CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/Ziad-Sakr/Chamilo-LMS-CVE-2023-4220-Exploit
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/Ziad-Sakr/Chamilo-LMS-CVE-2023-4220-Exploit
GitHub
GitHub - Ziad-Sakr/Chamilo-LMS-CVE-2023-4220-Exploit: This is an Exploit for Unrestricted file upload in big file upload functionality…
This is an Exploit for Unrestricted file upload in big file upload functionality in Chamilo-LMS for this location "/main/inc/lib/javascript/bigupload/inc/bigUpload.php" in Chamilo...
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/insomnia-jacob/CVE-2023-4220-
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/insomnia-jacob/CVE-2023-4220-
GitHub
GitHub - insomnia-jacob/CVE-2023-4220: CVE-2023-4220 POC RCE
CVE-2023-4220 POC RCE. Contribute to insomnia-jacob/CVE-2023-4220 development by creating an account on GitHub.
CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/yq93dskimzm2/CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/yq93dskimzm2/CVE-2024-3094
CVE-2007-2447
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Github link:
https://github.com/IamLucif3r/CVE-2007-2447-Exploit
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Github link:
https://github.com/IamLucif3r/CVE-2007-2447-Exploit
GitHub
GitHub - IamLucif3r/CVE-2007-2447-Exploit: This is a exploit for CVE-2007-2447; Vulnerable SMB
This is a exploit for CVE-2007-2447; Vulnerable SMB - GitHub - IamLucif3r/CVE-2007-2447-Exploit: This is a exploit for CVE-2007-2447; Vulnerable SMB
CVE-2024-5009
In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.
Github link:
https://github.com/th3gokul/CVE-2024-5009
In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.
Github link:
https://github.com/th3gokul/CVE-2024-5009
GitHub
GitHub - th3gokul/CVE-2024-5009: CVE-2024-5009 : WhatsUp Gold SetAdminPassword Privilege Escalation
CVE-2024-5009 : WhatsUp Gold SetAdminPassword Privilege Escalation - th3gokul/CVE-2024-5009
CVE-2023-28432
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
Github link:
https://github.com/fhAnso/CVE-2023-28432
Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z.
Github link:
https://github.com/fhAnso/CVE-2023-28432
GitHub
GitHub - fhAnso/CVE-2023-28432: CVE-2023-28432 - MinIO Information Disclosure
CVE-2023-28432 - MinIO Information Disclosure. Contribute to fhAnso/CVE-2023-28432 development by creating an account on GitHub.
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/kubota/CVE-2024-6387-Vulnerability-Checker
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/kubota/CVE-2024-6387-Vulnerability-Checker
GitHub
GitHub - kubota/CVE-2024-6387-Vulnerability-Checker: This Rust Code is designed to check SSH servers for the CVE-2024-6387 vulnerability
This Rust Code is designed to check SSH servers for the CVE-2024-6387 vulnerability - kubota/CVE-2024-6387-Vulnerability-Checker
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/B1TC0R3/CVE-2023-4220-PoC
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/B1TC0R3/CVE-2023-4220-PoC
GitHub
GitHub - B1TC0R3/CVE-2023-4220-PoC: Proof of concept exploit for CVE-2023-4220
Proof of concept exploit for CVE-2023-4220. Contribute to B1TC0R3/CVE-2023-4220-PoC development by creating an account on GitHub.
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker
GitHub
GitHub - filipi86/CVE-2024-6387-Vulnerability-Checker: This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH…
This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file. - ...
CVE-2023-30253
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
Github link:
https://github.com/andria-dev/DolibabyPhp
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
Github link:
https://github.com/andria-dev/DolibabyPhp
GitHub
GitHub - andria-dev/DolibabyPhp: An authenticated RCE exploit for Dolibarr ERP/CRM CVE-2023-30253.
An authenticated RCE exploit for Dolibarr ERP/CRM CVE-2023-30253. - andria-dev/DolibabyPhp
CVE-2024-23692
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
Github link:
https://github.com/pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692-
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
Github link:
https://github.com/pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692-
GitHub
GitHub - pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692-: Rejetto HTTP File Server (HFS) 2.x - Unauthenticated RCE exploit module…
Rejetto HTTP File Server (HFS) 2.x - Unauthenticated RCE exploit module (CVE-2024-23692) - pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692-
CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/Cappricio-Securities/CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/Cappricio-Securities/CVE-2024-36991
GitHub
GitHub - Cappricio-Securities/CVE-2024-36991: Path traversal vulnerability in Splunk Enterprise on Windows versions below 9.2.2…
Path traversal vulnerability in Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10 that allows reading sensitive files. - Cappricio-Securities/CVE-2024-36991
CVE-2024-37032
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.
Github link:
https://github.com/ahboon/CVE-2024-37032-scanner
Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring.
Github link:
https://github.com/ahboon/CVE-2024-37032-scanner
GitHub
GitHub - ahboon/CVE-2024-37032-scanner: CVE-2024-37032 scanner
CVE-2024-37032 scanner. Contribute to ahboon/CVE-2024-37032-scanner development by creating an account on GitHub.
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/HO4XXX/cve-2023-4220-poc
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/HO4XXX/cve-2023-4220-poc
GitHub
GitHub - HO4XXX/cve-2023-4220-poc: PoC for CVE-2023-4220 - Chamilo LMS - Unauthenticated File Upload in BigUpload
PoC for CVE-2023-4220 - Chamilo LMS - Unauthenticated File Upload in BigUpload - HO4XXX/cve-2023-4220-poc
CVE-2019-6447
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.
Github link:
https://github.com/Cmadhushanka/CVE-2019-6447-Exploitation
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to unauthenticated application/json data over HTTP.
Github link:
https://github.com/Cmadhushanka/CVE-2019-6447-Exploitation
GitHub
GitHub - Cmadhushanka/CVE-2019-6447-Exploitation: year 2 semester 1 Systems and Network Programming Assignment
year 2 semester 1 Systems and Network Programming Assignment - Cmadhushanka/CVE-2019-6447-Exploitation