CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/LGenAgul/CVE-2023-4220-Proof-of-concept
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/LGenAgul/CVE-2023-4220-Proof-of-concept
GitHub
GitHub - LGenAgul/CVE-2023-4220-Proof-of-concept: Chamilo LMS Unauthenticated Big Upload File that allows remote code execution
Chamilo LMS Unauthenticated Big Upload File that allows remote code execution - LGenAgul/CVE-2023-4220-Proof-of-concept
CVE-2024-0044
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/MrW0l05zyn/cve-2024-0044
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/MrW0l05zyn/cve-2024-0044
GitHub
GitHub - MrW0l05zyn/cve-2024-0044: CVE-2024-0044
CVE-2024-0044. Contribute to MrW0l05zyn/cve-2024-0044 development by creating an account on GitHub.
CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/Jhonsonwannaa/CVE-2024-34102
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/Jhonsonwannaa/CVE-2024-34102
GitHub
GitHub - Jhonsonwannaa/CVE-2024-34102: adobe commerce
adobe commerce. Contribute to Jhonsonwannaa/CVE-2024-34102 development by creating an account on GitHub.
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/fa-rrel/CVE-2024-4577-RCE
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/fa-rrel/CVE-2024-4577-RCE
GitHub
GitHub - gh-ost00/CVE-2024-4577-RCE: PHP CGI Argument Injection (CVE-2024-4577) RCE
PHP CGI Argument Injection (CVE-2024-4577) RCE. Contribute to gh-ost00/CVE-2024-4577-RCE development by creating an account on GitHub.
CVE-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/wh6amiGit/CVE-2024-25600
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.
Github link:
https://github.com/wh6amiGit/CVE-2024-25600
GitHub
GitHub - wh6amiGit/CVE-2024-25600: Unauthenticated Remote Code Execution – Bricks
Unauthenticated Remote Code Execution – Bricks. Contribute to wh6amiGit/CVE-2024-25600 development by creating an account on GitHub.
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix
GitHub
GitHub - almogopp/OpenSSH-CVE-2024-6387-Fix: A Bash script to mitigate the CVE-2024-6387 vulnerability in OpenSSH by providing…
A Bash script to mitigate the CVE-2024-6387 vulnerability in OpenSSH by providing an option to upgrade to a secure version or apply a temporary workaround. This repository helps secure systems agai...