CVE-2018-10933.zip
1010 B
CVE-2018-10933
Author: opsifiz
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
GitHub Link:
https://github.com/opsifiz/CVE-2018-10933
Author: opsifiz
A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.
GitHub Link:
https://github.com/opsifiz/CVE-2018-10933
CVE-2018-17254.zip
2.5 KB
CVE-2018-17254
Author: 7amzahard
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
GitHub Link:
https://github.com/7amzahard/script-python-to-detect-CVE-2018-17254
Author: 7amzahard
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
GitHub Link:
https://github.com/7amzahard/script-python-to-detect-CVE-2018-17254
CVE-2021-23394
Author: 0xnemian
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
GitHub Link:
https://github.com/0xnemian/CVE-2021-23394
Author: 0xnemian
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
GitHub Link:
https://github.com/0xnemian/CVE-2021-23394
CVE-2024-21413.zip
241.8 KB
CVE-2024-21413
Author: mmathivanan17
Microsoft Outlook Remote Code Execution Vulnerability
GitHub Link:
https://github.com/mmathivanan17/CVE-2024-21413
Author: mmathivanan17
Microsoft Outlook Remote Code Execution Vulnerability
GitHub Link:
https://github.com/mmathivanan17/CVE-2024-21413
CVE-2025-49132.zip
2.5 KB
CVE-2025-49132
Author: f3d0rq
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
GitHub Link:
https://github.com/f3d0rq/CVE-2025-49132
Author: f3d0rq
Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel's server, read credentials from the Panel's config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.
GitHub Link:
https://github.com/f3d0rq/CVE-2025-49132
CVE-2023-35813.zip
5.1 KB
CVE-2023-35813
Author: Rezy-Dev
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.
GitHub Link:
https://github.com/Rezy-Dev/CVE-2023-35813
Author: Rezy-Dev
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.
GitHub Link:
https://github.com/Rezy-Dev/CVE-2023-35813
CVE-2024-10220.zip
3.5 KB
CVE-2024-10220
Author: imohammed28
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
GitHub Link:
https://github.com/imohammed28/cve-2024-10220-test
Author: imohammed28
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.
GitHub Link:
https://github.com/imohammed28/cve-2024-10220-test
CVE-2020-26217.zip
3.2 KB
CVE-2020-26217
Author: Kairo-one
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
GitHub Link:
https://github.com/Kairo-one/CVE-2020-26217-XStream
Author: Kairo-one
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14.
GitHub Link:
https://github.com/Kairo-one/CVE-2020-26217-XStream
CVE-2021-21980.zip
8.1 KB
CVE-2021-21980
Author: pratikjojode
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
GitHub Link:
https://github.com/pratikjojode/vcenter-cve-2021-21980-lab
Author: pratikjojode
The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file read vulnerability. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to gain access to sensitive information.
GitHub Link:
https://github.com/pratikjojode/vcenter-cve-2021-21980-lab