This gist's comment stream is a collection of webdev apps for OS X. Feel free to add links to apps you like, just make sure you add some context to what it does — either from the creator's website or your own thoughts.
— Erik
#!/usr/bin/python | |
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) | |
# The author disclaims copyright to this source code. | |
import sys | |
import struct | |
import socket | |
import time | |
import select |
/* | |
* XSS filter | |
* | |
* This was built from numerous sources | |
* (thanks all, sorry I didn't track to credit you) | |
* | |
* It was tested against *most* exploits here: http://ha.ckers.org/xss.html | |
* WARNING: Some weren't tested!!! | |
* Those include the Actionscript and SSI samples, or any newer than Jan 2011 | |
* |
#include <stdint.h> | |
#include <avr/interrupt.h> | |
#include <avr/wdt.h> | |
byte sample = 0; | |
boolean sample_waiting = false; | |
byte current_bit = 0; | |
byte result = 0; | |
void setup() { |
#include <stdint.h> | |
#include <avr/interrupt.h> | |
#include <avr/wdt.h> | |
byte sample = 0; | |
boolean sample_waiting = false; | |
byte current_bit = 0; | |
byte result = 0; | |
void setup() { |
// Use Gists to store code you would like to remember later on | |
console.log(window); // log the "window" object to the console |
##Google Interview Questions: Product Marketing Manager
#!/usr/bin/python | |
# -*- coding: utf-8 -*- | |
import os | |
import sys | |
import errno | |
from datetime import datetime | |
from time import time | |
rootdir = os.getcwd() |
# Exploit Title: Redis 5.0 Denial of Service | |
# Date: 2018-06-13 | |
# Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
# Vendor Homepage: https://redis.io/ | |
# Software Link: https://redis.io/download | |
# Version: 5.0 | |
# Fixed on: 5.0 | |
# CVE : CVE-2018-12453 | |
Type confusion in the xgroupCommand function in t_stream.c in redis-server in Redis before 5.0 allows remote attackers to cause denial-of-service via an XGROUP command in which the key is not a stream. |
# Exploit Title: QEMU Guest Agent Denial of Service | |
# Date: 2018-06-07 | |
# Exploit Author: Fakhri Zulkifli (@d0lph1n98) | |
# Vendor Homepage: https://www.qemu.org/ | |
# Software Link: https://www.qemu.org/download/ | |
# Version: 2.12.50 and earlier | |
# Tested on: 2.12.50 | |
# CVE : CVE-2018-12617 | |
QEMU Guest Agent 2.12.50 and earlier has an integer overflow causing a g_malloc0() call to trigger a segfault() call when trying to allocate a large memory chunk. The vulnerability can be exploited by sending a specific QMP command to the agent via the listening socket. |