time: 2021-07-10T16:04:28Z
SQL injection via unsanitized QuerySet.order_by() input : YouGina/CVE-2021-35042 create time: 2021-07-10T12:38:52Z
A fix for PrintNightmare vulnerability that occurs to print spoolers for Windows machines [CVE-2021-34527] : 0xIrison/PrintNightmare_Resolver create time: 2021-07-10T08:21:28Z
Experimenting with the CVE-2020-14343 PyYAML vulnerability : raul23/pyyaml-CVE-2020-14343 create time: 2021-06-27T06:56:15Z
A collection of scripts to help set the appropriate registry keys for CVE-2021-34527 : syntaxbearror/PowerShell-PrintNightmare create time: 2021-07-09T21:28:16Z
no description : 3hydraking/CVE-2019-6447 create time: 2021-07-09T19:21:29Z
Fix for PrintNightmare CVE-2021-34527 : Eutectico/Printnightmare create time: 2021-07-09T09:22:03Z
no description : dywhoami/CVE-2021-34527-0day-Windows-Print-Spooler- create time: 2021-07-09T08:27:36Z
no description : 3hydraking/CVE-2019-5736 create time: 2021-07-08T22:46:30Z
CVE-2021-34527 implementation : glorisonlai/printnightmare create time: 2021-07-08T18:56:04Z
ms08_067 ( Python3 Script) : 3hydraking/MS08_067_CVE-2008-4250 create time: 2021-07-07T14:58:26Z
no description : 3hydraking/MS17-010_CVE-2017-0143 create time: 2021-07-08T17:35:50Z
A CVE-2013-2028 implementation : jptr218/nginxhack create time: 2021-07-08T17:17:34Z
no description : 3hydraking/usermap_script_CVE-2007-2447 create time: 2021-07-01T21:58:36Z
no description : bartimus-primed/CVE-2021-1675-Yara create time: 2021-07-08T16:18:52Z
Dlink credentials decryption tool poc : full-disclosure/FDEU-CVE-2021-525A create time: 2021-07-08T10:14:12Z
no description : haiclover/CVE-2021-21985 create time: 2021-07-08T04:45:19Z
no description : huydoppa/CVE-2018-15877 create time: 2021-07-08T07:41:41Z
CVE test : arch3rPro/CVE-2020-22222 create time: 2021-07-08T01:42:54Z
Mitigation for CVE-2021-34527 RCE by setting WRITE ACLs - Setting Modify Deny ACLs can cause other issues and is not recommended : WidespreadPandemic/CVE-2021-34527_ACL_mitigation create time: 2021-07-08T01:32:18Z
CVE-2020-1956 : b510/CVE-2020-1956 create time: 2021-07-08T00:58:07Z
no description : corelight/CVE-2021-1675 create time: 2021-07-02T16:44:24Z
Information on the Windows Spooler vulnerability - CVE-2021-1675; CVE 2021 34527 : JumpsecLabs/PrintNightmare- create time: 2021-07-07T08:32:09Z
How to fix the PrintNightmare vulnerability : powershellpr0mpt/PrintNightmare-CVE-2021-34527 create time: 2021-07-07T07:58:53Z
Simple batch script to disable the Microsoft Print Spooler service from system : vinaysudheer/Disable-Spooler-Service-PrintNightmare-CVE-2021-34527 create time: 2021-07-07T06:41:15Z
no description : inspiringz/CVE-2021-3493 create time: 2021-07-07T06:16:48Z
Tool to take advantage of CVE-2019-6447 : mcmahonr/cve-2019-6447 create time: 2021-07-06T23:13:55Z
A scanner for the CVE-2020-1472 vulnerability aka Zerologon. : NickSanzotta/zeroscan create time: 2021-06-23T12:23:48Z
A PrintNightmare (CVE-2021-3457) Python Scanner. Scan entire subnets for hosts vulnerable to the PrintNightmare RCE : byt3bl33d3r/ItWasAllADream create time: 2021-07-05T20:13:49Z
To check if Spooler is on and whether is it vulnerable to CVE 2021-34527 : yyhh91/PrintNightMareChecker create time: 2021-07-06T02:07:24Z
Exploits Password Reset Vulnerability in OpenCRX, CVE-2020-7378. Also maintains Stealth by deleting all the password reset mails created by the script : ruthvikvegunta/openCRX-CVE-2020-7378 create time: 2021-07-06T00:36:18Z
Disable remote sessions to print spooler withtout disabling the print spooler service : officedrone/CVE-2021-34527-workaround create time: 2021-07-05T20:02:50Z
no description : geekbrett/CVE-2021-34527-PrintNightmare-Workaround create time: 2021-07-05T17:50:56Z
Workaround for Windows Print Spooler Remote Code Execution Vulnerability(CVE-2021-34527). See: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 : rdboboia/disable-RegisterSpoolerRemoteRpcEndPoint create time: 2021-07-05T16:49:32Z
OpenEMR < 5.0.1.4 - (Authenticated) File upload - Remote command execution : sec-it/exploit-CVE-2018-15139 create time: 2021-07-05T16:03:38Z
Workaround for Windows Print Spooler Remote Code Execution Vulnerability(CVE-2021-34527). See: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 : rdboboia/disable-RegisterSpoolerRemoteRpcEndPoint create time: 2021-07-05T16:32:45Z
CVE-2021-1675 (PrintNightmare) : sailay1996/PrintNightmare-LPE create time: 2021-07-05T14:17:03Z
no description : edsonjt81/CVE-2021-1675 create time: 2021-07-05T12:10:43Z
Exploit Accsess network clients by sending packets in wirless TP-LINK and preparing for a mitm attack : lhashashinl/CVE-2021-37152 create time: 2021-07-05T08:37:52Z
no description : adarshvs/CVE-2020-3580 create time: 2021-06-28T06:51:26Z
no description : lwzSoviet/CVE-2021-3281 create time: 2021-07-05T08:25:26Z
no description : zxn1/CVE-2019-11932 create time: 2021-07-04T17:07:19Z
Masscanner for Laravel phpunit RCE CVE-2017-9841 : r00td3v/lavarel-phpunit-rce-masscaner create time: 2021-07-04T16:15:27Z
no description : CnOxx1/CVE-2021-34527-1675 create time: 2021-07-04T16:09:18Z
no description : dorkerdevil/CVE-2021-21975 create time: 2021-03-31T13:33:45Z
Youtube : https://youtu.be/Zr0KjYDSFKQ : exploitblizzard/PrintNightmare-CVE-2021-1675 create time: 2021-07-04T09:50:39Z
Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527) : nemo-wq/CVE-2021-1675_CVE-2021-34527_PrintNightmare create time: 2021-07-03T15:15:12Z
Exploit for MS Http Protocol Stack RCE vulnerability (CVE-2021-31166) : y0g3sh-99/CVE-2021-31166-Exploit create time: 2021-07-03T14:54:59Z
Windows Print Spooler Service RCE CVE-2021-1675 (PrintNightmare) : ozergoker/PrintNightmare create time: 2021-07-03T12:25:21Z
no description : MrRobotTnT/CVE-2016-3088 create time: 2021-07-03T10:23:59Z
PentesterLab's CVE-2018-6574 exercise : rizemon/CVE-2018-6574 create time: 2021-07-03T09:01:52Z
随便放点自己弄的小东西 : yukiNeko114514/CVE-2020-0674-PoC create time: 2021-07-03T04:17:35Z
no description : N0Coriander/CVE-2020-14882-14883 create time: 2021-07-03T02:02:42Z
to catch cve-2021-1675-printnightmare : initconf/cve-2021-1675-printnightmare create time: 2021-07-03T01:04:06Z
A temporary mitigation to the CVE-2021-1675. Print Spooler will be disabled during non-business hours. : gohrenberg/CVE-2021-1675-Mitigation-For-Systems-That-Need-Spooler create time: 2021-07-02T21:18:11Z
no description : whokilleddb/CVE-2019-15107 create time: 2021-07-02T19:51:18Z
Exploit Code For CVE-2019-15107 : whokilleddb/CVE-2019-15107 create time: 2021-07-02T18:22:45Z
Explore CVE-2019-6447 using a script : sidhawkss/ES-File-Explorer-Vulnerability-on-port-59777 create time: 2021-07-02T18:00:29Z
CVE-2021-1675: ZERO-DAY VULNERABILITY IN WINDOWS PRINTER SERVICE WITH AN EXPLOIT AVAILABLE IN ALL OPERATING SYSTEM VERSIONS : ptter23/CVE-2021-1675 create time: 2021-07-02T18:01:21Z
no description : kougyokugentou/CVE-2021-1675 create time: 2021-07-02T17:29:04Z
no description : killtr0/CVE-2021-1675-PrintNightmare create time: 2021-07-02T16:12:15Z
Fix for the security : fardinbarashi/Fix-CVE-2021-34527 create time: 2021-07-02T14:25:44Z
no description : JohnHammond/CVE-2021-34527 create time: 2021-07-02T12:10:49Z
Apache Tapestry CVE-2021-27850 PoC : Ovi3/CVE_2021_27850_POC create time: 2021-07-02T10:21:58Z
How to enable Smart Check to detect CVE-2019-5021 : mawinkler/smartcheck-cve-2019-5021 create time: 2021-07-02T10:10:26Z
no description : mr-nO0b/CVE-2021-3560 create time: 2021-07-02T10:03:26Z
Aapche Tapestry Unserialize Vuln CVE-2021-27850 PoC : Ovi3/CVE_2021_27850_POC create time: 2021-07-02T09:36:59Z
OpenEMR < 5.0.2 - (Authenticated) Path Traversal - Local File Disclosure : sec-it/exploit-CVE-2019-14530 create time: 2021-06-30T08:59:57Z
Kritische Sicherheitslücke PrintNightmare CVE-2021-34527 : glshnu/PrintNightmare create time: 2021-07-02T07:30:52Z
no description : mrezqi/CVE-2021-1675_CarbonBlack_HuntingQuery create time: 2021-07-02T07:30:24Z
no description : thomasgeens/CVE-2021-1675 create time: 2021-07-02T06:14:29Z
Vulnerability Scanner for CVE-2021-1675/PrintNightmare : Leonidus0x10/CVE-2021-1675-SCANNER create time: 2021-07-02T01:45:00Z
Pure PowerShell implementation of CVE-2021-1675 Print Spooler Local Privilege Escalation (PrintNightmare) : calebstewart/CVE-2021-1675 create time: 2021-07-01T23:45:58Z
no description : 3hydraking/distccd_rce_CVE-2004-2687 create time: 2021-07-01T21:56:34Z
Fix without disabling Print Spooler : tanarchytan/CVE-2021-1675 create time: 2021-07-01T19:50:46Z
no description : cybersecurityworks553/CVE-2021-1675_PrintNightMare create time: 2021-07-01T13:58:01Z
Proof of Concept Exploit for CVE-2021-35956, AKCP sensorProbe - 'Multiple' Cross Site Scripting (XSS) : tcbutler320/CVE-2021-35956 create time: 2021-07-01T12:44:05Z
no description : DenizSe/CVE-2020-1675 create time: 2021-07-01T12:12:16Z
no description : puckiestyle/CVE-2021-1675 create time: 2021-07-01T12:24:19Z
no description : Katarina-1997/IM-113-2016-Cvetkov-Katarina create time: 2021-07-01T10:52:05Z
PoC for exploiting CVE-2020-21787 : AlAIAL90/CVE-2020-21787 create time: 2021-07-01T10:07:10Z
PoC for exploiting CVE-2020-24511 : AlAIAL90/CVE-2020-24511 create time: 2021-07-01T10:06:58Z
PoC for exploiting CVE-2020-24512 : AlAIAL90/CVE-2020-24512 create time: 2021-07-01T10:06:51Z
PoC for exploiting CVE-2020-21784 : AlAIAL90/CVE-2020-21784 create time: 2021-07-01T10:06:45Z
PoC for exploiting CVE-2021-29949 : AlAIAL90/CVE-2021-29949 create time: 2021-07-01T10:10:07Z
PoC for exploiting CVE-2021-21676 : AlAIAL90/CVE-2021-21676 create time: 2021-07-01T10:10:01Z
PoC for exploiting CVE-2021-21675 : AlAIAL90/CVE-2021-21675 create time: 2021-07-01T10:09:57Z
PoC for exploiting CVE-2021-21674 : AlAIAL90/CVE-2021-21674 create time: 2021-07-01T10:09:52Z
PoC for exploiting CVE-2021-21673 : AlAIAL90/CVE-2021-21673 create time: 2021-07-01T10:09:48Z
PoC for exploiting CVE-2021-21672 : AlAIAL90/CVE-2021-21672 create time: 2021-07-01T10:09:45Z
PoC for exploiting CVE-2021-21671 : AlAIAL90/CVE-2021-21671 create time: 2021-07-01T10:09:40Z
PoC for exploiting CVE-2021-21670 : AlAIAL90/CVE-2021-21670 create time: 2021-07-01T10:09:36Z
PoC for exploiting CVE-2021-29948 : AlAIAL90/CVE-2021-29948 create time: 2021-07-01T10:09:32Z
PoC for exploiting CVE-2021-33528 : AlAIAL90/CVE-2021-33528 create time: 2021-07-01T10:09:28Z
PoC for exploiting CVE-2021-33530 : AlAIAL90/CVE-2021-33530 create time: 2021-07-01T10:09:16Z
PoC for exploiting CVE-2021-33529 : AlAIAL90/CVE-2021-33529 create time: 2021-07-01T10:09:12Z
PoC for exploiting CVE-2021-33531 : AlAIAL90/CVE-2021-33531 create time: 2021-07-01T10:09:08Z
PoC for exploiting CVE-2021-29954 : AlAIAL90/CVE-2021-29954 create time: 2021-07-01T10:09:04Z
PoC for exploiting CVE-2021-32736 : AlAIAL90/CVE-2021-32736 create time: 2021-07-01T10:08:59Z
PoC for exploiting CVE-2021-22368 : AlAIAL90/CVE-2021-22368 create time: 2021-07-01T10:08:54Z
PoC for exploiting CVE-2021-22367 : AlAIAL90/CVE-2021-22367 create time: 2021-07-01T10:08:50Z
PoC for exploiting CVE-2021-22354 : AlAIAL90/CVE-2021-22354 create time: 2021-07-01T10:08:46Z
PoC for exploiting CVE-2021-22353 : AlAIAL90/CVE-2021-22353 create time: 2021-07-01T10:08:42Z
PoC for exploiting CVE-2021-1075 : AlAIAL90/CVE-2021-1075 create time: 2021-07-01T10:08:39Z
PoC for exploiting CVE-2021-29945 : AlAIAL90/CVE-2021-29945 create time: 2021-07-01T10:08:34Z
PoC for exploiting CVE-2021-20580 : AlAIAL90/CVE-2021-20580 create time: 2021-07-01T10:08:31Z
PoC for exploiting CVE-2021-20490 : AlAIAL90/CVE-2021-20490 create time: 2021-07-01T10:08:26Z
PoC for exploiting CVE-2021-20477 : AlAIAL90/CVE-2021-20477 create time: 2021-07-01T10:08:14Z
PoC for exploiting CVE-2021-29677 : AlAIAL90/CVE-2021-29677 create time: 2021-07-01T10:08:10Z
PoC for exploiting CVE-2021-33348 : AlAIAL90/CVE-2021-33348 create time: 2021-07-01T10:07:25Z
PoC for exploiting CVE-2021-29965 : AlAIAL90/CVE-2021-29965 create time: 2021-07-01T10:07:06Z
PoC for exploiting CVE-2021-31506 : AlAIAL90/CVE-2021-31506 create time: 2021-07-01T10:07:02Z
PoC for exploiting CVE-2021-29964 : AlAIAL90/CVE-2021-29964 create time: 2021-07-01T10:06:50Z
Local Privilege Escalation Edition for CVE-2021-1675 : hlldz/CVE-2021-1675-LPE create time: 2021-07-01T09:47:13Z
CVE-2021-1675 Simple LPE Exploit : evilashz/CVE-2021-1675-LPE-EXP create time: 2021-07-01T09:00:31Z
openam-CVE-2021-35464 执行命令回显 : Y4er/openam-CVE-2021-35464 create time: 2021-07-01T03:51:32Z
no description : zhongjiao01/cve-2021-21 create time: 2021-07-01T03:08:11Z
no description : kondah/patch-cve-2021-1675 create time: 2021-06-30T23:39:21Z
Create your malicious engine in seconds : Retr02332/CVE-2020-7115 create time: 2021-06-30T22:56:07Z
CVE-2021-1675 Detection Info : LaresLLC/CVE-2021-1675 create time: 2021-06-30T18:32:17Z
no description : TheFlash2k/CVE-2021-3156 create time: 2021-06-30T18:00:03Z
Exploit for CVE-2018-15961, a unrestricted file upload vulnerability in Adobe ColdFusion 2018 leading to RCE : xbufu/CVE-2018-15961 create time: 2021-06-30T08:15:18Z
CVE-2007-2447 - Samba usermap script : Alien0ne/CVE-2007-2447 create time: 2021-06-30T00:13:31Z
no description : AssassinUKG/Polkit-CVE-2021-3560 create time: 2021-06-29T20:47:16Z
Impacket implementation of CVE-2021-1675 : cube0x0/CVE-2021-1675 create time: 2021-06-29T17:24:14Z
Microsoft acknowledged a critical remote code execution vulnerability (CVE – 2020 - 1350) existing in Windows Domain Name System (DNS) when it fails to properly handle requests. An adversary who successfully exploits the vulnerability could run arbitrary code or malicious code in the context of the Local System Account. And this vulnerability rests on the DNS client while it handles specific requests. This means that an attacker who does not perform an authentication can gain control of an account that exists locally on the system, even remotely. This will allow the host to reach a complete compromise. T : ejlevin99/CVE---2020---1350 create time: 2021-06-29T16:32:53Z
Gitlab SSRF : Vulnmachines/gitlab-cve-2021-22214 create time: 2021-06-29T15:04:35Z
CVE-2021-1675 exploit : yu2u/CVE-2021-1675 create time: 2021-06-29T14:24:30Z
Overview PoC of CSRF CVE-2019-9787 WordPress Version 5.1.1 : dexXxed/CVE-2019-9787 create time: 2021-06-29T08:57:43Z
ZeroShell命令执行漏洞批量扫描poc+exp : MzzdToT/CVE-2019-12725 create time: 2021-06-29T06:24:22Z
测试 : TplusSs/CVE-2021-08891 create time: 2021-06-29T05:19:57Z
Exploit for CVE-2020-15368 (Asrock RGB driver) : stong/CVE-2020-15368 create time: 2021-06-29T04:38:24Z
My exploit for ES Explorer Android App open port vulnerability. : N3H4L/CVE-2019-6447 create time: 2021-06-28T15:25:49Z
no description : sijidufei/CVE-2016-5195 create time: 2021-06-28T03:38:32Z
no description : yinyinmeimei/CVE-2017-7494-payload create time: 2021-06-28T03:29:02Z
Check the conditions for exploiting CVE-2021-23383 through the handlebars library version assessment. : dn9uy3n/Check-CVE-2021-23383 create time: 2021-06-28T01:29:31Z
POC for exploiting CVE-2021-27928 : seska451/mariadb-cve-2021-27928 create time: 2021-06-27T13:02:58Z
TESLA MODEL 3 HACK : AmazingOut/Tesla-CVE-2020-10558 create time: 2021-06-27T04:46:01Z
compiled CVE-2015-1328 : notlikethis/CVE-2015-1328 create time: 2021-06-26T22:20:07Z
CVE-2021-123456 : vQAQv/CVE-2021-123456 create time: 2021-06-26T13:45:53Z
no description : amil-ptl-test/ptl_cve_2011_0228 create time: 2021-06-26T10:37:31Z
no description : amil-ptl-test/ptl_cve_2018_6574 create time: 2021-06-26T10:39:22Z
no description : mavillon1/CVE-2012-31955-POC create time: 2021-06-26T02:50:28Z
Proof of Concept for CVE-2021-33624 : Kakashiiiiy/CVE-2021-33624 create time: 2021-06-25T22:19:38Z
A Proof of concept for CVE-2021-27850 affecting Apache Tapestry and leading to unauthencticated remote code execution. : kahla-sec/CVE-2021-27850_POC create time: 2021-06-25T13:55:41Z
Remote Mouse GUI 3.008 - Local Privilege Escalation : deathflash1411/CVE-2021-35448 create time: 2021-06-25T08:58:10Z
no description : donghyunlee00/CVE-2021-3156 create time: 2021-06-25T05:45:11Z
no description : Hudi233/CVE-2020-3580 create time: 2021-06-25T04:39:30Z
Writeup for CVE-2021-35475; Stored Cross-Site Scripting(XSS) on SAS® Environment Manager 2.5 : saitamang/CVE-2021-35475 create time: 2021-06-25T03:08:44Z
My implementation of CVE-2020-0041 : Byte-Master-101/CVE-2020-0041 create time: 2021-06-25T02:19:17Z
Resources for the Spectre vulnerability (CVE-2017-5753 and CVE-2017-5715) : raul23/spectre create time: 2021-06-25T00:11:51Z
Resources for the Meltdown vulnerability (CVE-2017-5754) : raul23/meltdown create time: 2021-06-25T00:07:21Z
Resources for the Kr00k vulnerability (CVE-2019-15126) : raul23/Kr00k create time: 2021-06-24T22:04:42Z
no description : noobTest1122/CVE-2018-6574 create time: 2021-06-24T16:23:55Z
no description : KZMachine/CVERT-2021 create time: 2021-06-24T15:49:24Z
PoC for CVE-2021-32537: an out-of-bounds memory access that leads to pool corruption in the Windows kernel. : 0vercl0k/CVE-2021-32537 create time: 2021-06-09T15:44:00Z
no description : wdahlenburg/CVE-2020-14841 create time: 2021-06-24T13:49:32Z
GravCMS Unauthenticated Arbitrary YAML Write/Update leads to Code Execution (CVE-2021-21425) : CsEnox/CVE-2021-21425 create time: 2021-06-24T13:06:24Z
Remote Command Execution through Unvalidated File Upload in SeedDMS versions <5.1.11 : nobodyatall648/CVE-2019-12744 create time: 2021-06-24T12:58:02Z
no description : Badbird3/CVE-2017-5638 create time: 2021-06-24T05:41:45Z
Archive: Exploit https://www.cvedetails.com/cve/CVE-2014-2321/ For CentOS : injectionmethod/ZTE-Vuln-4-Skids create time: 2021-06-24T03:16:18Z
CVE 2021-21315 exploit : 0UR4N05/CVE-2021-21315 create time: 2021-06-22T20:18:38Z
no description : garrett-adler/cve-2018-6574 create time: 2021-06-22T17:46:45Z
no description : KZMachine/CVERT_2021 create time: 2021-06-22T15:18:06Z
no description : m3terpreter/CVE-2016-4437 create time: 2021-06-22T06:08:55Z
no description : KZMachine/KZMachine-CVERT_2021 create time: 2021-06-22T03:15:46Z
Gitlab CI Lint API未授权 SSRF漏洞 (CVE-2021-22214) : r0ckysec/CVE-2021-22214 create time: 2021-06-22T03:04:50Z
a reliable C based exploit for CVE-2021-3560. : 595cyi/CVE-2021-3560 create time: 2021-06-22T02:18:31Z
RCE in EXIF metadata removal from images research : awasthi7/CVE-2020-Exif-RCE create time: 2021-06-21T07:59:00Z
no description : pywc/CVE-2019-0708 create time: 2021-06-21T03:57:15Z
no description : rjt-gupta/CVE-2021-29337 create time: 2021-06-21T01:59:58Z
go rce : jaya522/CVE-2018-6574-go-get-RCE create time: 2021-06-20T11:44:38Z
go rce : jaya522/CVE-2018-6574-go-get-RCE create time: 2021-06-20T10:32:42Z
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product. : Diefunction/CVE-2021-27928 create time: 2021-06-20T08:54:06Z
no description : mrofisr/docker-cve-2021-3156 create time: 2021-06-20T02:47:02Z
POC-CVE-2019-0708 : FroydCod3r/CVE-2019-0708 create time: 2021-06-19T21:55:57Z
The sudo vulnerability CVE-2019-14287 is a security policy bypass issue that provides a user or a program the ability to execute commands as root on a Linux system when the "sudoers configuration" explicitly disallows the root access. : Hasintha-98/Sudo-Vulnerability-Exploit-CVE-2019-14287 create time: 2021-06-19T09:43:08Z
rpp2021-Katarina-1997 created by GitHub Classroom : RPP-IM-2021/IM113-2016-Cvetkov-Katarina create time: 2021-03-05T09:41:57Z
Privilege escalation with polkit - CVE-2021-3560 : Almorabea/Polkit-exploit create time: 2021-06-19T08:15:17Z
PoC exploit for CVE-2020-7247 OpenSMTPD 6.4.0 - 6.6.1 Remote Code Execution : f4T1H21/CVE-2020-7247 create time: 2021-06-19T07:34:42Z
Pentesterlabs : yashanand/cve-2018-6574 create time: 2021-06-19T05:42:43Z
For pentesterlab exersise temp. : PrasadUg/CVE-2018-6574 create time: 2021-06-19T04:40:21Z
Stored XSS via moodlenetprofile parameter in user profile : HoangKien1020/CVE-2020-25627 create time: 2021-06-18T10:37:23Z
PoC for exploiting CVE-2002-1847 : Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) 6.3 through 7.1 allows remote attackers to execute arbitrary commands via a long mp3 filename command line argument. NOTE: since the only known attack vector requires command line access, this may not be a vulnerability. : PwnCast/CVE-2002-1847 create time: 2021-06-18T10:26:00Z
PoC for exploiting CVE-2020-23314 : There is an Assertion 'block_found' failed at js-parser-statm.c:2003 parser_parse_try_statement_end in JerryScript 2.2.0. : PwnCast/CVE-2020-23314 create time: 2021-06-18T10:10:56Z
PoC for exploiting CVE-2005-0994 : Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the Category or resultCnt parameters to advSearch_h.asp, and possibly (2) the offset parameter to tarinasworld_butterflyjournal.asp. NOTE: it is possible that item (2) is the result of a typo or editing error from the original research report. : PwnCast/CVE-2005-0994 create time: 2021-06-18T10:26:14Z
PoC for exploiting CVE-2005-2225 : Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers. : PwnCast/CVE-2005-2225 create time: 2021-06-18T10:26:07Z
PoC for exploiting CVE-2006-4811 : Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. : PwnCast/CVE-2006-4811 create time: 2021-06-18T10:19:28Z
PoC for exploiting CVE-2009-2700 : src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. : PwnCast/CVE-2009-2700 create time: 2021-06-18T10:19:41Z
PoC for exploiting CVE-2010-2076 : Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632. : PwnCast/CVE-2010-2076 create time: 2021-06-18T10:22:53Z
PoC for exploiting CVE-2011-1096 : The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack." : PwnCast/CVE-2011-1096 create time: 2021-06-18T10:23:33Z
PoC for exploiting CVE-2011-2487 : The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. : PwnCast/CVE-2011-2487 create time: 2021-06-18T10:22:41Z
PoC for exploiting CVE-2021-21990 : VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24) contain a cross-site scripting vulnerability. VMware Workspace ONE UEM console does not validate incoming requests during device enrollment after leading to rendering of unsanitized input on the user device in response. : PwnCast/CVE-2021-21990 create time: 2021-06-18T10:06:48Z
PoC for exploiting CVE-2012-0803 : The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request. : PwnCast/CVE-2012-0803 create time: 2021-06-18T10:23:07Z
PoC for exploiting CVE-2012-2378 : Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies. : PwnCast/CVE-2012-2378 create time: 2021-06-18T10:23:00Z
PoC for exploiting CVE-2012-2379 : Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors. : PwnCast/CVE-2012-2379 create time: 2021-06-18T10:22:47Z
PoC for exploiting CVE-2012-3451 : Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body. : PwnCast/CVE-2012-3451 create time: 2021-06-18T10:22:00Z
PoC for exploiting CVE-2012-5633 : The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. : PwnCast/CVE-2012-5633 create time: 2021-06-18T10:21:40Z
PoC for exploiting CVE-2012-5575 : Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack." : PwnCast/CVE-2012-5575 create time: 2021-06-18T10:21:14Z
PoC for exploiting CVE-2012-5624 : The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. : PwnCast/CVE-2012-5624 create time: 2021-06-18T10:19:21Z
PoC for exploiting CVE-2012-6093 : The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. : PwnCast/CVE-2012-6093 create time: 2021-06-18T10:19:15Z
PoC for exploiting CVE-2013-0239 : Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element. : PwnCast/CVE-2013-0239 create time: 2021-06-18T10:23:20Z
PoC for exploiting CVE-2013-2160 : The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors. : PwnCast/CVE-2013-2160 create time: 2021-06-18T10:22:20Z
PoC for exploiting CVE-2013-4549 : QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. : PwnCast/CVE-2013-4549 create time: 2021-06-18T10:19:48Z
PoC for exploiting CVE-2013-0254 : The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. : PwnCast/CVE-2013-0254 create time: 2021-06-18T10:19:08Z
PoC for exploiting CVE-2014-0035 : The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. : PwnCast/CVE-2014-0035 create time: 2021-06-18T10:23:53Z
PoC for exploiting CVE-2014-0109 : Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error. : PwnCast/CVE-2014-0109 create time: 2021-06-18T10:23:46Z
PoC for exploiting CVE-2014-0110 : Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message. : PwnCast/CVE-2014-0110 create time: 2021-06-18T10:23:40Z
PoC for exploiting CVE-2014-0034 : The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token. : PwnCast/CVE-2014-0034 create time: 2021-06-18T10:23:27Z
PoC for exploiting CVE-2014-3584 : The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service. : PwnCast/CVE-2014-3584 create time: 2021-06-18T10:22:14Z
PoC for exploiting CVE-2014-3623 : Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors. : PwnCast/CVE-2014-3623 create time: 2021-06-18T10:22:08Z
PoC for exploiting CVE-2014-3566 : The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. : PwnCast/CVE-2014-3566 create time: 2021-06-18T10:21:47Z
PoC for exploiting CVE-2014-3577 : org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field. : PwnCast/CVE-2014-3577 create time: 2021-06-18T10:21:33Z
PoC for exploiting CVE-2014-0190 : The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. : PwnCast/CVE-2014-0190 create time: 2021-06-18T10:18:35Z
PoC for exploiting CVE-2015-5253 : The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack." : PwnCast/CVE-2015-5253 create time: 2021-06-18T10:21:53Z
PoC for exploiting CVE-2015-5175 : Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service. : PwnCast/CVE-2015-5175 create time: 2021-06-18T10:21:27Z
PoC for exploiting CVE-2015-1858 : Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. : PwnCast/CVE-2015-1858 create time: 2021-06-18T10:19:35Z
PoC for exploiting CVE-2015-1857 : The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions. : PwnCast/CVE-2015-1857 create time: 2021-06-18T10:18:29Z
PoC for exploiting CVE-2016-4464 : The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature. : PwnCast/CVE-2016-4464 create time: 2021-06-18T10:21:21Z
PoC for exploiting CVE-2016-6812 : The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client. : PwnCast/CVE-2016-6812 create time: 2021-06-18T10:21:01Z
PoC for exploiting CVE-2016-8739 : The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk. : PwnCast/CVE-2016-8739 create time: 2021-06-18T10:20:55Z
PoC for exploiting CVE-2016-8713 : A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. : PwnCast/CVE-2016-8713 create time: 2021-06-18T10:18:15Z
PoC for exploiting CVE-2016-8709 : A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. : PwnCast/CVE-2016-8709 create time: 2021-06-18T10:18:08Z
PoC for exploiting CVE-2016-4570 : The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. : PwnCast/CVE-2016-4570 create time: 2021-06-18T10:14:28Z
PoC for exploiting CVE-2016-4571 : The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. : PwnCast/CVE-2016-4571 create time: 2021-06-18T10:06:41Z
PoC for exploiting CVE-2017-12631 : Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4.3 and 1.3.3. The vulnerability can result in a security context that is set up using a malicious client's roles for the given enduser. : PwnCast/CVE-2017-12631 create time: 2021-06-18T10:22:33Z
PoC for exploiting CVE-2017-12624 : Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size". : PwnCast/CVE-2017-12624 create time: 2021-06-18T10:22:27Z
PoC for exploiting CVE-2017-3156 : The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks. : PwnCast/CVE-2017-3156 create time: 2021-06-18T10:21:08Z
PoC for exploiting CVE-2017-5653 : JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. : PwnCast/CVE-2017-5653 create time: 2021-06-18T10:20:42Z
PoC for exploiting CVE-2017-7661 : Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4. : PwnCast/CVE-2017-7661 create time: 2021-06-18T10:20:29Z
PoC for exploiting CVE-2017-5656 : Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. : PwnCast/CVE-2017-5656 create time: 2021-06-18T10:20:22Z
PoC for exploiting CVE-2017-7662 : Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active. : PwnCast/CVE-2017-7662 create time: 2021-06-18T10:20:16Z
*PoC for exploiting CVE-2017-7852 : D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allows sites hosting malicious Flash objects to access and/or change the device's settings via a CSRF attack. This is because of the 'allow-access-from domain' child element set to , thus accepting requests from any domain. If a victim logged into the camera's web console visits a malicious site hosting a malicious Flash file from another Browser tab, the malicious Flash file then can send requests to the victim's DCS series Camera without knowing the credentials. An attacker can host a malicious Flash file that can retrieve Live Feeds or information from the victim's DCS series Camera, add new admin users, or make other changes to the device. Known affected devices are DCS-933L with firmware before 1.13.05, DCS-5030L, DCS-5020L, DCS-2530L, DCS-2630L, DCS-930L, DCS-932L, and DCS-932LB1. : PwnCast/CVE-2017-7852 create time: 2021-06-18T10:02:19Z
PoC for exploiting CVE-2017-6558 : iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file. : PwnCast/CVE-2017-6558 create time: 2021-06-18T10:01:33Z
PoC for exploiting CVE-2020-20178 : Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest version is affected by a denial of service vulnerability in the affected payout function. Once the length of this array is too long, it will result in an exception. Attackers can make attacks by creating a series of account addresses. : PwnCast/CVE-2020-20178 create time: 2021-06-18T10:01:23Z
PoC for exploiting CVE-2018-20060 : urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext. : PwnCast/CVE-2018-20060 create time: 2021-06-18T10:25:26Z
PoC for exploiting CVE-2018-20843 : In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). : PwnCast/CVE-2018-20843 create time: 2021-06-18T10:24:52Z
PoC for exploiting CVE-2018-0008 : An unauthenticated root login may allow upon reboot when a commit script is used. A commit script allows a device administrator to execute certain instructions during commit, which is configured under the [system scripts commit] stanza. Certain commit scripts that work without a problem during normal commit may cause unexpected behavior upon reboot which can leave the system in a state where root CLI login is allowed without a password due to the system reverting to a "safe mode" authentication state. Lastly, only logging in physically to the console port as root, with no password, will work. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71 on SRX; 12.3X48 versions prior to 12.3X48-D55 on SRX; 14.1 versions prior to 14.1R9; 14.1X53 versions prior to 14.1X53-D40 on QFX, EX; 14.2 versions prior to 14.2R7-S9, 14.2R8; 15.1 versions prior to 15.1F5-S7, 15.1F6-S8, 15.1R5-S6, 15.1R6; 15.1X49 versions prior to 15.1X49-D110 on SRX; 15.1X53 versions prior to 15.1X53-D232 on QFX5200/5110; 15.1X53 versions prior to 15.1X53-D49, 15.1X53-D470 on NFX; 15.1X53 versions prior to 15.1X53-D65 on QFX10K; 16.1 versions prior to 16.1R2. No other Juniper Networks products or platforms are affected by this issue. : PwnCast/CVE-2018-0008 create time: 2021-06-18T10:23:14Z
PoC for exploiting CVE-2018-8039 : It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks. : PwnCast/CVE-2018-8039 create time: 2021-06-18T10:20:48Z
PoC for exploiting CVE-2018-8038 : Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters. : PwnCast/CVE-2018-8038 create time: 2021-06-18T10:20:35Z
PoC for exploiting CVE-2019-11236 : In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. : PwnCast/CVE-2019-11236 create time: 2021-06-18T10:25:40Z
PoC for exploiting CVE-2019-11324 : The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. : PwnCast/CVE-2019-11324 create time: 2021-06-18T10:25:33Z
PoC for exploiting CVE-2019-16168 : In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." : PwnCast/CVE-2019-16168 create time: 2021-06-18T10:25:07Z
PoC for exploiting CVE-2019-15903 : In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. : PwnCast/CVE-2019-15903 create time: 2021-06-18T10:24:59Z
PoC for exploiting CVE-2019-17567 : Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. : PwnCast/CVE-2019-17567 create time: 2021-06-18T10:18:42Z
PoC for exploiting CVE-2019-12405 : Improper authentication is possible in Apache Traffic Control versions 3.0.0 and 3.0.1 if LDAP is enabled for login in the Traffic Ops API component. Given a username for a user that can be authenticated via LDAP, it is possible to improperly authenticate as that user without that user's correct password. : PwnCast/CVE-2019-12405 create time: 2021-06-18T10:07:28Z
PoC for exploiting CVE-2020-22790 : Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs. : PwnCast/CVE-2020-22790 create time: 2021-06-18T10:01:08Z
PoC for exploiting CVE-2020-22789 : Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs. : PwnCast/CVE-2020-22789 create time: 2021-06-18T10:00:31Z
PoC for exploiting CVE-2020-11235 : Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking : PwnCast/CVE-2020-11235 create time: 2021-06-18T10:26:54Z
PoC for exploiting CVE-2020-11238 : Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking : PwnCast/CVE-2020-11238 create time: 2021-06-18T10:26:47Z
PoC for exploiting CVE-2020-11239 : Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up properly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables : PwnCast/CVE-2020-11239 create time: 2021-06-18T10:26:40Z
PoC for exploiting CVE-2020-7751 : pathval before version 1.1.1 is vulnerable to prototype pollution. : PwnCast/CVE-2020-7751 create time: 2021-06-18T10:25:53Z
PoC for exploiting CVE-2020-26137 : urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. : PwnCast/CVE-2020-26137 create time: 2021-06-18T10:25:47Z
PoC for exploiting CVE-2020-15379 : Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. : PwnCast/CVE-2020-15379 create time: 2021-06-18T10:20:01Z
PoC for exploiting CVE-2020-9489 : A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release. : PwnCast/CVE-2020-9489 create time: 2021-06-18T10:17:47Z
PoC for exploiting CVE-2020-36385 : An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. : PwnCast/CVE-2020-36385 create time: 2021-06-18T10:16:03Z
PoC for exploiting CVE-2020-1719 : A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected. : PwnCast/CVE-2020-1719 create time: 2021-06-18T10:15:56Z
PoC for exploiting CVE-2020-1690 : An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected. : PwnCast/CVE-2020-1690 create time: 2021-06-18T10:15:16Z
PoC for exploiting CVE-2020-23303 : There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0. : PwnCast/CVE-2020-23303 create time: 2021-06-18T10:14:48Z
PoC for exploiting CVE-2020-11176 : While processing server certificate from IPSec server, certificate validation for subject alternative name API can cause heap overflow which can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile : PwnCast/CVE-2020-11176 create time: 2021-06-18T10:14:35Z
PoC for exploiting CVE-2020-24662 : SmartStream Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) <3.1.0 allows XSS. This was fixed in TLM RP 3.1.0. : PwnCast/CVE-2020-24662 create time: 2021-06-18T10:14:15Z
PoC for exploiting CVE-2020-27384 : The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full Control) for 'Everyone' group, making the entire directory 'Guild Wars 2' and its files and sub-dirs world-writable. : PwnCast/CVE-2020-27384 create time: 2021-06-18T10:14:06Z
PoC for exploiting CVE-2020-26515 : An insufficiently protected credentials issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP4. The remember-me cookie (CB_LOGIN) issued by the application contains the encrypted user's credentials. However, due to a bug in the application code, those credentials are encrypted using a NULL encryption key. : PwnCast/CVE-2020-26515 create time: 2021-06-18T10:13:59Z
PoC for exploiting CVE-2020-23306 : There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0. : PwnCast/CVE-2020-23306 create time: 2021-06-18T10:13:53Z
PoC for exploiting CVE-2020-23308 : There is an Assertion 'context_p->stack_top_uint8 == LEXER_EXPRESSION_START' at js-parser-expr.c:3565 in parser_parse_expression in JerryScript 2.2.0. : PwnCast/CVE-2020-23308 create time: 2021-06-18T10:13:40Z
PoC for exploiting CVE-2020-26138 : In SilverStripe through 4.6.0-rc1, a FormField with square brackets in the field name skips validation. : PwnCast/CVE-2020-26138 create time: 2021-06-18T10:13:33Z
PoC for exploiting CVE-2020-26136 : In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication. : PwnCast/CVE-2020-26136 create time: 2021-06-18T10:13:27Z
PoC for exploiting CVE-2020-23309 : There is an Assertion 'context_p->stack_depth == context_p->context_stack_depth' failed at js-parser-statm.c:2756 in parser_parse_statements in JerryScript 2.2.0. : PwnCast/CVE-2020-23309 create time: 2021-06-18T10:13:20Z
PoC for exploiting CVE-2020-13938 : Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows : PwnCast/CVE-2020-13938 create time: 2021-06-18T10:13:14Z
PoC for exploiting CVE-2020-23310 : There is an Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0. : PwnCast/CVE-2020-23310 create time: 2021-06-18T10:13:07Z
PoC for exploiting CVE-2020-23321 : There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0. : PwnCast/CVE-2020-23321 create time: 2021-06-18T10:13:00Z
PoC for exploiting CVE-2020-23323 : There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0. : PwnCast/CVE-2020-23323 create time: 2021-06-18T10:12:54Z
PoC for exploiting CVE-2020-13950 : Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service : PwnCast/CVE-2020-13950 create time: 2021-06-18T10:12:47Z
PoC for exploiting CVE-2020-14380 : An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite. : PwnCast/CVE-2020-14380 create time: 2021-06-18T10:12:21Z
PoC for exploiting CVE-2020-11259 : Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and Networking : PwnCast/CVE-2020-11259 create time: 2021-06-18T10:11:53Z
PoC for exploiting CVE-2020-11256 : Memory corruption due to lack of check of validation of pointer to buffer passed to trustzone in Snapdragon Wired Infrastructure and Networking : PwnCast/CVE-2020-11256 create time: 2021-06-18T10:11:47Z
PoC for exploiting CVE-2020-11257 : Memory corruption due to lack of validation of pointer arguments passed to TrustZone BSP in Snapdragon Wired Infrastructure and Networking : PwnCast/CVE-2020-11257 create time: 2021-06-18T10:11:41Z
PoC for exploiting CVE-2020-11258 : Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and Networking : PwnCast/CVE-2020-11258 create time: 2021-06-18T10:11:34Z
PoC for exploiting CVE-2021-0484 : In readVector of IMediaPlayer.cpp, there is a possible read of uninitialized heap data due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.1Android ID: A-173720767 : PwnCast/CVE-2021-0484 create time: 2021-06-18T10:27:01Z
PoC for exploiting CVE-2021-20728 : Improper access control vulnerability in goo blog App for Android ver.1.2.25 and earlier and for iOS ver.1.3.3 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. : PwnCast/CVE-2021-20728 create time: 2021-06-18T10:26:34Z
PoC for exploiting CVE-2021-0480 : In createPendingIntent of SnoozeHelper.java, there is a possible broadcast intent containing a sensitive identifier. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-174493336 : PwnCast/CVE-2021-0480 create time: 2021-06-18T10:26:27Z
PoC for exploiting CVE-2021-0477 : In notifyScreenshotError of ScreenshotNotificationsController.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-178189250 : PwnCast/CVE-2021-0477 create time: 2021-06-18T10:26:20Z
PoC for exploiting CVE-2021-21295 : Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (HttpRequest, HttpContent, etc.) via Http2StreamFrameToHttpObjectCodec and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: HTTP2MultiplexCodec or Http2FrameCodec is used, Http2StreamFrameToHttpObjectCodec is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom ChannelInboundHandler that is put in the ChannelPipeline behind Http2StreamFrameToHttpObjectCodec. : PwnCast/CVE-2021-21295 create time: 2021-06-18T10:25:20Z
PoC for exploiting CVE-2021-29447 : Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled. : PwnCast/CVE-2021-29447 create time: 2021-06-18T10:25:13Z
PoC for exploiting CVE-2021-21558 : Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain. : PwnCast/CVE-2021-21558 create time: 2021-06-18T10:24:46Z
PoC for exploiting CVE-2021-21559 : Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to communicate with the application server. An unauthenticated attacker in the same network collision domain as the NetWorker Management Console client could potentially exploit this vulnerability to perform man-in-the-middle attacks to intercept and tamper the traffic between the client and the application server. : PwnCast/CVE-2021-21559 create time: 2021-06-18T10:24:39Z
PoC for exploiting CVE-2021-27615 : SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting (XSS) attacks. : PwnCast/CVE-2021-27615 create time: 2021-06-18T10:24:33Z
PoC for exploiting CVE-2021-27621 : Information Disclosure vulnerability in UserAdmin application in SAP NetWeaver Application Server for Java, versions - 7.11,7.20,7.30,7.31,7.40 and 7.50 allows attackers to access restricted information by entering malicious server name. : PwnCast/CVE-2021-27621 create time: 2021-06-18T10:24:26Z
PoC for exploiting CVE-2021-33664 : SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. : PwnCast/CVE-2021-33664 create time: 2021-06-18T10:24:19Z
PoC for exploiting CVE-2021-33665 : SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. : PwnCast/CVE-2021-33665 create time: 2021-06-18T10:24:13Z
PoC for exploiting CVE-2021-27637 : Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to information disclosure. : PwnCast/CVE-2021-27637 create time: 2021-06-18T10:24:06Z
PoC for exploiting CVE-2021-29049 : Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter. : PwnCast/CVE-2021-29049 create time: 2021-06-18T10:23:59Z
PoC for exploiting CVE-2021-27612 : In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim. : PwnCast/CVE-2021-27612 create time: 2021-06-18T10:20:08Z
PoC for exploiting CVE-2021-22116 : RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled. : PwnCast/CVE-2021-22116 create time: 2021-06-18T10:19:54Z
PoC for exploiting CVE-2021-32553 : It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users. : PwnCast/CVE-2021-32553 create time: 2021-06-18T10:19:02Z
PoC for exploiting CVE-2021-32554 : It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg package apport hooks, it could expose private data to other local users. : PwnCast/CVE-2021-32554 create time: 2021-06-18T10:18:55Z
PoC for exploiting CVE-2021-32555 : It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users. : PwnCast/CVE-2021-32555 create time: 2021-06-18T10:18:49Z
PoC for exploiting CVE-2021-26928 : ** DISPUTED ** BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have been susceptible to route redirection for Denial of Service and/or Information Disclosure. NOTE: a researcher has asserted that the behavior is within Tigera’s area of responsibility; however, Tigera disagrees. : PwnCast/CVE-2021-26928 create time: 2021-06-18T10:18:22Z
PoC for exploiting CVE-2021-31837 : Memory corruption vulnerability in the driver file component in McAfee GetSusp prior to 4.0.0 could allow a program being investigated on the local machine to trigger a buffer overflow in GetSusp, leading to the execution of arbitrary code, potentially triggering a BSOD. : PwnCast/CVE-2021-31837 create time: 2021-06-18T10:18:01Z
PoC for exploiting CVE-2021-22118 : In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. : PwnCast/CVE-2021-22118 create time: 2021-06-18T10:17:54Z
PoC for exploiting CVE-2021-20227 : A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability. : PwnCast/CVE-2021-20227 create time: 2021-06-18T10:17:41Z
PoC for exploiting CVE-2021-21290 : Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user. : PwnCast/CVE-2021-21290 create time: 2021-06-18T10:17:35Z
PoC for exploiting CVE-2021-22112 : Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in). However, if the application's intent is to only allow the user to run with elevated privileges in a small portion of the application, the bug can be leveraged to extend those privileges to the rest of the application. : PwnCast/CVE-2021-22112 create time: 2021-06-18T10:17:28Z
PoC for exploiting CVE-2021-22883 : Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory. : PwnCast/CVE-2021-22883 create time: 2021-06-18T10:17:21Z
PoC for exploiting CVE-2021-22191 : Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file. : PwnCast/CVE-2021-22191 create time: 2021-06-18T10:17:15Z
PoC for exploiting CVE-2021-21345 : XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16. : PwnCast/CVE-2021-21345 create time: 2021-06-18T10:17:08Z
PoC for exploiting CVE-2021-22174 : Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file : PwnCast/CVE-2021-22174 create time: 2021-06-18T10:17:04Z
PoC for exploiting CVE-2021-22173 : Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file : PwnCast/CVE-2021-22173 create time: 2021-06-18T10:16:57Z
PoC for exploiting CVE-2015-0936 : Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. : PwnCast/CVE-2015-0936 create time: 2021-06-18T09:56:50Z
PoC for exploiting CVE-2015-6479 : ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover potentially sensitive boot-sequence information, via unspecified vectors. : PwnCast/CVE-2015-6479 create time: 2021-06-18T09:56:43Z
PoC for exploiting CVE-2017-12816 : In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC. : PwnCast/CVE-2017-12816 create time: 2021-06-18T09:57:19Z
PoC for exploiting CVE-2017-12817 : In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted. : PwnCast/CVE-2017-12817 create time: 2021-06-18T09:57:13Z
PoC for exploiting CVE-2018-17178 : An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { "message" : "invalid authorization header" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything. : PwnCast/CVE-2018-17178 create time: 2021-06-18T09:57:33Z
*PoC for exploiting CVE-2018-17177 : An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called "black box" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of ^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary. : PwnCast/CVE-2018-17177 create time: 2021-06-18T09:57:09Z
PoC for exploiting CVE-2018-13031 : DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account. : PwnCast/CVE-2018-13031 create time: 2021-06-18T09:55:25Z
PoC for exploiting CVE-2018-15352 : An attacker with low privileges can cause denial of service in Kraftway 24F2XG Router firmware version 3.5.30.1118. : PwnCast/CVE-2018-15352 create time: 2021-06-18T09:54:14Z
PoC for exploiting CVE-2018-15152 : Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient. : PwnCast/CVE-2018-15152 create time: 2021-06-18T09:53:46Z
PoC for exploiting CVE-2019-12423 : Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter "rs.security.keystore.type" to "jwk". For this case all keys are returned in this file "as is", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. "oct" keys, which contain secret keys, are not returned at all. : PwnCast/CVE-2019-12423 create time: 2021-06-18T09:57:53Z
PoC for exploiting CVE-2019-17573 : By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable. : PwnCast/CVE-2019-17573 create time: 2021-06-18T09:57:47Z
PoC for exploiting CVE-2019-12419 : Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client. : PwnCast/CVE-2019-12419 create time: 2021-06-18T09:57:40Z
PoC for exploiting CVE-2019-12406 : Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count". : PwnCast/CVE-2019-12406 create time: 2021-06-18T09:57:26Z
PoC for exploiting CVE-2019-19890 : An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 20160817_1855 devices. Admin credentials are sent over cleartext HTTP. : PwnCast/CVE-2019-19890 create time: 2021-06-18T09:56:11Z
PoC for exploiting CVE-2019-25046 : The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document. : PwnCast/CVE-2019-25046 create time: 2021-06-18T09:55:10Z
PoC for exploiting CVE-2019-17571 : Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. : PwnCast/CVE-2019-17571 create time: 2021-06-18T09:53:33Z
PoC for exploiting CVE-2020-26837 : SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the modification of some configurations and partially compromise availability by making certain services unavailable. : PwnCast/CVE-2020-26837 create time: 2021-06-18T09:59:09Z
PoC for exploiting CVE-2020-26836 : SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack. : PwnCast/CVE-2020-26836 create time: 2021-06-18T09:59:02Z
PoC for exploiting CVE-2020-13954 : By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573. : PwnCast/CVE-2020-13954 create time: 2021-06-18T09:58:56Z
PoC for exploiting CVE-2020-26829 : SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. As result, an unauthenticated attacker can invoke certain functions that would otherwise be restricted to system administrators only, including access to system administration functions or shutting down the system completely. : PwnCast/CVE-2020-26829 create time: 2021-06-18T09:58:49Z
PoC for exploiting CVE-2020-26830 : SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequate access control, a network attacker authenticated as a regular user can use operations which should be restricted to administrators. These operations can be used to Change the User Experience Monitoring configuration, obtain details about the configured SAP Solution Manager agents, Deploy a malicious User Experience Monitoring script. : PwnCast/CVE-2020-26830 create time: 2021-06-18T09:58:43Z
PoC for exploiting CVE-2020-26811 : SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request leads to Server Side Request Forgery attack which could lead to retrieval of limited pieces of information about the service with no impact on integrity or availability. : PwnCast/CVE-2020-26811 create time: 2021-06-18T09:58:37Z
PoC for exploiting CVE-2020-6369 : SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service. : PwnCast/CVE-2020-6369 create time: 2021-06-18T09:58:29Z
PoC for exploiting CVE-2020-26809 : SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the '/medias' endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results in disclosure of sensitive information and impact system configuration confidentiality. : PwnCast/CVE-2020-26809 create time: 2021-06-18T09:58:23Z
PoC for exploiting CVE-2020-6994 : A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30. : PwnCast/CVE-2020-6994 create time: 2021-06-18T09:58:10Z
PoC for exploiting CVE-2020-6364 : SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability. : PwnCast/CVE-2020-6364 create time: 2021-06-18T09:58:04Z
PoC for exploiting CVE-2020-1954 : Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. : PwnCast/CVE-2020-1954 create time: 2021-06-18T09:57:57Z
PoC for exploiting CVE-2020-24514 : Improper authentication in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access. : PwnCast/CVE-2020-24514 create time: 2021-06-18T09:56:30Z
PoC for exploiting CVE-2020-24515 : Protection mechanism failure in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access. : PwnCast/CVE-2020-24515 create time: 2021-06-18T09:56:24Z
PoC for exploiting CVE-2020-27402 : The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb. : PwnCast/CVE-2020-27402 create time: 2021-06-18T09:56:17Z
PoC for exploiting CVE-2020-27383 : Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of privileges vulnerability which can be used by an "Authenticated User" to modify the existing executable file with a binary of his choice. The vulnerability exist due to weak set of permissions being granted to the "Authenticated Users Group" which grants the (F) Flag aka "Full Control" : PwnCast/CVE-2020-27383 create time: 2021-06-18T09:55:51Z
PoC for exploiting CVE-2020-11306 : Possible integer overflow in RPMB counter due to lack of length check on user provided data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking : PwnCast/CVE-2020-11306 create time: 2021-06-18T09:55:45Z
PoC for exploiting CVE-2020-35761 : bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code. : PwnCast/CVE-2020-35761 create time: 2021-06-18T09:54:35Z
PoC for exploiting CVE-2020-35762 : bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files. : PwnCast/CVE-2020-35762 create time: 2021-06-18T09:54:28Z
PoC for exploiting CVE-2020-35760 : bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files). : PwnCast/CVE-2020-35760 create time: 2021-06-18T09:54:21Z
PoC for exploiting CVE-2020-35759 : bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely). : PwnCast/CVE-2020-35759 create time: 2021-06-18T09:54:08Z
PoC for exploiting CVE-2020-22200 : Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword. : PwnCast/CVE-2020-22200 create time: 2021-06-18T09:54:00Z
PoC for exploiting CVE-2020-9488 : Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. : PwnCast/CVE-2020-9488 create time: 2021-06-18T09:53:40Z
PoC for exploiting CVE-2020-29582 : In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions. : PwnCast/CVE-2020-29582 create time: 2021-06-18T09:53:27Z
PoC for exploiting CVE-2021-22884 : Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160. : PwnCast/CVE-2021-22884 create time: 2021-06-18T09:59:48Z
PoC for exploiting CVE-2021-23841 : The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). : PwnCast/CVE-2021-23841 create time: 2021-06-18T09:59:42Z
PoC for exploiting CVE-2021-23840 : Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x). : PwnCast/CVE-2021-23840 create time: 2021-06-18T09:59:34Z
PoC for exploiting CVE-2021-23336 : The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. : PwnCast/CVE-2021-23336 create time: 2021-06-18T09:59:28Z
PoC for exploiting CVE-2021-23839 : OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x). : PwnCast/CVE-2021-23839 create time: 2021-06-18T09:59:22Z
PoC for exploiting CVE-2021-26117 : The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. In this case, for Apache ActiveMQ Artemis prior to version 2.16.0 and Apache ActiveMQ prior to versions 5.16.1 and 5.15.14, the anonymous context is used to verify a valid users password in error, resulting in no check on the password. : PwnCast/CVE-2021-26117 create time: 2021-06-18T09:59:15Z
PoC for exploiting CVE-2021-3533 : A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2. : PwnCast/CVE-2021-3533 create time: 2021-06-18T09:58:17Z
PoC for exploiting CVE-2021-29995 : A Cross Site Request Forgery (CSRF) issue in Server Console in CloverDX through 5.9.0 allows remote attackers to execute any action as the logged-in user (including script execution). The issue is resolved in CloverDX 5.10, CloverDX 5.9.1, CloverDX 5.8.2, and CloverDX 5.7.1. : PwnCast/CVE-2021-29995 create time: 2021-06-18T09:57:03Z
PoC for exploiting CVE-2021-27347 : Use after free in lzma_decompress_buf function in stream.c in Irzip 0.631 allows attackers to cause Denial of Service (DoS) via a crafted compressed file. : PwnCast/CVE-2021-27347 create time: 2021-06-18T09:56:56Z
PoC for exploiting CVE-2021-27345 : A null pointer dereference was discovered in ucompthread in stream.c in Irzip 0.631 which allows attackers to cause a denial of service (DOS) via a crafted compressed file. : PwnCast/CVE-2021-27345 create time: 2021-06-18T09:56:36Z
PoC for exploiting CVE-2021-20732 : The ATOM (ATOM - Smart life App for Android versions prior to 1.8.1 and ATOM - Smart life App for iOS versions prior to 1.8.2) does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on encrypted communication via a crafted certificate. : PwnCast/CVE-2021-20732 create time: 2021-06-18T09:56:05Z
PoC for exploiting CVE-2021-20081 : Incomplete List of Disallowed Inputs in ManageEngine ServiceDesk Plus before version 11205 allows a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. : PwnCast/CVE-2021-20081 create time: 2021-06-18T09:55:58Z
PoC for exploiting CVE-2021-21735 : A ZTE product has an information leak vulnerability. Due to improper permission settings, an attacker with ordinary user permissions could exploit this vulnerability to obtain some sensitive user information through the wizard page without authentication. This affects ZXHN H168N all versions up to V3.5.0_EG1T4_TE. : PwnCast/CVE-2021-21735 create time: 2021-06-18T09:55:38Z
PoC for exploiting CVE-2021-0100 : Incorrect default permissions in the installer for the Intel(R) SSD Data Center Tool, versions downloaded before 12/31/2020, may allow an authenticated user to potentially enable escalation of privilege via local access. : PwnCast/CVE-2021-0100 create time: 2021-06-18T09:55:32Z
PoC for exploiting CVE-2021-30465 : runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition. : PwnCast/CVE-2021-30465 create time: 2021-06-18T09:55:17Z
PoC for exploiting CVE-2021-23852 : An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service (DoS). : PwnCast/CVE-2021-23852 create time: 2021-06-18T09:55:01Z
PoC for exploiting CVE-2021-21736 : A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have been revoked can still control the camera, such as restarting the camera, restoring factory settings, etc.. This affects ZXHN HS562 V1.0.0.0B2.0000, V1.0.0.0B3.0000E : PwnCast/CVE-2021-21736 create time: 2021-06-18T09:54:54Z
PoC for exploiting CVE-2021-23848 : An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user. : PwnCast/CVE-2021-23848 create time: 2021-06-18T09:54:48Z
PoC for exploiting CVE-2021-1900 : Possible use after free in Display due to race condition while creating an external display in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables : PwnCast/CVE-2021-1900 create time: 2021-06-18T09:54:41Z
PoC for exploiting CVE-2021-29425 : In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. : PwnCast/CVE-2021-29425 create time: 2021-06-18T09:53:21Z
PoC for exploiting CVE-2021-28168 : Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users. : PwnCast/CVE-2021-28168 create time: 2021-06-18T09:53:14Z
PoC for exploiting CVE-2021-26291 : Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html : PwnCast/CVE-2021-26291 create time: 2021-06-18T09:53:07Z
PoC for exploiting CVE-2021-1499 : A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user. : PwnCast/CVE-2021-1499 create time: 2021-06-18T09:53:01Z
PoC for exploiting CVE-2021-31181 : Microsoft SharePoint Remote Code Execution Vulnerability : PwnCast/CVE-2021-31181 create time: 2021-06-18T09:52:54Z
PoC for exploiting CVE-2021-33570 : Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and savedConnections. : PwnCast/CVE-2021-33570 create time: 2021-06-18T09:52:47Z
PoC for exploiting CVE-2021-31962 : Kerberos AppContainer Security Feature Bypass Vulnerability : PwnCast/CVE-2021-31962 create time: 2021-06-18T09:52:41Z
PoC for exploiting CVE-2021-26414 : Windows DCOM Server Security Feature Bypass : PwnCast/CVE-2021-26414 create time: 2021-06-18T09:52:34Z
PoC for exploiting CVE-2017-18640 : The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. : PwnCast/CVE-2017-18640 create time: 2021-06-18T09:53:53Z
PoC for exploiting CVE-2021-25407 : A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write. : PwnCast/CVE-2021-25407 create time: 2021-06-18T09:52:27Z
PoC for exploiting CVE-2021-30553 : Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. : PwnCast/CVE-2021-30553 create time: 2021-06-18T09:52:21Z
PoC for exploiting CVE-2021-30552 : Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. : PwnCast/CVE-2021-30552 create time: 2021-06-18T09:52:14Z
PoC for exploiting CVE-2021-30551 : Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. : PwnCast/CVE-2021-30551 create time: 2021-06-18T09:52:07Z
PoC for exploiting CVE-2021-30547 : Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. : PwnCast/CVE-2021-30547 create time: 2021-06-18T09:52:00Z
PoC for exploiting CVE-2021-24350 : The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel. : PwnCast/CVE-2021-24350 create time: 2021-06-18T09:51:54Z
PoC for exploiting CVE-2021-30549 : Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. : PwnCast/CVE-2021-30549 create time: 2021-06-18T09:51:46Z
PoC for exploiting CVE-2021-30548 : Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. : PwnCast/CVE-2021-30548 create time: 2021-06-18T09:51:40Z
PoC for exploiting CVE-2021-25949 : Prototype pollution vulnerability in ‘set-getter’ version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. : PwnCast/CVE-2021-25949 create time: 2021-06-18T09:51:33Z
PoC for exploiting CVE-2021-25948 : Prototype pollution vulnerability in ‘expand-hash’ versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. : PwnCast/CVE-2021-25948 create time: 2021-06-18T09:51:26Z
PoC for exploiting CVE-2021-24357 : In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue. : PwnCast/CVE-2021-24357 create time: 2021-06-18T09:51:19Z
PoC for exploiting CVE-2021-24358 : The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue. : PwnCast/CVE-2021-24358 create time: 2021-06-18T09:51:12Z
PoC for exploiting CVE-2021-24359 : The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.11 did not properly check that a user requesting a password reset was the legitimate user, allowing an attacker to send an arbitrary reset password email to a registered user on behalf of the WordPress site. Such issue could be chained with an open redirect (CVE-2021-24358) in version below 4.1.10, to include a crafted password reset link in the email, which would lead to an account takeover. : PwnCast/CVE-2021-24359 create time: 2021-06-18T09:51:06Z
PoC for exploiting CVE-2021-33668 : Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application. : PwnCast/CVE-2021-33668 create time: 2021-06-18T09:50:59Z
PoC for exploiting CVE-2021-0056 : Insecure inherited permissions for the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. : PwnCast/CVE-2021-0056 create time: 2021-06-18T09:50:51Z
PoC for exploiting CVE-2021-0058 : Incorrect default permissions in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. : PwnCast/CVE-2021-0058 create time: 2021-06-18T09:50:45Z
PoC for exploiting CVE-2021-0057 : Uncontrolled search path in the Intel(R) NUC M15 Laptop Kit Driver Pack software before updated version 1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. : PwnCast/CVE-2021-0057 create time: 2021-06-18T09:50:38Z
Git-LFS RCE Test : FrostsaberX/CVE-2020-27955 create time: 2021-06-17T20:04:33Z
no description : 3hydraking/CVE-2019-14287 create time: 2021-06-17T12:33:08Z
A PoC for CVE-2017-14980 which works on systems with DEP enabled : bmdyy/CVE-2017-14980 create time: 2021-06-17T09:28:57Z
Zoho ManageEngine ServiceDesk Plus MSP - Active Directory User Enumeration (CVE-2021-31159) : ricardojoserf/CVE-2021-31159 create time: 2021-03-19T18:28:43Z
no description : KZMachine/CVERT_2021 create time: 2021-06-17T00:34:33Z
no description : KZMachine/CVERT-2021 create time: 2021-06-16T19:25:56Z
PoC for exploiting CVE-2017-7670 : The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol. : PwnCast/CVE-2017-7670 create time: 2021-06-16T23:29:51Z
PoC for exploiting CVE-2020-17522 : When ORT (now via atstccfg) generates ip_allow.config files in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0, those files include permissions that allow bad actors to push arbitrary content into and remove arbitrary content from CDN cache servers. Additionally, these permissions are potentially extended to IP addresses outside the desired range, resulting in them being granted to clients possibly outside the CDN arcitechture. : PwnCast/CVE-2020-17522 create time: 2021-06-16T23:29:44Z
no description : secnigma/CVE-2021-3560-Polkit-Privilege-Esclation create time: 2021-06-14T20:08:20Z
✨ HAProxy ve Keepalived konusunu load balancer ve cluster'a ek olarak güvenlik(zayıf SSL/Kripto Kullanımı (LOGJAM) (CVE-2015-4000) zafiyeti önlemi) ve yüksek yüklere karşı ele alır. : fatlan/HAProxy-Keepalived-Sec-HighLoads create time: 2021-04-24T12:51:27Z
no description : repos13579/labCVE-2018-6574 create time: 2021-06-16T10:45:39Z
no description : OLAOLAOLA789/CVE-2018-6574 create time: 2021-06-15T08:52:08Z
Detect Citrix ADC SAML action or SAML iDP Profile config vulnerable to CVE-2020-8300 using Citrix ADC NITRO API : stuartcarroll/CitrixADC-CVE-2020-8300 create time: 2021-06-15T07:21:16Z
no description : spyx/cve-2019-17240 create time: 2021-06-15T05:51:05Z
Change the algorithm RS256(asymmetric) to HS256(symmetric) - POC (CVE-2016-10555) : FroydCod3r/poc-cve-2016-10555 create time: 2021-06-14T16:56:05Z
no description : OLAOLAOLA789/CVE-2018-6574-PTL create time: 2021-06-14T15:25:00Z
no description : sujaygr8/CVE-2020-3187 create time: 2021-06-14T06:27:11Z
polkit exploit script v1.0 : tyleraharrison/CVE-2021-3560_PoC create time: 2021-06-14T03:45:38Z
CVE-2018-19422 Authenticated Remote Code Execution : hevox/CVE-2018-19422-SubrionCMS-RCE create time: 2021-06-14T01:50:21Z
ZeroShell 3.9.0 Remote Command Injection : hevox/CVE-2019-12725-Command-Injection create time: 2021-06-13T23:57:37Z
wpDiscuz 7.0.4 Remote Code Execution : hevox/CVE-2020-24186-wpDiscuz-7.0.4-RCE create time: 2021-06-13T23:10:19Z
CVE-2021–22201 Arbitrary file read on Gitlab : exp1orer/CVE-2021-22201 create time: 2021-06-13T16:30:47Z
SquirrellyJS mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options, remote code execution may be triggered in downstream applications. : Abady0x1/CVE-2021-32819 create time: 2021-06-12T17:09:48Z
a reliable C based exploit for CVE-2021-3560. : hakivvi/CVE-2021-3560 create time: 2021-06-12T05:22:35Z
no description : deathflash1411/CVE-2021-3560 create time: 2021-06-11T17:19:38Z
Python2 POC for CVE 2020-11060 : 0xdreadnaught/cve-2020-11060-poc create time: 2021-06-11T14:52:03Z
CVE-2021-3560 PrivEsc2root Exploit : swapravo/polkadots create time: 2021-06-11T14:28:43Z
no description : 0xd114/CVE-2021-3156 create time: 2021-06-11T07:06:09Z
no description : sujaygr8/CVE-2020-3452 create time: 2021-06-10T05:09:52Z
PoC for exploiting CVE-2020-1920 : JamesCVE/CVE-2020-1920 create time: 2021-06-10T01:06:20Z
PoC for exploiting CVE-2021-24316 : JamesCVE/CVE-2021-24316 create time: 2021-06-10T01:32:26Z
PoC for exploiting CVE-2021-23388 : JamesCVE/CVE-2021-23388 create time: 2021-06-10T01:05:29Z
no description : mavillon1/CVE-2021-33739-POC create time: 2021-06-09T06:55:52Z
Formal verification example for CVE-2020-8835 : digamma-ai/CVE-2020-8835-verification create time: 2021-06-04T16:15:21Z
Directory Traversal vulnerability in Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 : PwCNO-CTO/CVE-2021-26714 create time: 2021-06-08T15:33:51Z
Directory traversal vulnerability in the spring-boot-actuator-logview library : PwCNO-CTO/CVE-2021-21234 create time: 2021-06-08T15:31:54Z
exploit.. : AssassinUKG/CVE_2018_16509 create time: 2021-06-08T10:15:39Z
CVE-2017-9554 Exploit Tool : Ez0-yf/CVE-2017-9554-Exploit-Tool create time: 2021-06-08T09:13:52Z
对CVE-2021-29505进行复现,并分析学了下Xstream反序列化过程 : MyBlackManba/CVE-2021-29505 create time: 2021-06-08T05:27:57Z
PoC for exploiting CVE-2018-1386 : JamesGeeee/CVE-2018-1386 create time: 2021-06-08T01:25:42Z
PoC for exploiting CVE-2019-4031 : JamesGeeee/CVE-2019-4031 create time: 2021-06-08T01:25:06Z
PoC for exploiting CVE-2020-17514 : JamesGeeee/CVE-2020-17514 create time: 2021-06-08T01:26:09Z
PoC for exploiting CVE-2020-36007 : JamesGeeee/CVE-2020-36007 create time: 2021-06-08T01:23:49Z
PoC for exploiting CVE-2020-36385 : JamesGeeee/CVE-2020-36385 create time: 2021-06-08T01:23:24Z
PoC for exploiting CVE-2020-5008 : JamesGeeee/CVE-2020-5008 create time: 2021-06-08T01:21:57Z
PoC for exploiting CVE-2020-1719 : JamesGeeee/CVE-2020-1719 create time: 2021-06-08T01:21:44Z
PoC for exploiting CVE-2020-14329 : JamesGeeee/CVE-2020-14329 create time: 2021-06-08T01:21:33Z
PoC for exploiting CVE-2020-14328 : JamesGeeee/CVE-2020-14328 create time: 2021-06-08T01:21:28Z
PoC for exploiting CVE-2020-14327 : JamesGeeee/CVE-2020-14327 create time: 2021-06-08T01:21:13Z
PoC for exploiting CVE-2020-10729 : JamesGeeee/CVE-2020-10729 create time: 2021-06-08T01:21:03Z
PoC for exploiting CVE-2020-5030 : JamesGeeee/CVE-2020-5030 create time: 2021-06-08T01:20:46Z
PoC for exploiting CVE-2020-4495 : JamesGeeee/CVE-2020-4495 create time: 2021-06-08T01:18:48Z
PoC for exploiting CVE-2020-4977 : JamesGeeee/CVE-2020-4977 create time: 2021-06-08T01:18:42Z
PoC for exploiting CVE-2020-10698 : JamesGeeee/CVE-2020-10698 create time: 2021-06-08T01:18:27Z
PoC for exploiting CVE-2020-26142 : JamesGeeee/CVE-2020-26142 create time: 2021-06-08T01:17:00Z
PoC for exploiting CVE-2020-28328 : JamesGeeee/CVE-2020-28328 create time: 2021-06-08T01:16:30Z
PoC for exploiting CVE-2020-36313 : JamesGeeee/CVE-2020-36313 create time: 2021-06-08T01:16:25Z
PoC for exploiting CVE-2020-15225 : JamesGeeee/CVE-2020-15225 create time: 2021-06-08T01:16:07Z
PoC for exploiting CVE-2020-18268 : JamesGeeee/CVE-2020-18268 create time: 2021-06-08T01:15:26Z
PoC for exploiting CVE-2020-18265 : JamesGeeee/CVE-2020-18265 create time: 2021-06-08T01:15:20Z
PoC for exploiting CVE-2020-18264 : JamesGeeee/CVE-2020-18264 create time: 2021-06-08T01:15:15Z
PoC for exploiting CVE-2021-33839 : JamesGeeee/CVE-2021-33839 create time: 2021-06-08T01:25:57Z
PoC for exploiting CVE-2021-22911 : JamesGeeee/CVE-2021-22911 create time: 2021-06-08T01:25:50Z
PoC for exploiting CVE-2021-33840 : JamesGeeee/CVE-2021-33840 create time: 2021-06-08T01:24:46Z
PoC for exploiting CVE-2021-33838 : JamesGeeee/CVE-2021-33838 create time: 2021-06-08T01:23:55Z
PoC for exploiting CVE-2021-22222 : JamesGeeee/CVE-2021-22222 create time: 2021-06-08T01:23:41Z
PoC for exploiting CVE-2021-33904 : JamesGeeee/CVE-2021-33904 create time: 2021-06-08T01:23:34Z
PoC for exploiting CVE-2021-29099 : JamesGeeee/CVE-2021-29099 create time: 2021-06-08T01:23:29Z
PoC for exploiting CVE-2021-20699 : JamesGeeee/CVE-2021-20699 create time: 2021-06-08T01:23:13Z
PoC for exploiting CVE-2021-20698 : JamesGeeee/CVE-2021-20698 create time: 2021-06-08T01:23:01Z
PoC for exploiting CVE-2021-20517 : JamesGeeee/CVE-2021-20517 create time: 2021-06-08T01:22:07Z
PoC for exploiting CVE-2021-30465 : JamesGeeee/CVE-2021-30465 create time: 2021-06-08T01:21:39Z
PoC for exploiting CVE-2021-22705 : JamesGeeee/CVE-2021-22705 create time: 2021-06-08T01:20:55Z
PoC for exploiting CVE-2021-20338 : JamesGeeee/CVE-2021-20338 create time: 2021-06-08T01:20:41Z
PoC for exploiting CVE-2021-31920 : JamesGeeee/CVE-2021-31920 create time: 2021-06-08T01:20:36Z
PoC for exploiting CVE-2021-20343 : JamesGeeee/CVE-2021-20343 create time: 2021-06-08T01:20:31Z
PoC for exploiting CVE-2021-20347 : JamesGeeee/CVE-2021-20347 create time: 2021-06-08T01:20:18Z
PoC for exploiting CVE-2021-20346 : JamesGeeee/CVE-2021-20346 create time: 2021-06-08T01:20:05Z
PoC for exploiting CVE-2021-20345 : JamesGeeee/CVE-2021-20345 create time: 2021-06-08T01:19:57Z
PoC for exploiting CVE-2021-32458 : JamesGeeee/CVE-2021-32458 create time: 2021-06-08T01:19:35Z
PoC for exploiting CVE-2021-20348 : JamesGeeee/CVE-2021-20348 create time: 2021-06-08T01:19:30Z
PoC for exploiting CVE-2021-20371 : JamesGeeee/CVE-2021-20371 create time: 2021-06-08T01:19:25Z
PoC for exploiting CVE-2021-29670 : JamesGeeee/CVE-2021-29670 create time: 2021-06-08T01:19:20Z
PoC for exploiting CVE-2021-29740 : JamesGeeee/CVE-2021-29740 create time: 2021-06-08T01:19:15Z
PoC for exploiting CVE-2021-29665 : JamesGeeee/CVE-2021-29665 create time: 2021-06-08T01:19:06Z
PoC for exploiting CVE-2021-29668 : JamesGeeee/CVE-2021-29668 create time: 2021-06-08T01:18:56Z
PoC for exploiting CVE-2021-31155 : JamesGeeee/CVE-2021-31155 create time: 2021-06-08T01:18:32Z
PoC for exploiting CVE-2021-31154 : JamesGeeee/CVE-2021-31154 create time: 2021-06-08T01:18:16Z
PoC for exploiting CVE-2021-22543 : JamesGeeee/CVE-2021-22543 create time: 2021-06-08T01:17:18Z
PoC for exploiting CVE-2021-31153 : JamesGeeee/CVE-2021-31153 create time: 2021-06-08T01:17:08Z
PoC for exploiting CVE-2021-21198 : JamesGeeee/CVE-2021-21198 create time: 2021-06-08T01:16:53Z
PoC for exploiting CVE-2017-20005 : JamesGeeee/CVE-2017-20005 create time: 2021-06-08T01:09:17Z
PoC for exploiting CVE-2018-25015 : JamesGeeee/CVE-2018-25015 create time: 2021-06-08T01:10:51Z
PoC for exploiting CVE-2019-25045 : JamesGeeee/CVE-2019-25045 create time: 2021-06-08T01:11:02Z
PoC for exploiting CVE-2020-36387 : JamesGeeee/CVE-2020-36387 create time: 2021-06-08T01:11:52Z
PoC for exploiting CVE-2020-36386 : JamesGeeee/CVE-2020-36386 create time: 2021-06-08T01:11:40Z
PoC for exploiting CVE-2020-1742 : JamesGeeee/CVE-2020-1742 create time: 2021-06-08T01:11:28Z
PoC for exploiting CVE-2020-1690 : JamesGeeee/CVE-2020-1690 create time: 2021-06-08T01:11:08Z
PoC for exploiting CVE-2021-30528 : JamesGeeee/CVE-2021-30528 create time: 2021-06-08T01:12:15Z
PoC for exploiting CVE-2021-30527 : JamesGeeee/CVE-2021-30527 create time: 2021-06-08T01:12:09Z
PoC for exploiting CVE-2021-30526 : JamesGeeee/CVE-2021-30526 create time: 2021-06-08T01:12:03Z
PoC for exploiting CVE-2021-30525 : JamesGeeee/CVE-2021-30525 create time: 2021-06-08T01:11:58Z
PoC for exploiting CVE-2021-30522 : JamesGeeee/CVE-2021-30522 create time: 2021-06-08T01:10:57Z
PoC for exploiting CVE-2021-30538 : JamesGeeee/CVE-2021-30538 create time: 2021-06-08T01:10:39Z
PoC for exploiting CVE-2021-30536 : JamesGeeee/CVE-2021-30536 create time: 2021-06-08T01:10:29Z
PoC for exploiting CVE-2021-30535 : JamesGeeee/CVE-2021-30535 create time: 2021-06-08T01:10:17Z
PoC for exploiting CVE-2021-30524 : JamesGeeee/CVE-2021-30524 create time: 2021-06-08T01:10:04Z
PoC for exploiting CVE-2021-30523 : JamesGeeee/CVE-2021-30523 create time: 2021-06-08T01:09:54Z
PoC for exploiting CVE-2021-30521 : JamesGeeee/CVE-2021-30521 create time: 2021-06-08T01:09:48Z
PoC for exploiting CVE-2021-3277 : JamesGeeee/CVE-2021-3277 create time: 2021-06-08T01:09:43Z
PoC for exploiting CVE-2021-32671 : JamesGeeee/CVE-2021-32671 create time: 2021-06-08T01:09:38Z
PoC for exploiting CVE-2021-32670 : JamesGeeee/CVE-2021-32670 create time: 2021-06-08T01:09:26Z
PoC for exploiting CVE-2021-26080 : JamesGeeee/CVE-2021-26080 create time: 2021-06-08T01:09:08Z
PoC for exploiting CVE-2021-26079 : JamesGeeee/CVE-2021-26079 create time: 2021-06-08T01:09:02Z
PoC for exploiting CVE-2021-26078 : JamesGeeee/CVE-2021-26078 create time: 2021-06-08T01:08:57Z
PoC for exploiting CVE-2021-33194 : JamesGeeee/CVE-2021-33194 create time: 2021-06-08T01:08:52Z
PoC for exploiting CVE-2021-22118 : JamesGeeee/CVE-2021-22118 create time: 2021-06-08T01:08:45Z
PoC for exploiting CVE-2020-25716 : JamesGeeee/CVE-2020-25716 create time: 2021-06-07T23:45:51Z
PoC for exploiting CVE-2020-1750 : JamesGeeee/CVE-2020-1750 create time: 2021-06-07T23:24:43Z
PoC for exploiting CVE-2021-20259 : JamesGeeee/CVE-2021-20259 create time: 2021-06-07T23:45:56Z
no description : suprise4u/CVE-2019-1388 create time: 2021-06-07T22:29:08Z
PoC for exploiting CVE-2020-4732 : JamesGeeee/CVE-2020-4732 create time: 2021-06-07T23:08:30Z
Bludit 3.9.2 - Auth Brute Force Mitigation Bypass. CVE-2019-17240 : brusergio/bloodit create time: 2021-06-07T17:22:40Z
My implementation for an exploit of the CVE-2020-0041 bug : Byte-Master-101/CVE_2020_0041 create time: 2021-06-07T11:48:43Z
A simple repository helping to test CVE-2021-3572 in PyPA/pip : frenzymadness/CVE-2021-3572 create time: 2021-06-07T08:36:47Z
my poc for cve-2021-21985 : brandonshiyay/cve-2021-21985 create time: 2021-06-07T08:08:25Z
no description : kienquoc102/CVE-2018-9995-P2 create time: 2021-06-07T05:57:43Z
GameLoop update MITM : mmiszczyk/cve-2021-33879 create time: 2021-06-06T18:05:30Z
XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03 : ambalabanov/CVE-2020-9496 create time: 2021-06-06T10:32:07Z
Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Different Gadgets : Dor-Tumarkin/CVE-2021-25641-Proof-of-Concept create time: 2021-06-06T06:41:36Z
Unsafe Twig processing of static pages leading to RCE in Grav CMS 1.7.10 : CsEnox/CVE-2021-29440 create time: 2021-06-06T00:51:21Z
This demonstration video shows how we can control the victim's device by sending the innocent-looking PDF file to the target which actually consists of embedded payload. The exploit was made public as CVE-2010-1240. : Jasmoon99/Embedded-PDF create time: 2021-06-05T18:59:28Z
no description : mr-r3bot/Gitlab-CVE-2021-22205 create time: 2021-06-05T15:42:16Z
Pre-Auth Blind NoSQL Injection leading to Remote Code Execution in Rocket Chat 3.12.1 : CsEnox/CVE-2021-22911 create time: 2021-06-05T15:05:01Z
PoC for exploiting CVE-2015-5232 : JamesGeeee/CVE-2015-5232 create time: 2021-06-05T12:17:53Z
PoC for exploiting CVE-2020-13558 : JamesGeeee/CVE-2020-13558 create time: 2021-06-05T12:18:56Z
PoC for exploiting CVE-2020-29323 : JamesGeeee/CVE-2020-29323 create time: 2021-06-05T12:16:52Z
PoC for exploiting CVE-2020-29321 : JamesGeeee/CVE-2020-29321 create time: 2021-06-05T12:16:48Z
PoC for exploiting CVE-2020-29322 : JamesGeeee/CVE-2020-29322 create time: 2021-06-05T12:16:45Z
PoC for exploiting CVE-2020-29324 : JamesGeeee/CVE-2020-29324 create time: 2021-06-05T12:16:12Z
PoC for exploiting CVE-2020-13956 : JamesGeeee/CVE-2020-13956 create time: 2021-06-05T12:12:01Z
PoC for exploiting CVE-2021-30513 : JamesGeeee/CVE-2021-30513 create time: 2021-06-05T12:21:04Z
PoC for exploiting CVE-2021-30510 : JamesGeeee/CVE-2021-30510 create time: 2021-06-05T12:20:24Z
PoC for exploiting CVE-2021-22900 : JamesGeeee/CVE-2021-22900 create time: 2021-06-05T12:20:20Z
PoC for exploiting CVE-2021-28453 : JamesGeeee/CVE-2021-28453 create time: 2021-06-05T12:20:16Z
PoC for exploiting CVE-2021-28326 : JamesGeeee/CVE-2021-28326 create time: 2021-06-05T12:20:13Z
PoC for exploiting CVE-2021-20585 : JamesGeeee/CVE-2021-20585 create time: 2021-06-05T12:20:09Z
PoC for exploiting CVE-2021-25326 : JamesGeeee/CVE-2021-25326 create time: 2021-06-05T12:19:54Z
PoC for exploiting CVE-2021-28242 : JamesGeeee/CVE-2021-28242 create time: 2021-06-05T12:19:38Z
PoC for exploiting CVE-2021-23985 : JamesGeeee/CVE-2021-23985 create time: 2021-06-05T12:19:29Z
PoC for exploiting CVE-2021-23987 : JamesGeeee/CVE-2021-23987 create time: 2021-06-05T12:19:26Z
PoC for exploiting CVE-2021-23986 : JamesGeeee/CVE-2021-23986 create time: 2021-06-05T12:19:22Z
PoC for exploiting CVE-2021-23984 : JamesGeeee/CVE-2021-23984 create time: 2021-06-05T12:19:18Z
PoC for exploiting CVE-2021-25327 : JamesGeeee/CVE-2021-25327 create time: 2021-06-05T12:19:04Z
PoC for exploiting CVE-2021-25328 : JamesGeeee/CVE-2021-25328 create time: 2021-06-05T12:19:00Z
PoC for exploiting CVE-2021-23983 : JamesGeeee/CVE-2021-23983 create time: 2021-06-05T12:18:53Z
PoC for exploiting CVE-2021-30159 : JamesGeeee/CVE-2021-30159 create time: 2021-06-05T12:18:50Z
PoC for exploiting CVE-2021-30178 : JamesGeeee/CVE-2021-30178 create time: 2021-06-05T12:18:46Z
PoC for exploiting CVE-2021-3393 : JamesGeeee/CVE-2021-3393 create time: 2021-06-05T12:18:32Z
PoC for exploiting CVE-2021-3448 : JamesGeeee/CVE-2021-3448 create time: 2021-06-05T12:18:27Z
PoC for exploiting CVE-2021-30123 : JamesGeeee/CVE-2021-30123 create time: 2021-06-05T12:18:24Z
PoC for exploiting CVE-2021-29642 : JamesGeeee/CVE-2021-29642 create time: 2021-06-05T12:18:20Z
PoC for exploiting CVE-2021-29271 : JamesGeeee/CVE-2021-29271 create time: 2021-06-05T12:18:17Z
PoC for exploiting CVE-2021-29272 : JamesGeeee/CVE-2021-29272 create time: 2021-06-05T12:18:13Z
PoC for exploiting CVE-2021-29417 : JamesGeeee/CVE-2021-29417 create time: 2021-06-05T12:18:02Z
PoC for exploiting CVE-2021-33623 : JamesGeeee/CVE-2021-33623 create time: 2021-06-05T12:17:49Z
PoC for exploiting CVE-2021-21989 : JamesGeeee/CVE-2021-21989 create time: 2021-06-05T12:17:46Z
PoC for exploiting CVE-2021-33587 : JamesGeeee/CVE-2021-33587 create time: 2021-06-05T12:17:42Z
PoC for exploiting CVE-2021-22358 : JamesGeeee/CVE-2021-22358 create time: 2021-06-05T12:17:39Z
PoC for exploiting CVE-2021-21987 : JamesGeeee/CVE-2021-21987 create time: 2021-06-05T12:17:32Z
PoC for exploiting CVE-2021-33558 : JamesGeeee/CVE-2021-33558 create time: 2021-06-05T12:17:18Z
no description : testanull/Project_CVE-2021-21985_PoC create time: 2021-06-05T11:03:13Z
Drupal 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. : 0xAJ2K/CVE-2018-7600 create time: 2021-06-05T09:49:56Z
Proof of Concept CVE-2021-29155 : Kakashiiiiy/CVE-2021-29155 create time: 2021-06-03T15:53:10Z
https://github.com/CptGibbon/CVE-2021-3156/ : donghyunlee00/CVE-2021-3156 create time: 2021-06-04T06:39:55Z
CVE-2021-2173 : [emad-almousa/CVE-2021-2173](https://github.com/emad-almousa/CVE-2021