CVE-2020-13945
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.
Github link:
https://github.com/K3ysTr0K3R/CVE-2020-13945-EXPLOIT
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.
Github link:
https://github.com/K3ysTr0K3R/CVE-2020-13945-EXPLOIT
GitHub
GitHub - K3ysTr0K3R/CVE-2020-13945-EXPLOIT: A PoC exploit for CVE-2020-13945 - Apache APISIX Remote Code Execution (RCE)
A PoC exploit for CVE-2020-13945 - Apache APISIX Remote Code Execution (RCE) - K3ysTr0K3R/CVE-2020-13945-EXPLOIT
CVE-2024-24919
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
Github link:
https://github.com/H3KEY/CVE-2024-24919
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
Github link:
https://github.com/H3KEY/CVE-2024-24919
GitHub
GitHub - H3KEY/CVE-2024-24919: Hello everyone, I am sharing a modified script from CVE-2024-24919 which can extract paths categorized…
Hello everyone, I am sharing a modified script from CVE-2024-24919 which can extract paths categorized as critical. - H3KEY/CVE-2024-24919
CVE-2013-2028
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
Github link:
https://github.com/xiw1ll/CVE-2013-2028_Checker
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
Github link:
https://github.com/xiw1ll/CVE-2013-2028_Checker
GitHub
GitHub - xiw1ll/CVE-2013-2028_Checker: Tool for checking Nginx CVE-2013-2028
Tool for checking Nginx CVE-2013-2028. Contribute to xiw1ll/CVE-2013-2028_Checker development by creating an account on GitHub.
CVE-2023-38831
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
Github link:
https://github.com/MaorBuskila/Windows-X64-RAT
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
Github link:
https://github.com/MaorBuskila/Windows-X64-RAT
GitHub
GitHub - MaorBuskila/Windows-X64-RAT: Remote Access Trojan (RAT) for Windows x64 using a combination of vulnerability CVE-2023…
Remote Access Trojan (RAT) for Windows x64 using a combination of vulnerability CVE-2023-38831 (WinRAR < 6.23 vulnerability) and Shellcode exploitation technique. - MaorBuskila/Windows-X64-RAT
CVE-2021-31630
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
Github link:
https://github.com/manuelsantosiglesias/CVE-2021-31630
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
Github link:
https://github.com/manuelsantosiglesias/CVE-2021-31630
GitHub
GitHub - manuelsantosiglesias/CVE-2021-31630: OpenPLC 3 WebServer Authenticated Remote Code Execution.
OpenPLC 3 WebServer Authenticated Remote Code Execution. - manuelsantosiglesias/CVE-2021-31630
CVE-2023-7028
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Github link:
https://github.com/soltanali0/CVE-2023-7028
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Github link:
https://github.com/soltanali0/CVE-2023-7028
GitHub
GitHub - soltanali0/CVE-2023-7028: Implementation and exploitation of CVE-2023-7028 account takeover vulnerability related to GO…
Implementation and exploitation of CVE-2023-7028 account takeover vulnerability related to GO-TO CVE weekly articles of the 11th week. - soltanali0/CVE-2023-7028
CVE-2022-3910
Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679
Github link:
https://github.com/TLD1027/CVE-2022-3910
Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679
Github link:
https://github.com/TLD1027/CVE-2022-3910
GitHub
io_uring/msg_ring: check file type before putting · torvalds/linux@fc7222c
If we're invoked with a fixed file, follow the normal rules of not
calling io_fput_file(). Fixed files are permanently registered to the
ring, and do not need putting separately.
Cc: stabl...
calling io_fput_file(). Fixed files are permanently registered to the
ring, and do not need putting separately.
Cc: stabl...
CVE-2021-31630
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
Github link:
https://github.com/FlojBoj/CVE-2021-31630
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
Github link:
https://github.com/FlojBoj/CVE-2021-31630
GitHub
GitHub - FlojBoj/CVE-2021-31630: POC Exploit for CVE-2021-31630 written in Python3 and using C reverse shell with non-blocking…
POC Exploit for CVE-2021-31630 written in Python3 and using C reverse shell with non-blocking mode - FlojBoj/CVE-2021-31630
CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/asd58584388/CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/asd58584388/CVE-2021-44228
GitHub
GitHub - asd58584388/CVE-2021-44228: CVE-2021-44228 vulnerability study
CVE-2021-44228 vulnerability study. Contribute to asd58584388/CVE-2021-44228 development by creating an account on GitHub.
CVE-2024-20666
BitLocker Security Feature Bypass Vulnerability
Github link:
https://github.com/HYZ3K/CVE-2024-20666
BitLocker Security Feature Bypass Vulnerability
Github link:
https://github.com/HYZ3K/CVE-2024-20666
CVE-2024-30088
Windows Kernel Elevation of Privilege Vulnerability
Github link:
https://github.com/Admin9961/CVE-2024-30088
Windows Kernel Elevation of Privilege Vulnerability
Github link:
https://github.com/Admin9961/CVE-2024-30088
GitHub
GitHub - Admin9961/CVE-2024-30088: Questa repository contiene una replica (tentativo di replica) scritto in Python per CVE-2024…
Questa repository contiene una replica (tentativo di replica) scritto in Python per CVE-2024-30088. - Admin9961/CVE-2024-30088