CVE-2023-5360.zip
4.6 KB
CVE-2023-5360
Author: LaviruDilshan
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
GitHub Link:
https://github.com/LaviruDilshan/CVE-2023-5360-exploit-with-native-libraries
Author: LaviruDilshan
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.
GitHub Link:
https://github.com/LaviruDilshan/CVE-2023-5360-exploit-with-native-libraries
CVE-2019-13288
Author: ngtuonghung
In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.
GitHub Link:
https://github.com/ngtuonghung/CVE-2019-13288
Author: ngtuonghung
In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.
GitHub Link:
https://github.com/ngtuonghung/CVE-2019-13288
🍾1
CVE-2025-14847
Author: franksec42
None
GitHub Link:
https://github.com/franksec42/mongobleed-exploit-CVE-2025-14847
Author: franksec42
None
GitHub Link:
https://github.com/franksec42/mongobleed-exploit-CVE-2025-14847
🍾1
CVE-2019-9506
Author: BrainsBook
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
GitHub Link:
https://github.com/BrainsBook/knob
Author: BrainsBook
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
GitHub Link:
https://github.com/BrainsBook/knob
🍾1
CVE-2018-15133
Author: flame-11
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
GitHub Link:
https://github.com/flame-11/CVE-2018-15133-laravel-framework
Author: flame-11
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
GitHub Link:
https://github.com/flame-11/CVE-2018-15133-laravel-framework
🍾1
🍾1
CVE-2025-14847.zip
611 KB
CVE-2025-14847
Author: chinaxploiter
None
GitHub Link:
https://github.com/chinaxploiter/CVE-2025-14847-PoC
Author: chinaxploiter
None
GitHub Link:
https://github.com/chinaxploiter/CVE-2025-14847-PoC
🍾1