CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/alex14324/ssh_poc2024
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/alex14324/ssh_poc2024
GitHub
GitHub - alex14324/ssh_poc2024: An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server
An exploit for CVE-2024-6387, targeting a signal handler race condition in OpenSSH's server - GitHub - alex14324/ssh_poc2024: An exploit for CVE-2024-6387, targeting a signal handler race ...
CVE-2024-21413
Microsoft Outlook Remote Code Execution Vulnerability
Github link:
https://github.com/HYZ3K/CVE-2024-21413
Microsoft Outlook Remote Code Execution Vulnerability
Github link:
https://github.com/HYZ3K/CVE-2024-21413
GitHub
GitHub - HYZ3K/CVE-2024-21413: Microsoft Outlook Remote Code Execution Vulnerability.
Microsoft Outlook Remote Code Execution Vulnerability. - HYZ3K/CVE-2024-21413
CVE-2022-21449
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to t
Github link:
https://github.com/HeyMrSalt/AIS3-2024-Project-D5Team
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to t
Github link:
https://github.com/HeyMrSalt/AIS3-2024-Project-D5Team
GitHub
GitHub - HeyMrSalt/AIS3-2024-Project-D5Team: Reappear-CVE-2022-21449-TLS-PoC
Reappear-CVE-2022-21449-TLS-PoC. Contribute to HeyMrSalt/AIS3-2024-Project-D5Team development by creating an account on GitHub.
CVE-2024-21338
Windows Kernel Elevation of Privilege Vulnerability
Github link:
https://github.com/Crowdfense/CVE-2024-21338
Windows Kernel Elevation of Privilege Vulnerability
Github link:
https://github.com/Crowdfense/CVE-2024-21338
GitHub
GitHub - Crowdfense/CVE-2024-21338: Windows AppLocker Driver (appid.sys) LPE
Windows AppLocker Driver (appid.sys) LPE. Contribute to Crowdfense/CVE-2024-21338 development by creating an account on GitHub.
CVE-2024-0044
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/hunter24x24/cve_2024_0044
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/hunter24x24/cve_2024_0044
GitHub
GitHub - hunter24x24/cve_2024_0044: CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12…
CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 - hunter24x24/cve_2024_0044
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/charchit-subedi/chamilo-lms-unauthenticated-rce-poc
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/charchit-subedi/chamilo-lms-unauthenticated-rce-poc
GitHub
GitHub - charchit-subedi/chamilo-lms-unauthenticated-rce-poc: This is a script written in Python that allows the exploitation of…
This is a script written in Python that allows the exploitation of the Chamilo's LMS software security flaw described in CVE-2023-4220 - GitHub - charchit-subedi/chamilo-lms-unauthenticate...
CVE-2021-21551
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
Github link:
https://github.com/Eap2468/CVE-2021-21551
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
Github link:
https://github.com/Eap2468/CVE-2021-21551
GitHub
GitHub - Eap2468/CVE-2021-21551: Proof of concept exploit for CVE-2021-21551
Proof of concept exploit for CVE-2021-21551. Contribute to Eap2468/CVE-2021-21551 development by creating an account on GitHub.
CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/chrisWalker11/CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/chrisWalker11/CVE-2024-32002
GitHub
GitHub - chrisWalker11/running-CVE-2024-32002-locally-for-tesing: adapting CVE-2024-32002 for running offline and locally
adapting CVE-2024-32002 for running offline and locally - chrisWalker11/running-CVE-2024-32002-locally-for-tesing
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/Gill-Singh-A/vsFTP-2.3.4-Remote-Root-Shell-Exploit
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/Gill-Singh-A/vsFTP-2.3.4-Remote-Root-Shell-Exploit
GitHub
GitHub - Gill-Singh-A/vsFTP-2.3.4-Remote-Root-Shell-Exploit: A Simple Python Program that uses gets a Remote Root Shell on the…
A Simple Python Program that uses gets a Remote Root Shell on the Target Device by exploiting a Vulnerability (CVE-2011-2523) present in vsFTP 2.3.4 - Gill-Singh-A/vsFTP-2.3.4-Remote-Root-Shell-Exp...
CVE-2024-26229
Windows CSC Service Elevation of Privilege Vulnerability
Github link:
https://github.com/Cracked5pider/eop24-26229
Windows CSC Service Elevation of Privilege Vulnerability
Github link:
https://github.com/Cracked5pider/eop24-26229
GitHub
GitHub - Cracked5pider/eop24-26229: A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege…
A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a unprivileged user - Cracked5pider/eop24-26229
CVE-2024-0044
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/nexussecelite/EvilDroid
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/nexussecelite/EvilDroid
GitHub
GitHub - nexussecelite/EvilDroid: EvilDroid automates the exploitation of CVE-2024-0044, installing malicious payloads on a target…
EvilDroid automates the exploitation of CVE-2024-0044, installing malicious payloads on a target device and extracting sensitive data. It features automated ADB connection checks, APK pushing, UID ...
CVE-2021-41182
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
Github link:
https://github.com/aredspy/CVE-2021-41182-Tester
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
Github link:
https://github.com/aredspy/CVE-2021-41182-Tester
GitHub
GitHub - aredspy/CVE-2021-41182-Tester: Some test files to make a good nuclei template for a JQuery UI XSS vuln
Some test files to make a good nuclei template for a JQuery UI XSS vuln - aredspy/CVE-2021-41182-Tester
CVE-2019-16098
The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
Github link:
https://github.com/Offensive-Panda/NT-AUTHORITY-SYSTEM-CONTEXT-RTCORE
The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
Github link:
https://github.com/Offensive-Panda/NT-AUTHORITY-SYSTEM-CONTEXT-RTCORE
GitHub
GitHub - Offensive-Panda/NT-AUTHORITY-SYSTEM-CONTEXT-RTCORE: This exploit rebuilds and exploit the CVE-2019-16098 which is in driver…
This exploit rebuilds and exploit the CVE-2019-16098 which is in driver Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to...