CVE-2023-35078.zip
7.4 KB
CVE-2023-35078
Author: 0nsec
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
GitHub Link:
https://github.com/0nsec/CVE-2023-35078
Author: 0nsec
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.
GitHub Link:
https://github.com/0nsec/CVE-2023-35078
CVE-2015-8351.zip
1.9 KB
CVE-2015-8351
Author: Philip-Otter
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allowurlinclude is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allowurlinclude is enabled.
GitHub Link:
https://github.com/Philip-Otter/CVE-2015-8351OtterRemix
Author: Philip-Otter
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allowurlinclude is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allowurlinclude is enabled.
GitHub Link:
https://github.com/Philip-Otter/CVE-2015-8351OtterRemix
CVE-2016-5195.zip
507.6 KB
CVE-2016-5195
Author: MarioAlejos-Cs
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
GitHub Link:
https://github.com/MarioAlejos-Cs/dirtycow-lab
Author: MarioAlejos-Cs
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
GitHub Link:
https://github.com/MarioAlejos-Cs/dirtycow-lab
CVE-2019-18935.zip
7.3 KB
CVE-2019-18935
Author: 0xsharz
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
GitHub Link:
https://github.com/0xsharz/telerik-scanner-CVE-2019-18935
Author: 0xsharz
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
GitHub Link:
https://github.com/0xsharz/telerik-scanner-CVE-2019-18935
CVE-2025-24085.zip
1.1 MB
CVE-2025-24085
Author: JGoyd
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
GitHub Link:
https://github.com/JGoyd/glass-cage-ios18-cve-2025-24085-cve-2025-24201
Author: JGoyd
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
GitHub Link:
https://github.com/JGoyd/glass-cage-ios18-cve-2025-24085-cve-2025-24201