CVE-2024-5084
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Github link:
https://github.com/WOOOOONG/CVE-2024-5084
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Github link:
https://github.com/WOOOOONG/CVE-2024-5084
GitHub
GitHub - WOOOOONG/CVE-2024-5084: PoC Exploit for CVE-2024-5084
PoC Exploit for CVE-2024-5084. Contribute to WOOOOONG/CVE-2024-5084 development by creating an account on GitHub.
CVE-2018-14714
System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter.
Github link:
https://github.com/BTtea/CVE-2018-14714-RCE_exploit
System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter.
Github link:
https://github.com/BTtea/CVE-2018-14714-RCE_exploit
GitHub
GitHub - BTtea/CVE-2018-14714-RCE-exploit: ASUS wifi router RCE vulnerability
ASUS wifi router RCE vulnerability. Contribute to BTtea/CVE-2018-14714-RCE-exploit development by creating an account on GitHub.
CVE-2024-0044
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/Re13orn/CVE-2024-0044-EXP
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/Re13orn/CVE-2024-0044-EXP
GitHub
GitHub - Re13orn/CVE-2024-0044-EXP: 利用 CVE-2024-0044 Android 权限提升下载任意目标App沙箱文件。
利用 CVE-2024-0044 Android 权限提升下载任意目标App沙箱文件。. Contribute to Re13orn/CVE-2024-0044-EXP development by creating an account on GitHub.
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/harshinsecurity/sentinelssh
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/harshinsecurity/sentinelssh
GitHub
GitHub - harshinsecurity/sentinelssh: SentinelSSH is an advanced, high-performance SSH vulnerability scanner written in Go. It's…
SentinelSSH is an advanced, high-performance SSH vulnerability scanner written in Go. It's specifically designed to detect the CVE-2024-6387 vulnerability in OpenSSH servers across various ...
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/Symbolexe/CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/Symbolexe/CVE-2024-6387
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/AnugiArrawwala/CVE-Research
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/AnugiArrawwala/CVE-Research
GitHub
GitHub - AnugiArrawwala/CVE-Research: CVE-2017-0144 (Eternal Blue) | CVE-2023-3881 | CVE-2011-2523
CVE-2017-0144 (Eternal Blue) | CVE-2023-3881 | CVE-2011-2523 - AnugiArrawwala/CVE-Research
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/charis3306/CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/charis3306/CVE-2024-4577
GitHub
GitHub - charis3306/CVE-2024-4577: CVE-2024-4577 EXP
CVE-2024-4577 EXP. Contribute to charis3306/CVE-2024-4577 development by creating an account on GitHub.
CVE-2017-1000251
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
Github link:
https://github.com/sgxgsx/blueborne-CVE-2017-1000251
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
Github link:
https://github.com/sgxgsx/blueborne-CVE-2017-1000251
GitHub
GitHub - sgxgsx/blueborne-CVE-2017-1000251: Linux Kernel < 4.13.1 - BlueTooth Buffer Overflow (PoC) BlueBorne - Proof of Concept…
Linux Kernel < 4.13.1 - BlueTooth Buffer Overflow (PoC) BlueBorne - Proof of Concept - Unarmed/Unweaponized - DoS (Crash) only - GitHub - sgxgsx/blueborne-CVE-2017-1000251: Linux Kernel &am...
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/turbobit/CVE-2024-6387-OpenSSH-Vulnerability-Checker
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/turbobit/CVE-2024-6387-OpenSSH-Vulnerability-Checker
GitHub
GitHub - turbobit/CVE-2024-6387-OpenSSH-Vulnerability-Checker: Welcome to the CVE-2024-6387 OpenSSH Vulnerability Checker repository!…
Welcome to the CVE-2024-6387 OpenSSH Vulnerability Checker repository! This project offers multiple scripts to check the installed version of OpenSSH on your system and determine if it is vulnerab...
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/JackSparrowhk/ssh-CVE-2024-6387-poc
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/JackSparrowhk/ssh-CVE-2024-6387-poc
GitHub
JackSparrowhk/ssh-CVE-2024-6387-poc
CVE-2024-6387_Check 是一款轻量级、高效的工具,旨在识别运行易受攻击的 OpenSSH 版本的服务器,专门针对最近发现的regreSSHion漏洞 (CVE-2024-6387)。此脚本有助于快速扫描多个 IP 地址、域名和 CIDR 网络范围,以检测潜在漏洞并确保您的基础设施安全。 - JackSparrowhk/ssh-CVE-2024-6387-poc
CVE-2022-37706
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Github link:
https://github.com/AleksPwn/CVE-2022-37706
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Github link:
https://github.com/AleksPwn/CVE-2022-37706
GitHub
GitHub - AleksPwn/CVE-2022-37706: The exploit is tested on Ubuntu 22.04
The exploit is tested on Ubuntu 22.04. Contribute to AleksPwn/CVE-2022-37706 development by creating an account on GitHub.
CVE-2017-12617
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Github link:
https://github.com/yZ1337/CVE-2017-12617
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Github link:
https://github.com/yZ1337/CVE-2017-12617
GitHub
GitHub - yZ1337/CVE-2017-12617: CVE-2017-12617
CVE-2017-12617. Contribute to yZ1337/CVE-2017-12617 development by creating an account on GitHub.
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/4lxprime/regreSSHive
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/4lxprime/regreSSHive
GitHub
GitHub - 4lxprime/regreSSHive: rewrited SSH Exploit for CVE-2024-6387 (regreSSHion)
rewrited SSH Exploit for CVE-2024-6387 (regreSSHion) - 4lxprime/regreSSHive
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/invaderslabs/regreSSHion-CVE-2024-6387-
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/invaderslabs/regreSSHion-CVE-2024-6387-
GitHub
GitHub - invaderslabs/regreSSHion-CVE-2024-6387-: Provides instructions for using the script to check if your OpenSSH installation…
Provides instructions for using the script to check if your OpenSSH installation is vulnerable to CVE-2024-6387 - invaderslabs/regreSSHion-CVE-2024-6387-
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/sardine-web/CVE-2024-6387_Check
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/sardine-web/CVE-2024-6387_Check
GitHub
GitHub - sardine-web/CVE-2024-6387_Check: A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There…
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthentica...