CVE-2025-4802
Author: Betim-Hodza
None
GitHub Link:
https://github.com/Betim-Hodza/CVE-2025-4802-Proof-of-Concept
Author: Betim-Hodza
None
GitHub Link:
https://github.com/Betim-Hodza/CVE-2025-4802-Proof-of-Concept
CVE-2021-43798.zip
2.7 KB
CVE-2021-43798
Author: baktistr
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is:
GitHub Link:
https://github.com/baktistr/cve-2021-43798-enum
Author: baktistr
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is:
<grafana_host_url>/public/plugins//, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.GitHub Link:
https://github.com/baktistr/cve-2021-43798-enum
CVE-2023-23397.zip
1.5 KB
CVE-2023-23397
Author: Phaedrik
Microsoft Outlook Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/Phaedrik/CVE-2023-23397-POC
Author: Phaedrik
Microsoft Outlook Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/Phaedrik/CVE-2023-23397-POC
CVE-2011-2523.zip
7.8 KB
CVE-2011-2523
Author: Mirza-22144
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
GitHub Link:
https://github.com/Mirza-22144/Vulnerability-Assessment-Exploitation-Lab
Author: Mirza-22144
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
GitHub Link:
https://github.com/Mirza-22144/Vulnerability-Assessment-Exploitation-Lab
CVE-2023-38831.zip
6.2 KB
CVE-2023-38831
Author: mishra0230
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
GitHub Link:
https://github.com/mishra0230/CVE-2023-38831
Author: mishra0230
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
GitHub Link:
https://github.com/mishra0230/CVE-2023-38831
CVE-2022-3653.zip
3.3 KB
CVE-2022-3653
Author: SpiralBL0CK
Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
GitHub Link:
https://github.com/SpiralBL0CK/CVE-2022-3653
Author: SpiralBL0CK
Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
GitHub Link:
https://github.com/SpiralBL0CK/CVE-2022-3653
CVE-2025-24893.zip
3.4 KB
CVE-2025-24893
Author: TomKingori
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to
Author: TomKingori
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to
SolrSearch. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to <host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20. If there is an output, and the title of the RSS feed contains Hello from search text:42, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit Main.SolrSearchMacros ...CVE-2022-23779.zip
70.8 KB
CVE-2022-23779
Author: Rishi-kaul
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
GitHub Link:
https://github.com/Rishi-kaul/CVE-2022-23779
Author: Rishi-kaul
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
GitHub Link:
https://github.com/Rishi-kaul/CVE-2022-23779
CVE-2023-1773.zip
2 KB
CVE-2023-1773
Author: C1oudfL0w0
A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability.
GitHub Link:
https://github.com/C1oudfL0w0/CVE-2023-1773-Exploit
Author: C1oudfL0w0
A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability.
GitHub Link:
https://github.com/C1oudfL0w0/CVE-2023-1773-Exploit