CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/PizzaboiBestLegits/CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/PizzaboiBestLegits/CVE-2024-4577
CVE-2018-17456
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
Github link:
https://github.com/KKkai0315/CVE-2018-17456
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
Github link:
https://github.com/KKkai0315/CVE-2018-17456
GitHub
GitHub - KKkai0315/CVE-2018-17456: This is a test repository for CVE-2018-17456
This is a test repository for CVE-2018-17456. Contribute to KKkai0315/CVE-2018-17456 development by creating an account on GitHub.
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/nNoSuger/CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/nNoSuger/CVE-2024-4577
GitHub
nNoSuger/CVE-2024-4577
CVE. Contribute to nNoSuger/CVE-2024-4577 development by creating an account on GitHub.
CVE-2024-1874
In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
Github link:
https://github.com/Tgcohce/CVE-2024-1874
In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
Github link:
https://github.com/Tgcohce/CVE-2024-1874
GitHub
GitHub - Tgcohce/CVE-2024-1874: Proof Of Concept for CVE-2024-1874
Proof Of Concept for CVE-2024-1874. Contribute to Tgcohce/CVE-2024-1874 development by creating an account on GitHub.
CVE-2022-30780
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers.
Github link:
https://github.com/xiw1ll/CVE-2022-30780_Checker
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers.
Github link:
https://github.com/xiw1ll/CVE-2022-30780_Checker
GitHub
GitHub - xiw1ll/CVE-2022-30780_Checker: Lighttpd CVE-2022-30780 checker
Lighttpd CVE-2022-30780 checker. Contribute to xiw1ll/CVE-2022-30780_Checker development by creating an account on GitHub.
CVE-2023-22515
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
For more details, please review the linked advisory on this CVE.
Github link:
https://github.com/spareack/CVE-2023-22515-NSE
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
For more details, please review the linked advisory on this CVE.
Github link:
https://github.com/spareack/CVE-2023-22515-NSE
GitHub
GitHub - spareack/CVE-2023-22515-NSE: Vulnerability checking tool via Nmap Scripting Engine
Vulnerability checking tool via Nmap Scripting Engine - spareack/CVE-2023-22515-NSE
CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Github link:
https://github.com/m1sn0w/CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Github link:
https://github.com/m1sn0w/CVE-2023-3824
GitHub
GitHub - m1sn0w/CVE-2023-3824: CVE-2023-3824
CVE-2023-3824. Contribute to m1sn0w/CVE-2023-3824 development by creating an account on GitHub.
CVE-2022-37706
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Github link:
https://github.com/TACTICAL-HACK/CVE-2022-37706-SUID
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Github link:
https://github.com/TACTICAL-HACK/CVE-2022-37706-SUID
GitHub
GitHub - TACTICAL-HACK/CVE-2022-37706-SUID: CVE-2022-37706-Enlightenment v0.25.3 - Privilege escalation
CVE-2022-37706-Enlightenment v0.25.3 - Privilege escalation - TACTICAL-HACK/CVE-2022-37706-SUID
CVE-2012-1823
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Github link:
https://github.com/Fatalityx84/CVE-2012-1823
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Github link:
https://github.com/Fatalityx84/CVE-2012-1823
GitHub
GitHub - Fatalityx84/CVE-2012-1823: Prova de conceito de PHP CGI Argument Injection.
Prova de conceito de PHP CGI Argument Injection. Contribute to Fatalityx84/CVE-2012-1823 development by creating an account on GitHub.
CVE-2022-30190
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
Github link:
https://github.com/ethicalblue/Follina-CVE-2022-30190-Sample
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
Github link:
https://github.com/ethicalblue/Follina-CVE-2022-30190-Sample
GitHub
GitHub - ethicalblue/Follina-CVE-2022-30190-Sample: Educational exploit for CVE-2022-30190
Educational exploit for CVE-2022-30190. Contribute to ethicalblue/Follina-CVE-2022-30190-Sample development by creating an account on GitHub.
CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/ex-ARnX/CVE-2024-34102-PoC
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/ex-ARnX/CVE-2024-34102-PoC
GitHub
GitHub - ex-ARnX/CVE-2024-34102-PoC: CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce and (NEW 0DAY)?
CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce and (NEW 0DAY)? - ex-ARnX/CVE-2024-34102-PoC
CVE-2024-24590
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
Github link:
https://github.com/sviim/ClearML-CVE-2024-24590
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
Github link:
https://github.com/sviim/ClearML-CVE-2024-24590
GitHub
GitHub - sviim/ClearML-CVE-2024-24590-RCE: With this script you can exploit the CVE-2024-24590
With this script you can exploit the CVE-2024-24590 - sviim/ClearML-CVE-2024-24590-RCE