CVE-2018-7600.zip
5.8 KB
CVE-2018-7600
Author: SyedGhufranRaza
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
GitHub Link:
https://github.com/SyedGhufranRaza/CVE-2018-7600-Remote-Code-Execution
Author: SyedGhufranRaza
Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.
GitHub Link:
https://github.com/SyedGhufranRaza/CVE-2018-7600-Remote-Code-Execution
CVE-2025-32094.zip
10.6 KB
CVE-2025-32094
Author: perplext
An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai servers interpret the request, allowing an attacker to smuggle a second request in the original request body.
GitHub Link:
https://github.com/perplext/echteeteepee
Author: perplext
An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai servers interpret the request, allowing an attacker to smuggle a second request in the original request body.
GitHub Link:
https://github.com/perplext/echteeteepee
CVE-2023-31126
Author: shoucheng3
GitHub Link:
https://github.com/shoucheng3/cov-int
Author: shoucheng3
org.xwiki.commons:xwiki-commons-xml is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect restricted cleaning in HTMLCleaner as there attributes are cleaned and thus characters like / and > are removed in all attribute names. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by making sure that data attributes only contain allowed characters. There are no known workarounds apart from upgrading to a version including the fix.GitHub Link:
https://github.com/shoucheng3/cov-int
CVE-2021-1675
Author: VoiidByte
Windows Print Spooler Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/VoiidByte/Impacket
Author: VoiidByte
Windows Print Spooler Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/VoiidByte/Impacket
CVE-2024-4956.zip
1.5 KB
CVE-2024-4956
Author: Buff3st-0v3rfl0w
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
GitHub Link:
https://github.com/Buff3st-0v3rfl0w/CVE-2024-4956
Author: Buff3st-0v3rfl0w
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
GitHub Link:
https://github.com/Buff3st-0v3rfl0w/CVE-2024-4956
CVE-2024-4956.zip
1.5 KB
CVE-2024-4956
Author: Buff3st-0v3rfl0w
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
GitHub Link:
https://github.com/Buff3st-0v3rfl0w/CVE-2024-4956
Author: Buff3st-0v3rfl0w
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
GitHub Link:
https://github.com/Buff3st-0v3rfl0w/CVE-2024-4956
CVE-2011-2523
Author: hajisthabegum
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
GitHub Link:
https://github.com/hajisthabegum/Exploiting-vsFTPd-2.3.4-Backdoor-Vulnerability-Ethical-Hacking-Lab-with-Metasploitable-2-Metasploit
Author: hajisthabegum
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
GitHub Link:
https://github.com/hajisthabegum/Exploiting-vsFTPd-2.3.4-Backdoor-Vulnerability-Ethical-Hacking-Lab-with-Metasploitable-2-Metasploit
CVE-2024-4367.zip
1.4 KB
CVE-2024-4367
Author: 1337rokudenashi
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
GitHub Link:
https://github.com/1337rokudenashi/OdooPDFjsCVE-2024-4367.pdf
Author: 1337rokudenashi
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
GitHub Link:
https://github.com/1337rokudenashi/OdooPDFjsCVE-2024-4367.pdf