CVE-2023-44487.zip
5.1 KB
CVE-2023-44487
Author: tpirate
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
GitHub Link:
https://github.com/tpirate/cve-2023-44487-POC
Author: tpirate
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
GitHub Link:
https://github.com/tpirate/cve-2023-44487-POC
CVE-2021-44228.zip
1.3 MB
CVE-2021-44228
Author: Loliverte
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
GitHub Link:
https://github.com/Loliverte/Log4j-Vulnerability
Author: Loliverte
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
GitHub Link:
https://github.com/Loliverte/Log4j-Vulnerability
CVE-2025-6218.zip
16.1 KB
CVE-2025-6218
Author: Chrxstxqn
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.
GitHub Link:
https://github.com/Chrxstxqn/CVE-2025-6218-WinRAR-RCE-POC
Author: Chrxstxqn
RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198.
GitHub Link:
https://github.com/Chrxstxqn/CVE-2025-6218-WinRAR-RCE-POC
❤1
CVE-2023-20198.zip
3 MB
CVE-2023-20198
Author: Religan
Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory
Cisco will provide updates on the status of this investigation and when a software patch is available.
GitHub Link:
https://github.com/Religan/CVE-2023-20198
Author: Religan
Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory
Cisco will provide updates on the status of this investigation and when a software patch is available.
GitHub Link:
https://github.com/Religan/CVE-2023-20198
CVE-2025-45805
Author: mohammed-alsaqqaf
None
GitHub Link:
https://github.com/mohammed-alsaqqaf/CVE-2025-45805
Author: mohammed-alsaqqaf
None
GitHub Link:
https://github.com/mohammed-alsaqqaf/CVE-2025-45805
CVE-2024-43400
Author: rain321654
None
GitHub Link:
https://github.com/rain321654/yasa-cve-2024-43400-main1
Author: rain321654
None
GitHub Link:
https://github.com/rain321654/yasa-cve-2024-43400-main1
CVE-2025-24071.zip
582 B
CVE-2025-24071
Author: Abdelrahman0Sayed
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
GitHub Link:
https://github.com/Abdelrahman0Sayed/CVE-2025-24071
Author: Abdelrahman0Sayed
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
GitHub Link:
https://github.com/Abdelrahman0Sayed/CVE-2025-24071