CVE-2018-14847
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
Github link:
https://github.com/tausifzaman/CVE-2018-14847
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
Github link:
https://github.com/tausifzaman/CVE-2018-14847
GitHub
GitHub - tausifzaman/CVE-2018-14847: This is a proof of concept of the critical WinBox vulnerability (CVE-2018-14847) which allows…
This is a proof of concept of the critical WinBox vulnerability (CVE-2018-14847) which allows for arbitrary file read of plain text passwords. The vulnerability has long since been fixed, so this ...
CVE-2021-23017
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
Github link:
https://github.com/Cybervixy/Vulnerability-Management
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
Github link:
https://github.com/Cybervixy/Vulnerability-Management
GitHub
GitHub - Cybervixy/Vulnerability-Management: NGINX Security Hardening & Vulnerability Remediation Analysis of critical CVEs (CVE…
NGINX Security Hardening & Vulnerability Remediation Analysis of critical CVEs (CVE-2021-23017, HTTP/2 DoS flaws) in outdated NGINX versions, with actionable steps for mitigation: upgrades...
CVE-2024-45436
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.
Github link:
https://github.com/srcx404/CVE-2024-45436
extractFromZipFile in model.go in Ollama before 0.1.47 can extract members of a ZIP archive outside of the parent directory.
Github link:
https://github.com/srcx404/CVE-2024-45436
GitHub
GitHub - srcx404/CVE-2024-45436: exploit script for CVE-2024-45436
exploit script for CVE-2024-45436. Contribute to srcx404/CVE-2024-45436 development by creating an account on GitHub.
CVE-2023-27163
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Github link:
https://github.com/lukehebe/CVE-2023-27163
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Github link:
https://github.com/lukehebe/CVE-2023-27163
GitHub
GitHub - lukehebe/CVE-2023-27163: CVE-2023-27163 Request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery…
CVE-2023-27163 Request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access netwo...
CVE-2018-25031
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
Github link:
https://github.com/nigartest/CVE-2018-25031
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
Github link:
https://github.com/nigartest/CVE-2018-25031
GitHub
GitHub - nigartest/CVE-2018-25031: CVE-2018-25031
CVE-2018-25031. Contribute to nigartest/CVE-2018-25031 development by creating an account on GitHub.
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/Gill-Singh-A/CVE-2024-4577-Exploit
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/Gill-Singh-A/CVE-2024-4577-Exploit
GitHub
GitHub - Gill-Singh-A/CVE-2024-4577-Exploit: PHP CGI Parameter Injection Vulnerability (RCE: Remote Code Execution)
PHP CGI Parameter Injection Vulnerability (RCE: Remote Code Execution) - Gill-Singh-A/CVE-2024-4577-Exploit