CVE-2017-5487
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
Github link:
https://github.com/ndr-repo/CVE-2017-5487
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
Github link:
https://github.com/ndr-repo/CVE-2017-5487
GitHub
GitHub - ndr-repo/CVE-2017-5487: PoC for CVE-2017-5487 - WordPress User Enumeration via REST
PoC for CVE-2017-5487 - WordPress User Enumeration via REST - ndr-repo/CVE-2017-5487
CVE-2020-24913
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
Github link:
https://github.com/shpaw415/CVE-2020-24913-exploit
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
Github link:
https://github.com/shpaw415/CVE-2020-24913-exploit
GitHub
GitHub - shpaw415/CVE-2020-24913-exploit: automated SQL injection for QCubed profile.php file
automated SQL injection for QCubed profile.php file - shpaw415/CVE-2020-24913-exploit
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/tntrock/CVE-2024-4577_PowerShell
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/tntrock/CVE-2024-4577_PowerShell
GitHub
GitHub - tntrock/CVE-2024-4577_PowerShell: 使用PowsrShell掃描CVE-2024-4577
使用PowsrShell掃描CVE-2024-4577. Contribute to tntrock/CVE-2024-4577_PowerShell development by creating an account on GitHub.
CVE-2023-24932
Secure Boot Security Feature Bypass Vulnerability
Github link:
https://github.com/ajf8729/BlackLotus
Secure Boot Security Feature Bypass Vulnerability
Github link:
https://github.com/ajf8729/BlackLotus
GitHub
GitHub - ajf8729/BlackLotus: BlackLotus aka CVE-2023-24932 Detection/Remediation Scripts for Intune, ConfigMgr, and generic use
BlackLotus aka CVE-2023-24932 Detection/Remediation Scripts for Intune, ConfigMgr, and generic use - ajf8729/BlackLotus
CVE-2023-42793
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Github link:
https://github.com/syaifulandy/Nuclei-Template-CVE-2023-42793.yaml
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Github link:
https://github.com/syaifulandy/Nuclei-Template-CVE-2023-42793.yaml
GitHub
GitHub - syaifulandy/Nuclei-Template-CVE-2023-42793.yaml: Windows & linux support
Windows & linux support. Contribute to syaifulandy/Nuclei-Template-CVE-2023-42793.yaml development by creating an account on GitHub.
CVE-2025-0411
None
Github link:
https://github.com/betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass
None
Github link:
https://github.com/betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass
GitHub
GitHub - betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass: CVE-2025-0411 7-Zip Mark-of-the-Web Bypass
CVE-2025-0411 7-Zip Mark-of-the-Web Bypass. Contribute to betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass development by creating an account on GitHub.
CVE-2025-2748
None
Github link:
https://github.com/xirtam2669/Kentico-Xperience-before-13.0.178---XSS-POC
None
Github link:
https://github.com/xirtam2669/Kentico-Xperience-before-13.0.178---XSS-POC
GitHub
GitHub - xirtam2669/Kentico-Xperience-before-13.0.178---XSS-POC: PoC for CVE-2025-2748 - Unauthenticated ZIP file upload with embedded…
PoC for CVE-2025-2748 - Unauthenticated ZIP file upload with embedded SVG for XSS - xirtam2669/Kentico-Xperience-before-13.0.178---XSS-POC
CVE-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/DedsecTeam-BlackHat/Poleposph
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/DedsecTeam-BlackHat/Poleposph
GitHub
GitHub - DedsecTeam-BlackHat/Poleposph: Tools for scan CVE-2024-25600 - WordPress Bricks Builder Remote Code Execution (RCE)
Tools for scan CVE-2024-25600 - WordPress Bricks Builder Remote Code Execution (RCE) - GitHub - DedsecTeam-BlackHat/Poleposph: Tools for scan CVE-2024-25600 - WordPress Bricks Builder Remote Code ...