CVE-2015-1578
Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) pidvesa cookie to u5admin/pidvesa.php or (2) uri parameter to u5admin/meta2.php.
Github link:
https://github.com/yaldobaoth/CVE-2015-1578-PoC
  
  Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) pidvesa cookie to u5admin/pidvesa.php or (2) uri parameter to u5admin/meta2.php.
Github link:
https://github.com/yaldobaoth/CVE-2015-1578-PoC
GitHub
  
  GitHub - yaldobaoth/CVE-2015-1578-PoC: This is a proof-of-concept exploit for CVE-2015-1578, a buffer overflow vulnerability in…
  This is a proof-of-concept exploit for CVE-2015-1578, a buffer overflow vulnerability in Achat 0.150 beta7 on Windows. Exploitation leads to remote code execution via a crafted UDP packet. - yaldob...
  CVE-2025-0108
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS.
You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue does not affect Cloud NGFW or Prisma Access software.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-0108
  
  An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS.
You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue does not affect Cloud NGFW or Prisma Access software.
Github link:
https://github.com/B1ack4sh/Blackash-CVE-2025-0108
Paloaltonetworks
  
  Critical Recommendations for Deployment Guides: How to Secure the Management Access to your Palo Alto Networks Device
    Protecting your network begins with a secure firewall deployment. It is very important to secure the management interface and management network to prevent exploitation. So even when an attacker knows the login credentials of your devices, you can still…
  CVE-2019-15107
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
Github link:
https://github.com/bayazid-bit/CVE-2019-15107
  
  An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
Github link:
https://github.com/bayazid-bit/CVE-2019-15107
GitHub
  
  GitHub - bayazid-bit/CVE-2019-15107: exploit for CVE-2019-15107
  exploit for CVE-2019-15107. Contribute to bayazid-bit/CVE-2019-15107 development by creating an account on GitHub.
  CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/lghost256/vsftpd234-exploit
  
  vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/lghost256/vsftpd234-exploit
GitHub
  
  GitHub - lghost256/vsftpd234-exploit: Exploit for CVE-2011-2523.
  Exploit for CVE-2011-2523. Contribute to lghost256/vsftpd234-exploit development by creating an account on GitHub.
  CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/24Owais/threat-intel-cve-2024-3094
  
  Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/24Owais/threat-intel-cve-2024-3094
GitHub
  
  GitHub - 24Owais/threat-intel-cve-2024-3094: Threat intelligence report analyzing the xz-utils backdoor vulnerability (CVE-2024…
  Threat intelligence report analyzing the xz-utils backdoor vulnerability (CVE-2024-3094) - 24Owais/threat-intel-cve-2024-3094
  CVE-2019-11043
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
Github link:
https://github.com/bayazid-bit/CVE-2019-11043-
  
  In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
Github link:
https://github.com/bayazid-bit/CVE-2019-11043-
GitHub
  
  GitHub - bayazid-bit/CVE-2019-11043-: exploit for CVE-2019-11043
  exploit for CVE-2019-11043 . Contribute to bayazid-bit/CVE-2019-11043- development by creating an account on GitHub.
  CVE-2014-6287
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
Github link:
https://github.com/Z3R0-0x30/CVE-2014-6287
  
  The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
Github link:
https://github.com/Z3R0-0x30/CVE-2014-6287
GitHub
  
  GitHub - Z3R0-0x30/CVE-2014-6287: Rejetto HttpFileServer 2.3.x - Remote Command Execution (RevShell)
  Rejetto HttpFileServer 2.3.x - Remote Command Execution (RevShell) - Z3R0-0x30/CVE-2014-6287
  CVE-2024-9796
The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
Github link:
https://github.com/BwithE/CVE-2024-9796
  
  The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not sanitize and escape the t parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks
Github link:
https://github.com/BwithE/CVE-2024-9796
GitHub
  
  GitHub - BwithE/CVE-2024-9796: CVE-2024-9796 WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection. Poc.
  CVE-2024-9796 WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection. Poc. - BwithE/CVE-2024-9796
  CVE-2021-30047
VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
Github link:
https://github.com/Andreyfreis/CVE-2021-30047
  
  VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.
Github link:
https://github.com/Andreyfreis/CVE-2021-30047
GitHub
  
  GitHub - Andreyfreis/CVE-2021-30047: Exploit CVE-2021-30047.
  Exploit CVE-2021-30047. Contribute to Andreyfreis/CVE-2021-30047 development by creating an account on GitHub.
  CVE-2011-0762
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
Github link:
https://github.com/Andreyfreis/CVE-2011-0762
  
  The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
Github link:
https://github.com/Andreyfreis/CVE-2011-0762
GitHub
  
  GitHub - Andreyfreis/CVE-2011-0762: Script que corrigi o exploit da CVE que foi publicado no exploit-db
  Script que corrigi o exploit da CVE que foi publicado no exploit-db - Andreyfreis/CVE-2011-0762
  CVE-2017-12615
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Github link:
https://github.com/edyekomu/CVE-2017-12615-PoC
  
  When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Github link:
https://github.com/edyekomu/CVE-2017-12615-PoC
GitHub
  
  GitHub - edyekomu/CVE-2017-12615-PoC: PoC environment and exploit for the Apache Tomcat on Windows Remote Code Execution Vulnerability
  PoC environment and exploit for the Apache Tomcat on Windows Remote Code Execution Vulnerability - edyekomu/CVE-2017-12615-PoC
  CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/x1ongsec/CVE-2021-44228-Log4j-JNDI
  
  Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/x1ongsec/CVE-2021-44228-Log4j-JNDI
GitHub
  
  GitHub - x1ongsec/CVE-2021-44228-Log4j-JNDI: CVE-2021-44228 Vulnerability Reproduction Environment CVE-2021-44228 漏洞复现环境
  CVE-2021-44228 Vulnerability Reproduction Environment CVE-2021-44228 漏洞复现环境 - x1ongsec/CVE-2021-44228-Log4j-JNDI
  CVE-2023-24249
An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file.
Github link:
https://github.com/ldb33/CVE-2023-24249-PoC
  
  An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file.
Github link:
https://github.com/ldb33/CVE-2023-24249-PoC
GitHub
  
  GitHub - ldb33/CVE-2023-24249-PoC: Proof of concept for HTB easy machine Usage
  Proof of concept for HTB easy machine Usage. Contribute to ldb33/CVE-2023-24249-PoC development by creating an account on GitHub.
  CVE-2025-24813
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/x1ongsec/CVE-2025-24813
  
  Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/x1ongsec/CVE-2025-24813
GitHub
  
  GitHub - x1ongsec/CVE-2025-24813: tomcat CVE-2025-24813 反序列化RCE环境
  tomcat CVE-2025-24813 反序列化RCE环境. Contribute to x1ongsec/CVE-2025-24813 development by creating an account on GitHub.
  CVE-2024-41817
ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.
Github link:
https://github.com/maikneysm/AutoPwn-Titanic.htb
  
  ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The `AppImage` version `ImageMagick` might use an empty path when setting `MAGICK_CONFIGURE_PATH` and `LD_LIBRARY_PATH` environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing `ImageMagick`. The vulnerability is fixed in 7.11-36.
Github link:
https://github.com/maikneysm/AutoPwn-Titanic.htb
GitHub
  
  GitHub - maikneysm/AutoPwn-Titanic.htb: This is an automated exploitation script for the Hack The Box machine *Titanic*. It extracts…
  This is an automated exploitation script for the Hack The Box machine *Titanic*. It extracts Gitea user hashes via LFI, assists in cracking them, and exploits an ImageMagick vulnerability (CVE-2024...
  