CVE-2022-37017
Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.
Github link:
https://github.com/apeppels/CVE-2022-37017
Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 RU5 Patch 1, may be susceptible to a Security Control Bypass vulnerability, which is a type of issue that can potentially allow a threat actor to circumvent existing security controls. This CVE applies narrowly to the Client User Interface Password protection and Policy Import/Export Password protection, if it has been enabled.
Github link:
https://github.com/apeppels/CVE-2022-37017
GitHub
GitHub - apeppels/CVE-2022-37017: Bypass for Symantec Endpoint Protection's Client User Interface Password
Bypass for Symantec Endpoint Protection's Client User Interface Password - apeppels/CVE-2022-37017
CVE-2023-22515
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
For more details, please review the linked advisory on this CVE.
Github link:
https://github.com/Onedy1703/CVE-2023-22515
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
For more details, please review the linked advisory on this CVE.
Github link:
https://github.com/Onedy1703/CVE-2023-22515
GitHub
GitHub - Onedy1703/CVE-2023-22515: CVE 2023-22515
CVE 2023-22515. Contribute to Onedy1703/CVE-2023-22515 development by creating an account on GitHub.
CVE-2020-13945
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.
Github link:
https://github.com/K3ysTr0K3R/CVE-2020-13945-EXPLOIT
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.
Github link:
https://github.com/K3ysTr0K3R/CVE-2020-13945-EXPLOIT
GitHub
GitHub - K3ysTr0K3R/CVE-2020-13945-EXPLOIT: A PoC exploit for CVE-2020-13945 - Apache APISIX Remote Code Execution (RCE)
A PoC exploit for CVE-2020-13945 - Apache APISIX Remote Code Execution (RCE) - K3ysTr0K3R/CVE-2020-13945-EXPLOIT
CVE-2024-24919
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
Github link:
https://github.com/H3KEY/CVE-2024-24919
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
Github link:
https://github.com/H3KEY/CVE-2024-24919
GitHub
GitHub - H3KEY/CVE-2024-24919: Hello everyone, I am sharing a modified script from CVE-2024-24919 which can extract paths categorized…
Hello everyone, I am sharing a modified script from CVE-2024-24919 which can extract paths categorized as critical. - H3KEY/CVE-2024-24919
CVE-2013-2028
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
Github link:
https://github.com/xiw1ll/CVE-2013-2028_Checker
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
Github link:
https://github.com/xiw1ll/CVE-2013-2028_Checker
GitHub
GitHub - xiw1ll/CVE-2013-2028_Checker: Tool for checking Nginx CVE-2013-2028
Tool for checking Nginx CVE-2013-2028. Contribute to xiw1ll/CVE-2013-2028_Checker development by creating an account on GitHub.
CVE-2023-38831
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
Github link:
https://github.com/MaorBuskila/Windows-X64-RAT
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
Github link:
https://github.com/MaorBuskila/Windows-X64-RAT
GitHub
GitHub - MaorBuskila/Windows-X64-RAT: Remote Access Trojan (RAT) for Windows x64 using a combination of vulnerability CVE-2023…
Remote Access Trojan (RAT) for Windows x64 using a combination of vulnerability CVE-2023-38831 (WinRAR < 6.23 vulnerability) and Shellcode exploitation technique. - MaorBuskila/Windows-X64-RAT
CVE-2021-31630
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
Github link:
https://github.com/manuelsantosiglesias/CVE-2021-31630
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
Github link:
https://github.com/manuelsantosiglesias/CVE-2021-31630
GitHub
GitHub - manuelsantosiglesias/CVE-2021-31630: OpenPLC 3 WebServer Authenticated Remote Code Execution.
OpenPLC 3 WebServer Authenticated Remote Code Execution. - manuelsantosiglesias/CVE-2021-31630
CVE-2023-7028
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Github link:
https://github.com/soltanali0/CVE-2023-7028
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Github link:
https://github.com/soltanali0/CVE-2023-7028
GitHub
GitHub - soltanali0/CVE-2023-7028: Implementation and exploitation of CVE-2023-7028 account takeover vulnerability related to GO…
Implementation and exploitation of CVE-2023-7028 account takeover vulnerability related to GO-TO CVE weekly articles of the 11th week. - soltanali0/CVE-2023-7028
CVE-2022-3910
Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679
Github link:
https://github.com/TLD1027/CVE-2022-3910
Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679
Github link:
https://github.com/TLD1027/CVE-2022-3910
GitHub
io_uring/msg_ring: check file type before putting · torvalds/linux@fc7222c
If we're invoked with a fixed file, follow the normal rules of not
calling io_fput_file(). Fixed files are permanently registered to the
ring, and do not need putting separately.
Cc: stabl...
calling io_fput_file(). Fixed files are permanently registered to the
ring, and do not need putting separately.
Cc: stabl...