CVE-2024-4358
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
Github link:
https://github.com/fa-rrel/CVE-2024-4358
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
Github link:
https://github.com/fa-rrel/CVE-2024-4358
GitHub
GitHub - gh-ost00/CVE-2024-4358: Telerik Report Server deserialization and authentication bypass exploit chain for CVE-2024-4358/CVE…
Telerik Report Server deserialization and authentication bypass exploit chain for CVE-2024-4358/CVE-2024-1800 - gh-ost00/CVE-2024-4358
CVE-2023-42793
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Github link:
https://github.com/FlojBoj/CVE-2023-42793
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Github link:
https://github.com/FlojBoj/CVE-2023-42793
GitHub
GitHub - FlojBoj/CVE-2023-42793: TeamCity CVE-2023-42793 RCE (Remote Code Execution)
TeamCity CVE-2023-42793 RCE (Remote Code Execution) - FlojBoj/CVE-2023-42793
CVE-2024-28995
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
Github link:
https://github.com/gotr00t0day/CVE-2024-28995
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine.
Github link:
https://github.com/gotr00t0day/CVE-2024-28995
GitHub
GitHub - gotr00t0day/CVE-2024-28995: SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow…
SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. - GitHub - gotr00t0day/CVE-2024-28995: SolarWinds Se...
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/thefizzyfish/CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/thefizzyfish/CVE-2023-4220
GitHub
GitHub - thefizzyfish/CVE-2023-4220: Python exploit for Chamilo Unrestricted File Upload Vuln - CVE-2023-4220
Python exploit for Chamilo Unrestricted File Upload Vuln - CVE-2023-4220 - thefizzyfish/CVE-2023-4220
CVE-2024-30088
Windows Kernel Elevation of Privilege Vulnerability
Github link:
https://github.com/Justintroup85/exploits-forsale-collateral-damage
Windows Kernel Elevation of Privilege Vulnerability
Github link:
https://github.com/Justintroup85/exploits-forsale-collateral-damage
GitHub
GitHub - Justintroup85/exploits-forsale-collateral-damage: Kernel exploit for Xbox SystemOS using CVE-2024-30088
Kernel exploit for Xbox SystemOS using CVE-2024-30088 - Justintroup85/exploits-forsale-collateral-damage
CVE-2022-35914
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
Github link:
https://github.com/noxlumens/CVE-2022-35914_poc
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.
Github link:
https://github.com/noxlumens/CVE-2022-35914_poc
GitHub
GitHub - noxlumens/CVE-2022-35914_poc: Modified for GLPI Offsec Lab: call_user_func, array_map, passthru
Modified for GLPI Offsec Lab: call_user_func, array_map, passthru - noxlumens/CVE-2022-35914_poc
CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
Github link:
https://github.com/laxmiyamkolu/SUDO-privilege-escalation
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
Github link:
https://github.com/laxmiyamkolu/SUDO-privilege-escalation
GitHub
GitHub - laxmiyamkolu/SUDO-privilege-escalation: Sudo Privilege Escalation: CVE-2023-22809 Simulation This project simulates the…
Sudo Privilege Escalation: CVE-2023-22809 Simulation This project simulates the Sudo privilege escalation vulnerability (CVE-2023-22809) to demonstrate how unauthorized root access can be gained. ...
CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/0xc4t/CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/0xc4t/CVE-2021-41773
GitHub
GitHub - 0xc4t/CVE-2021-41773: POC & Lab For CVE-2021-41773
POC & Lab For CVE-2021-41773. Contribute to 0xc4t/CVE-2021-41773 development by creating an account on GitHub.