CVE-2024-9796
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
Github link:
https://github.com/viniciuslazzari/CVE-2024-9796
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
Github link:
https://github.com/viniciuslazzari/CVE-2024-9796
GitHub
GitHub - viniciuslazzari/CVE-2024-9796: Vulnerable website to the CVE-2024-9796
Vulnerable website to the CVE-2024-9796. Contribute to viniciuslazzari/CVE-2024-9796 development by creating an account on GitHub.
CVE-2024-41570
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
Github link:
https://github.com/HimmeL-Byte/CVE-2024-41570-SSRF-RCE
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
Github link:
https://github.com/HimmeL-Byte/CVE-2024-41570-SSRF-RCE
GitHub
GitHub - HimmeL-Byte/CVE-2024-41570-SSRF-RCE: Havoc SSRF to RCE
Havoc SSRF to RCE. Contribute to HimmeL-Byte/CVE-2024-41570-SSRF-RCE development by creating an account on GitHub.
CVE-2021-1732
Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698.
Github link:
https://github.com/Sausageinforest/CVE-2021-1732
Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698.
Github link:
https://github.com/Sausageinforest/CVE-2021-1732
GitHub
GitHub - Sausageinforest/CVE-2021-1732: Compiled CVE-2021-1732(WIndows XP-10(till 20H1) LPE)
Compiled CVE-2021-1732(WIndows XP-10(till 20H1) LPE) - Sausageinforest/CVE-2021-1732
CVE-2024-43998
Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.
Github link:
https://github.com/Nxploited/CVE-2024-43998
Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3.
Github link:
https://github.com/Nxploited/CVE-2024-43998
GitHub
GitHub - Nxploited/CVE-2024-43998: Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not…
Missing Authorization vulnerability in WebsiteinWP Blogpoet allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Blogpoet: from n/a through 1.0.3. - Nxploited/CVE-2024...
CVE-2024-41570
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
Github link:
https://github.com/sebr-dev/Havoc-C2-SSRF-to-RCE
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
Github link:
https://github.com/sebr-dev/Havoc-C2-SSRF-to-RCE
GitHub
GitHub - sebr-dev/Havoc-C2-SSRF-to-RCE: This is a modified version of the CVE-2024-41570 SSRF PoC from @chebuya chained with the…
This is a modified version of the CVE-2024-41570 SSRF PoC from @chebuya chained with the auth RCE exploit from @hyperreality. This exploit executes code remotely to a target due to multiple vulnera...
CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
Github link:
https://github.com/Mephierr/DirtyPipe_exploit
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
Github link:
https://github.com/Mephierr/DirtyPipe_exploit
GitHub
GitHub - Mephierr/DirtyPipe_exploit: CVE-2022-0847
CVE-2022-0847. Contribute to Mephierr/DirtyPipe_exploit development by creating an account on GitHub.
CVE-2024-41570
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
Github link:
https://github.com/kit4py/CVE-2024-41570
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
Github link:
https://github.com/kit4py/CVE-2024-41570
GitHub
GitHub - kit4py/CVE-2024-41570: Automated Reverse Shell Exploit via WebSocket | Havoc-C2-SSRF with RCE
Automated Reverse Shell Exploit via WebSocket | Havoc-C2-SSRF with RCE - kit4py/CVE-2024-41570
CVE-2021-40438
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Github link:
https://github.com/element-security/check-point-gateways-rce
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Github link:
https://github.com/element-security/check-point-gateways-rce
CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/ArtemCyberLab/Project-Exploiting-CVE-2024-27198-RCE-Vulnerability
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/ArtemCyberLab/Project-Exploiting-CVE-2024-27198-RCE-Vulnerability
GitHub
GitHub - ArtemCyberLab/Project-Exploiting-CVE-2024-27198-RCE-Vulnerability: In this project, I exploited the CVE-2024-27198-RCE…
In this project, I exploited the CVE-2024-27198-RCE vulnerability to perform a remote code execution (RCE) attack on a vulnerable TeamCity server. - ArtemCyberLab/Project-Exploiting-CVE-2024-27198-...
CVE-2024-41570
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
Github link:
https://github.com/thisisveryfunny/CVE-2024-41570-Havoc-C2-RCE
An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.
Github link:
https://github.com/thisisveryfunny/CVE-2024-41570-Havoc-C2-RCE
GitHub
GitHub - thisisveryfunny/CVE-2024-41570-Havoc-C2-RCE: This is a Chained RCE in the Havoc C2 framework using github.com/chebuya…
This is a Chained RCE in the Havoc C2 framework using github.com/chebuya and github.com/IncludeSecurity pocs - thisisveryfunny/CVE-2024-41570-Havoc-C2-RCE