CVE-2025-31324
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
Github link:
https://github.com/antichainalysis/sap-netweaver-0day-CVE-2025-31324
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system.
Github link:
https://github.com/antichainalysis/sap-netweaver-0day-CVE-2025-31324
GitHub
GitHub - antichainalysis/sap-netweaver-0day-CVE-2025-31324: sap netweaver 0day poc by shinyhunters (scattered lapsus$ hunters)โฆ
sap netweaver 0day poc by shinyhunters (scattered lapsus$ hunters) affecting all 7.x CVE-2025-31324 - antichainalysis/sap-netweaver-0day-CVE-2025-31324
๐1
CVE-2019-15107
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
Github link:
https://github.com/ArtemCyberLab/Project-Exploitation-of-Webmin-Authentication-Vulnerability
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
Github link:
https://github.com/ArtemCyberLab/Project-Exploitation-of-Webmin-Authentication-Vulnerability
GitHub
GitHub - ArtemCyberLab/Project-Exploitation-of-Webmin-Authentication-Vulnerability: Research Objective: To conduct a comprehensiveโฆ
Research Objective: To conduct a comprehensive analysis and successful exploitation of a Remote Code Execution (RCE) vulnerability in Webmin version 1.890 (CVE-2019-15107), ultimately gaining full ...
๐1
CVE-2018-7422
A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal.
Github link:
https://github.com/ndr-repo/CVE-2018-7422
A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal.
Github link:
https://github.com/ndr-repo/CVE-2018-7422
GitHub
GitHub - ndr-repo/CVE-2018-7422: Exploit for CVE-2018-7422: Local File Inclusion in WordPress Plugin Site Editor 1.1.1 [T1574.008]
Exploit for CVE-2018-7422: Local File Inclusion in WordPress Plugin Site Editor 1.1.1 [T1574.008] - ndr-repo/CVE-2018-7422
๐1
CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/umutcamliyurt/CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/umutcamliyurt/CVE-2025-27591
GitHub
GitHub - umutcamliyurt/CVE-2025-27591: Below <v0.9.0 PoC Privilege Escalation Exploit
Below <v0.9.0 PoC Privilege Escalation Exploit. Contribute to umutcamliyurt/CVE-2025-27591 development by creating an account on GitHub.
๐1