CVE-2019-0567
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568.
Github link:
https://github.com/NatteeSetobol/CVE-2019-0567-MS-Edge
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568.
Github link:
https://github.com/NatteeSetobol/CVE-2019-0567-MS-Edge
GitHub
GitHub - NatteeSetobol/CVE-2019-0567-MS-Edge: My proof of concept for CVE-2019 Microsoft-Edge
My proof of concept for CVE-2019 Microsoft-Edge. Contribute to NatteeSetobol/CVE-2019-0567-MS-Edge development by creating an account on GitHub.
CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/safeer-accuknox/log4j-shell-poc
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/safeer-accuknox/log4j-shell-poc
GitHub
GitHub - safeer-accuknox/log4j-shell-poc: Log4J exploit CVE-2021-44228
Log4J exploit CVE-2021-44228. Contribute to safeer-accuknox/log4j-shell-poc development by creating an account on GitHub.
CVE-2013-3900
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."
Github link:
https://github.com/OtisSymbos/CVE-2013-3900-WinTrustVerify
The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability."
Github link:
https://github.com/OtisSymbos/CVE-2013-3900-WinTrustVerify
GitHub
GitHub - OtisSymbos/CVE-2013-3900-WinTrustVerify: Powershell script that checks for cert padding in the Windows Registry and adds…
Powershell script that checks for cert padding in the Windows Registry and adds it if it does not exist. Meant to resolve the WinTrustVerify Vulnerability. - OtisSymbos/CVE-2013-3900-WinTrustVerify
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/ywChen-NTUST/PHP-CGI-RCE-Scanner
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/ywChen-NTUST/PHP-CGI-RCE-Scanner
GitHub
GitHub - ywChen-NTUST/PHP-CGI-RCE-Scanner: Scanning CVE-2024-4577 vulnerability with a url list.
Scanning CVE-2024-4577 vulnerability with a url list. - ywChen-NTUST/PHP-CGI-RCE-Scanner
CVE-2023-29357
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Github link:
https://github.com/AhmedMansour93/Event-ID-189-Rule-Name-SOC227-CVE-2023-29357
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Github link:
https://github.com/AhmedMansour93/Event-ID-189-Rule-Name-SOC227-CVE-2023-29357
GitHub
GitHub - AhmedMansour93/Event-ID-189-Rule-Name-SOC227-CVE-2023-29357: Event ID 189 Rule Name SOC227 Microsoft SharePoint Server…
Event ID 189 Rule Name SOC227 Microsoft SharePoint Server Elevation of Privilege Possible CVE-2023-29357 .. Exploitation - AhmedMansour93/Event-ID-189-Rule-Name-SOC227-CVE-2023-29357
CVE-2022-1388
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Github link:
https://github.com/impost0r/CVE-2022-1388
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Github link:
https://github.com/impost0r/CVE-2022-1388
GitHub
GitHub - impost0r/CVE-2022-1388: Old weaponized CVE-2022-1388 exploit.
Old weaponized CVE-2022-1388 exploit. Contribute to impost0r/CVE-2022-1388 development by creating an account on GitHub.
CVE-2024-1709
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
Github link:
https://github.com/AhmedMansour93/Event-ID-229-Rule-Name-SOC262-CVE-2024-1709-
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
Github link:
https://github.com/AhmedMansour93/Event-ID-229-Rule-Name-SOC262-CVE-2024-1709-
GitHub
GitHub - AhmedMansour93/Event-ID-229-Rule-Name-SOC262-CVE-2024-1709-: Event ID 229 Rule Name SOC262 ScreenConnect Authentication…
Event ID 229 Rule Name SOC262 ScreenConnect Authentication Bypass Exploitation Detected (CVE-2024-1709) - AhmedMansour93/Event-ID-229-Rule-Name-SOC262-CVE-2024-1709-
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/AhmedMansour93/Event-ID-268-Rule-Name-SOC292-Possible-PHP-Injection-Detected-CVE-2024-4577-
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/AhmedMansour93/Event-ID-268-Rule-Name-SOC292-Possible-PHP-Injection-Detected-CVE-2024-4577-
GitHub
GitHub - AhmedMansour93/Event-ID-268-Rule-Name-SOC292-Possible-PHP-Injection-Detected-CVE-2024-4577-: 🚨 New Incident Report Completed!…
🚨 New Incident Report Completed! 🚨 Just wrapped up "Event ID 268: SOC292 - Possible PHP Injection Detected (CVE-2024-4577)" on LetsDefend.io. This analysis involved investigating ...
CVE-2023-51467
The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)
Github link:
https://github.com/AhmedMansour93/Event-ID-217-Rule-Name-SOC254-Apache-OFBiz-Auth-Bypass-and-Code-Injection-0Day-CVE-2023-51467-
The vulnerability allows attackers to bypass authentication to achieve a simple Server-Side Request Forgery (SSRF)
Github link:
https://github.com/AhmedMansour93/Event-ID-217-Rule-Name-SOC254-Apache-OFBiz-Auth-Bypass-and-Code-Injection-0Day-CVE-2023-51467-
GitHub
GitHub - AhmedMansour93/Event-ID-217-Rule-Name-SOC254-Apache-OFBiz-Auth-Bypass-and-Code-Injection-0Day-CVE-2023-51467-: 🚨 Just…
🚨 Just completed an incident report on Event ID 217: Apache OFBiz Auth Bypass and Code Injection 0-Day (CVE-2023-51467). This critical vulnerability allows attackers to bypass authentication and ex...