CVE-2024-10914
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Github link:
https://github.com/dragonXZH/CVE-2024-10914
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Github link:
https://github.com/dragonXZH/CVE-2024-10914
GitHub
GitHub - dragonXZH/CVE-2024-10914: A PoC exploit for CVE-2024-10914 - D-Link Remote Code Execution (RCE)
A PoC exploit for CVE-2024-10914 - D-Link Remote Code Execution (RCE) - dragonXZH/CVE-2024-10914
CVE-2018-9206
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
Github link:
https://github.com/MikeyPPPPPPPP/CVE-2018-9206
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
Github link:
https://github.com/MikeyPPPPPPPP/CVE-2018-9206
GitHub
GitHub - MikeyPPPPPPPP/CVE-2018-9206: Blueimp's jQuery File Upload
Blueimp's jQuery File Upload. Contribute to MikeyPPPPPPPP/CVE-2018-9206 development by creating an account on GitHub.
CVE-2024-32113
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
Github link:
https://github.com/MikeyPPPPPPPP/CVE-2024-32113
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
Github link:
https://github.com/MikeyPPPPPPPP/CVE-2024-32113
GitHub
GitHub - MikeyPPPPPPPP/CVE-2024-32113: CVE-2024-32113 PoC
CVE-2024-32113 PoC. Contribute to MikeyPPPPPPPP/CVE-2024-32113 development by creating an account on GitHub.
CVE-2024-1212
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
Github link:
https://github.com/Rehan07-Human/Exploiting-RCE-Cyber_Project_CVE-2024-1212
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.
Github link:
https://github.com/Rehan07-Human/Exploiting-RCE-Cyber_Project_CVE-2024-1212
GitHub
GitHub - Rehan07-Human/Exploiting-RCE-Cyber_Project_CVE-2024-1212: Demonstrating the exploitation of the Remote Code Execution…
Demonstrating the exploitation of the Remote Code Execution (RCE) vulnerability in Kemp LoadMaster (CVE-2024-1212). This project covers reconnaissance, vulnerability scanning using Nuclei, and expl...
CVE-2024-23334
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
Github link:
https://github.com/BestDevOfc/CVE-2024-23334-PoC
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
Github link:
https://github.com/BestDevOfc/CVE-2024-23334-PoC
GitHub
GitHub - BestDevOfc/CVE-2024-23334-PoC: A proof of concept of the path traversal vulnerability in the python AioHTTP library =<…
A proof of concept of the path traversal vulnerability in the python AioHTTP library =< 3.9.1 - BestDevOfc/CVE-2024-23334-PoC