CVE-2024-40711.zip
19.7 KB
CVE-2024-40711
Author: birukG09
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
GitHub Link:
https://github.com/birukG09/veeam-rce-remediation-kit
Author: birukG09
A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).
GitHub Link:
https://github.com/birukG09/veeam-rce-remediation-kit
CVE-2025-4427.zip
2.4 KB
CVE-2025-4427
Author: rxerium
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
GitHub Link:
https://github.com/rxerium/CVE-2025-4427-CVE-2025-4428
Author: rxerium
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API.
GitHub Link:
https://github.com/rxerium/CVE-2025-4427-CVE-2025-4428
CVE-2025-27591.zip
2.8 KB
CVE-2025-27591
Author: danil-koltsov
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
GitHub Link:
https://github.com/danil-koltsov/below-log-race-poc
Author: danil-koltsov
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
GitHub Link:
https://github.com/danil-koltsov/below-log-race-poc
CVE-2017-9841.zip
199.4 KB
CVE-2017-9841
Author: Habibullah1101
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
GitHub Link:
https://github.com/Habibullah1101/PHPUnit-GoScan
Author: Habibullah1101
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
GitHub Link:
https://github.com/Habibullah1101/PHPUnit-GoScan
CVE-2019-10945.zip
3.1 KB
CVE-2019-10945
Author: Snizi
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
GitHub Link:
https://github.com/Snizi/CVE-2019-10945
Author: Snizi
An issue was discovered in Joomla! before 3.9.5. The Media Manager component does not properly sanitize the folder parameter, allowing attackers to act outside the media manager root directory.
GitHub Link:
https://github.com/Snizi/CVE-2019-10945