CVE-2020-11651
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
Github link:
https://github.com/Drew-Alleman/CVE-2020-11651
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
Github link:
https://github.com/Drew-Alleman/CVE-2020-11651
GitHub
GitHub - Drew-Alleman/CVE-2020-11651: A script that exploits SaltStack CVE-2020-11651 and CVE-2020-11652 to add new users to a…
A script that exploits SaltStack CVE-2020-11651 and CVE-2020-11652 to add new users to a vulnerable Salt master by injecting entries into /etc/passwd and /etc/shadow. - Drew-Alleman/CVE-2020-11651
CVE-2025-0011
None
Github link:
https://github.com/binarywarm/kentico-xperience13-AuthBypass-CVE-2025-0011
None
Github link:
https://github.com/binarywarm/kentico-xperience13-AuthBypass-CVE-2025-0011
GitHub
GitHub - binarywarm/kentico-xperience13-AuthBypass-CVE-2025-0011: CVE-2025-0011 (CVE not assigned yet)
CVE-2025-0011 (CVE not assigned yet). Contribute to binarywarm/kentico-xperience13-AuthBypass-CVE-2025-0011 development by creating an account on GitHub.
CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/jaytiwari05/CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/jaytiwari05/CVE-2024-36991
GitHub
GitHub - jaytiwari05/CVE-2024-36991: Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads
Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads - jaytiwari05/CVE-2024-36991
CVE-2023-34960
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Github link:
https://github.com/mr-won/cve-2023-34960
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Github link:
https://github.com/mr-won/cve-2023-34960
GitHub
GitHub - user20252228/cve-2023-34960: chamilo soap api rce (/webservices/additional_webservices.php)
chamilo soap api rce (/webservices/additional_webservices.php) - user20252228/cve-2023-34960
CVE-2022-26134
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Github link:
https://github.com/mr-won/cve-2022-26134
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Github link:
https://github.com/mr-won/cve-2022-26134
GitHub
GitHub - mr-won/cve-2022-26134: cve-2022-26134 atlassia Confluence Data Center2016 server OGNL %[...}
cve-2022-26134 atlassia Confluence Data Center2016 server OGNL %[...} - mr-won/cve-2022-26134
CVE-2009-1151
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
Github link:
https://github.com/mr-won/ZmEu
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
Github link:
https://github.com/mr-won/ZmEu
GitHub
GitHub - mr-won/ZmEu: CVE-2009-1151, phpMyAdmin의 set.up
CVE-2009-1151, phpMyAdmin의 set.up . Contribute to mr-won/ZmEu development by creating an account on GitHub.
CVE-2021-4045
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.
Github link:
https://github.com/DorskFR/tapodate
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.
Github link:
https://github.com/DorskFR/tapodate
GitHub
GitHub - DorskFR/tapodate: Sets up a local Tapo C200 using CVE-2021-4045
Sets up a local Tapo C200 using CVE-2021-4045. Contribute to DorskFR/tapodate development by creating an account on GitHub.
CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/TcchSquad/CVE-2024-36991-Tool
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/TcchSquad/CVE-2024-36991-Tool
GitHub
GitHub - TcchSquad/CVE-2024-36991-Tool: This binary POC automates the exploitation of CVE-2024-36991 by sending crafted curl requests…
This binary POC automates the exploitation of CVE-2024-36991 by sending crafted curl requests to a vulnerable Splunk instance. It retrieves sensitive files and saves them locally for further analys...
CVE-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/so1icitx/CVE-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/so1icitx/CVE-2024-25600
GitHub
GitHub - so1icitx/CVE-2024-25600: Unauthenticated RCE exploit for CVE-2024-25600 in WordPress Bricks Builder <= 1.9.6. Executes…
Unauthenticated RCE exploit for CVE-2024-25600 in WordPress Bricks Builder <= 1.9.6. Executes arbitrary code remotely. - so1icitx/CVE-2024-25600
CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Github link:
https://github.com/so1icitx/CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Github link:
https://github.com/so1icitx/CVE-2019-9053
GitHub
GitHub - so1icitx/CVE-2019-9053: Unauthenticated SQL injection exploit for CVE-2019-9053 in CMS Made Simple <= 2.2.9. Extracts…
Unauthenticated SQL injection exploit for CVE-2019-9053 in CMS Made Simple <= 2.2.9. Extracts admin creds with time-based SQLi. - so1icitx/CVE-2019-9053
CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/gunzf0x/CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/gunzf0x/CVE-2024-36991
GitHub
GitHub - gunzf0x/CVE-2024-36991: Proof of Concept for CVE-2024-36991. Path traversal for Splunk versions below 9.2.2, 9.1.5, and…
Proof of Concept for CVE-2024-36991. Path traversal for Splunk versions below 9.2.2, 9.1.5, and 9.0.10 for Windows which allows arbitrary file read. - gunzf0x/CVE-2024-36991
CVE-2018-10562
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
Github link:
https://github.com/mr-won/backdoor.mirai.helloworld
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
Github link:
https://github.com/mr-won/backdoor.mirai.helloworld
GitHub
GitHub - mr-won/backdoor.mirai.helloworld: backdoor.mirai.helloworld cve2018-20561, cve-2018-10562
backdoor.mirai.helloworld cve2018-20561, cve-2018-10562 - mr-won/backdoor.mirai.helloworld
CVE-2023-21554
Microsoft Message Queuing Remote Code Execution Vulnerability
Github link:
https://github.com/leongxudong/MSMQ-Vulnerbaility
Microsoft Message Queuing Remote Code Execution Vulnerability
Github link:
https://github.com/leongxudong/MSMQ-Vulnerbaility
GitHub
GitHub - leongxudong/MSMQ-Vulnerbaility: Documentation and PoC for CVE-2023-21554 MSMQ Vulnerability
Documentation and PoC for CVE-2023-21554 MSMQ Vulnerability - leongxudong/MSMQ-Vulnerbaility
CVE-2023-32784
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
Github link:
https://github.com/G4sp4rCS/CVE-2023-32784-password-combinator-fixer
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
Github link:
https://github.com/G4sp4rCS/CVE-2023-32784-password-combinator-fixer
GitHub
GitHub - G4sp4rCS/CVE-2023-32784-password-combinator-fixer: After using the KeePass password dumper maybe some character parsed…
After using the KeePass password dumper maybe some character parsed as ● is incorrect and you want to know the real character - G4sp4rCS/CVE-2023-32784-password-combinator-fixer