CVE-2021-23017
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
Github link:
https://github.com/z3usx01/CVE-2021-23017-POC
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
Github link:
https://github.com/z3usx01/CVE-2021-23017-POC
GitHub
GitHub - z3usx01/CVE-2021-23017-POC: The issue only affects nginx if the "resolver" directive is used in the configuration file.…
The issue only affects nginx if the "resolver" directive is used in the configuration file. Further, the attack is only possible if an attacker is able to forge UDP packets from t...
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
Github link:
https://github.com/Xernary/CVE-2017-5638-POC
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
Github link:
https://github.com/Xernary/CVE-2017-5638-POC
GitHub
GitHub - Xernary/CVE-2017-5638-POC: Proof of concept of CVE-2017-5638 including the whole setup of the Apache vulnerable server
Proof of concept of CVE-2017-5638 including the whole setup of the Apache vulnerable server - Xernary/CVE-2017-5638-POC
CVE-2024-23334
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
Github link:
https://github.com/Betan423/CVE-2024-23334-PoC
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
Github link:
https://github.com/Betan423/CVE-2024-23334-PoC
GitHub
GitHub - Betan423/CVE-2024-23334-PoC: This repository is a proof of concept (POC) for CVE-2024-23334, demonstrating an attempt…
This repository is a proof of concept (POC) for CVE-2024-23334, demonstrating an attempt to replicate the bug in aiohttp that leads to Local File Inclusion (LFI). - Betan423/CVE-2024-23334-PoC
CVE-2024-9441
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.
Github link:
https://github.com/jk-mayne/CVE-2024-9441-Checker
The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.
Github link:
https://github.com/jk-mayne/CVE-2024-9441-Checker
GitHub
GitHub - jk-mayne/CVE-2024-9441-Checker: A simple python script to test for CVE-2024-9441.
A simple python script to test for CVE-2024-9441. - GitHub - jk-mayne/CVE-2024-9441-Checker: A simple python script to test for CVE-2024-9441.
CVE-2018-25031
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
Github link:
https://github.com/Proklinius897/CVE-2018-25031-tests
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
Github link:
https://github.com/Proklinius897/CVE-2018-25031-tests
GitHub
Proklinius897/CVE-2018-25031-tests
Testing for exploitation. Contribute to Proklinius897/CVE-2018-25031-tests development by creating an account on GitHub.
CVE-2024-23346
Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.
Github link:
https://github.com/MAWK0235/CVE-2024-23346
Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.
Github link:
https://github.com/MAWK0235/CVE-2024-23346
GitHub
GitHub - MAWK0235/CVE-2024-23346: This is an exploit for CVE-2024-23346 that acts as a "terminal" (tested on chemistry.htb)
This is an exploit for CVE-2024-23346 that acts as a "terminal" (tested on chemistry.htb) - MAWK0235/CVE-2024-23346
CVE-2021-21389
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.
Github link:
https://github.com/mynameSumin/CVE-2021-21389
BuddyPress is an open source WordPress plugin to build a community site. In releases of BuddyPress from 5.0.0 before 7.2.1 it's possible for a non-privileged, regular user to obtain administrator rights by exploiting an issue in the REST API members endpoint. The vulnerability has been fixed in BuddyPress 7.2.1. Existing installations of the plugin should be updated to this version to mitigate the issue.
Github link:
https://github.com/mynameSumin/CVE-2021-21389
GitHub
GitHub - mynameSumin/CVE-2021-21389: 경희대 졸업프로젝트
경희대 졸업프로젝트. Contribute to mynameSumin/CVE-2021-21389 development by creating an account on GitHub.
CVE-2024-0044
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/Dit-Developers/CVE-2024-0044-
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/Dit-Developers/CVE-2024-0044-
GitHub
GitHub - Dit-Developers/CVE-2024-0044-: CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions…
CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13 - Dit-Developers/CVE-2024-0044-
CVE-2022-37706
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Github link:
https://github.com/d3ndr1t30x/CVE-2022-37706
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Github link:
https://github.com/d3ndr1t30x/CVE-2022-37706
GitHub
GitHub - d3ndr1t30x/CVE-2022-37706: Privilege escaltion exploit script for Boardlight machine on HackTheBox. I had access as the…
Privilege escaltion exploit script for Boardlight machine on HackTheBox. I had access as the Larissa user and ran this script from the /tmp directory; script has been adjusted accordingly. - d3ndr1...
CVE-2004-2761
None
Github link:
https://github.com/chaos198800/Windows-xia-SSL-zheng-shu-zhi-zuo-gong-ju--CVE-2004-2761-lou-dong-xiu-fu
None
Github link:
https://github.com/chaos198800/Windows-xia-SSL-zheng-shu-zhi-zuo-gong-ju--CVE-2004-2761-lou-dong-xiu-fu
GitHub
GitHub - chaos198800/Windows-xia-SSL-zheng-shu-zhi-zuo-gong-ju--CVE-2004-2761-lou-dong-xiu-fu: Windows下SSL证书制作工具-CVE-2004-2761漏洞修复
Windows下SSL证书制作工具-CVE-2004-2761漏洞修复. Contribute to chaos198800/Windows-xia-SSL-zheng-shu-zhi-zuo-gong-ju--CVE-2004-2761-lou-dong-xiu-fu development by creating an account on GitHub.
CVE-2024-32002
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/jolibb55/donald
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
Github link:
https://github.com/jolibb55/donald
GitHub
jolibb55/donald
An example of a repo that would make use of the CVE-2024-32002 - jolibb55/donald
CVE-2019-18634
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
Github link:
https://github.com/l0w3/CVE-2019-18634
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
Github link:
https://github.com/l0w3/CVE-2019-18634
GitHub
GitHub - l0w3/CVE-2019-18634: This repo contains both the exploit and the explaination of how this vulnerability is exploited
This repo contains both the exploit and the explaination of how this vulnerability is exploited - l0w3/CVE-2019-18634