CVE-2024-40711.zip
19.7 KB
CVE-2024-40711
Author: birukG09
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
GitHub Link:
https://github.com/birukG09/veeam-rce-remediation-kit
Author: birukG09
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
GitHub Link:
https://github.com/birukG09/veeam-rce-remediation-kit
CVE-2025-4427.zip
2.4 KB
CVE-2025-4427
Author: rxerium
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
GitHub Link:
https://github.com/rxerium/CVE-2025-4427-CVE-2025-4428
Author: rxerium
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
GitHub Link:
https://github.com/rxerium/CVE-2025-4427-CVE-2025-4428
CVE-2025-27591.zip
2.8 KB
CVE-2025-27591
Author: danil-koltsov
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
GitHub Link:
https://github.com/danil-koltsov/below-log-race-poc
Author: danil-koltsov
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
GitHub Link:
https://github.com/danil-koltsov/below-log-race-poc
CVE-2017-9841.zip
199.4 KB
CVE-2017-9841
Author: Habibullah1101
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
GitHub Link:
https://github.com/Habibullah1101/PHPUnit-GoScan
Author: Habibullah1101
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
GitHub Link:
https://github.com/Habibullah1101/PHPUnit-GoScan