CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/EQSTSeminar/CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/EQSTSeminar/CVE-2024-34102
GitHub
GitHub - EQSTLab/CVE-2024-34102: Adobe Commerce XXE exploit
Adobe Commerce XXE exploit. Contribute to EQSTLab/CVE-2024-34102 development by creating an account on GitHub.
CVE-2024-0044
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/nahid0x1/CVE-2024-0044
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/nahid0x1/CVE-2024-0044
GitHub
GitHub - nahid0x1/CVE-2024-0044: a vulnerability affecting Android version 12 & 13
a vulnerability affecting Android version 12 & 13. Contribute to nahid0x1/CVE-2024-0044 development by creating an account on GitHub.
CVE-2012-1823
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Github link:
https://github.com/0xFatality/CVE-2012-1823
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Github link:
https://github.com/0xFatality/CVE-2012-1823
GitHub
GitHub - 0xFatality/CVE-2012-1823: Prova de conceito de php cgi argument injection
Prova de conceito de php cgi argument injection . Contribute to 0xFatality/CVE-2012-1823 development by creating an account on GitHub.
CVE-2024-4879
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Github link:
https://github.com/jdusane/CVE-2024-4879
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Github link:
https://github.com/jdusane/CVE-2024-4879
GitHub
GitHub - jdusane/CVE-2024-4879: Python script designed to detect specific vulnerabilities in ServiceNow instances and dump database…
Python script designed to detect specific vulnerabilities in ServiceNow instances and dump database connection details if the vulnerability is found. This tool is particularly useful for security r...
CVE-2024-22120
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
Github link:
https://github.com/isPique/CVE-2024-22120-RCE-with-gopher
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
Github link:
https://github.com/isPique/CVE-2024-22120-RCE-with-gopher
GitHub
GitHub - isPique/CVE-2024-22120-RCE-with-gopher: This is my exploit for CVE-2024-22120, which involves an SSRF vulnerability inside…
This is my exploit for CVE-2024-22120, which involves an SSRF vulnerability inside an XXE with a Gopher payload. - isPique/CVE-2024-22120-RCE-with-gopher
CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/jrbH4CK/CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/jrbH4CK/CVE-2024-27198
GitHub
GitHub - jrbH4CK/CVE-2024-27198: PoC about CVE-2024-27198
PoC about CVE-2024-27198. Contribute to jrbH4CK/CVE-2024-27198 development by creating an account on GitHub.