nomisec
WORKING POC
364 stars
by projectzeroindia · remote
https://github.com/projectzeroindia/CVE-2019-11510
This repository contains a functional exploit script for CVE-2019-11510, which targets an arbitrary file read vulnerability in Pulse Secure SSL VPN. The script automates the extraction of sensitive files like /etc/passwd, /etc/hosts, and credential databases, demonstrating the vulnerability's impact.
Classification
Working Poc 95%
Target:
Pulse Secure SSL VPN (versions affected by CVE-2019-11510)
No auth needed
Prerequisites:
Target URL(s) with Pulse Secure SSL VPN · Network access to the vulnerable endpoint
nomisec
WORKING POC
135 stars
by BishopFox · remote
https://github.com/BishopFox/pwn-pulse
This repository contains a functional exploit script for CVE-2019-11510, an arbitrary file read vulnerability in Pulse Connect Secure SSL VPN. The script automates the extraction of sensitive data such as private keys, usernames, session cookies, and passwords by leveraging the vulnerability to download and parse configuration files.
Classification
Working Poc 95%
Target:
Pulse Connect Secure SSL VPN
No auth needed
Prerequisites:
Network access to the vulnerable Pulse Connect Secure SSL VPN server
nomisec
WORKING POC
53 stars
by jas502n · remote
https://github.com/jas502n/CVE-2019-11510-1
The repository contains a functional Python script that exploits CVE-2019-11510, a directory traversal vulnerability in Pulse Secure SSL VPN, allowing arbitrary file read. The script constructs malicious URLs to access sensitive files like /etc/passwd and /etc/hosts.
Classification
Working Poc 95%
Target:
Pulse Secure SSL VPN
No auth needed
Prerequisites:
Network access to the vulnerable Pulse Secure SSL VPN server
nomisec
WORKING POC
50 stars
by imjdl · remote
https://github.com/imjdl/CVE-2019-11510-poc
This repository contains a functional exploit PoC for CVE-2019-11510, a pre-authentication arbitrary file read vulnerability in Pulse Secure SSL VPN. The exploit leverages path traversal to read sensitive files like /etc/passwd and /etc/hosts.
Classification
Working Poc 95%
Target:
Pulse Secure SSL VPN 8.1R15.1 / 8.2 / 8.3 / 9.0
No auth needed
Prerequisites:
Network access to the vulnerable Pulse Secure SSL VPN instance
nomisec
SCANNER
28 stars
by cisagov · poc
https://github.com/cisagov/check-your-pulse
This repository contains a Python-based tool for detecting the Pulse Secure VPN vulnerability (CVE-2019-11510) by checking for indicators of compromise. It does not include exploit code but provides a framework for scanning and reporting potential vulnerabilities.
Classification
Scanner 90%
Target:
Pulse Secure VPN
No auth needed
Prerequisites:
Network access to the target Pulse Secure VPN server
nomisec
SCANNER
18 stars
by r00tpgp · infoleak
https://github.com/r00tpgp/http-pulse_ssl_vpn.nse
This is an NSE script for Nmap that detects the Pulse Secure SSL VPN file disclosure vulnerability (CVE-2019-11510) by sending crafted HTTP requests to read /etc/passwd as a proof of concept. It does not exploit the vulnerability but scans for its presence.
Classification
Scanner 95%
Target:
Pulse Secure SSL VPN (8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4)
No auth needed
Prerequisites:
Network access to the target's HTTPS service (port 443)
nomisec
WORKING POC
9 stars
by aqhmal · remote
https://github.com/aqhmal/pulsexploit
This repository contains a functional exploit for CVE-2019-11510, an arbitrary file read vulnerability in Pulse Secure SSL VPN. The script automates the exploitation process by querying Shodan for potential targets and attempting to read sensitive files like /etc/passwd.
Classification
Working Poc 95%
Target:
Pulse Secure SSL VPN
No auth needed
Prerequisites:
Shodan API key · Python 3 · curl
nomisec
WORKING POC
5 stars
by es0 · infoleak
https://github.com/es0/CVE-2019-11510_poc
This repository contains a functional Python script that exploits CVE-2019-11510, an arbitrary file disclosure vulnerability in Pulse Secure SSL VPN. The script sends a crafted HTTP request to read sensitive files like /etc/passwd via path traversal.
Classification
Working Poc 95%
Target:
Pulse Secure SSL VPN 8.1R15.1/8.2/8.3/9.0
No auth needed
Prerequisites:
Network access to the target Pulse Secure SSL VPN
nomisec
SUSPICIOUS
3 stars
by 34zY · poc
https://github.com/34zY/APT-Backpack
The repository lists multiple CVEs and tools but contains no actual exploit code or technical details. It appears to be a collection of references without functional PoCs, likely serving as a lure for further engagement.
Classification
Suspicious 90%
Target:
multiple (see CVE list)
No auth needed
Prerequisites:
none provided
nomisec
WORKING POC
1 stars
by pwn3z · remote
https://github.com/pwn3z/CVE-2019-11510-PulseVPN
The repository contains a functional exploit script for CVE-2019-11510, an arbitrary file read vulnerability in Pulse Secure Pulse Connect Secure. The script checks for vulnerability by attempting to read /etc/passwd via a crafted URI path traversal.
Classification
Working Poc 90%
Target:
Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4
No auth needed
Prerequisites:
Network access to the target Pulse Secure VPN server
nomisec
WORKING POC
1 stars
by andripwn · remote
https://github.com/andripwn/pulse-exploit
This repository contains a functional exploit for CVE-2019-11510, an arbitrary file read vulnerability in Pulse Secure SSL VPN. The script automates the exploitation process by querying Shodan for potential targets and attempting to read sensitive files like /etc/passwd.
Classification
Working Poc 95%
Target:
Pulse Secure SSL VPN
No auth needed
Prerequisites:
Shodan API key · Internet access · Python 3
nomisec
STUB
by jason3e7 · poc
https://github.com/jason3e7/CVE-2019-11510
The repository contains only a README.md file with no actual exploit code or technical details. It appears to be a placeholder or incomplete repository.
Target:
unknown
No auth needed
nomisec
SCANNER
by nuc13us · infoleak
https://github.com/nuc13us/Pulse
This repository contains a Python script that uses the Shodan API to scan for IP addresses vulnerable to CVE-2019-11510, a Pulse Secure arbitrary file read vulnerability. It checks for the presence of a specific endpoint and logs vulnerable hosts to a file.
Classification
Scanner 90%
Target:
Pulse Secure VPN (versions affected by CVE-2019-11510)
No auth needed
Prerequisites:
Shodan API key · Internet access · Python environment
exploitdb
WORKING POC
by Alyssa Herrera · rubywebappsmultiple
https://www.exploit-db.com/exploits/47297
This Metasploit auxiliary module exploits CVE-2019-11510, a file disclosure vulnerability in Pulse Secure SSL VPN. It sends a crafted HTTP request to leak system files (e.g., /etc/passwd) via directory traversal.
Classification
Working Poc 95%
Target:
Pulse Secure SSL VPN (8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, 9.0 before 9.0R3.4)
No auth needed
Prerequisites:
Network access to the target's HTTPS service (port 443)
metasploit
WORKING POC
by Orange Tsai, Meh Chang, Alyssa Herrera, Justin Wagner, wvu · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/pulse_secure_file_disclosure.rb
This Metasploit module exploits a pre-authentication directory traversal vulnerability in Pulse Secure VPN (CVE-2019-11510) to disclose arbitrary files, including credentials and session IDs. It supports both automatic and manual modes for file extraction.
Classification
Working Poc 100%
Target:
Pulse Secure VPN (versions affected by CVE-2019-11510)
No auth needed
Prerequisites:
Network access to the Pulse Secure VPN server · SSL/TLS enabled on port 443