CVE-2024-23897
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/ShieldAuth-PHP/PBL05-CVE-Analsys
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/ShieldAuth-PHP/PBL05-CVE-Analsys
GitHub
ShieldAuth-PHP/PBL05-CVE-Analsys
CVE-2024-23897 분석. Contribute to ShieldAuth-PHP/PBL05-CVE-Analsys development by creating an account on GitHub.
CVE-2017-0199
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
Github link:
https://github.com/kash-123/CVE-2017-0199
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
Github link:
https://github.com/kash-123/CVE-2017-0199
GitHub
GitHub - kash-123/CVE-2017-0199: Python3 toolkit update
Python3 toolkit update. Contribute to kash-123/CVE-2017-0199 development by creating an account on GitHub.
CVE-2019-0567
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568.
Github link:
https://github.com/NatteeSetobol/CVE-2019-0567-MS-Edge
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568.
Github link:
https://github.com/NatteeSetobol/CVE-2019-0567-MS-Edge
GitHub
GitHub - NatteeSetobol/CVE-2019-0567-MS-Edge: My proof of concept for CVE-2019 Microsoft-Edge
My proof of concept for CVE-2019 Microsoft-Edge. Contribute to NatteeSetobol/CVE-2019-0567-MS-Edge development by creating an account on GitHub.
CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/safeer-accuknox/log4j-shell-poc
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/safeer-accuknox/log4j-shell-poc
GitHub
GitHub - safeer-accuknox/log4j-shell-poc: Log4J exploit CVE-2021-44228
Log4J exploit CVE-2021-44228. Contribute to safeer-accuknox/log4j-shell-poc development by creating an account on GitHub.
CVE-2013-3900
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."
Github link:
https://github.com/OtisSymbos/CVE-2013-3900-WinTrustVerify
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."
Github link:
https://github.com/OtisSymbos/CVE-2013-3900-WinTrustVerify
GitHub
GitHub - OtisSymbos/CVE-2013-3900-WinTrustVerify: Powershell script that checks for cert padding in the Windows Registry and adds…
Powershell script that checks for cert padding in the Windows Registry and adds it if it does not exist. Meant to resolve the WinTrustVerify Vulnerability. - OtisSymbos/CVE-2013-3900-WinTrustVerify