CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/sardine-web/CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/sardine-web/CVE-2024-36991
GitHub
GitHub - sardine-web/CVE-2024-36991: Path traversal vulnerability in Splunk Enterprise on Windows
Path traversal vulnerability in Splunk Enterprise on Windows - sardine-web/CVE-2024-36991
CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/th3gokul/CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/th3gokul/CVE-2024-36991
GitHub
GitHub - th3gokul/CVE-2024-36991: CVE-2024-36991: Path traversal that affects Splunk Enterprise on Windows versions below 9.2.2…
CVE-2024-36991: Path traversal that affects Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10. - th3gokul/CVE-2024-36991
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/l0n3m4n/CVE-2024-4577-RCE
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/l0n3m4n/CVE-2024-4577-RCE
GitHub
GitHub - l0n3m4n/CVE-2024-4577-RCE: PoC - PHP CGI Argument Injection CVE-2024-4577 (Scanner and Exploit)
PoC - PHP CGI Argument Injection CVE-2024-4577 (Scanner and Exploit) - l0n3m4n/CVE-2024-4577-RCE
CVE-2023-4220
None
Github link:
https://github.com/dollarboysushil/Chamilo-LMS-Unauthenticated-File-Upload-CVE-2023-4220
None
Github link:
https://github.com/dollarboysushil/Chamilo-LMS-Unauthenticated-File-Upload-CVE-2023-4220
GitHub
GitHub - dollarboysushil/Chamilo-LMS-Unauthenticated-File-Upload-CVE-2023-4220: Unrestricted file upload in big file upload functionality…
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform sto...
CVE-2023-4220
None
Github link:
https://github.com/m3m0o/chamilo-lms-unauthenticated-big-upload-rce-poc
None
Github link:
https://github.com/m3m0o/chamilo-lms-unauthenticated-big-upload-rce-poc
GitHub
GitHub - m3m0o/chamilo-lms-unauthenticated-big-upload-rce-poc: This is a script written in Python that allows the exploitation…
This is a script written in Python that allows the exploitation of the Chamilo's LMS software security flaw described in CVE-2023-4220 - m3m0o/chamilo-lms-unauthenticated-big-upload-rce-poc
CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
Github link:
https://github.com/iNoSec2/cve-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
Github link:
https://github.com/iNoSec2/cve-2018-6574
GitHub
GitHub - iNoSec2/cve-2018-6574: pentesterlab
pentesterlab. Contribute to iNoSec2/cve-2018-6574 development by creating an account on GitHub.
CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/SamJUK/cosmicsting-validator
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/SamJUK/cosmicsting-validator
GitHub
GitHub - SamJUK/cosmicsting-validator: CosmicSting (CVE-2024-34102) POC / Patch Validator
CosmicSting (CVE-2024-34102) POC / Patch Validator - SamJUK/cosmicsting-validator
CVE-2021-20323
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
Github link:
https://github.com/cscpwn0sec/CVE-2021-20323
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
Github link:
https://github.com/cscpwn0sec/CVE-2021-20323
GitHub
GitHub - cscpwn0sec/CVE-2021-20323: Exploitation Scanner Cross Site Scripting vulnerability in Keycloak.
Exploitation Scanner Cross Site Scripting vulnerability in Keycloak. - cscpwn0sec/CVE-2021-20323
CVE-2024-36401
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.
The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGrap
Github link:
https://github.com/zjaycyy/CVE-2024-36401
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.
The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGrap
Github link:
https://github.com/zjaycyy/CVE-2024-36401