CVE-2020-24972
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.
Github link:
https://github.com/SpiralBL0CK/CVE-2020-24972
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.
Github link:
https://github.com/SpiralBL0CK/CVE-2020-24972
GitHub
GitHub - SpiralBL0CK/CVE-2020-24972: PoC for CVE-2020-24972
PoC for CVE-2020-24972. Contribute to SpiralBL0CK/CVE-2020-24972 development by creating an account on GitHub.
CVE-2023-45866
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Github link:
https://github.com/AvishekDhakal/CVE-2023-45866_EXPLOITS
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Github link:
https://github.com/AvishekDhakal/CVE-2023-45866_EXPLOITS
GitHub
GitHub - AvishekDhakal/CVE-2023-45866_EXPLOITS: Exploits Tested in Mi A2 Lite and Realme 2 pro
Exploits Tested in Mi A2 Lite and Realme 2 pro. Contribute to AvishekDhakal/CVE-2023-45866_EXPLOITS development by creating an account on GitHub.
CVE-2023-42115
Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-17434.
Github link:
https://github.com/isotaka134/cve-2023-42115
Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-17434.
Github link:
https://github.com/isotaka134/cve-2023-42115
GitHub
GitHub - isotaka134/cve-2023-42115: This module exploits a vulnerability in the target service identified as CVE-2023-42115.
This module exploits a vulnerability in the target service identified as CVE-2023-42115. - isotaka134/cve-2023-42115
CVE-2022-44268
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
Github link:
https://github.com/FlojBoj/CVE-2022-44268
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).
Github link:
https://github.com/FlojBoj/CVE-2022-44268
GitHub
GitHub - FlojBoj/CVE-2022-44268: ImageMagick 7.1.0-49 vulnerable to Information Disclosure
ImageMagick 7.1.0-49 vulnerable to Information Disclosure - FlojBoj/CVE-2022-44268
CVE-2023-26136
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
Github link:
https://github.com/m-lito13/SealSecurity_Exam
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
Github link:
https://github.com/m-lito13/SealSecurity_Exam
GitHub
GitHub - m-lito13/SealSecurity_Exam: Fix prototype pollution vulnerability (CVE-2023-26136) for tough-cookie package
Fix prototype pollution vulnerability (CVE-2023-26136) for tough-cookie package - m-lito13/SealSecurity_Exam
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/0x00-null/-Chamilo-CVE-2023-4220-RCE-Exploit
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/0x00-null/-Chamilo-CVE-2023-4220-RCE-Exploit
GitHub
GitHub - 0x00-null/-Chamilo-CVE-2023-4220-RCE-Exploit: (CVE-2023-4220) Chamilo LMS Unauthenticated Big Upload File Remote Code…
(CVE-2023-4220) Chamilo LMS Unauthenticated Big Upload File Remote Code Execution - GitHub - 0x00-null/-Chamilo-CVE-2023-4220-RCE-Exploit: (CVE-2023-4220) Chamilo LMS Unauthenticated Big Upload Fi...
CVE-2023-26360
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/CuriousLearnerDev/ColdFusion_EXp
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/CuriousLearnerDev/ColdFusion_EXp
GitHub
GitHub - CuriousLearnerDev/ColdFusion_EXp: Adobe ColdFusion CVE-2023-26360/CVE-2023-29298 自动化实现反弹
Adobe ColdFusion CVE-2023-26360/CVE-2023-29298 自动化实现反弹 - CuriousLearnerDev/ColdFusion_EXp
CVE-2024-23897
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/BinaryGoodBoy0101/Jenkins-Exploit-CVE-2024-23897-Fsociety
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/BinaryGoodBoy0101/Jenkins-Exploit-CVE-2024-23897-Fsociety
GitHub
BinaryGoodBoy0101/Jenkins-Exploit-CVE-2024-23897-Fsociety
exploit diseñado para aprovechar una vulnerabilidad crítica en Jenkins versiones <= 2.441. La vulnerabilidad, CVE-2024-23897, permite la lectura arbitraria de archivos a través del CLI de Je...
CVE-2022-46169
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determin
Github link:
https://github.com/rockyroadonline/CVE-2022-46169
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determin
Github link:
https://github.com/rockyroadonline/CVE-2022-46169
GitHub
GitHub - rockyroadonline/CVE-2022-46169: PoC for Cacti 1.2.22 - CVE-2022-46169
PoC for Cacti 1.2.22 - CVE-2022-46169. Contribute to rockyroadonline/CVE-2022-46169 development by creating an account on GitHub.