CVE-2019-18634
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
Github link:
https://github.com/l0w3/CVE-2019-18634
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
Github link:
https://github.com/l0w3/CVE-2019-18634
GitHub
GitHub - l0w3/CVE-2019-18634: This repo contains both the exploit and the explaination of how this vulnerability is exploited
This repo contains both the exploit and the explaination of how this vulnerability is exploited - l0w3/CVE-2019-18634
CVE-2024-4956
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
Github link:
https://github.com/XiaomingX/cve-2024-4956
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
Github link:
https://github.com/XiaomingX/cve-2024-4956
GitHub
GitHub - XiaomingX/cve-2024-4956: CVE-2024-4956 Python exploitation utility
CVE-2024-4956 Python exploitation utility. Contribute to XiaomingX/cve-2024-4956 development by creating an account on GitHub.
CVE-2023-3460
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
Github link:
https://github.com/TranKuBao/CVE-2023-3460_FIX
The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
Github link:
https://github.com/TranKuBao/CVE-2023-3460_FIX
GitHub
GitHub - TranKuBao/CVE-2023-3460_FIX: Cái này dựng lên với mục đích cho ae tham khảo, chê thì đừng có xem. :))))
Cái này dựng lên với mục đích cho ae tham khảo, chê thì đừng có xem. :)))) - TranKuBao/CVE-2023-3460_FIX
CVE-2023-40028
None
Github link:
https://github.com/0xDTC/Ghost-5.58-Arbitrary-File-Read-CVE-2023-40028
None
Github link:
https://github.com/0xDTC/Ghost-5.58-Arbitrary-File-Read-CVE-2023-40028
GitHub
GitHub - 0xDTC/Ghost-5.58-Arbitrary-File-Read-CVE-2023-40028: CVE-2023-40028 affects Ghost, an open source content management system…
CVE-2023-40028 affects Ghost, an open source content management system, where versions prior to 5.59.1 allow authenticated users to upload files that are symlinks. This can be exploited to perform ...
CVE-2017-12617
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Github link:
https://github.com/DevaDJ/CVE-2017-12617
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Github link:
https://github.com/DevaDJ/CVE-2017-12617
GitHub
GitHub - DevaDJ/CVE-2017-12617: Improved version of PikaChu CVE
Improved version of PikaChu CVE. Contribute to DevaDJ/CVE-2017-12617 development by creating an account on GitHub.
CVE-2022-22963
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Github link:
https://github.com/Shayz614/CVE-2022-22963
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Github link:
https://github.com/Shayz614/CVE-2022-22963
GitHub
GitHub - Shayz614/CVE-2022-22963: CVE to CTF FP
CVE to CTF FP. Contribute to Shayz614/CVE-2022-22963 development by creating an account on GitHub.
CVE-2021-43798
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
Github link:
https://github.com/wezoomagency/GrafXploit
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
Github link:
https://github.com/wezoomagency/GrafXploit
GitHub
GitHub - wezoomagency/GrafXploit: Automated Exploit Tool for Grafana CVE-2021-43798: Scanning common files that contain juicy informations…
Automated Exploit Tool for Grafana CVE-2021-43798: Scanning common files that contain juicy informations and extracting SSH keys from compromised users. - wezoomagency/GrafXploit
CVE-2023-45866
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Github link:
https://github.com/Danyw24/blueXploit
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Github link:
https://github.com/Danyw24/blueXploit
GitHub
GitHub - Danyw24/blueXploit: Exploit basado en vulnerabilidades criticas Bluetooth (CVE-2023-45866, CVE-2024-21306)
Exploit basado en vulnerabilidades criticas Bluetooth (CVE-2023-45866, CVE-2024-21306) - Danyw24/blueXploit