CVE-2023-2255
Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.
Github link:
https://github.com/G4sp4rCS/CVE-2023-2255
Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.
Github link:
https://github.com/G4sp4rCS/CVE-2023-2255
GitHub
GitHub - G4sp4rCS/CVE-2023-2255: CVE-2023-2255 for LPE
CVE-2023-2255 for LPE. Contribute to G4sp4rCS/CVE-2023-2255 development by creating an account on GitHub.
CVE-2023-39141
webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.
Github link:
https://github.com/MartiSabate/CVE-2023-39141-LFI-enumerator
webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.
Github link:
https://github.com/MartiSabate/CVE-2023-39141-LFI-enumerator
GitHub
GitHub - MartiSabate/CVE-2023-39141-LFI-enumerator: enumerate files and directories from a remote server
enumerate files and directories from a remote server - MartiSabate/CVE-2023-39141-LFI-enumerator
CVE-2024-48887
None
Github link:
https://github.com/cybersecplayground/CVE-2024-48887-FortiSwitch-Exploit
None
Github link:
https://github.com/cybersecplayground/CVE-2024-48887-FortiSwitch-Exploit
GitHub
GitHub - cybersecplayground/CVE-2024-48887-FortiSwitch-Exploit: a lightweight JavaScript snippet showcasing how unauthorized password…
a lightweight JavaScript snippet showcasing how unauthorized password changes can be triggered on vulnerable Fortinet FortiSwitch GUI endpoints. - cybersecplayground/CVE-2024-48887-FortiSwitch-Exploit
CVE-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/ivanbg2004/ODH-BricksBuilder-CVE-2024-25600-THM
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/ivanbg2004/ODH-BricksBuilder-CVE-2024-25600-THM
GitHub
GitHub - ivanbg2004/ODH-BricksBuilder-CVE-2024-25600-THM: OD&H's scanner for CVE-2024-25600 vulnerability in the Bricks Builder…
OD&H's scanner for CVE-2024-25600 vulnerability in the Bricks Builder WordPress plugin. For use in Try Hack Me (THM) environments. - ivanbg2004/ODH-BricksBuilder-CVE-2024-25600-THM
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/deadlybangle/CVE-2024-4577-PHP-RCE
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/deadlybangle/CVE-2024-4577-PHP-RCE