CVE-2009-2265
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
Github link:
https://github.com/0xDTC/Adobe-ColdFusion-8-RCE-CVE-2009-2265
Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.
Github link:
https://github.com/0xDTC/Adobe-ColdFusion-8-RCE-CVE-2009-2265
GitHub
GitHub - 0xDTC/Adobe-ColdFusion-8-RCE-CVE-2009-2265: Adobe ColdFusion 8 - Remote Command Execution (RCE)
Adobe ColdFusion 8 - Remote Command Execution (RCE) - 0xDTC/Adobe-ColdFusion-8-RCE-CVE-2009-2265
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/awusan125/test_for6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/awusan125/test_for6387
GitHub
GitHub - awusan125/test_for6387: test code for cve-2024-6387
test code for cve-2024-6387. Contribute to awusan125/test_for6387 development by creating an account on GitHub.
CVE-2024-9935
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Github link:
https://github.com/verylazytech/CVE-2024-9935
The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Github link:
https://github.com/verylazytech/CVE-2024-9935
GitHub
GitHub - verylazytech/CVE-2024-9935: PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download
PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Unauthenticated Arbitrary File Download - verylazytech/CVE-2024-9935
CVE-2019-15107
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
Github link:
https://github.com/MasterCode112/CVE-2019-15107
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
Github link:
https://github.com/MasterCode112/CVE-2019-15107
GitHub
GitHub - MasterCode112/CVE-2019-15107: webmin or minisever RCE
webmin or minisever RCE. Contribute to MasterCode112/CVE-2019-15107 development by creating an account on GitHub.
CVE-2024-40348
An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal.
Github link:
https://github.com/NingXin2002/Bazaar_poc
An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal.
Github link:
https://github.com/NingXin2002/Bazaar_poc
GitHub
GitHub - NingXin2002/Bazaar_poc: Bazaar v1.4.3 任意文件读取漏洞(CVE-2024-40348)
Bazaar v1.4.3 任意文件读取漏洞(CVE-2024-40348). Contribute to NingXin2002/Bazaar_poc development by creating an account on GitHub.
CVE-2024-27956
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
Github link:
https://github.com/7aRanchi/CVE-2024-27956-for-fscan
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
Github link:
https://github.com/7aRanchi/CVE-2024-27956-for-fscan
GitHub
GitHub - 7aRanchi/CVE-2024-27956-for-fscan: Yaml PoC rule for fscan.
Yaml PoC rule for fscan. Contribute to 7aRanchi/CVE-2024-27956-for-fscan development by creating an account on GitHub.
CVE-2023-45866
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Github link:
https://github.com/xG3nesis/RustyInjector
Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.
Github link:
https://github.com/xG3nesis/RustyInjector
GitHub
GitHub - xG3nesis/RustyInjector: Rust implementation of Marc Newlin's keystroke injection proof of concept (CVE-2023-45866).
Rust implementation of Marc Newlin's keystroke injection proof of concept (CVE-2023-45866). - xG3nesis/RustyInjector