CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/Cythonic1/CVE-2024-27198_POC
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/Cythonic1/CVE-2024-27198_POC
GitHub
GitHub - Cythonic1/CVE-2024-27198_POC: a proof of concept of the CVE-2024-27198 which infect jetbrains teamCity
a proof of concept of the CVE-2024-27198 which infect jetbrains teamCity - Cythonic1/CVE-2024-27198_POC
CVE-2019-5544
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Github link:
https://github.com/vpxuser/VMware-ESXI-OpenSLP-Exploit
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Github link:
https://github.com/vpxuser/VMware-ESXI-OpenSLP-Exploit
CVE-2023-35674
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674
GitHub
GitHub - SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674: Guide and theoretical code for CVE-2023-35674
Guide and theoretical code for CVE-2023-35674. Contribute to SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674 development by creating an account on GitHub.
CVE-2001-1473
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
Github link:
https://github.com/p1ton3rr/poc-cve-2001-1473
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
Github link:
https://github.com/p1ton3rr/poc-cve-2001-1473
GitHub
GitHub - p1ton3rr/poc-cve-2001-1473: A novel approach to the old problem
A novel approach to the old problem. Contribute to p1ton3rr/poc-cve-2001-1473 development by creating an account on GitHub.
CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Github link:
https://github.com/Bu0uCat/ADSelfService-Plus-RCE-CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Github link:
https://github.com/Bu0uCat/ADSelfService-Plus-RCE-CVE-2021-40539
GitHub
GitHub - Bu0uCat/ADSelfService-Plus-RCE-CVE-2021-40539: ADSelfService Plus RCE漏洞 检测工具 (二开)
ADSelfService Plus RCE漏洞 检测工具 (二开). Contribute to Bu0uCat/ADSelfService-Plus-RCE-CVE-2021-40539 development by creating an account on GitHub.
CVE-2013-5211
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
Github link:
https://github.com/requiempentest/NTP_CVE-2013-5211
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
Github link:
https://github.com/requiempentest/NTP_CVE-2013-5211
GitHub
GitHub - requiempentest/NTP_CVE-2013-5211: Exploit and check CVE-2013-5211
Exploit and check CVE-2013-5211. Contribute to requiempentest/NTP_CVE-2013-5211 development by creating an account on GitHub.
CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/nwclasantha/Apache_2.4.29_Exploit
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/nwclasantha/Apache_2.4.29_Exploit
CVE-2024-1709
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
Github link:
https://github.com/AMRICHASFUCK/Mass-CVE-2024-1709
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
Github link:
https://github.com/AMRICHASFUCK/Mass-CVE-2024-1709
GitHub
GitHub - AMRICHASFUCK/Mass-CVE-2024-1709: ScreenConnect AuthBypass Mass RCE
ScreenConnect AuthBypass Mass RCE. Contribute to AMRICHASFUCK/Mass-CVE-2024-1709 development by creating an account on GitHub.