CVE-2024-23897
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/Marouane133/jenkins-lfi
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/Marouane133/jenkins-lfi
GitHub
GitHub - Marouane133/jenkins-lfi: Jenkins CVE-2024-23897 POC : Arbitrary File Read Vulnerability Leading to RCE
Jenkins CVE-2024-23897 POC : Arbitrary File Read Vulnerability Leading to RCE - Marouane133/jenkins-lfi
CVE-2024-38816
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
Specifically, an application is vulnerable when both of the following are true:
* the web application uses RouterFunctions to serve static resources
* resource handling is explicitly configured with a FileSystemResource location
However, malicious requests are blocked and rejected when any of the following is true:
* the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html is in use
* the application runs on Tomcat or Jetty
Github link:
https://github.com/wdragondragon/spring-framework
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
Specifically, an application is vulnerable when both of the following are true:
* the web application uses RouterFunctions to serve static resources
* resource handling is explicitly configured with a FileSystemResource location
However, malicious requests are blocked and rejected when any of the following is true:
* the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html is in use
* the application runs on Tomcat or Jetty
Github link:
https://github.com/wdragondragon/spring-framework
CVE-2024-38856
Incorrect Authorization vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: through 18.12.14.
Users are recommended to upgrade to version 18.12.15, which fixes the issue.
Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).
Github link:
https://github.com/FakesiteSecurity/CVE-2024-38856_Scen
Incorrect Authorization vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: through 18.12.14.
Users are recommended to upgrade to version 18.12.15, which fixes the issue.
Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints).
Github link:
https://github.com/FakesiteSecurity/CVE-2024-38856_Scen
GitHub
GitHub - FakesiteSecurity/CVE-2024-38856_Scen: Tentang Pemindai & Eksploitasi Apache OFBiz RCE (CVE-2024-38856)
Tentang Pemindai & Eksploitasi Apache OFBiz RCE (CVE-2024-38856) - FakesiteSecurity/CVE-2024-38856_Scen
CVE-2024-42327
None
Github link:
https://github.com/BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE
None
Github link:
https://github.com/BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE
GitHub
GitHub - BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE: Zabbix CVE-2024-42327 PoC
Zabbix CVE-2024-42327 PoC. Contribute to BridgerAlderson/Zabbix-CVE-2024-42327-SQL-Injection-RCE development by creating an account on GitHub.
CVE-2024-51378
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
Github link:
https://github.com/i0x29A/CVE-2024-51378
getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
Github link:
https://github.com/i0x29A/CVE-2024-51378
GitHub
GitHub - i0x29A/CVE-2024-51378: A Python script to scan websites for the CVE-2024-51378 vulnerability.
A Python script to scan websites for the CVE-2024-51378 vulnerability. - i0x29A/CVE-2024-51378
CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/FakesiteSecurity/CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/FakesiteSecurity/CVE-2021-41773
GitHub
GitHub - FakesiteSecurity/CVE-2021-41773: MASS CVE-2021-41773
MASS CVE-2021-41773. Contribute to FakesiteSecurity/CVE-2021-41773 development by creating an account on GitHub.
CVE-2022-46169
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determin
Github link:
https://github.com/lof1sec/CVE-2022-46169
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determin
Github link:
https://github.com/lof1sec/CVE-2022-46169
GitHub
GitHub - lof1sec/CVE-2022-46169: Cacti v1.2.22: Unauthenticated Command Injection Vulnerability (CVE-2022-46169)
Cacti v1.2.22: Unauthenticated Command Injection Vulnerability (CVE-2022-46169) - lof1sec/CVE-2022-46169