CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/Chocapikk/CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/Chocapikk/CVE-2024-34102
GitHub
GitHub - Chocapikk/CVE-2024-34102: CosmicSting (CVE-2024-34102)
CosmicSting (CVE-2024-34102). Contribute to Chocapikk/CVE-2024-34102 development by creating an account on GitHub.
CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/cmsec423/CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/cmsec423/CVE-2024-34102
GitHub
cmsec423/CVE-2024-34102
Magento XXE. Contribute to cmsec423/CVE-2024-34102 development by creating an account on GitHub.
CVE-2005-3299
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
Github link:
https://github.com/Cr0w-ui/-CVE-2005-3299-
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
Github link:
https://github.com/Cr0w-ui/-CVE-2005-3299-
GitHub
GitHub - Cr0w-ui/-CVE-2005-3299-: phpMyAdmin 2.6.4-pl1 - Directory Traversal
phpMyAdmin 2.6.4-pl1 - Directory Traversal. Contribute to Cr0w-ui/-CVE-2005-3299- development by creating an account on GitHub.
CVE-2023-45866
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Github link:
https://github.com/cisnarfu/Bluepop
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Github link:
https://github.com/cisnarfu/Bluepop
GitHub
GitHub - cisnarfu/Bluepop: CVE-2023-45866
CVE-2023-45866. Contribute to cisnarfu/Bluepop development by creating an account on GitHub.
CVE-2021-41091
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted contai
Github link:
https://github.com/SNE-M23-SN/Vulnerable-Docker-Engine
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted contai
Github link:
https://github.com/SNE-M23-SN/Vulnerable-Docker-Engine
GitHub
GitHub - SNE-M23-SN/Vulnerable-Docker-Engine: This exploit offers an in-depth look at the CVE-2021-41091 security vulnerability…
This exploit offers an in-depth look at the CVE-2021-41091 security vulnerability and provides a step-by-step guide on how to utilize the exploit script to achieve privilege escalation on a host. -...
CVE-2024-21413
Microsoft Outlook Remote Code Execution Vulnerability
Github link:
https://github.com/DerZiad/CVE-2024-21413
Microsoft Outlook Remote Code Execution Vulnerability
Github link:
https://github.com/DerZiad/CVE-2024-21413
GitHub
GitHub - DerZiad/CVE-2024-21413: This is a mailer that use console prompt to exploit this vulnerability
This is a mailer that use console prompt to exploit this vulnerability - DerZiad/CVE-2024-21413
CVE-2024-29972
None
Github link:
https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc
None
Github link:
https://github.com/Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc
GitHub
GitHub - Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc: This is a proof of concept for…
This is a proof of concept for the Zyxel vulnerabilities I found. Read the blog :) - Pommaq/CVE-2024-29972-CVE-2024-29976-CVE-2024-29973-CVE-2024-29975-CVE-2024-29974-poc
CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/0x0d3ad/CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/0x0d3ad/CVE-2024-34102
GitHub
GitHub - 0x0d3ad/CVE-2024-34102: CVE-2024-34102 (Magento XXE)
CVE-2024-34102 (Magento XXE). Contribute to 0x0d3ad/CVE-2024-34102 development by creating an account on GitHub.
CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/11whoami99/CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/11whoami99/CVE-2024-34102
GitHub
GitHub - 11whoami99/CVE-2024-34102: POC for CVE-2024-34102 : Unauthenticated Magento XXE and bypassing WAF , You will get http…
POC for CVE-2024-34102 : Unauthenticated Magento XXE and bypassing WAF , You will get http connection on ur webhook - 11whoami99/CVE-2024-34102
CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
Github link:
https://github.com/Hackhoven/Strapi-RCE
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
Github link:
https://github.com/Hackhoven/Strapi-RCE
GitHub
GitHub - Hackhoven/Strapi-RCE: Exploit script showcasing a mixture of CVE-2019-18818 and CVE-2019-19609 for unauthenticated remote…
Exploit script showcasing a mixture of CVE-2019-18818 and CVE-2019-19609 for unauthenticated remote code execution in Strapi CMS. - Hackhoven/Strapi-RCE
CVE-2024-20666
BitLocker Security Feature Bypass Vulnerability
Github link:
https://github.com/invaderslabs/CVE-2024-20666
BitLocker Security Feature Bypass Vulnerability
Github link:
https://github.com/invaderslabs/CVE-2024-20666
GitHub
GitHub - invaderslabs/CVE-2024-20666: CVE-2024-20666 vulnerability Solution patch failures in the Windows Recovery Environment…
CVE-2024-20666 vulnerability Solution patch failures in the Windows Recovery Environment (WinRE). - invaderslabs/CVE-2024-20666
CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento
GitHub
GitHub - jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento: CosmicSting: critical unauthenticated XXE vulnerability…
CosmicSting: critical unauthenticated XXE vulnerability in Adobe Commerce and Magento (CVE-2024-34102) - jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento
CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/evkl1d/CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/evkl1d/CVE-2021-4034
GitHub
GitHub - evkl1d/CVE-2021-4034: polkit
polkit. Contribute to evkl1d/CVE-2021-4034 development by creating an account on GitHub.
CVE-2019-6111
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
Github link:
https://github.com/mbadanoiu/MAL-008
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
Github link:
https://github.com/mbadanoiu/MAL-008
GitHub
GitHub - mbadanoiu/MAL-008: Case Study: SSHtranger Things (CVE-2019-6111, CVE-2019-6110) in Cisco SD-WAN
Case Study: SSHtranger Things (CVE-2019-6111, CVE-2019-6110) in Cisco SD-WAN - mbadanoiu/MAL-008