CVE-2024-23897
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/zgimszhd61/CVE-2024-23897-poc
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/zgimszhd61/CVE-2024-23897-poc
CVE-2023-48123
An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.
Github link:
https://github.com/Farzan-Kh/CVE-2023-48123
An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file.
Github link:
https://github.com/Farzan-Kh/CVE-2023-48123
GitHub
GitHub - Farzan-Kh/CVE-2023-48123: CVE-2023-48123 exploit
CVE-2023-48123 exploit. Contribute to Farzan-Kh/CVE-2023-48123 development by creating an account on GitHub.
CVE-2024-1071
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Github link:
https://github.com/Spid3heX/CVE-2024-1071-PoC-Script
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Github link:
https://github.com/Spid3heX/CVE-2024-1071-PoC-Script
GitHub
GitHub - Spid3heX/CVE-2024-1071-PoC-Script: wp/ultimate-member - SQL Injection Vulnerability Exploit Script.
wp/ultimate-member - SQL Injection Vulnerability Exploit Script. - Spid3heX/CVE-2024-1071-PoC-Script
CVE-2014-0195
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
Github link:
https://github.com/PezwariNaan/CVE-2014-0195
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment.
Github link:
https://github.com/PezwariNaan/CVE-2014-0195
GitHub
GitHub - PezwariNaan/CVE-2014-0195: Exploit for CVE-2014-0195
Exploit for CVE-2014-0195. Contribute to PezwariNaan/CVE-2014-0195 development by creating an account on GitHub.
CVE-2024-9926
None
Github link:
https://github.com/m3ssap0/wordpress-jetpack-broken-access-control-exploit
None
Github link:
https://github.com/m3ssap0/wordpress-jetpack-broken-access-control-exploit
GitHub
GitHub - m3ssap0/wordpress-jetpack-broken-access-control-exploit: Exploits Jetpack < 13.9.1 broken access control (CVE-2024-9926).
Exploits Jetpack < 13.9.1 broken access control (CVE-2024-9926). - m3ssap0/wordpress-jetpack-broken-access-control-exploit
CVE-2024-23113
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
Github link:
https://github.com/radoslavatanasov1/CVE-2024-23113
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
Github link:
https://github.com/radoslavatanasov1/CVE-2024-23113
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/H4cking4All/CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/H4cking4All/CVE-2023-4220
GitHub
GitHub - H4cking4All/CVE-2023-4220: CVE-2023-4220 Chamilo Exploit
CVE-2023-4220 Chamilo Exploit. Contribute to H4cking4All/CVE-2023-4220 development by creating an account on GitHub.