CVE-2023-40931
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php
Github link:
https://github.com/datboi6942/Nagios-XI-s-CVE-2023-40931-Exploit
A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php
Github link:
https://github.com/datboi6942/Nagios-XI-s-CVE-2023-40931-Exploit
GitHub
GitHub - datboi6942/Nagios-XI-s-CVE-2023-40931-Exploit: An exploit for Nagios SQL injection vulnerbility
An exploit for Nagios SQL injection vulnerbility . Contribute to datboi6942/Nagios-XI-s-CVE-2023-40931-Exploit development by creating an account on GitHub.
CVE-2023-38831
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
Github link:
https://github.com/chaos198800/CVE-2023-38831WinRAR-dai-ma-zhi-xing-lou-dong-fu-xian-zi-yuan-wen-jian
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
Github link:
https://github.com/chaos198800/CVE-2023-38831WinRAR-dai-ma-zhi-xing-lou-dong-fu-xian-zi-yuan-wen-jian
CVE-2021-21772
A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Github link:
https://github.com/3dluvr/New-lib3mf.dll-for-MeshMixer
A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
Github link:
https://github.com/3dluvr/New-lib3mf.dll-for-MeshMixer
GitHub
GitHub - 3dluvr/New-lib3mf.dll-for-MeshMixer: Precompiled lib3mf.dll for MeshMixer which includes a backported patch for CVE-2021…
Precompiled lib3mf.dll for MeshMixer which includes a backported patch for CVE-2021-21772 and zlib 1.3.1 - 3dluvr/New-lib3mf.dll-for-MeshMixer
CVE-2024-23897
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/Marouane133/jenkins-lfi
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/Marouane133/jenkins-lfi
GitHub
GitHub - Marouane133/jenkins-lfi: Jenkins CVE-2024-23897 POC : Arbitrary File Read Vulnerability Leading to RCE
Jenkins CVE-2024-23897 POC : Arbitrary File Read Vulnerability Leading to RCE - Marouane133/jenkins-lfi
CVE-2024-38816
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
Specifically, an application is vulnerable when both of the following are true:
* the web application uses RouterFunctions to serve static resources
* resource handling is explicitly configured with a FileSystemResource location
However, malicious requests are blocked and rejected when any of the following is true:
* the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html is in use
* the application runs on Tomcat or Jetty
Github link:
https://github.com/wdragondragon/spring-framework
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
Specifically, an application is vulnerable when both of the following are true:
* the web application uses RouterFunctions to serve static resources
* resource handling is explicitly configured with a FileSystemResource location
However, malicious requests are blocked and rejected when any of the following is true:
* the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html is in use
* the application runs on Tomcat or Jetty
Github link:
https://github.com/wdragondragon/spring-framework
CVE-2024-38856
Incorrect Authorization vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: through 18.12.14.
Users are recommended to upgrade to version 18.12.15, which fixes the issue.
Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).
Github link:
https://github.com/FakesiteSecurity/CVE-2024-38856_Scen
Incorrect Authorization vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: through 18.12.14.
Users are recommended to upgrade to version 18.12.15, which fixes the issue.
Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).
Github link:
https://github.com/FakesiteSecurity/CVE-2024-38856_Scen
GitHub
GitHub - FakesiteSecurity/CVE-2024-38856_Scen: Tentang Pemindai & Eksploitasi Apache OFBiz RCE (CVE-2024-38856)
Tentang Pemindai & Eksploitasi Apache OFBiz RCE (CVE-2024-38856) - FakesiteSecurity/CVE-2024-38856_Scen
CVE-2024-42327
None
Github link:
https://github.com/BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE
None
Github link:
https://github.com/BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE
GitHub
GitHub - BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE: Zabbix CVE-2024-42327 PoC
Zabbix CVE-2024-42327 PoC. Contribute to BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE development by creating an account on GitHub.
CVE-2024-51378
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
Github link:
https://github.com/i0x29A/CVE-2024-51378
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
Github link:
https://github.com/i0x29A/CVE-2024-51378
GitHub
GitHub - i0x29A/CVE-2024-51378: A Python script to scan websites for the CVE-2024-51378 vulnerability.
A Python script to scan websites for the CVE-2024-51378 vulnerability. - i0x29A/CVE-2024-51378