CVE-2023-4966
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.
Github link:
https://github.com/akshthejo/CVE-2023-4966-exploit
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.
Github link:
https://github.com/akshthejo/CVE-2023-4966-exploit
GitHub
GitHub - akshthejo/CVE-2023-4966-exploit: CVE-2023-4966-exploit
CVE-2023-4966-exploit. Contribute to akshthejo/CVE-2023-4966-exploit development by creating an account on GitHub.
👍1
CVE-2024-40725
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.
Users are recommended to upgrade to version 2.4.62, which fixes this issue.
Github link:
https://github.com/soltanali0/CVE-2024-40725
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.
Users are recommended to upgrade to version 2.4.62, which fixes this issue.
Github link:
https://github.com/soltanali0/CVE-2024-40725
GitHub
GitHub - soltanali0/CVE-2024-40725: exploit CVE-2024-40725 (Apache httpd) with
exploit CVE-2024-40725 (Apache httpd) with . Contribute to soltanali0/CVE-2024-40725 development by creating an account on GitHub.
CVE-2009-2265
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
Github link:
https://github.com/0xDTC/Adobe-ColdFusion-8-RCE-CVE-2009-2265
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
Github link:
https://github.com/0xDTC/Adobe-ColdFusion-8-RCE-CVE-2009-2265
GitHub
GitHub - 0xDTC/Adobe-ColdFusion-8-RCE-CVE-2009-2265: Adobe ColdFusion 8 - Remote Command Execution (RCE)
Adobe ColdFusion 8 - Remote Command Execution (RCE) - 0xDTC/Adobe-ColdFusion-8-RCE-CVE-2009-2265
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/awusan125/test_for6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/awusan125/test_for6387
GitHub
GitHub - awusan125/test_for6387: test code for cve-2024-6387
test code for cve-2024-6387. Contribute to awusan125/test_for6387 development by creating an account on GitHub.
CVE-2024-9935
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Github link:
https://github.com/verylazytech/CVE-2024-9935
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Github link:
https://github.com/verylazytech/CVE-2024-9935
GitHub
GitHub - verylazytech/CVE-2024-9935: PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download
PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download - verylazytech/CVE-2024-9935
CVE-2019-15107
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
Github link:
https://github.com/MasterCode112/CVE-2019-15107
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
Github link:
https://github.com/MasterCode112/CVE-2019-15107
GitHub
GitHub - MasterCode112/CVE-2019-15107: webmin or minisever RCE
webmin or minisever RCE. Contribute to MasterCode112/CVE-2019-15107 development by creating an account on GitHub.