CVE-2025-25256.zip
1 KB
CVE-2025-25256
Author: JMS-Security
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability CWE-78 in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.
GitHub Link:
https://github.com/JMS-Security/CVE-2025-25256-PoC
Author: JMS-Security
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability CWE-78 in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through 7.1.7, 7.0.0 through 7.0.3 and before 6.7.9 allows an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests.
GitHub Link:
https://github.com/JMS-Security/CVE-2025-25256-PoC
CVE-2023-35078.zip
7.4 KB
CVE-2023-35078
Author: 0nsec
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
GitHub Link:
https://github.com/0nsec/CVE-2023-35078
Author: 0nsec
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
GitHub Link:
https://github.com/0nsec/CVE-2023-35078
CVE-2015-8351.zip
1.9 KB
CVE-2015-8351
Author: Philip-Otter
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allowurlinclude is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allowurlinclude is enabled.
GitHub Link:
https://github.com/Philip-Otter/CVE-2015-8351OtterRemix
Author: Philip-Otter
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allowurlinclude is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allowurlinclude is enabled.
GitHub Link:
https://github.com/Philip-Otter/CVE-2015-8351OtterRemix
CVE-2016-5195.zip
507.6 KB
CVE-2016-5195
Author: MarioAlejos-Cs
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
GitHub Link:
https://github.com/MarioAlejos-Cs/dirtycow-lab
Author: MarioAlejos-Cs
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
GitHub Link:
https://github.com/MarioAlejos-Cs/dirtycow-lab
CVE-2019-18935.zip
7.3 KB
CVE-2019-18935
Author: 0xsharz
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
GitHub Link:
https://github.com/0xsharz/telerik-scanner-CVE-2019-18935
Author: 0xsharz
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
GitHub Link:
https://github.com/0xsharz/telerik-scanner-CVE-2019-18935
CVE-2025-24085.zip
1.1 MB
CVE-2025-24085
Author: JGoyd
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
GitHub Link:
https://github.com/JGoyd/glass-cage-ios18-cve-2025-24085-cve-2025-24201
Author: JGoyd
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
GitHub Link:
https://github.com/JGoyd/glass-cage-ios18-cve-2025-24085-cve-2025-24201
CVE-2025-24085.zip
1.1 MB
CVE-2025-24085
Author: JGoyd
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
GitHub Link:
https://github.com/JGoyd/glass-cage-ios18-cve-2025-24085-cve-2025-24201
Author: JGoyd
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
GitHub Link:
https://github.com/JGoyd/glass-cage-ios18-cve-2025-24085-cve-2025-24201
CVE-2020-36847.zip
3.4 KB
CVE-2020-36847
Author: 137f
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server.
GitHub Link:
https://github.com/137f/PoC-CVE-2020-36847-WordPress-Plugin-4.2.2-RCE
Author: 137f
The Simple-File-List Plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.2.2 via the rename function which can be used to rename uploaded PHP code with a png extension to use a php extension. This allows unauthenticated attackers to execute code on the server.
GitHub Link:
https://github.com/137f/PoC-CVE-2020-36847-WordPress-Plugin-4.2.2-RCE
CVE-2019-18935.zip
7.3 KB
CVE-2019-18935
Author: 0xsharz
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
GitHub Link:
https://github.com/0xsharz/telerik-scanner-CVE-2019-18935
Author: 0xsharz
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
GitHub Link:
https://github.com/0xsharz/telerik-scanner-CVE-2019-18935
CVE-2016-5195.zip
507.6 KB
CVE-2016-5195
Author: MarioAlejos-Cs
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
GitHub Link:
https://github.com/MarioAlejos-Cs/dirtycow-lab
Author: MarioAlejos-Cs
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
GitHub Link:
https://github.com/MarioAlejos-Cs/dirtycow-lab