CVE-2023-38831
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
Github link:
https://github.com/yezzfusl/cve_2023_38831_scanner
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
Github link:
https://github.com/yezzfusl/cve_2023_38831_scanner
GitHub
GitHub - yezzfusl/cve_2023_38831_scanner: This Python application scans for the CVE-2023-38831 vulnerability in WinRAR.
This Python application scans for the CVE-2023-38831 vulnerability in WinRAR. - yezzfusl/cve_2023_38831_scanner
CVE-2024-32113
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
Github link:
https://github.com/YongYe-Security/CVE-2024-32113
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
Github link:
https://github.com/YongYe-Security/CVE-2024-32113
GitHub
GitHub - YongYe-Security/CVE-2024-32113: CVE-2024-32113 Apache OFBIZ Batch Scanning
CVE-2024-32113 Apache OFBIZ Batch Scanning. Contribute to YongYe-Security/CVE-2024-32113 development by creating an account on GitHub.
CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/wubinworks/magento2-cosmic-sting-patch
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/wubinworks/magento2-cosmic-sting-patch
GitHub
GitHub - wubinworks/magento2-cosmic-sting-patch: An alternative solution(as a Magento 2 extension) to fix the XXE vulnerability…
An alternative solution(as a Magento 2 extension) to fix the XXE vulnerability CVE-2024-34102(aka Cosmic Sting). If you cannot upgrade Magento or cannot apply the official patch, try this one. - wu...
CVE-2024-22120
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
Github link:
https://github.com/g4nkd/CVE-2024-22120-RCE-with-gopher
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
Github link:
https://github.com/g4nkd/CVE-2024-22120-RCE-with-gopher
GitHub
GitHub - g4nkd/CVE-2024-22120-RCE-with-gopher: This exploit was created to exploit an XXE (XML External Entity). Through it, I…
This exploit was created to exploit an XXE (XML External Entity). Through it, I read the backend code of the web service and found an endpoint where I could use gopher to make internal requests on ...