CVE-2023-46805
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
Github link:
https://github.com/rxwx/pulse-meter
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.
Github link:
https://github.com/rxwx/pulse-meter
GitHub
GitHub - rxwx/pulse-meter: Parses the System Snapshot from an Ivanti Connect Secure applicance to identify possible IOCs related…
Parses the System Snapshot from an Ivanti Connect Secure applicance to identify possible IOCs related to CVE-2023-46805, CVE-2024-21887 and CVE-2025-0282. - rxwx/pulse-meter
CVE-2023-25136
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
Github link:
https://github.com/mrmtwoj/CVE-2023-25136
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."
Github link:
https://github.com/mrmtwoj/CVE-2023-25136
GitHub
GitHub - mrmtwoj/CVE-2023-25136: This vulnerability is of the "double-free" type, which occurs during the processing of key exchange…
This vulnerability is of the "double-free" type, which occurs during the processing of key exchange (KEX) algorithms in OpenSSH. A "double-free" vulnerability ha...
CVE-2024-38063
Windows TCP/IP Remote Code Execution Vulnerability
Github link:
https://github.com/jip-0-0-0-0-0/CVE-2024-38063-scanner
Windows TCP/IP Remote Code Execution Vulnerability
Github link:
https://github.com/jip-0-0-0-0-0/CVE-2024-38063-scanner
GitHub
GitHub - jip-0-0-0-0-0/CVE-2024-38063-scanner: A Python tool leveraging Shodan and Scapy to identify and exploit Windows systems…
A Python tool leveraging Shodan and Scapy to identify and exploit Windows systems vulnerable to CVE-2024-38063, enabling targeted Denial of Service attacks - jip-0-0-0-0-0/CVE-2024-38063-scanner
CVE-2019-5029
An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process.
Github link:
https://github.com/yZ1337/CVE-2019-5029
An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process.
Github link:
https://github.com/yZ1337/CVE-2019-5029
GitHub
GitHub - yZ1337/CVE-2019-5029: This is a Python script PoC for CVE-2019-5029
This is a Python script PoC for CVE-2019-5029. Contribute to yZ1337/CVE-2019-5029 development by creating an account on GitHub.