CVE-2022-26318
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Github link:
https://github.com/egilas/Watchguard-RCE-POC-CVE-2022-26318
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Github link:
https://github.com/egilas/Watchguard-RCE-POC-CVE-2022-26318
GitHub
GitHub - egilas/Watchguard-RCE-POC-CVE-2022-26318: PoC for Watchguard CVE-2022-26318 updated to Python3.12
PoC for Watchguard CVE-2022-26318 updated to Python3.12 - egilas/Watchguard-RCE-POC-CVE-2022-26318
CVE-2024-9465
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.
Github link:
https://github.com/Farzan-Kh/CVE-2024-9465
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.
Github link:
https://github.com/Farzan-Kh/CVE-2024-9465
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/Pr1or95/CVE-2023-4220-exploit
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/Pr1or95/CVE-2023-4220-exploit
GitHub
GitHub - Pr1or95/CVE-2023-4220-exploit: Carga de archivos sin restricciones en la funcionalidad de carga de archivos grandes en…
Carga de archivos sin restricciones en la funcionalidad de carga de archivos grandes en `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` en Chamilo LMS en versiones <= 1.11.24 permite ...
CVE-2024-10914
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Github link:
https://github.com/redspy-sec/D-Link
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Github link:
https://github.com/redspy-sec/D-Link
GitHub
GitHub - redspy-sec/D-Link: CVE-2024-10914 D-Link Remote Code Execution (RCE)
CVE-2024-10914 D-Link Remote Code Execution (RCE). Contribute to redspy-sec/D-Link development by creating an account on GitHub.
CVE-2024-6782
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.
Github link:
https://github.com/NketiahGodfred/CVE-2024-6782
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.
Github link:
https://github.com/NketiahGodfred/CVE-2024-6782
GitHub
GitHub - NketiahGodfred/CVE-2024-6782: Calibre Remote Code Execution
Calibre Remote Code Execution. Contribute to NketiahGodfred/CVE-2024-6782 development by creating an account on GitHub.
CVE-2021-23017
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
Github link:
https://github.com/z3usx01/CVE-2021-23017-POC
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
Github link:
https://github.com/z3usx01/CVE-2021-23017-POC
GitHub
GitHub - z3usx01/CVE-2021-23017-POC: The issue only affects nginx if the "resolver" directive is used in the configuration file.…
The issue only affects nginx if the "resolver" directive is used in the configuration file. Further, the attack is only possible if an attacker is able to forge UDP packets from t...
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
Github link:
https://github.com/Xernary/CVE-2017-5638-POC
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
Github link:
https://github.com/Xernary/CVE-2017-5638-POC
GitHub
GitHub - Xernary/CVE-2017-5638-POC: Proof of concept of CVE-2017-5638 including the whole setup of the Apache vulnerable server
Proof of concept of CVE-2017-5638 including the whole setup of the Apache vulnerable server - Xernary/CVE-2017-5638-POC
CVE-2024-23334
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
Github link:
https://github.com/Betan423/CVE-2024-23334-PoC
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
Github link:
https://github.com/Betan423/CVE-2024-23334-PoC
GitHub
GitHub - Betan423/CVE-2024-23334-PoC: This repository is a proof of concept (POC) for CVE-2024-23334, demonstrating an attempt…
This repository is a proof of concept (POC) for CVE-2024-23334, demonstrating an attempt to replicate the bug in aiohttp that leads to Local File Inclusion (LFI). - Betan423/CVE-2024-23334-PoC
CVE-2024-9441
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.
Github link:
https://github.com/jk-mayne/CVE-2024-9441-Checker
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.
Github link:
https://github.com/jk-mayne/CVE-2024-9441-Checker
GitHub
GitHub - jk-mayne/CVE-2024-9441-Checker: A simple python script to test for CVE-2024-9441.
A simple python script to test for CVE-2024-9441. - GitHub - jk-mayne/CVE-2024-9441-Checker: A simple python script to test for CVE-2024-9441.