CVE-2012-1823.zip
1.1 KB
CVE-2012-1823
Author: nulltrace1336
sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain phpgetopt for the 'd' case.
GitHub Link:
https://github.com/nulltrace1336/PHP-CGI-Argument-Injection-Exploit
Author: nulltrace1336
sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain phpgetopt for the 'd' case.
GitHub Link:
https://github.com/nulltrace1336/PHP-CGI-Argument-Injection-Exploit
CVE-2023-30253.zip
3.1 KB
CVE-2023-30253
Author: 1lkla
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
GitHub Link:
https://github.com/1lkla/POC-exploit-for-Dolibarr
Author: 1lkla
Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.
GitHub Link:
https://github.com/1lkla/POC-exploit-for-Dolibarr
CVE-2025-32433.zip
924.8 KB
CVE-2025-32433
Author: giriaryan694-a11y
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
GitHub Link:
https://github.com/giriaryan694-a11y/cve-2025-32433rceexploit
Author: giriaryan694-a11y
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.
GitHub Link:
https://github.com/giriaryan694-a11y/cve-2025-32433rceexploit