CVE-2015-5254
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
Github link:
https://github.com/guigui237/Exploitation-de-la-vuln-rabilit-CVE-2015-5254-
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
Github link:
https://github.com/guigui237/Exploitation-de-la-vuln-rabilit-CVE-2015-5254-
GitHub
GitHub - guigui237/Exploitation-de-la-vuln-rabilit-CVE-2015-5254-: La vulnérabilité CVE-2015-5254 est une faille de sécurité dans…
La vulnérabilité CVE-2015-5254 est une faille de sécurité dans Apache ActiveMQ, un serveur de messages open source largement utilisé pour la communication entre applications. Cette vulnérabilité to...
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/BTtea/CVE-2024-4577-RCE-PoC
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/BTtea/CVE-2024-4577-RCE-PoC
GitHub
GitHub - BTtea/CVE-2024-4577-RCE-PoC: CVE-2024-4577 RCE PoC
CVE-2024-4577 RCE PoC. Contribute to BTtea/CVE-2024-4577-RCE-PoC development by creating an account on GitHub.
CVE-2023-6553
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.
Github link:
https://github.com/Harshit-Mashru/CVE-2023-6553
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated attackers to easily execute code on the server.
Github link:
https://github.com/Harshit-Mashru/CVE-2023-6553
GitHub
GitHub - Harshit-Mashru/CVE-2023-6553: Exploit Development for CVE-2023-6553 on Backup Plugin in Wordpress
Exploit Development for CVE-2023-6553 on Backup Plugin in Wordpress - Harshit-Mashru/CVE-2023-6553
CVE-2022-25845
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
Github link:
https://github.com/luelueking/CVE-2022-25845-In-Spring
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
Github link:
https://github.com/luelueking/CVE-2022-25845-In-Spring
GitHub
fastjson_safemode
A fast JSON parser/generator for Java. . Contribute to alibaba/fastjson development by creating an account on GitHub.