CVE-2024-23692
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
Github link:
https://github.com/verylazytech/CVE-2024-23692
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
Github link:
https://github.com/verylazytech/CVE-2024-23692
GitHub
GitHub - verylazytech/CVE-2024-23692: POC - Unauthenticated RCE Flaw in Rejetto HTTP File Server - CVE-2024-23692
POC - Unauthenticated RCE Flaw in Rejetto HTTP File Server - CVE-2024-23692 - GitHub - verylazytech/CVE-2024-23692: POC - Unauthenticated RCE Flaw in Rejetto HTTP File Server - CVE-2024-23692
CVE-2023-0297
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
Github link:
https://github.com/btar1gan/exploit_CVE-2023-0297
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
Github link:
https://github.com/btar1gan/exploit_CVE-2023-0297
GitHub
GitHub - btar1gan/exploit_CVE-2023-0297: New exploit for pyLoad v0.5.0 - Unauthenticated remote code excecution
New exploit for pyLoad v0.5.0 - Unauthenticated remote code excecution - btar1gan/exploit_CVE-2023-0297
CVE-2020-27950
A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.
Github link:
https://github.com/lyonzon2/browser-crash-tool
A memory initialization issue was addressed. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 12.4.9, watchOS 6.2.9, Security Update 2020-006 High Sierra, Security Update 2020-006 Mojave, iOS 14.2 and iPadOS 14.2, watchOS 5.3.9, macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update. A malicious application may be able to disclose kernel memory.
Github link:
https://github.com/lyonzon2/browser-crash-tool
GitHub
GitHub - lyonzon2/browser-crash-tool: A Bash script for Kali Linux that exploits an iOS WebKit vulnerability (CVE-2020-27950) using…
A Bash script for Kali Linux that exploits an iOS WebKit vulnerability (CVE-2020-27950) using Metasploit and ngrok. Automates payload delivery with a public URL via ngrok, checks for required tools...
CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
Github link:
https://github.com/0dayCTF/CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
Github link:
https://github.com/0dayCTF/CVE-2020-9484
GitHub
GitHub - 0dayCTF/CVE-2020-9484: Remake of CVE-2020-9484 by Pentestical
Remake of CVE-2020-9484 by Pentestical. Contribute to 0dayCTF/CVE-2020-9484 development by creating an account on GitHub.
CVE-2024-32651
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).
Github link:
https://github.com/s0ck3t-s3c/CVE-2024-32651-changedetection-RCE
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).
Github link:
https://github.com/s0ck3t-s3c/CVE-2024-32651-changedetection-RCE
GitHub
GitHub - s0ck3t-s3c/CVE-2024-32651-changedetection-RCE: Server-Side Template Injection Exploit
Server-Side Template Injection Exploit. Contribute to s0ck3t-s3c/CVE-2024-32651-changedetection-RCE development by creating an account on GitHub.
CVE-2021-3493
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
Github link:
https://github.com/fathallah17/OverlayFS-CVE-2021-3493
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
Github link:
https://github.com/fathallah17/OverlayFS-CVE-2021-3493
GitHub
GitHub - fathallah17/OverlayFS-CVE-2021-3493: Exploit a 2021 Kernel vulnerability in Ubuntu to become root almost instantly!
Exploit a 2021 Kernel vulnerability in Ubuntu to become root almost instantly! - fathallah17/OverlayFS-CVE-2021-3493
CVE-2022-25479
None
Github link:
https://github.com/SpiralBL0CK/CVE-2024-40431-CVE-2022-25479-EOP-CHAIN
None
Github link:
https://github.com/SpiralBL0CK/CVE-2024-40431-CVE-2022-25479-EOP-CHAIN
GitHub
GitHub - SpiralBL0CK/CVE-2024-40431-CVE-2022-25479-EOP-CHAIN: CVE-2024-40431+CVE-2022-25479 chain for EOP(DATA ONLY ATTACK)
CVE-2024-40431+CVE-2022-25479 chain for EOP(DATA ONLY ATTACK) - GitHub - SpiralBL0CK/CVE-2024-40431-CVE-2022-25479-EOP-CHAIN: CVE-2024-40431+CVE-2022-25479 chain for EOP(DATA ONLY ATTACK)
CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Github link:
https://github.com/lpyydxs/CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Github link:
https://github.com/lpyydxs/CVE-2021-40539
GitHub
GitHub - lpyydxs/CVE-2021-40539: CVE-2021-40539:ADSelfService Plus RCE漏洞
CVE-2021-40539:ADSelfService Plus RCE漏洞. Contribute to lpyydxs/CVE-2021-40539 development by creating an account on GitHub.