CVE-2024-2961
Author: scriptSails
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
GitHub Link:
https://github.com/scriptSails/glibcs
Author: scriptSails
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
GitHub Link:
https://github.com/scriptSails/glibcs
CVE-2025-25256.zip
1 KB
CVE-2025-25256
Author: JMS-Security
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability CWE-78 in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.
GitHub Link:
https://github.com/JMS-Security/CVE-2025-25256-PoC
Author: JMS-Security
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability CWE-78 in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.
GitHub Link:
https://github.com/JMS-Security/CVE-2025-25256-PoC
CVE-2023-35078.zip
7.4 KB
CVE-2023-35078
Author: 0nsec
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
GitHub Link:
https://github.com/0nsec/CVE-2023-35078
Author: 0nsec
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
GitHub Link:
https://github.com/0nsec/CVE-2023-35078
CVE-2015-8351.zip
1.9 KB
CVE-2015-8351
Author: Philip-Otter
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allowurlinclude is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allowurlinclude is enabled.
GitHub Link:
https://github.com/Philip-Otter/CVE-2015-8351OtterRemix
Author: Philip-Otter
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allowurlinclude is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allowurlinclude is enabled.
GitHub Link:
https://github.com/Philip-Otter/CVE-2015-8351OtterRemix