CVE-2011-2523.zip
7.8 KB
CVE-2011-2523
Author: Mirza-22144
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
GitHub Link:
https://github.com/Mirza-22144/Vulnerability-Assessment-Exploitation-Lab
Author: Mirza-22144
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
GitHub Link:
https://github.com/Mirza-22144/Vulnerability-Assessment-Exploitation-Lab
CVE-2023-38831.zip
6.2 KB
CVE-2023-38831
Author: mishra0230
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
GitHub Link:
https://github.com/mishra0230/CVE-2023-38831
Author: mishra0230
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
GitHub Link:
https://github.com/mishra0230/CVE-2023-38831
CVE-2022-3653.zip
3.3 KB
CVE-2022-3653
Author: SpiralBL0CK
Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
GitHub Link:
https://github.com/SpiralBL0CK/CVE-2022-3653
Author: SpiralBL0CK
Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
GitHub Link:
https://github.com/SpiralBL0CK/CVE-2022-3653
CVE-2025-24893.zip
3.4 KB
CVE-2025-24893
Author: TomKingori
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to
Author: TomKingori
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any guest can perform arbitrary remote code execution through a request to
SolrSearch. This impacts the confidentiality, integrity and availability of the whole XWiki installation. To reproduce on an instance, without being logged in, go to <host>/xwiki/bin/get/Main/SolrSearch?media=rss&text=%7D%7D%7D%7B%7Basync%20async%3Dfalse%7D%7D%7B%7Bgroovy%7D%7Dprintln%28"Hello%20from"%20%2B%20"%20search%20text%3A"%20%2B%20%2823%20%2B%2019%29%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D%20. If there is an output, and the title of the RSS feed contains Hello from search text:42, then the instance is vulnerable. This vulnerability has been patched in XWiki 15.10.11, 16.4.1 and 16.5.0RC1. Users are advised to upgrade. Users unable to upgrade may edit Main.SolrSearchMacros ...CVE-2022-23779.zip
70.8 KB
CVE-2022-23779
Author: Rishi-kaul
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
GitHub Link:
https://github.com/Rishi-kaul/CVE-2022-23779
Author: Rishi-kaul
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.
GitHub Link:
https://github.com/Rishi-kaul/CVE-2022-23779
CVE-2023-1773.zip
2 KB
CVE-2023-1773
Author: C1oudfL0w0
A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability.
GitHub Link:
https://github.com/C1oudfL0w0/CVE-2023-1773-Exploit
Author: C1oudfL0w0
A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability.
GitHub Link:
https://github.com/C1oudfL0w0/CVE-2023-1773-Exploit