👋🏻
Channel push 24/7 (real time)
频道全天候推送(实时)
This channel will be used to push CVE and red team resources.
该频道将用于推送CVE和红队资源。
Chat https://t.me/+J9NOoJzZF9tiZGZl
Channel push 24/7 (real time)
频道全天候推送(实时)
This channel will be used to push CVE and red team resources.
该频道将用于推送CVE和红队资源。
Chat https://t.me/+J9NOoJzZF9tiZGZl
Telegram
CVE HUB 👾 Chat
You’ve been invited to join this group on Telegram.
❤3👍1
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-26134
Github: https://github.com/keven1z/CVE-2022-26134
Describe:
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Mumber: CVE-2022-26134
Github: https://github.com/keven1z/CVE-2022-26134
Describe:
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
GitHub
GitHub - keven1z/CVE-2022-26134: 远程攻击者在Confluence未经身份验证的情况下,可构造OGNL表达式进行注入,实现在Confluence Server或Data Center上执行任意代码,在现有脚本上修改了poc,方便getshell。
远程攻击者在Confluence未经身份验证的情况下,可构造OGNL表达式进行注入,实现在Confluence Server或Data Center上执行任意代码,在现有脚本上修改了poc,方便getshell。 - keven1z/CVE-2022-26134
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-34918
Github: https://github.com/merlinepedra/CVE-2022-34918-LPE-PoC
Describe:
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
Mumber: CVE-2022-34918
Github: https://github.com/merlinepedra/CVE-2022-34918-LPE-PoC
Describe:
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.
GitHub
GitHub - merlinepedra/CVE-2022-34918-LPE-PoC
Contribute to merlinepedra/CVE-2022-34918-LPE-PoC development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-33891
Github: https://github.com/llraudseppll/cve-2022-33891
Describe:
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
Mumber: CVE-2022-33891
Github: https://github.com/llraudseppll/cve-2022-33891
Describe:
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.
GitHub
GitHub - llraudseppll/cve-2022-33891: Apache Spark RCE
Apache Spark RCE. Contribute to llraudseppll/cve-2022-33891 development by creating an account on GitHub.
👾CVE SERVICE 🏷#CVE
Mumber: CVE-2022-32114
Github: https://github.com/bypazs/CVE-2022-32114
Describe:
An unrestricted file upload vulnerability in the Add New Assets function of Strapi v4.1.12 allows attackers to execute arbitrary code via a crafted file.
Mumber: CVE-2022-32114
Github: https://github.com/bypazs/CVE-2022-32114
Describe:
An unrestricted file upload vulnerability in the Add New Assets function of Strapi v4.1.12 allows attackers to execute arbitrary code via a crafted file.
GitHub
GitHub - bypazs/CVE-2022-32114: An unrestricted file upload vulnerability in the Add New Assets function of Strapi v4.1.12 allows…
An unrestricted file upload vulnerability in the Add New Assets function of Strapi v4.1.12 allows attackers to execute arbitrary code via a crafted file. - bypazs/CVE-2022-32114
👾KEYWORD SERVICE 🏷#rce
Name: Bolt-CMS-Version-3.7.1-RCE-Exploit
Github: https://github.com/0xfoysal/Bolt-CMS-Version-3.7.1-RCE-Exploit
Name: Bolt-CMS-Version-3.7.1-RCE-Exploit
Github: https://github.com/0xfoysal/Bolt-CMS-Version-3.7.1-RCE-Exploit
GitHub
GitHub - 0xfoysal/Bolt-CMS-Version-3.7.1-RCE-Exploit
Contribute to 0xfoysal/Bolt-CMS-Version-3.7.1-RCE-Exploit development by creating an account on GitHub.