CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
Github link:
https://github.com/kloutkake/CVE-2017-5638-PoC
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
Github link:
https://github.com/kloutkake/CVE-2017-5638-PoC
GitHub
GitHub - kloutkake/CVE-2017-5638-PoC: This repository provides a PoC for CVE-2017-5638, a remote code execution vulnerability in…
This repository provides a PoC for CVE-2017-5638, a remote code execution vulnerability in Apache Struts 2, exploitable via a crafted Content-Type HTTP header. - kloutkake/CVE-2017-5638-PoC
CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
Github link:
https://github.com/faqihudin13/CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
Github link:
https://github.com/faqihudin13/CVE-2018-6574
GitHub
GitHub - faqihudin13/CVE-2018-6574: CVE-2018-6574: go get
CVE-2018-6574: go get. Contribute to faqihudin13/CVE-2018-6574 development by creating an account on GitHub.
CVE-2019-10149
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Github link:
https://github.com/qlusec/CVE-2019-10149
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Github link:
https://github.com/qlusec/CVE-2019-10149
GitHub
GitHub - qlusec/CVE-2019-10149: test POC for CVE-2019-10149
test POC for CVE-2019-10149. Contribute to qlusec/CVE-2019-10149 development by creating an account on GitHub.