CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/jrbH4CK/CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/jrbH4CK/CVE-2024-27198
GitHub
GitHub - jrbH4CK/CVE-2024-27198: PoC about CVE-2024-27198
PoC about CVE-2024-27198. Contribute to jrbH4CK/CVE-2024-27198 development by creating an account on GitHub.
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/bughuntar/CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/bughuntar/CVE-2024-4577
GitHub
GitHub - bughuntar/CVE-2024-4577: CVE-2024-4577 Exploits
CVE-2024-4577 Exploits. Contribute to bughuntar/CVE-2024-4577 development by creating an account on GitHub.
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/LGenAgul/CVE-2023-4220-Proof-of-concept
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/LGenAgul/CVE-2023-4220-Proof-of-concept
GitHub
GitHub - LGenAgul/CVE-2023-4220-Proof-of-concept: Chamilo LMS Unauthenticated Big Upload File that allows remote code execution
Chamilo LMS Unauthenticated Big Upload File that allows remote code execution - LGenAgul/CVE-2023-4220-Proof-of-concept