CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/wubinworks/magento2-cosmic-sting-patch
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/wubinworks/magento2-cosmic-sting-patch
GitHub
GitHub - wubinworks/magento2-cosmic-sting-patch: An alternative solution(as a Magento 2 extension) to fix the XXE vulnerability…
An alternative solution(as a Magento 2 extension) to fix the XXE vulnerability CVE-2024-34102(aka Cosmic Sting). If you cannot upgrade Magento or cannot apply the official patch, try this one. - wu...
CVE-2024-22120
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
Github link:
https://github.com/g4nkd/CVE-2024-22120-RCE-with-gopher
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
Github link:
https://github.com/g4nkd/CVE-2024-22120-RCE-with-gopher
GitHub
GitHub - g4nkd/CVE-2024-22120-RCE-with-gopher: This exploit was created to exploit an XXE (XML External Entity). Through it, I…
This exploit was created to exploit an XXE (XML External Entity). Through it, I read the backend code of the web service and found an endpoint where I could use gopher to make internal requests on ...
CVE-2022-46080
Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET.
Github link:
https://github.com/geniuszlyy/CVE-2022-46080
Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET.
Github link:
https://github.com/geniuszlyy/CVE-2022-46080
GitHub
GitHub - geniuszlyy/CVE-2022-46080: it is script that enables Telnet on routers by sending a specially crafted request. The script…
it is script that enables Telnet on routers by sending a specially crafted request. The script allows users to specify the router's URL, Telnet port, and password. It validates the inputs a...
CVE-2022-45701
Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.
Github link:
https://github.com/geniuszlyy/CVE-2022-45701
Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.
Github link:
https://github.com/geniuszlyy/CVE-2022-45701
GitHub
GitHub - geniuszlyy/CVE-2022-45701: it is script designed to exploit certain vulnerabilities in routers by sending payloads through…
it is script designed to exploit certain vulnerabilities in routers by sending payloads through SNMP (Simple Network Management Protocol). The script automates the process of authorization, payload...
CVE-2022-44149
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required.
Github link:
https://github.com/geniuszlyy/CVE-2022-44149
The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required.
Github link:
https://github.com/geniuszlyy/CVE-2022-44149
GitHub
GitHub - geniuszlyy/CVE-2022-44149: it is script designed to interact with a router by sending a payload to its system tools. The…
it is script designed to interact with a router by sending a payload to its system tools. The script retrieves the router's configuration from environment variables to ensure security. It i...