CVE-2022-30190
Author: mishra0230
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
GitHub Link:
https://github.com/mishra0230/CVE-2022-30190-Follina
Author: mishra0230
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
GitHub Link:
https://github.com/mishra0230/CVE-2022-30190-Follina
CVE-2025-4802
Author: Betim-Hodza
None
GitHub Link:
https://github.com/Betim-Hodza/CVE-2025-4802-Proof-of-Concept
Author: Betim-Hodza
None
GitHub Link:
https://github.com/Betim-Hodza/CVE-2025-4802-Proof-of-Concept
CVE-2021-43798.zip
2.7 KB
CVE-2021-43798
Author: baktistr
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is:
GitHub Link:
https://github.com/baktistr/cve-2021-43798-enum
Author: baktistr
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is:
<grafana_host_url>/public/plugins//, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.GitHub Link:
https://github.com/baktistr/cve-2021-43798-enum
CVE-2023-23397.zip
1.5 KB
CVE-2023-23397
Author: Phaedrik
Microsoft Outlook Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/Phaedrik/CVE-2023-23397-POC
Author: Phaedrik
Microsoft Outlook Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/Phaedrik/CVE-2023-23397-POC
CVE-2011-2523.zip
7.8 KB
CVE-2011-2523
Author: Mirza-22144
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
GitHub Link:
https://github.com/Mirza-22144/Vulnerability-Assessment-Exploitation-Lab
Author: Mirza-22144
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
GitHub Link:
https://github.com/Mirza-22144/Vulnerability-Assessment-Exploitation-Lab
CVE-2023-38831.zip
6.2 KB
CVE-2023-38831
Author: mishra0230
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
GitHub Link:
https://github.com/mishra0230/CVE-2023-38831
Author: mishra0230
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
GitHub Link:
https://github.com/mishra0230/CVE-2023-38831
CVE-2022-3653.zip
3.3 KB
CVE-2022-3653
Author: SpiralBL0CK
Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
GitHub Link:
https://github.com/SpiralBL0CK/CVE-2022-3653
Author: SpiralBL0CK
Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
GitHub Link:
https://github.com/SpiralBL0CK/CVE-2022-3653
CVE-2025-24893.zip
3.4 KB
CVE-2025-24893
Author: TomKingori
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to
Author: TomKingori
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to
SolrSearch. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to <host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20. If there is an output, and the title of the RSS feed contains Hello from search text:42, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit Main.SolrSearchMacros ...