CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/0x00-null/-Chamilo-CVE-2023-4220-RCE-Exploit
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/0x00-null/-Chamilo-CVE-2023-4220-RCE-Exploit
GitHub
GitHub - 0x00-null/-Chamilo-CVE-2023-4220-RCE-Exploit: (CVE-2023-4220) Chamilo LMS Unauthenticated Big Upload File Remote Code…
(CVE-2023-4220) Chamilo LMS Unauthenticated Big Upload File Remote Code Execution - GitHub - 0x00-null/-Chamilo-CVE-2023-4220-RCE-Exploit: (CVE-2023-4220) Chamilo LMS Unauthenticated Big Upload Fi...
CVE-2023-26360
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/CuriousLearnerDev/ColdFusion_EXp
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/CuriousLearnerDev/ColdFusion_EXp
GitHub
GitHub - CuriousLearnerDev/ColdFusion_EXp: Adobe ColdFusion CVE-2023-26360/CVE-2023-29298 自动化实现反弹
Adobe ColdFusion CVE-2023-26360/CVE-2023-29298 自动化实现反弹 - CuriousLearnerDev/ColdFusion_EXp
CVE-2024-23897
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/BinaryGoodBoy0101/Jenkins-Exploit-CVE-2024-23897-Fsociety
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/BinaryGoodBoy0101/Jenkins-Exploit-CVE-2024-23897-Fsociety
GitHub
BinaryGoodBoy0101/Jenkins-Exploit-CVE-2024-23897-Fsociety
exploit diseñado para aprovechar una vulnerabilidad crítica en Jenkins versiones <= 2.441. La vulnerabilidad, CVE-2024-23897, permite la lectura arbitraria de archivos a través del CLI de Je...
CVE-2022-46169
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determin
Github link:
https://github.com/rockyroadonline/CVE-2022-46169
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determin
Github link:
https://github.com/rockyroadonline/CVE-2022-46169
GitHub
GitHub - rockyroadonline/CVE-2022-46169: PoC for Cacti 1.2.22 - CVE-2022-46169
PoC for Cacti 1.2.22 - CVE-2022-46169. Contribute to rockyroadonline/CVE-2022-46169 development by creating an account on GitHub.
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/everythingBlackkk/vsFTPd-Backdoor-Exploit-CVE-2011-2523-
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/everythingBlackkk/vsFTPd-Backdoor-Exploit-CVE-2011-2523-
GitHub
GitHub - everythingBlackkk/vsFTPd-Backdoor-Exploit-CVE-2011-2523-: This tool exploits a well-known backdoor vulnerability found…
This tool exploits a well-known backdoor vulnerability found in vsFTPd version 2.3.4 (CVE-2011-2523) - everythingBlackkk/vsFTPd-Backdoor-Exploit-CVE-2011-2523-
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
Github link:
https://github.com/kloutkake/CVE-2017-5638-PoC
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
Github link:
https://github.com/kloutkake/CVE-2017-5638-PoC
GitHub
GitHub - kloutkake/CVE-2017-5638-PoC: This repository provides a PoC for CVE-2017-5638, a remote code execution vulnerability in…
This repository provides a PoC for CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2, exploitable via a crafted Content-Type HTTP header. - kloutkake/CVE-2017-5638-PoC
CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
Github link:
https://github.com/faqihudin13/CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
Github link:
https://github.com/faqihudin13/CVE-2018-6574
GitHub
GitHub - faqihudin13/CVE-2018-6574: CVE-2018-6574: go get
CVE-2018-6574: go get. Contribute to faqihudin13/CVE-2018-6574 development by creating an account on GitHub.