CVE-2025-6440.zip
1.5 KB
CVE-2025-6440
Author: rimbadirgantara
None
GitHub Link:
https://github.com/rimbadirgantara/CVE-2025-6440
Author: rimbadirgantara
None
GitHub Link:
https://github.com/rimbadirgantara/CVE-2025-6440
❤1
CVE-2023-28205.zip
18.2 KB
CVE-2023-28205
Author: seregonwar
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
GitHub Link:
https://github.com/seregonwar/uaf-2023-28205
Author: seregonwar
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
GitHub Link:
https://github.com/seregonwar/uaf-2023-28205
CVE-2024-25600.zip
15.6 KB
CVE-2024-25600
Author: h0w1tzxr
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
GitHub Link:
https://github.com/h0w1tzxr/TryHack3M-Bricks-Heist
Author: h0w1tzxr
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
GitHub Link:
https://github.com/h0w1tzxr/TryHack3M-Bricks-Heist
CVE-2017-5638.zip
6.3 KB
CVE-2017-5638
Author: louislafosse
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
GitHub Link:
https://github.com/louislafosse/CVE-2017-5638-assignement
Author: louislafosse
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
GitHub Link:
https://github.com/louislafosse/CVE-2017-5638-assignement
CVE-2023-46604.zip
5.9 KB
CVE-2023-46604
Author: RockyDesigne
Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.
Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.
GitHub Link:
https://github.com/RockyDesigne/SSP-Assignment-3-RCEYouLater
Author: RockyDesigne
Apache ActiveMQ is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.
Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.
GitHub Link:
https://github.com/RockyDesigne/SSP-Assignment-3-RCEYouLater