CVE-2024-0044
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/nexussecelite/EvilDroid
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/nexussecelite/EvilDroid
GitHub
GitHub - nexussecelite/EvilDroid: EvilDroid automates the exploitation of CVE-2024-0044, installing malicious payloads on a target…
EvilDroid automates the exploitation of CVE-2024-0044, installing malicious payloads on a target device and extracting sensitive data. It features automated ADB connection checks, APK pushing, UID ...
CVE-2021-41182
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
Github link:
https://github.com/aredspy/CVE-2021-41182-Tester
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.
Github link:
https://github.com/aredspy/CVE-2021-41182-Tester
GitHub
GitHub - aredspy/CVE-2021-41182-Tester: Some test files to make a good nuclei template for a JQuery UI XSS vuln
Some test files to make a good nuclei template for a JQuery UI XSS vuln - aredspy/CVE-2021-41182-Tester
CVE-2019-16098
The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
Github link:
https://github.com/Offensive-Panda/NT-AUTHORITY-SYSTEM-CONTEXT-RTCORE
The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code.
Github link:
https://github.com/Offensive-Panda/NT-AUTHORITY-SYSTEM-CONTEXT-RTCORE
GitHub
GitHub - Offensive-Panda/NT-AUTHORITY-SYSTEM-CONTEXT-RTCORE: This exploit rebuilds and exploit the CVE-2019-16098 which is in driver…
This exploit rebuilds and exploit the CVE-2019-16098 which is in driver Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to...
CVE-2024-23897
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/NoSpaceAvailable/CVE-2024-23897
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/NoSpaceAvailable/CVE-2024-23897
CVE-2023-4596
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Github link:
https://github.com/X-Projetion/CVE-2023-4596-OpenSSH-Multi-Checker
The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Github link:
https://github.com/X-Projetion/CVE-2023-4596-OpenSSH-Multi-Checker
GitHub
GitHub - X-Projetion/CVE-2023-4596-OpenSSH-Multi-Checker: CVE-2024-6387-checker is a tool or script designed to detect the security…
CVE-2024-6387-checker is a tool or script designed to detect the security vulnerability known as CVE-2024-6387 OpenSSH. CVE-2024-6387 OpenSSH is an entry in the Common Vulnerabilities and Exposures...
CVE-2023-38831
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
Github link:
https://github.com/yezzfusl/cve_2023_38831_scanner
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
Github link:
https://github.com/yezzfusl/cve_2023_38831_scanner
GitHub
GitHub - yezzfusl/cve_2023_38831_scanner: This Python application scans for the CVE-2023-38831 vulnerability in WinRAR.
This Python application scans for the CVE-2023-38831 vulnerability in WinRAR. - yezzfusl/cve_2023_38831_scanner
CVE-2024-32113
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
Github link:
https://github.com/YongYe-Security/CVE-2024-32113
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
Github link:
https://github.com/YongYe-Security/CVE-2024-32113
GitHub
GitHub - YongYe-Security/CVE-2024-32113: CVE-2024-32113 Apache OFBIZ Batch Scanning
CVE-2024-32113 Apache OFBIZ Batch Scanning. Contribute to YongYe-Security/CVE-2024-32113 development by creating an account on GitHub.
CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/wubinworks/magento2-cosmic-sting-patch
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/wubinworks/magento2-cosmic-sting-patch
GitHub
GitHub - wubinworks/magento2-cosmic-sting-patch: An alternative solution(as a Magento 2 extension) to fix the XXE vulnerability…
An alternative solution(as a Magento 2 extension) to fix the XXE vulnerability CVE-2024-34102(aka Cosmic Sting). If you cannot upgrade Magento or cannot apply the official patch, try this one. - wu...