CVE-2025-32463.zip
3.4 KB
CVE-2025-32463
Author: ankitpandey383
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/ankitpandey383/CVE-2025-32463-Sudo-Privilege-Escalation
Author: ankitpandey383
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/ankitpandey383/CVE-2025-32463-Sudo-Privilege-Escalation
CVE-2023-2598
Author: guard-wait
A flaw was found in the fixed buffer registration code for iouring (iosqebufferregister in iouring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.
GitHub Link:
https://github.com/guard-wait/CVE-2023-2598EXP
Author: guard-wait
A flaw was found in the fixed buffer registration code for iouring (iosqebufferregister in iouring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.
GitHub Link:
https://github.com/guard-wait/CVE-2023-2598EXP
CVE-2025-5777.zip
789 B
CVE-2025-5777
Author: mr-r3b00t
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
GitHub Link:
https://github.com/mr-r3b00t/CVE-2025-5777
Author: mr-r3b00t
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
GitHub Link:
https://github.com/mr-r3b00t/CVE-2025-5777
CVE-2011-2523.zip
2 KB
CVE-2011-2523
Author: avivyap
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
GitHub Link:
https://github.com/avivyap/CVE-2011-2523
Author: avivyap
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
GitHub Link:
https://github.com/avivyap/CVE-2011-2523
CVE-2021-44228.zip
709 B
CVE-2021-44228
Author: mgueye3
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
GitHub Link:
https://github.com/mgueye3/Log4Shell
Author: mgueye3
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
GitHub Link:
https://github.com/mgueye3/Log4Shell
CVE-2025-21479.zip
25.7 KB
CVE-2025-21479
Author: sarabpal-dev
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
GitHub Link:
https://github.com/sarabpal-dev/cheese-cake
Author: sarabpal-dev
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
GitHub Link:
https://github.com/sarabpal-dev/cheese-cake
CVE-2022-21587.zip
3.2 KB
CVE-2022-21587
Author: merlyn-1
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
GitHub Link:
https://github.com/merlyn-1/CVE-2022-21587-Oracle-EBS
Author: merlyn-1
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
GitHub Link:
https://github.com/merlyn-1/CVE-2022-21587-Oracle-EBS