CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Github link:
https://github.com/m1sn0w/CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Github link:
https://github.com/m1sn0w/CVE-2023-3824
GitHub
GitHub - m1sn0w/CVE-2023-3824: CVE-2023-3824
CVE-2023-3824. Contribute to m1sn0w/CVE-2023-3824 development by creating an account on GitHub.
CVE-2022-37706
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Github link:
https://github.com/TACTICAL-HACK/CVE-2022-37706-SUID
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Github link:
https://github.com/TACTICAL-HACK/CVE-2022-37706-SUID
GitHub
GitHub - TACTICAL-HACK/CVE-2022-37706-SUID: CVE-2022-37706-Enlightenment v0.25.3 - Privilege escalation
CVE-2022-37706-Enlightenment v0.25.3 - Privilege escalation - TACTICAL-HACK/CVE-2022-37706-SUID
CVE-2012-1823
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Github link:
https://github.com/Fatalityx84/CVE-2012-1823
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Github link:
https://github.com/Fatalityx84/CVE-2012-1823
GitHub
GitHub - Fatalityx84/CVE-2012-1823: Prova de conceito de PHP CGI Argument Injection.
Prova de conceito de PHP CGI Argument Injection. Contribute to Fatalityx84/CVE-2012-1823 development by creating an account on GitHub.
CVE-2022-30190
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
Github link:
https://github.com/ethicalblue/Follina-CVE-2022-30190-Sample
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
Github link:
https://github.com/ethicalblue/Follina-CVE-2022-30190-Sample
GitHub
GitHub - ethicalblue/Follina-CVE-2022-30190-Sample: Educational exploit for CVE-2022-30190
Educational exploit for CVE-2022-30190. Contribute to ethicalblue/Follina-CVE-2022-30190-Sample development by creating an account on GitHub.
CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/ex-ARnX/CVE-2024-34102-PoC
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/ex-ARnX/CVE-2024-34102-PoC
GitHub
GitHub - ex-ARnX/CVE-2024-34102-PoC: CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce and (NEW 0DAY)?
CVE-2024-34102 unauthenticated RCE PoC for Magento/adobe commerce and (NEW 0DAY)? - ex-ARnX/CVE-2024-34102-PoC
CVE-2024-24590
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
Github link:
https://github.com/sviim/ClearML-CVE-2024-24590
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
Github link:
https://github.com/sviim/ClearML-CVE-2024-24590
GitHub
GitHub - sviim/ClearML-CVE-2024-24590-RCE: With this script you can exploit the CVE-2024-24590
With this script you can exploit the CVE-2024-24590 - sviim/ClearML-CVE-2024-24590-RCE
CVE-2022-37017
Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.
Github link:
https://github.com/apeppels/CVE-2022-37017
Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.
Github link:
https://github.com/apeppels/CVE-2022-37017
GitHub
GitHub - apeppels/CVE-2022-37017: Bypass for Symantec Endpoint Protection's Client User Interface Password
Bypass for Symantec Endpoint Protection's Client User Interface Password - apeppels/CVE-2022-37017
CVE-2023-22515
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
For more details, please review the linked advisory on this CVE.
Github link:
https://github.com/Onedy1703/CVE-2023-22515
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
For more details, please review the linked advisory on this CVE.
Github link:
https://github.com/Onedy1703/CVE-2023-22515
GitHub
GitHub - Onedy1703/CVE-2023-22515: CVE 2023-22515
CVE 2023-22515. Contribute to Onedy1703/CVE-2023-22515 development by creating an account on GitHub.
CVE-2020-13945
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.
Github link:
https://github.com/K3ysTr0K3R/CVE-2020-13945-EXPLOIT
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.
Github link:
https://github.com/K3ysTr0K3R/CVE-2020-13945-EXPLOIT
GitHub
GitHub - K3ysTr0K3R/CVE-2020-13945-EXPLOIT: A PoC exploit for CVE-2020-13945 - Apache APISIX Remote Code Execution (RCE)
A PoC exploit for CVE-2020-13945 - Apache APISIX Remote Code Execution (RCE) - K3ysTr0K3R/CVE-2020-13945-EXPLOIT
CVE-2024-24919
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
Github link:
https://github.com/H3KEY/CVE-2024-24919
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
Github link:
https://github.com/H3KEY/CVE-2024-24919
GitHub
GitHub - H3KEY/CVE-2024-24919: Hello everyone, I am sharing a modified script from CVE-2024-24919 which can extract paths categorized…
Hello everyone, I am sharing a modified script from CVE-2024-24919 which can extract paths categorized as critical. - H3KEY/CVE-2024-24919