CVE-2025-32463.zip
2.7 KB
CVE-2025-32463
Author: muhammedkayag
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/muhammedkayag/CVE-2025-32463
Author: muhammedkayag
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/muhammedkayag/CVE-2025-32463
CVE-2024-48990.zip
2.3 KB
CVE-2024-48990
Author: Mr-DJ
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
GitHub Link:
https://github.com/Mr-DJ/CVE-2024-48990
Author: Mr-DJ
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable.
GitHub Link:
https://github.com/Mr-DJ/CVE-2024-48990
CVE-2025-26794.zip
8.5 KB
CVE-2025-26794
Author: XploitGh0st
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.
GitHub Link:
https://github.com/XploitGh0st/CVE-2025-26794-exploit
Author: XploitGh0st
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection.
GitHub Link:
https://github.com/XploitGh0st/CVE-2025-26794-exploit
CVE-2021-29447.zip
7.3 KB
CVE-2021-29447
Author: 0xricksanchez
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
GitHub Link:
https://github.com/0xricksanchez/CVE-2021-29447
Author: 0xricksanchez
Wordpress is an open source CMS. A user with the ability to upload files (like an Author) can exploit an XML parsing issue in the Media Library leading to XXE attacks. This requires WordPress installation to be using PHP 8. Access to internal files is possible in a successful XXE attack. This has been patched in WordPress version 5.7.1, along with the older affected versions via a minor release. We strongly recommend you keep auto-updates enabled.
GitHub Link:
https://github.com/0xricksanchez/CVE-2021-29447
CVE-2024-9047.zip
2.5 KB
CVE-2024-9047
Author: amirqusairy99
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier.
GitHub Link:
https://github.com/amirqusairy99/WordPress-File-Upload-4.24.11---Unauthenticated-Path-Traversal
Author: amirqusairy99
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitation requires the targeted WordPress installation to be using PHP 7.4 or earlier.
GitHub Link:
https://github.com/amirqusairy99/WordPress-File-Upload-4.24.11---Unauthenticated-Path-Traversal
CVE-2022-22536.zip
4.2 KB
CVE-2022-22536
Author: abrewer251
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
GitHub Link:
https://github.com/abrewer251/CVE-2022-22536SAPRequestSmugglingScanner
Author: abrewer251
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.
GitHub Link:
https://github.com/abrewer251/CVE-2022-22536SAPRequestSmugglingScanner
🔥1