CVE-2025-53770
None
Github link:
https://github.com/bossnick98/-SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE
None
Github link:
https://github.com/bossnick98/-SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE
GitHub
GitHub - bossnick98/-SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE: An activity to train analysis skills and…
An activity to train analysis skills and reporting - bossnick98/-SOC342---CVE-2025-53770-SharePoint-ToolShell-Auth-Bypass-and-RCE
CVE-2023-34362
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.
Github link:
https://github.com/Naveenbana5250/CVE-2023-34362-Defense-Package
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.
Github link:
https://github.com/Naveenbana5250/CVE-2023-34362-Defense-Package
GitHub
GitHub - Naveenbana5250/CVE-2023-34362-Defense-Package: Threat-Informed Detection & Mitigation Package for MOVEit Transfer Vulnerability
Threat-Informed Detection & Mitigation Package for MOVEit Transfer Vulnerability - Naveenbana5250/CVE-2023-34362-Defense-Package
CVE-2025-32462
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
Github link:
https://github.com/j3r1ch0123/CVE-2025-32462
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
Github link:
https://github.com/j3r1ch0123/CVE-2025-32462
GitHub
GitHub - j3r1ch0123/CVE-2025-32462: The vulnerability was found by Rich Mirch. More details on it here: https://cxsecurity.com/issue/WLB…
The vulnerability was found by Rich Mirch. More details on it here: https://cxsecurity.com/issue/WLB-2025070022 - j3r1ch0123/CVE-2025-32462
CVE-2002-20001
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
Github link:
https://github.com/itmaniac/dheat_dos_attack_poc
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
Github link:
https://github.com/itmaniac/dheat_dos_attack_poc
GitHub
GitHub - itmaniac/dheat_dos_attack_poc: POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001)
POC for Testing the Existence of D(HE)at DOS Attack for (CVE-2002-20001) - itmaniac/dheat_dos_attack_poc
CVE-2022-35411
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.
Github link:
https://github.com/CSpanias/rpc-rce.py
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.
Github link:
https://github.com/CSpanias/rpc-rce.py
GitHub
GitHub - CSpanias/rpc-rce.py: Exploit for CVE-2022-35411 — Unauthenticated RCE in rpc.py (<= 0.6.0)
Exploit for CVE-2022-35411 — Unauthenticated RCE in rpc.py (<= 0.6.0) - CSpanias/rpc-rce.py