CVE-2024-33113
D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.
Github link:
https://github.com/FaLLenSKiLL1/CVE-2024-33113
D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_sms_inbox.php.
Github link:
https://github.com/FaLLenSKiLL1/CVE-2024-33113
GitHub
GitHub - FaLLenSKiLL1/CVE-2024-33113: D-LINK DIR-845L is vulnerable to information disclosure via the bsc_sms_inbox.php file.
D-LINK DIR-845L is vulnerable to information disclosure via the bsc_sms_inbox.php file. - FaLLenSKiLL1/CVE-2024-33113
CVE-2019-9849
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
Github link:
https://github.com/mbadanoiu/CVE-2019-9849
LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
Github link:
https://github.com/mbadanoiu/CVE-2019-9849
GitHub
GitHub - mbadanoiu/CVE-2019-9849: CVE-2019-9849: Remote bullet graphics retrieved in “stealth mode” in LibreOffice
CVE-2019-9849: Remote bullet graphics retrieved in “stealth mode” in LibreOffice - mbadanoiu/CVE-2019-9849
CVE-2024-5806
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass in limited scenarios.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
Github link:
https://github.com/watchtowrlabs/watchTowr-vs-progress-moveit_CVE-2024-5806
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass in limited scenarios.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
Github link:
https://github.com/watchtowrlabs/watchTowr-vs-progress-moveit_CVE-2024-5806
GitHub
GitHub - watchtowrlabs/watchTowr-vs-progress-moveit_CVE-2024-5806: Exploit for the CVE-2024-5806
Exploit for the CVE-2024-5806. Contribute to watchtowrlabs/watchTowr-vs-progress-moveit_CVE-2024-5806 development by creating an account on GitHub.
CVE-2023-30253
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
Github link:
https://github.com/dollarboysushil/Dolibarr-17.0.0-Exploit-CVE-2023-30253
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
Github link:
https://github.com/dollarboysushil/Dolibarr-17.0.0-Exploit-CVE-2023-30253
GitHub
GitHub - dollarboysushil/Dolibarr-17.0.0-Exploit-CVE-2023-30253: In Dolibarr 17.0.0 with the CMS Website plugin (core) enabled…
In Dolibarr 17.0.0 with the CMS Website plugin (core) enabled, an authenticated attacker can obtain remote command execution via php code injection bypassing the application restrictions. - dollarb...
CVE-2018-9995
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
Github link:
https://github.com/A-Alabdoo/CVE-DVr
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
Github link:
https://github.com/A-Alabdoo/CVE-DVr
GitHub
GitHub - A-Alabdoo/CVE-DVr: CVE-2018-9995
CVE-2018-9995. Contribute to A-Alabdoo/CVE-DVr development by creating an account on GitHub.
CVE-2024-29868
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism.
This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account.
This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
Github link:
https://github.com/DEVisions/CVE-2024-29868
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes user self-registration and password recovery mechanism.
This allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account.
This issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.
Users are recommended to upgrade to version 0.95.0, which fixes the issue.
Github link:
https://github.com/DEVisions/CVE-2024-29868
GitHub
GitHub - DEVisions/CVE-2024-29868: Proof of concept of CVE-2024-29868 affecting Apache StreamPipes from 0.69.0 through 0.93.0
Proof of concept of CVE-2024-29868 affecting Apache StreamPipes from 0.69.0 through 0.93.0 - DEVisions/CVE-2024-29868
CVE-2023-23388
Windows Bluetooth Driver Elevation of Privilege Vulnerability
Github link:
https://github.com/ynwarcs/CVE-2023-23388
Windows Bluetooth Driver Elevation of Privilege Vulnerability
Github link:
https://github.com/ynwarcs/CVE-2023-23388
GitHub
GitHub - ynwarcs/CVE-2023-23388: poc for CVE-2023-23388 (LPE in Windows 10/11 bthserv service)
poc for CVE-2023-23388 (LPE in Windows 10/11 bthserv service) - ynwarcs/CVE-2023-23388
CVE-2024-34313
An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory traversal via a crafted request to a public endpoint.
Github link:
https://github.com/vincentscode/CVE-2024-34313
An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory traversal via a crafted request to a public endpoint.
Github link:
https://github.com/vincentscode/CVE-2024-34313
GitHub
GitHub - vincentscode/CVE-2024-34313: ☣️ This repository contains the description and a proof of concept for CVE-2024-34313
☣️ This repository contains the description and a proof of concept for CVE-2024-34313 - vincentscode/CVE-2024-34313
CVE-2024-34312
Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js.
Github link:
https://github.com/vincentscode/CVE-2024-34312
Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js.
Github link:
https://github.com/vincentscode/CVE-2024-34312
GitHub
GitHub - vincentscode/CVE-2024-34312: ☣️ This repository contains the description and a proof of concept for CVE-2024-34312
☣️ This repository contains the description and a proof of concept for CVE-2024-34312 - vincentscode/CVE-2024-34312
CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/Yitian26/git_rce
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/Yitian26/git_rce
GitHub
GitHub - Yitian26/git_rce
Contribute to Yitian26/git_rce development by creating an account on GitHub.
CVE-2024-34470
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
Github link:
https://github.com/th3gokul/CVE-2024-34470
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
Github link:
https://github.com/th3gokul/CVE-2024-34470
GitHub
GitHub - th3gokul/CVE-2024-34470: CVE-2024-34470 : An Unauthenticated Path Traversal Vulnerability in HSC Mailinspector
CVE-2024-34470 : An Unauthenticated Path Traversal Vulnerability in HSC Mailinspector - th3gokul/CVE-2024-34470
CVE-2024-21514
This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have to be enabled), it is possible to exploit SQL injection to gain unauthorised access to the backend database. For any site which is vulnerable, any unauthenticated user could exploit this to dump the entire OpenCart database, including customer PII data.
Github link:
https://github.com/bigb0x/CVE-2024-21514
This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have to be enabled), it is possible to exploit SQL injection to gain unauthorised access to the backend database. For any site which is vulnerable, any unauthenticated user could exploit this to dump the entire OpenCart database, including customer PII data.
Github link:
https://github.com/bigb0x/CVE-2024-21514
GitHub
GitHub - bigb0x/CVE-2024-21514: SQL Injection POC for CVE-2024-21514: Divido payment extension for OpenCart
SQL Injection POC for CVE-2024-21514: Divido payment extension for OpenCart - bigb0x/CVE-2024-21514
CVE-2024-31982
XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki.
Github link:
https://github.com/bigb0x/CVE-2024-31982
XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki.
Github link:
https://github.com/bigb0x/CVE-2024-31982
GitHub
GitHub - bigb0x/CVE-2024-31982: POC for CVE-2024-31982: XWiki Platform Remote Code Execution > 14.10.20
POC for CVE-2024-31982: XWiki Platform Remote Code Execution > 14.10.20 - bigb0x/CVE-2024-31982
CVE-2024-31982
XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki.
Github link:
https://github.com/th3gokul/CVE-2024-31982
XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki.
Github link:
https://github.com/th3gokul/CVE-2024-31982
GitHub
GitHub - th3gokul/CVE-2024-31982: A tool for vulnerability detection and exploitation tool for CVE-2024-31982
A tool for vulnerability detection and exploitation tool for CVE-2024-31982 - GitHub - th3gokul/CVE-2024-31982: A tool for vulnerability detection and exploitation tool for CVE-2024-31982
CVE-2023-23397
Microsoft Outlook Elevation of Privilege Vulnerability
Github link:
https://github.com/Symbolexe/CVE-2023-23397
Microsoft Outlook Elevation of Privilege Vulnerability
Github link:
https://github.com/Symbolexe/CVE-2023-23397
GitHub
GitHub - Symbolexe/CVE-2023-23397: CVE-2023-23397: Remote Code Execution Vulnerability in Microsoft Outlook
CVE-2023-23397: Remote Code Execution Vulnerability in Microsoft Outlook - Symbolexe/CVE-2023-23397
CVE-2024-28999
The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console.
Github link:
https://github.com/HussainFathy/CVE-2024-28999
The SolarWinds Platform was determined to be affected by a Race Condition Vulnerability affecting the web console.
Github link:
https://github.com/HussainFathy/CVE-2024-28999
GitHub
GitHub - HussainFathy/CVE-2024-28999: Exploit for CVE-2024-28999 SolarWinds Platform Race Condition Vulnerability - login page
Exploit for CVE-2024-28999 SolarWinds Platform Race Condition Vulnerability - login page - HussainFathy/CVE-2024-28999
CVE-2023-27163
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Github link:
https://github.com/Rishabh-Kumar-Cyber-Sec/CVE-2023-27163-ssrf-to-port-scanning
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Github link:
https://github.com/Rishabh-Kumar-Cyber-Sec/CVE-2023-27163-ssrf-to-port-scanning
GitHub
GitHub - Rishabh-Kumar-Cyber-Sec/CVE-2023-27163-ssrf-to-port-scanning: It is a simple script to automate internal port scanning…
It is a simple script to automate internal port scanning dueto SSRF in requests-baskets v 1.2.1. this script can also assisst in solving 'SAU' machine from hackthebox - Rishabh-Kuma...
CVE-2023-49103
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.
Github link:
https://github.com/d0rb/CVE-2023-49103
An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system. Therefore, even if ownCloud is not running in a containerized environment, this vulnerability should still be a cause for concern. Note that Docker containers from before February 2023 are not vulnerable to the credential disclosure.
Github link:
https://github.com/d0rb/CVE-2023-49103
GitHub
GitHub - d0rb/CVE-2023-49103: This is a simple proof of concept for CVE-2023-49103.
This is a simple proof of concept for CVE-2023-49103. - d0rb/CVE-2023-49103