CVE-2019-2215
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
Github link:
https://github.com/XiaozaYa/CVE-2019-2215
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
Github link:
https://github.com/XiaozaYa/CVE-2019-2215
GitHub
GitHub - XiaozaYa/CVE-2019-2215: Andriod binder bug record
Andriod binder bug record. Contribute to XiaozaYa/CVE-2019-2215 development by creating an account on GitHub.
CVE-2024-38063
Windows TCP/IP Remote Code Execution Vulnerability
Github link:
https://github.com/selenagomez25/CVE-2024-38063
Windows TCP/IP Remote Code Execution Vulnerability
Github link:
https://github.com/selenagomez25/CVE-2024-38063
GitHub
GitHub - selenagomez25/CVE-2024-38063: poc for exploiting cve-2024-38063
poc for exploiting cve-2024-38063. Contribute to selenagomez25/CVE-2024-38063 development by creating an account on GitHub.
CVE-2024-10924
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
Github link:
https://github.com/m3ssap0/wordpress-really-simple-security-authn-bypass-vulnerable-application
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
Github link:
https://github.com/m3ssap0/wordpress-really-simple-security-authn-bypass-vulnerable-application
GitHub
GitHub - m3ssap0/wordpress-really-simple-security-authn-bypass-vulnerable-application: WARNING: This is a vulnerable application…
WARNING: This is a vulnerable application to test the exploit for the Really Simple Security < 9.1.2 authentication bypass (CVE-2024-10924). Run it at your own risk! - m3ssap0/wordpress-real...
CVE-2024-10924
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
Github link:
https://github.com/MattJButler/CVE-2024-10924
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
Github link:
https://github.com/MattJButler/CVE-2024-10924
GitHub
GitHub - MattJButler/CVE-2024-10924: Simple Python script
Simple Python script. Contribute to MattJButler/CVE-2024-10924 development by creating an account on GitHub.
CVE-2023-32784
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
Github link:
https://github.com/SarahZimmermann-Schmutzler/exploit_keepass
In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.
Github link:
https://github.com/SarahZimmermann-Schmutzler/exploit_keepass
GitHub
GitHub - SarahZimmermann-Schmutzler/exploit_keepass: A Python console program that exploits the security vulnerability CVE-2023…
A Python console program that exploits the security vulnerability CVE-2023-32784 in the password manager KeePass. This exploit reconstructs the master password in plain text based on memory dumps (...
CVE-2024-42640
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Github link:
https://github.com/KTN1990/CVE-2024-42640
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Github link:
https://github.com/KTN1990/CVE-2024-42640
GitHub
GitHub - KTN1990/CVE-2024-42640: Unauthenticated Remote Code Execution via Angular-Base64-Upload Library (npm:bower)
Unauthenticated Remote Code Execution via Angular-Base64-Upload Library (npm:bower) - KTN1990/CVE-2024-42640