CVE-2024-6387

A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().

Github link:
https://github.com/kubota/CVE-2024-6387-Vulnerability-Checker

CVE-2023-422

None

Github link:
https://github.com/HusenjanDev/CVE-2023-422-Chamilo-LMS-RCE

CVE-2023-4220

Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.

Github link:
https://github.com/B1TC0R3/CVE-2023-4220-PoC

CVE-2024-6387

A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().

Github link:
https://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker

CVE-2023-30253

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.

Github link:
https://github.com/andria-dev/DolibabyPhp

CVE-2024-23692

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.

Github link:
https://github.com/pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692-

CVE-2023-4226

None

Github link:
https://github.com/krishnan-tech/CVE-2023-4226-POC

CVE-2024-5274

None

Github link:
https://github.com/Alchemist3dot14/CVE-2024-5274-Detection

CVE-2024-36991

In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.

Github link:
https://github.com/Cappricio-Securities/CVE-2024-36991

CVE-2024-37032

Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.

Github link:
https://github.com/ahboon/CVE-2024-37032-scanner

CVE-2023-4220

Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.

Github link:
https://github.com/HO4XXX/cve-2023-4220-poc

CVE-2019-6447

The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.

Github link:
https://github.com/Cmadhushanka/CVE-2019-6447-Exploitation

CVE-2015-3864

Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.

Github link:
https://github.com/Cmadhushanka/CVE-2015-3864-Exploitation

CVE-2023-32784

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.

Github link:
https://github.com/Cmadhushanka/CVE-2023-32784-Exploitation

CVE-2024-34102

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

Github link:
https://github.com/Ex-Arn/CVE-2024-34102-RCE

CVE-2024-29510

None

Github link:
https://github.com/swsmith2391/CVE-2024-29510

CVE-2024-4577

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

Github link:
https://github.com/bibo318/CVE-2024-4577-RCE-ATTACK

CVE-2000-0114

Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.

Github link:
https://github.com/Josekutty-K/frontpage-server-extensions-vulnerability-scanner

CVE-2024-34102

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.

Github link:
https://github.com/crynomore/CVE-2024-34102

CVE-2020-25540

ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.

Github link:
https://github.com/simonlee-hello/CVE-2020-25540

CVE-2024-0044

In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.



Github link:
https://github.com/007CRIPTOGRAFIA/C-CVE-2024-0044