CVE-2020-27955.zip
165.1 KB
CVE-2020-27955
Author: the-chivalrousZ
Git LFS 2.12.0 allows Remote Code Execution.
GitHub Link:
https://github.com/the-chivalrousZ/cve-2020-27955
Author: the-chivalrousZ
Git LFS 2.12.0 allows Remote Code Execution.
GitHub Link:
https://github.com/the-chivalrousZ/cve-2020-27955
CVE-2021-22204.zip
48.6 KB
CVE-2021-22204
Author: Roronoawjd
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
GitHub Link:
https://github.com/Roronoawjd/CVE-2021-22204
Author: Roronoawjd
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
GitHub Link:
https://github.com/Roronoawjd/CVE-2021-22204
CVE-2021-31166
Author: qazbnme
HTTP Protocol Stack Remote Code Execution Vulnerability
GitHub Link:
https://github.com/qazbnme/CVE-2021
Author: qazbnme
HTTP Protocol Stack Remote Code Execution Vulnerability
GitHub Link:
https://github.com/qazbnme/CVE-2021
CVE-2018-9995.zip
4.8 KB
CVE-2018-9995
Author: 0xDamian
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
GitHub Link:
https://github.com/0xDamian/CVE-2018-9995-rs
Author: 0xDamian
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
GitHub Link:
https://github.com/0xDamian/CVE-2018-9995-rs
CVE-2023-38831
Author: yangdayyy
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
GitHub Link:
https://github.com/yangdayyy/cve-2023-38831
Author: yangdayyy
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
GitHub Link:
https://github.com/yangdayyy/cve-2023-38831
CVE-2021-42013.zip
4.8 KB
CVE-2021-42013
Author: FakhriCRD
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
GitHub Link:
https://github.com/FakhriCRD/Apache-CVE-2021-42013-RCE-Exploit
Author: FakhriCRD
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
GitHub Link:
https://github.com/FakhriCRD/Apache-CVE-2021-42013-RCE-Exploit
CVE-2021-44228.zip
22.6 KB
CVE-2021-44228
Author: Mintimate
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
GitHub Link:
https://github.com/Mintimate/log4j2-bugmaker
Author: Mintimate
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
GitHub Link:
https://github.com/Mintimate/log4j2-bugmaker