CVE-2022-39299
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to passport-saml version 3.2.2 or newer. The issue was also present in the beta releases of `node-saml` before version 4.0.0-beta.5. If you cannot upgrade, disabling SAML authentication may be done as a workaround.
Github link:
https://github.com/KaztoRay/CVE-2022-39299-Research
Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML element. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. Users should upgrade to passport-saml version 3.2.2 or newer. The issue was also present in the beta releases of `node-saml` before version 4.0.0-beta.5. If you cannot upgrade, disabling SAML authentication may be done as a workaround.
Github link:
https://github.com/KaztoRay/CVE-2022-39299-Research
GitHub
GitHub - KaztoRay/CVE-2022-39299-Research: CVE-2022-39299 취약점에 대한 Research 정리
CVE-2022-39299 취약점에 대한 Research 정리. Contribute to KaztoRay/CVE-2022-39299-Research development by creating an account on GitHub.
CVE-2020-11651
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
Github link:
https://github.com/Drew-Alleman/CVE-2020-11651
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
Github link:
https://github.com/Drew-Alleman/CVE-2020-11651
GitHub
GitHub - Drew-Alleman/CVE-2020-11651: A script that exploits SaltStack CVE-2020-11651 and CVE-2020-11652 to add new users to a…
A script that exploits SaltStack CVE-2020-11651 and CVE-2020-11652 to add new users to a vulnerable Salt master by injecting entries into /etc/passwd and /etc/shadow. - Drew-Alleman/CVE-2020-11651
CVE-2025-0011
None
Github link:
https://github.com/binarywarm/kentico-xperience13-AuthBypass-CVE-2025-0011
None
Github link:
https://github.com/binarywarm/kentico-xperience13-AuthBypass-CVE-2025-0011
GitHub
GitHub - binarywarm/kentico-xperience13-AuthBypass-CVE-2025-0011: CVE-2025-0011 (CVE not assigned yet)
CVE-2025-0011 (CVE not assigned yet). Contribute to binarywarm/kentico-xperience13-AuthBypass-CVE-2025-0011 development by creating an account on GitHub.
CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/jaytiwari05/CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/jaytiwari05/CVE-2024-36991
GitHub
GitHub - jaytiwari05/CVE-2024-36991: Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads
Critical Splunk Vulnerability CVE-2024-36991: Patch Now to Prevent Arbitrary File Reads - jaytiwari05/CVE-2024-36991
CVE-2023-34960
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Github link:
https://github.com/mr-won/cve-2023-34960
A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.
Github link:
https://github.com/mr-won/cve-2023-34960
GitHub
GitHub - user20252228/cve-2023-34960: chamilo soap api rce (/webservices/additional_webservices.php)
chamilo soap api rce (/webservices/additional_webservices.php) - user20252228/cve-2023-34960
CVE-2022-26134
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Github link:
https://github.com/mr-won/cve-2022-26134
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Github link:
https://github.com/mr-won/cve-2022-26134
GitHub
GitHub - mr-won/cve-2022-26134: cve-2022-26134 atlassia Confluence Data Center2016 server OGNL %[...}
cve-2022-26134 atlassia Confluence Data Center2016 server OGNL %[...} - mr-won/cve-2022-26134
CVE-2009-1151
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
Github link:
https://github.com/mr-won/ZmEu
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
Github link:
https://github.com/mr-won/ZmEu
GitHub
GitHub - mr-won/ZmEu: CVE-2009-1151, phpMyAdmin의 set.up
CVE-2009-1151, phpMyAdmin의 set.up . Contribute to mr-won/ZmEu development by creating an account on GitHub.
CVE-2021-4045
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.
Github link:
https://github.com/DorskFR/tapodate
TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera.
Github link:
https://github.com/DorskFR/tapodate
GitHub
GitHub - DorskFR/tapodate: Sets up a local Tapo C200 using CVE-2021-4045
Sets up a local Tapo C200 using CVE-2021-4045. Contribute to DorskFR/tapodate development by creating an account on GitHub.
CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/TcchSquad/CVE-2024-36991-Tool
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/TcchSquad/CVE-2024-36991-Tool
GitHub
GitHub - TcchSquad/CVE-2024-36991-Tool: This binary POC automates the exploitation of CVE-2024-36991 by sending crafted curl requests…
This binary POC automates the exploitation of CVE-2024-36991 by sending crafted curl requests to a vulnerable Splunk instance. It retrieves sensitive files and saves them locally for further analys...
CVE-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/so1icitx/CVE-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/so1icitx/CVE-2024-25600
GitHub
GitHub - so1icitx/CVE-2024-25600: Unauthenticated RCE exploit for CVE-2024-25600 in WordPress Bricks Builder <= 1.9.6. Executes…
Unauthenticated RCE exploit for CVE-2024-25600 in WordPress Bricks Builder <= 1.9.6. Executes arbitrary code remotely. - so1icitx/CVE-2024-25600
CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Github link:
https://github.com/so1icitx/CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Github link:
https://github.com/so1icitx/CVE-2019-9053
GitHub
GitHub - so1icitx/CVE-2019-9053: Unauthenticated SQL injection exploit for CVE-2019-9053 in CMS Made Simple <= 2.2.9. Extracts…
Unauthenticated SQL injection exploit for CVE-2019-9053 in CMS Made Simple <= 2.2.9. Extracts admin creds with time-based SQLi. - so1icitx/CVE-2019-9053
CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/gunzf0x/CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/gunzf0x/CVE-2024-36991
GitHub
GitHub - gunzf0x/CVE-2024-36991: Proof of Concept for CVE-2024-36991. Path traversal for Splunk versions below 9.2.2, 9.1.5, and…
Proof of Concept for CVE-2024-36991. Path traversal for Splunk versions below 9.2.2, 9.1.5, and 9.0.10 for Windows which allows arbitrary file read. - gunzf0x/CVE-2024-36991
CVE-2018-10562
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
Github link:
https://github.com/mr-won/backdoor.mirai.helloworld
An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output.
Github link:
https://github.com/mr-won/backdoor.mirai.helloworld
GitHub
GitHub - mr-won/backdoor.mirai.helloworld: backdoor.mirai.helloworld cve2018-20561, cve-2018-10562
backdoor.mirai.helloworld cve2018-20561, cve-2018-10562 - mr-won/backdoor.mirai.helloworld