CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/l-urk/CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/l-urk/CVE-2024-6387
GitHub
GitHub - l-urk/CVE-2024-6387: Proof of concept python script for regreSSHion exploit.
Proof of concept python script for regreSSHion exploit. - GitHub - l-urk/CVE-2024-6387: Proof of concept python script for regreSSHion exploit.
CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/etx-Arn/CVE-2024-34102-RCE
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/etx-Arn/CVE-2024-34102-RCE
CVE-2022-2590
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system.
Github link:
https://github.com/hyeonjun17/CVE-2022-2590-analysis
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system.
Github link:
https://github.com/hyeonjun17/CVE-2022-2590-analysis
GitHub
GitHub - hyeonjun17/CVE-2022-2590-analysis: Dirty COW restricted to shmem in linux kernel
Dirty COW restricted to shmem in linux kernel. Contribute to hyeonjun17/CVE-2022-2590-analysis development by creating an account on GitHub.
CVE-2022-40146
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
Github link:
https://github.com/soulfoodisgood/CVE-2022-40146
Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.
Github link:
https://github.com/soulfoodisgood/CVE-2022-40146
GitHub
GitHub - soulfoodisgood/CVE-2022-40146: Vulnerable svg-to-png service
Vulnerable svg-to-png service. Contribute to soulfoodisgood/CVE-2022-40146 development by creating an account on GitHub.
CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/NishanthAnand21/CVE-2024-32002-PoC
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/NishanthAnand21/CVE-2024-32002-PoC
GitHub
GitHub - NishanthAnand21/CVE-2024-32002-PoC: PoC of CVE-2024-32002 - Remote Code Execution while cloning special-crafted local…
PoC of CVE-2024-32002 - Remote Code Execution while cloning special-crafted local repositories - NishanthAnand21/CVE-2024-32002-PoC
CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/tiyeume25112004/CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/tiyeume25112004/CVE-2024-32002
GitHub
GitHub - SpycioKon/CVE-2024-32002: Just small script to exploit CVE-2024-32002
Just small script to exploit CVE-2024-32002. Contribute to SpycioKon/CVE-2024-32002 development by creating an account on GitHub.
CVE-2024-36401
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.
The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGrap
Github link:
https://github.com/Chocapikk/CVE-2024-36401
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.
The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGrap
Github link:
https://github.com/Chocapikk/CVE-2024-36401
GitHub
GitHub - Chocapikk/CVE-2024-36401: GeoServer Remote Code Execution
GeoServer Remote Code Execution. Contribute to Chocapikk/CVE-2024-36401 development by creating an account on GitHub.
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/Jcccccx/CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/Jcccccx/CVE-2024-4577
GitHub
GitHub - Jcccccx/CVE-2024-4577: 批量验证POC和EXP
批量验证POC和EXP. Contribute to Jcccccx/CVE-2024-4577 development by creating an account on GitHub.
CVE-2022-22978
In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Github link:
https://github.com/BoB13-Opensource-Contribution-Team9/CVE-2022-22978
In Spring Security versions 5.5.6 and 5.5.7 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Github link:
https://github.com/BoB13-Opensource-Contribution-Team9/CVE-2022-22978
GitHub
BoB13-Opensource-Contribution-Team9/CVE-2022-22978
CVE-2022-22978's Nuclei-Template. Contribute to BoB13-Opensource-Contribution-Team9/CVE-2022-22978 development by creating an account on GitHub.
CVE-2022-41544
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.
Github link:
https://github.com/Sp3c73rSh4d0w/CVE-2022-41544
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin/theme-edit.php.
Github link:
https://github.com/Sp3c73rSh4d0w/CVE-2022-41544
GitHub
GitHub - Sp3c73rSh4d0w/CVE-2022-41544: Exploit script for CVE-2022-41544 in GetSimple CMS, with enhanced error handling and detailed…
Exploit script for CVE-2022-41544 in GetSimple CMS, with enhanced error handling and detailed usage instructions. - Sp3c73rSh4d0w/CVE-2022-41544
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/alex14324/ssh_poc2024
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/alex14324/ssh_poc2024
GitHub
GitHub - alex14324/ssh_poc2024: An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server
An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server - GitHub - alex14324/ssh_poc2024: An exploit for CVE-2024-6387, targeting a signal handler race ...
CVE-2024-21413
Microsoft Outlook Remote Code Execution Vulnerability
Github link:
https://github.com/HYZ3K/CVE-2024-21413
Microsoft Outlook Remote Code Execution Vulnerability
Github link:
https://github.com/HYZ3K/CVE-2024-21413
GitHub
GitHub - HYZ3K/CVE-2024-21413: Microsoft Outlook Remote Code Execution Vulnerability.
Microsoft Outlook Remote Code Execution Vulnerability. - HYZ3K/CVE-2024-21413
CVE-2022-21449
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to t
Github link:
https://github.com/HeyMrSalt/AIS3-2024-Project-D5Team
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to t
Github link:
https://github.com/HeyMrSalt/AIS3-2024-Project-D5Team
GitHub
GitHub - HeyMrSalt/AIS3-2024-Project-D5Team: Reappear-CVE-2022-21449-TLS-PoC
Reappear-CVE-2022-21449-TLS-PoC. Contribute to HeyMrSalt/AIS3-2024-Project-D5Team development by creating an account on GitHub.
CVE-2024-21338
Windows Kernel Elevation of Privilege Vulnerability
Github link:
https://github.com/Crowdfense/CVE-2024-21338
Windows Kernel Elevation of Privilege Vulnerability
Github link:
https://github.com/Crowdfense/CVE-2024-21338
GitHub
GitHub - Crowdfense/CVE-2024-21338: Windows AppLocker Driver (appid.sys) LPE
Windows AppLocker Driver (appid.sys) LPE. Contribute to Crowdfense/CVE-2024-21338 development by creating an account on GitHub.
CVE-2024-0044
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/hunter24x24/cve_2024_0044
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/hunter24x24/cve_2024_0044
GitHub
GitHub - hunter24x24/cve_2024_0044: CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12…
CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 - hunter24x24/cve_2024_0044
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/charchit-subedi/chamilo-lms-unauthenticated-rce-poc
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/charchit-subedi/chamilo-lms-unauthenticated-rce-poc
GitHub
GitHub - charchit-subedi/chamilo-lms-unauthenticated-rce-poc: This is a script written in Python that allows the exploitation of…
This is a script written in Python that allows the exploitation of the Chamilo's LMS software security flaw described in CVE-2023-4220 - GitHub - charchit-subedi/chamilo-lms-unauthenticate...