CVE-2024-20666
BitLocker Security Feature Bypass Vulnerability
Github link:
https://github.com/invaderslabs/CVE-2024-20666
BitLocker Security Feature Bypass Vulnerability
Github link:
https://github.com/invaderslabs/CVE-2024-20666
GitHub
GitHub - invaderslabs/CVE-2024-20666: CVE-2024-20666 vulnerability Solution patch failures in the Windows Recovery Environment…
CVE-2024-20666 vulnerability Solution patch failures in the Windows Recovery Environment (WinRE). - invaderslabs/CVE-2024-20666
CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento
GitHub
GitHub - jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento: CosmicSting: critical unauthenticated XXE vulnerability…
CosmicSting: critical unauthenticated XXE vulnerability in Adobe Commerce and Magento (CVE-2024-34102) - jakabakos/CVE-2024-34102-CosmicSting-XXE-in-Adobe-Commerce-and-Magento
CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/evkl1d/CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/evkl1d/CVE-2021-4034
GitHub
GitHub - evkl1d/CVE-2021-4034: polkit
polkit. Contribute to evkl1d/CVE-2021-4034 development by creating an account on GitHub.
CVE-2019-6111
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
Github link:
https://github.com/mbadanoiu/MAL-008
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
Github link:
https://github.com/mbadanoiu/MAL-008
GitHub
GitHub - mbadanoiu/MAL-008: Case Study: SSHtranger Things (CVE-2019-6111, CVE-2019-6110) in Cisco SD-WAN
Case Study: SSHtranger Things (CVE-2019-6111, CVE-2019-6110) in Cisco SD-WAN - mbadanoiu/MAL-008
CVE-2024-28995
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
Github link:
https://github.com/Stuub/CVE-2024-28995
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
Github link:
https://github.com/Stuub/CVE-2024-28995
GitHub
GitHub - Stuub/CVE-2024-28995: CVE-2024-28955 Exploitation PoC
CVE-2024-28955 Exploitation PoC . Contribute to Stuub/CVE-2024-28995 development by creating an account on GitHub.
CVE-2024-29269
An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.
Github link:
https://github.com/K3ysTr0K3R/CVE-2024-29269-EXPLOIT
An issue discovered in Telesquare TLR-2005Ksh 1.0.0 and 1.1.4 allows attackers to run arbitrary system commands via the Cmd parameter.
Github link:
https://github.com/K3ysTr0K3R/CVE-2024-29269-EXPLOIT
GitHub
GitHub - K3ysTr0K3R/CVE-2024-29269-EXPLOIT: A PoC exploit for CVE-2024-29269 - Telesquare TLR-2005KSH Remote Code Execution (RCE)
A PoC exploit for CVE-2024-29269 - Telesquare TLR-2005KSH Remote Code Execution (RCE) - K3ysTr0K3R/CVE-2024-29269-EXPLOIT
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/wiggels/regresshion-check
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/wiggels/regresshion-check
GitHub
GitHub - wiggels/regresshion-check: CLI Tool to Check SSH Servers for Vulnerability to CVE-2024-6387
CLI Tool to Check SSH Servers for Vulnerability to CVE-2024-6387 - wiggels/regresshion-check
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/xaitax/CVE-2024-6387_Check
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/xaitax/CVE-2024-6387_Check
GitHub
GitHub - xaitax/CVE-2024-6387_Check: CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running…
CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH - xaitax/CVE-2024-6387_Check
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/HadesNull123/CVE-2024-6387_Check
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/HadesNull123/CVE-2024-6387_Check
GitHub
GitHub - HadesNull123/CVE-2024-6387_Check: RCE OpenSSH CVE-2024-6387 Check and Exploit
RCE OpenSSH CVE-2024-6387 Check and Exploit. Contribute to HadesNull123/CVE-2024-6387_Check development by creating an account on GitHub.
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/thegenetic/CVE-2024-6387-exploit
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/thegenetic/CVE-2024-6387-exploit
GitHub
GitHub - thegenetic/CVE-2024-6387-exploit: CVE-2024-6387 exploit
CVE-2024-6387 exploit. Contribute to thegenetic/CVE-2024-6387-exploit development by creating an account on GitHub.
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/teamos-hub/regreSSHion
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/teamos-hub/regreSSHion
GitHub
GitHub - teamos-hub/regreSSHion: This is a POC I wrote for CVE-2024-6387
This is a POC I wrote for CVE-2024-6387. Contribute to teamos-hub/regreSSHion development by creating an account on GitHub.
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/TAM-K592/CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/TAM-K592/CVE-2024-6387
GitHub
GitHub - TAM-K592/CVE-2024-6387: Recently, the OpenSSH maintainers released security updates to fix a critical vulnerability that…
Recently, the OpenSSH maintainers released security updates to fix a critical vulnerability that could lead to unauthenticated remote code execution (RCE) with root privileges. This vulnerability, ...
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/betancour/OpenSSH-Vulnerability-test
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/betancour/OpenSSH-Vulnerability-test
GitHub
GitHub - betancour/OpenSSH-Vulnerability-test: OpenSSH CVE-2024-6387 Vulnerability Checker
OpenSSH CVE-2024-6387 Vulnerability Checker. Contribute to betancour/OpenSSH-Vulnerability-test development by creating an account on GitHub.