CVE-2024-1874
In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
Github link:
https://github.com/Tgcohce/CVE-2024-1874
In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
Github link:
https://github.com/Tgcohce/CVE-2024-1874
GitHub
GitHub - Tgcohce/CVE-2024-1874: Proof Of Concept for CVE-2024-1874
Proof Of Concept for CVE-2024-1874. Contribute to Tgcohce/CVE-2024-1874 development by creating an account on GitHub.
CVE-2022-30780
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers.
Github link:
https://github.com/xiw1ll/CVE-2022-30780_Checker
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers.
Github link:
https://github.com/xiw1ll/CVE-2022-30780_Checker
GitHub
GitHub - xiw1ll/CVE-2022-30780_Checker: Lighttpd CVE-2022-30780 checker
Lighttpd CVE-2022-30780 checker. Contribute to xiw1ll/CVE-2022-30780_Checker development by creating an account on GitHub.
CVE-2023-22515
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
For more details, please review the linked advisory on this CVE.
Github link:
https://github.com/spareack/CVE-2023-22515-NSE
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
For more details, please review the linked advisory on this CVE.
Github link:
https://github.com/spareack/CVE-2023-22515-NSE
GitHub
GitHub - spareack/CVE-2023-22515-NSE: Vulnerability checking tool via Nmap Scripting Engine
Vulnerability checking tool via Nmap Scripting Engine - spareack/CVE-2023-22515-NSE
CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Github link:
https://github.com/m1sn0w/CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Github link:
https://github.com/m1sn0w/CVE-2023-3824
GitHub
GitHub - m1sn0w/CVE-2023-3824: CVE-2023-3824
CVE-2023-3824. Contribute to m1sn0w/CVE-2023-3824 development by creating an account on GitHub.
CVE-2022-37706
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Github link:
https://github.com/TACTICAL-HACK/CVE-2022-37706-SUID
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Github link:
https://github.com/TACTICAL-HACK/CVE-2022-37706-SUID
GitHub
GitHub - TACTICAL-HACK/CVE-2022-37706-SUID: CVE-2022-37706-Enlightenment v0.25.3 - Privilege escalation
CVE-2022-37706-Enlightenment v0.25.3 - Privilege escalation - TACTICAL-HACK/CVE-2022-37706-SUID
CVE-2012-1823
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Github link:
https://github.com/Fatalityx84/CVE-2012-1823
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Github link:
https://github.com/Fatalityx84/CVE-2012-1823
GitHub
GitHub - Fatalityx84/CVE-2012-1823: Prova de conceito de PHP CGI Argument Injection.
Prova de conceito de PHP CGI Argument Injection. Contribute to Fatalityx84/CVE-2012-1823 development by creating an account on GitHub.
CVE-2022-30190
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
Github link:
https://github.com/ethicalblue/Follina-CVE-2022-30190-Sample
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
Github link:
https://github.com/ethicalblue/Follina-CVE-2022-30190-Sample
GitHub
GitHub - ethicalblue/Follina-CVE-2022-30190-Sample: Educational exploit for CVE-2022-30190
Educational exploit for CVE-2022-30190. Contribute to ethicalblue/Follina-CVE-2022-30190-Sample development by creating an account on GitHub.
CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/ex-ARnX/CVE-2024-34102-PoC
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/ex-ARnX/CVE-2024-34102-PoC
GitHub
GitHub - ex-ARnX/CVE-2024-34102-PoC: CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce and (NEW 0DAY)?
CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce and (NEW 0DAY)? - ex-ARnX/CVE-2024-34102-PoC
CVE-2024-24590
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
Github link:
https://github.com/sviim/ClearML-CVE-2024-24590
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
Github link:
https://github.com/sviim/ClearML-CVE-2024-24590
GitHub
GitHub - sviim/ClearML-CVE-2024-24590-RCE: With this script you can exploit the CVE-2024-24590
With this script you can exploit the CVE-2024-24590 - sviim/ClearML-CVE-2024-24590-RCE
CVE-2022-37017
Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.
Github link:
https://github.com/apeppels/CVE-2022-37017
Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.
Github link:
https://github.com/apeppels/CVE-2022-37017
GitHub
GitHub - apeppels/CVE-2022-37017: Bypass for Symantec Endpoint Protection's Client User Interface Password
Bypass for Symantec Endpoint Protection's Client User Interface Password - apeppels/CVE-2022-37017
CVE-2023-22515
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
For more details, please review the linked advisory on this CVE.
Github link:
https://github.com/Onedy1703/CVE-2023-22515
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
For more details, please review the linked advisory on this CVE.
Github link:
https://github.com/Onedy1703/CVE-2023-22515
GitHub
GitHub - Onedy1703/CVE-2023-22515: CVE 2023-22515
CVE 2023-22515. Contribute to Onedy1703/CVE-2023-22515 development by creating an account on GitHub.
CVE-2020-13945
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.
Github link:
https://github.com/K3ysTr0K3R/CVE-2020-13945-EXPLOIT
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.
Github link:
https://github.com/K3ysTr0K3R/CVE-2020-13945-EXPLOIT
GitHub
GitHub - K3ysTr0K3R/CVE-2020-13945-EXPLOIT: A PoC exploit for CVE-2020-13945 - Apache APISIX Remote Code Execution (RCE)
A PoC exploit for CVE-2020-13945 - Apache APISIX Remote Code Execution (RCE) - K3ysTr0K3R/CVE-2020-13945-EXPLOIT