CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/Cythonic1/CVE-2024-27198_POC
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/Cythonic1/CVE-2024-27198_POC
GitHub
GitHub - Cythonic1/CVE-2024-27198_POC: a proof of concept of the CVE-2024-27198 which infect jetbrains teamCity
a proof of concept of the CVE-2024-27198 which infect jetbrains teamCity - Cythonic1/CVE-2024-27198_POC
CVE-2019-5544
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Github link:
https://github.com/vpxuser/VMware-ESXI-OpenSLP-Exploit
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Github link:
https://github.com/vpxuser/VMware-ESXI-OpenSLP-Exploit
CVE-2023-35674
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674
GitHub
GitHub - SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674: Guide and theoretical code for CVE-2023-35674
Guide and theoretical code for CVE-2023-35674. Contribute to SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674 development by creating an account on GitHub.
CVE-2001-1473
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
Github link:
https://github.com/p1ton3rr/poc-cve-2001-1473
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
Github link:
https://github.com/p1ton3rr/poc-cve-2001-1473
GitHub
GitHub - p1ton3rr/poc-cve-2001-1473: A novel approach to the old problem
A novel approach to the old problem. Contribute to p1ton3rr/poc-cve-2001-1473 development by creating an account on GitHub.
CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Github link:
https://github.com/Bu0uCat/ADSelfService-Plus-RCE-CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Github link:
https://github.com/Bu0uCat/ADSelfService-Plus-RCE-CVE-2021-40539
GitHub
GitHub - Bu0uCat/ADSelfService-Plus-RCE-CVE-2021-40539: ADSelfService Plus RCE漏洞 检测工具 (二开)
ADSelfService Plus RCE漏洞 检测工具 (二开). Contribute to Bu0uCat/ADSelfService-Plus-RCE-CVE-2021-40539 development by creating an account on GitHub.
CVE-2013-5211
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
Github link:
https://github.com/requiempentest/NTP_CVE-2013-5211
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
Github link:
https://github.com/requiempentest/NTP_CVE-2013-5211
GitHub
GitHub - requiempentest/NTP_CVE-2013-5211: Exploit and check CVE-2013-5211
Exploit and check CVE-2013-5211. Contribute to requiempentest/NTP_CVE-2013-5211 development by creating an account on GitHub.