CVE-2009-2265.zip
741 B
CVE-2009-2265
Author: matesz44
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
GitHub Link:
https://github.com/matesz44/CVE-2009-2265
Author: matesz44
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
GitHub Link:
https://github.com/matesz44/CVE-2009-2265
CVE-2025-32462
Author: lakshan-sameera
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
GitHub Link:
https://github.com/lakshan-sameera/CVE-2025-32462-and-CVE-2025-32463---Critical-Sudo-Vulnerabilities
Author: lakshan-sameera
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
GitHub Link:
https://github.com/lakshan-sameera/CVE-2025-32462-and-CVE-2025-32463---Critical-Sudo-Vulnerabilities
CVE-2025-29927.zip
656 B
CVE-2025-29927
Author: N3k0t-dev
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
GitHub Link:
https://github.com/N3k0t-dev/bughunter-cyber-intel-dashboard
Author: N3k0t-dev
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
GitHub Link:
https://github.com/N3k0t-dev/bughunter-cyber-intel-dashboard
CVE-2020-5752.zip
2 KB
CVE-2020-5752
Author: x0rbeexd
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
GitHub Link:
https://github.com/x0rbeexd/CVE-2020-5752
Author: x0rbeexd
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
GitHub Link:
https://github.com/x0rbeexd/CVE-2020-5752
CVE-2023-4220.zip
13.6 KB
CVE-2023-4220
Author: Least-Significant-Bit
Unrestricted file upload in big file upload functionality in
GitHub Link:
https://github.com/Least-Significant-Bit/CVE-2023-4220
Author: Least-Significant-Bit
Unrestricted file upload in big file upload functionality in
/main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.GitHub Link:
https://github.com/Least-Significant-Bit/CVE-2023-4220
CVE-2020-7693.zip
1.8 KB
CVE-2020-7693
Author: thewindghost
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.
GitHub Link:
https://github.com/thewindghost/CVE-2020-7693
Author: thewindghost
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20.
GitHub Link:
https://github.com/thewindghost/CVE-2020-7693
CVE-2016-1825
Author: BrandonAzad
IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
GitHub Link:
https://github.com/BrandonAzad/physmem
Author: BrandonAzad
IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
GitHub Link:
https://github.com/BrandonAzad/physmem
CVE-2016-1828
Author: BrandonAzad
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830.
GitHub Link:
https://github.com/BrandonAzad/rootsh
Author: BrandonAzad
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1829, and CVE-2016-1830.
GitHub Link:
https://github.com/BrandonAzad/rootsh