CVE-2023-41425
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
Github link:
https://github.com/Tea-On/CVE-2023-41425-RCE-WonderCMS-4.3.2
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
Github link:
https://github.com/Tea-On/CVE-2023-41425-RCE-WonderCMS-4.3.2
GitHub
GitHub - Tea-On/CVE-2023-41425-RCE-WonderCMS-4.3.2: Automates creation and hosting of a JavaScript XSS payload to install a malicious…
Automates creation and hosting of a JavaScript XSS payload to install a malicious theme module, triggering a reverse shell via Remote Code Execution in WonderCMS. This tool uses PentestMonkey&#...
CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
Github link:
https://github.com/morgenm/dirtypipe
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
Github link:
https://github.com/morgenm/dirtypipe
GitHub
GitHub - morgenm/dirtypipe: DirtyPipe (CVE-2022-0847) exploit written in Rust
DirtyPipe (CVE-2022-0847) exploit written in Rust. Contribute to morgenm/dirtypipe development by creating an account on GitHub.
CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
Github link:
https://github.com/paulogmota/CVE-2018-6574
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
Github link:
https://github.com/paulogmota/CVE-2018-6574
GitHub
GitHub - paulogmota/CVE-2018-6574: Golang cgo exploit for CVE-2018-6574
Golang cgo exploit for CVE-2018-6574. Contribute to paulogmota/CVE-2018-6574 development by creating an account on GitHub.
CVE-2025-47175
None
Github link:
https://github.com/mbanyamer/mbanyamer-Microsoft-PowerPoint-Use-After-Free-Remote-Code-Execution-RCE
None
Github link:
https://github.com/mbanyamer/mbanyamer-Microsoft-PowerPoint-Use-After-Free-Remote-Code-Execution-RCE
GitHub
GitHub - mbanyamer/mbanyamer-Microsoft-PowerPoint-Use-After-Free-Remote-Code-Execution-RCE: This repository contains a Proof of…
This repository contains a Proof of Concept (PoC) exploit for the **CVE-2025-47175** vulnerability found in Microsoft PowerPoint. The vulnerability is a Use-After-Free (UAF) bug that allows an at...
CVE-2022-46169
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determin
Github link:
https://github.com/alv-david/CVE-2022-46169-Cacti-1.2.22
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determin
Github link:
https://github.com/alv-david/CVE-2022-46169-Cacti-1.2.22
GitHub
GitHub - alv-david/CVE-2022-46169-Cacti-1.2.22: Find out a modified Cacti public exploit!
Find out a modified Cacti public exploit! Contribute to alv-david/CVE-2022-46169-Cacti-1.2.22 development by creating an account on GitHub.
CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/blu3ming/PoC-CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/blu3ming/PoC-CVE-2021-41773
GitHub
GitHub - blu3ming/PoC-CVE-2021-41773: Python exploit for CVE-2021-41773 - Apache HTTP Server 2.4.49 Path Traversal vulnerability
Python exploit for CVE-2021-41773 - Apache HTTP Server 2.4.49 Path Traversal vulnerability - blu3ming/PoC-CVE-2021-41773