CVE-2023-38831
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
Github link:
https://github.com/MaorBuskila/Windows-X64-RAT
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
Github link:
https://github.com/MaorBuskila/Windows-X64-RAT
GitHub
GitHub - MaorBuskila/Windows-X64-RAT: Remote Access Trojan (RAT) for Windows x64 using a combination of vulnerability CVE-2023…
Remote Access Trojan (RAT) for Windows x64 using a combination of vulnerability CVE-2023-38831 (WinRAR < 6.23 vulnerability) and Shellcode exploitation technique. - MaorBuskila/Windows-X64-RAT
CVE-2021-31630
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
Github link:
https://github.com/manuelsantosiglesias/CVE-2021-31630
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
Github link:
https://github.com/manuelsantosiglesias/CVE-2021-31630
GitHub
GitHub - manuelsantosiglesias/CVE-2021-31630: OpenPLC 3 WebServer Authenticated Remote Code Execution.
OpenPLC 3 WebServer Authenticated Remote Code Execution. - manuelsantosiglesias/CVE-2021-31630
CVE-2023-7028
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Github link:
https://github.com/soltanali0/CVE-2023-7028
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.
Github link:
https://github.com/soltanali0/CVE-2023-7028
GitHub
GitHub - soltanali0/CVE-2023-7028: Implementation and exploitation of CVE-2023-7028 account takeover vulnerability related to GO…
Implementation and exploitation of CVE-2023-7028 account takeover vulnerability related to GO-TO CVE weekly articles of the 11th week. - soltanali0/CVE-2023-7028
CVE-2022-3910
Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679
Github link:
https://github.com/TLD1027/CVE-2022-3910
Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679
Github link:
https://github.com/TLD1027/CVE-2022-3910
GitHub
io_uring/msg_ring: check file type before putting · torvalds/linux@fc7222c
If we're invoked with a fixed file, follow the normal rules of not
calling io_fput_file(). Fixed files are permanently registered to the
ring, and do not need putting separately.
Cc: stabl...
calling io_fput_file(). Fixed files are permanently registered to the
ring, and do not need putting separately.
Cc: stabl...
CVE-2021-31630
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
Github link:
https://github.com/FlojBoj/CVE-2021-31630
Command Injection in Open PLC Webserver v3 allows remote attackers to execute arbitrary code via the "Hardware Layer Code Box" component on the "/hardware" page of the application.
Github link:
https://github.com/FlojBoj/CVE-2021-31630
GitHub
GitHub - FlojBoj/CVE-2021-31630: POC Exploit for CVE-2021-31630 written in Python3 and using C reverse shell with non-blocking…
POC Exploit for CVE-2021-31630 written in Python3 and using C reverse shell with non-blocking mode - FlojBoj/CVE-2021-31630
CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/asd58584388/CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/asd58584388/CVE-2021-44228
GitHub
GitHub - asd58584388/CVE-2021-44228: CVE-2021-44228 vulnerability study
CVE-2021-44228 vulnerability study. Contribute to asd58584388/CVE-2021-44228 development by creating an account on GitHub.
CVE-2024-20666
BitLocker Security Feature Bypass Vulnerability
Github link:
https://github.com/HYZ3K/CVE-2024-20666
BitLocker Security Feature Bypass Vulnerability
Github link:
https://github.com/HYZ3K/CVE-2024-20666
CVE-2024-30088
Windows Kernel Elevation of Privilege Vulnerability
Github link:
https://github.com/Admin9961/CVE-2024-30088
Windows Kernel Elevation of Privilege Vulnerability
Github link:
https://github.com/Admin9961/CVE-2024-30088
GitHub
GitHub - Admin9961/CVE-2024-30088: Questa repository contiene una replica (tentativo di replica) scritto in Python per CVE-2024…
Questa repository contiene una replica (tentativo di replica) scritto in Python per CVE-2024-30088. - Admin9961/CVE-2024-30088
CVE-2024-4879
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Github link:
https://github.com/NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Github link:
https://github.com/NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning
GitHub
GitHub - NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning: CVE-2024-4879 & CVE-2024-5217 ServiceNow RCE Scanning…
CVE-2024-4879 & CVE-2024-5217 ServiceNow RCE Scanning Using Nuclei & Shodan Dork to find it. - NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning
CVE-2021-40444
Microsoft MSHTML Remote Code Execution Vulnerability
Github link:
https://github.com/basim-ahmad/Follina-CVE-and-CVE-2021-40444
Microsoft MSHTML Remote Code Execution Vulnerability
Github link:
https://github.com/basim-ahmad/Follina-CVE-and-CVE-2021-40444
GitHub
GitHub - basim-ahmad/Follina-CVE-and-CVE-2021-40444: This repository contains scripts and resources for exploiting the Follina…
This repository contains scripts and resources for exploiting the Follina CVE and CVE-2021-40444 vulnerabilities in Microsoft Office. The scripts generate malicious document files that can execute ...
CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/daemon-reconfig/CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/daemon-reconfig/CVE-2024-32002
GitHub
GitHub - daemon-reconfig/CVE-2024-32002: A Reverse shell generator for gitlab-shell vulnerability cve 2024-32002
A Reverse shell generator for gitlab-shell vulnerability cve 2024-32002 - daemon-reconfig/CVE-2024-32002
CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/HexDoesRandomShit/CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/HexDoesRandomShit/CVE-2024-32002
CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/charlesgargasson/CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/charlesgargasson/CVE-2024-32002
GitHub
GitHub - charlesgargasson/CVE-2024-32002: GIT RCE CVE-2024-32002
GIT RCE CVE-2024-32002. Contribute to charlesgargasson/CVE-2024-32002 development by creating an account on GitHub.
CVE-2024-39929
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.
Github link:
https://github.com/michael-david-fry/CVE-2024-39929
Exim through 4.97.1 misparses a multiline RFC 2231 header filename, and thus remote attackers can bypass a $mime_filename extension-blocking protection mechanism, and potentially deliver executable attachments to the mailboxes of end users.
Github link:
https://github.com/michael-david-fry/CVE-2024-39929
GitHub
GitHub - michael-david-fry/CVE-2024-39929: POC to test CVE-2024-39929 against EXIM mail servers
POC to test CVE-2024-39929 against EXIM mail servers - michael-david-fry/CVE-2024-39929