CVE-2016-5195
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
Github link:
https://github.com/0x3n19m4/CVE-2016-5195
  
  Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
Github link:
https://github.com/0x3n19m4/CVE-2016-5195
GitHub
  
  GitHub - 0x3n19m4/CVE-2016-5195: CVE-2016-5195 linux kernel exploit
  CVE-2016-5195 linux kernel exploit. Contribute to 0x3n19m4/CVE-2016-5195 development by creating an account on GitHub.
  CVE-2023-23752
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Github link:
https://github.com/m4nInTh3mIdDle/joomla-CVE-2023
  
  An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Github link:
https://github.com/m4nInTh3mIdDle/joomla-CVE-2023
GitHub
  
  m4nInTh3mIdDle/joomla-CVE-2023
  joomla CVE-2023-23752  credentialis  exposed..  happy hacking !! - m4nInTh3mIdDle/joomla-CVE-2023
  CVE-2014-6271
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Github link:
https://github.com/moften/CVE-2014-6271
  
  GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Github link:
https://github.com/moften/CVE-2014-6271
GitHub
  
  GitHub - moften/CVE-2014-6271: Shellshock Vulnerability Scanner
  Shellshock Vulnerability Scanner. Contribute to moften/CVE-2014-6271 development by creating an account on GitHub.
  CVE-2021-23017
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
Github link:
https://github.com/moften/CVE-2021-23017
  
  A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
Github link:
https://github.com/moften/CVE-2021-23017
GitHub
  
  GitHub - moften/CVE-2021-23017: NGINX DNS Overflow Vulnerability Check  - CVE-2021-23017 PoC
  NGINX DNS Overflow Vulnerability Check  - CVE-2021-23017 PoC - moften/CVE-2021-23017
  CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/separatecalo/log4j-remediation-tools
  Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/separatecalo/log4j-remediation-tools
CVE-2022-41741
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.
Github link:
https://github.com/moften/CVE-2022-41741-742-Nginx-Vulnerability-Scanner
  
  NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.
Github link:
https://github.com/moften/CVE-2022-41741-742-Nginx-Vulnerability-Scanner
GitHub
  
  GitHub - moften/CVE-2022-41741-742-Nginx-Vulnerability-Scanner: CVE-2022-41741/742 Nginx Vulnerability Scanner
  CVE-2022-41741/742 Nginx Vulnerability Scanner. Contribute to moften/CVE-2022-41741-742-Nginx-Vulnerability-Scanner development by creating an account on GitHub.
  CVE-2009-3103
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
Github link:
https://github.com/Bakr-Ht/samba-trans2open-exploit-report
  
  Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
Github link:
https://github.com/Bakr-Ht/samba-trans2open-exploit-report
GitHub
  
  GitHub - Bakr-Ht/samba-trans2open-exploit-report: Exploitation report of the Samba Trans2Open vulnerability (CVE-2003-0201), including…
  Exploitation report of the Samba Trans2Open vulnerability (CVE-2003-0201), including tools used, exploitation steps, and protection techniques to secure systems. - Bakr-Ht/samba-trans2open-exploit-...
  CVE-2023-33246
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.
Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.
To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
Github link:
https://github.com/Devil0ll/CVE-2023-33246
  
  For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution.
Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content.
To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
Github link:
https://github.com/Devil0ll/CVE-2023-33246
GitHub
  
  GitHub - Devil0ll/CVE-2023-33246: CVE-2023-33246
  CVE-2023-33246. Contribute to Devil0ll/CVE-2023-33246 development by creating an account on GitHub.
  CVE-2023-20198
Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory
Cisco will provide updates on the status of this investigation and when a software patch is available.
Github link:
https://github.com/punyconspir/cisco-ios-xe-implant-scanner
  Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory
Cisco will provide updates on the status of this investigation and when a software patch is available.
Github link:
https://github.com/punyconspir/cisco-ios-xe-implant-scanner
CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/Fauzan-Aldi/Log4j-_Vulnerability
  
  Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/Fauzan-Aldi/Log4j-_Vulnerability
GitHub
  
  GitHub - Fauzan-Aldi/Log4j-_Vulnerability: The Web Is Vulnerable to CVE-2021-44228
  The Web Is Vulnerable to CVE-2021-44228. Contribute to Fauzan-Aldi/Log4j-_Vulnerability development by creating an account on GitHub.
  CVE-2021-25646
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
Github link:
https://github.com/tiemio/RCE-PoC-CVE-2021-25646
  
  Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
Github link:
https://github.com/tiemio/RCE-PoC-CVE-2021-25646
GitHub
  
  GitHub - tiemio/RCE-PoC-CVE-2021-25646: A proof-of-concept for the CVE-2021-25646, which allows for Command Injection
  A proof-of-concept for the CVE-2021-25646, which allows for Command Injection - tiemio/RCE-PoC-CVE-2021-25646
  CVE-2018-17246
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
Github link:
https://github.com/Almandev/Sub-folderFetcher
  
  Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
Github link:
https://github.com/Almandev/Sub-folderFetcher
GitHub
  
  GitHub - Almandev/Sub-folderFetcher: A script to download specific Vulhub repository folder (kibana/CVE-2018-17246) from GitHub.
  A script to download specific Vulhub repository folder (kibana/CVE-2018-17246) from GitHub. - Almandev/Sub-folderFetcher
  CVE-2017-5487
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
Github link:
https://github.com/ndr-repo/CVE-2017-5487
  
  wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
Github link:
https://github.com/ndr-repo/CVE-2017-5487
GitHub
  
  GitHub - ndr-repo/CVE-2017-5487: PoC for CVE-2017-5487 - WordPress User Enumeration via REST
  PoC for CVE-2017-5487 - WordPress User Enumeration via REST - ndr-repo/CVE-2017-5487
  CVE-2020-24913
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
Github link:
https://github.com/shpaw415/CVE-2020-24913-exploit
  
  A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
Github link:
https://github.com/shpaw415/CVE-2020-24913-exploit
GitHub
  
  GitHub - shpaw415/CVE-2020-24913-exploit: automated SQL injection for QCubed profile.php file
  automated SQL injection for QCubed profile.php file - shpaw415/CVE-2020-24913-exploit
  CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/tntrock/CVE-2024-4577_PowerShell
  
  In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/tntrock/CVE-2024-4577_PowerShell
GitHub
  
  GitHub - tntrock/CVE-2024-4577_PowerShell: 使用PowsrShell掃描CVE-2024-4577
  使用PowsrShell掃描CVE-2024-4577. Contribute to tntrock/CVE-2024-4577_PowerShell development by creating an account on GitHub.
  CVE-2023-24932
Secure Boot Security Feature Bypass Vulnerability
Github link:
https://github.com/ajf8729/BlackLotus
  
  Secure Boot Security Feature Bypass Vulnerability
Github link:
https://github.com/ajf8729/BlackLotus
GitHub
  
  GitHub - ajf8729/BlackLotus: BlackLotus aka CVE-2023-24932 Detection/Remediation Scripts for Intune, ConfigMgr, and generic use
  BlackLotus aka CVE-2023-24932 Detection/Remediation Scripts for Intune, ConfigMgr, and generic use - ajf8729/BlackLotus
  CVE-2023-42793
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Github link:
https://github.com/syaifulandy/Nuclei-Template-CVE-2023-42793.yaml
  
  In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Github link:
https://github.com/syaifulandy/Nuclei-Template-CVE-2023-42793.yaml
GitHub
  
  GitHub - syaifulandy/Nuclei-Template-CVE-2023-42793.yaml: Windows & linux support
  Windows & linux support. Contribute to syaifulandy/Nuclei-Template-CVE-2023-42793.yaml development by creating an account on GitHub.
  CVE-2025-0411
None
Github link:
https://github.com/betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass
  
  None
Github link:
https://github.com/betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass
GitHub
  
  GitHub - betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass: CVE-2025-0411 7-Zip Mark-of-the-Web Bypass
  CVE-2025-0411 7-Zip Mark-of-the-Web Bypass. Contribute to betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass development by creating an account on GitHub.
  