CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/SamJUK/cosmicsting-validator
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/SamJUK/cosmicsting-validator
GitHub
GitHub - SamJUK/cosmicsting-validator: CosmicSting (CVE-2024-34102) POC / Patch Validator
CosmicSting (CVE-2024-34102) POC / Patch Validator - SamJUK/cosmicsting-validator
CVE-2021-20323
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
Github link:
https://github.com/cscpwn0sec/CVE-2021-20323
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
Github link:
https://github.com/cscpwn0sec/CVE-2021-20323
GitHub
GitHub - cscpwn0sec/CVE-2021-20323: Exploitation Scanner Cross Site Scripting vulnerability in Keycloak.
Exploitation Scanner Cross Site Scripting vulnerability in Keycloak. - cscpwn0sec/CVE-2021-20323
CVE-2024-36401
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.
The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGrap
Github link:
https://github.com/zjaycyy/CVE-2024-36401
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.
The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGrap
Github link:
https://github.com/zjaycyy/CVE-2024-36401
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/vkaushik-chef/regreSSHion
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/vkaushik-chef/regreSSHion
GitHub
GitHub - vkaushik-chef/regreSSHion: Chef Inspec profile for checking regreSSHion vulnerability CVE-2024-6387
Chef Inspec profile for checking regreSSHion vulnerability CVE-2024-6387 - vkaushik-chef/regreSSHion
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/asterictnl-lvdw/CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/asterictnl-lvdw/CVE-2024-6387
GitHub
GitHub - Karmakstylez/CVE-2024-6387: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)
Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387) - Karmakstylez/CVE-2024-6387
CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/unknownzerobit/poc
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/unknownzerobit/poc
GitHub
GitHub - unknownzerobit/poc: poc for CVE-2024-34102
poc for CVE-2024-34102 . Contribute to unknownzerobit/poc development by creating an account on GitHub.
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/Ziad-Sakr/Chamilo-LMS-CVE-2023-4220-Exploit
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/Ziad-Sakr/Chamilo-LMS-CVE-2023-4220-Exploit
GitHub
GitHub - Ziad-Sakr/Chamilo-LMS-CVE-2023-4220-Exploit: This is an Exploit for Unrestricted file upload in big file upload functionality…
This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this location "/main/inc/lib/javascript/bigupload/inc/bigUpload.php" in Chamilo...
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/insomnia-jacob/CVE-2023-4220-
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/insomnia-jacob/CVE-2023-4220-
GitHub
GitHub - insomnia-jacob/CVE-2023-4220: CVE-2023-4220 POC RCE
CVE-2023-4220 POC RCE. Contribute to insomnia-jacob/CVE-2023-4220 development by creating an account on GitHub.
CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/yq93dskimzm2/CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/yq93dskimzm2/CVE-2024-3094
CVE-2007-2447
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Github link:
https://github.com/IamLucif3r/CVE-2007-2447-Exploit
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Github link:
https://github.com/IamLucif3r/CVE-2007-2447-Exploit
GitHub
GitHub - IamLucif3r/CVE-2007-2447-Exploit: This is a exploit for CVE-2007-2447; Vulnerable SMB
This is a exploit for CVE-2007-2447; Vulnerable SMB - GitHub - IamLucif3r/CVE-2007-2447-Exploit: This is a exploit for CVE-2007-2447; Vulnerable SMB
CVE-2024-5009
In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.
Github link:
https://github.com/th3gokul/CVE-2024-5009
In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.
Github link:
https://github.com/th3gokul/CVE-2024-5009
GitHub
GitHub - th3gokul/CVE-2024-5009: CVE-2024-5009 : WhatsUp Gold SetAdminPassword Privilege Escalation
CVE-2024-5009 : WhatsUp Gold SetAdminPassword Privilege Escalation - th3gokul/CVE-2024-5009
CVE-2023-28432
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
Github link:
https://github.com/fhAnso/CVE-2023-28432
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
Github link:
https://github.com/fhAnso/CVE-2023-28432
GitHub
GitHub - fhAnso/CVE-2023-28432: CVE-2023-28432 - MinIO Information Disclosure
CVE-2023-28432 - MinIO Information Disclosure. Contribute to fhAnso/CVE-2023-28432 development by creating an account on GitHub.
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/kubota/CVE-2024-6387-Vulnerability-Checker
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/kubota/CVE-2024-6387-Vulnerability-Checker
GitHub
GitHub - kubota/CVE-2024-6387-Vulnerability-Checker: This Rust Code is designed to check SSH servers for the CVE-2024-6387 vulnerability
This Rust Code is designed to check SSH servers for the CVE-2024-6387 vulnerability - kubota/CVE-2024-6387-Vulnerability-Checker