CVE-2024-32651
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).
Github link:
https://github.com/s0ck3t-s3c/CVE-2024-32651-changedetection-RCE
changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).
Github link:
https://github.com/s0ck3t-s3c/CVE-2024-32651-changedetection-RCE
GitHub
GitHub - s0ck3t-s3c/CVE-2024-32651-changedetection-RCE: Server-Side Template Injection Exploit
Server-Side Template Injection Exploit. Contribute to s0ck3t-s3c/CVE-2024-32651-changedetection-RCE development by creating an account on GitHub.
CVE-2021-3493
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
Github link:
https://github.com/fathallah17/OverlayFS-CVE-2021-3493
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivileged overlay mounts, an attacker could use this to gain elevated privileges.
Github link:
https://github.com/fathallah17/OverlayFS-CVE-2021-3493
GitHub
GitHub - fathallah17/OverlayFS-CVE-2021-3493: Exploit a 2021 Kernel vulnerability in Ubuntu to become root almost instantly!
Exploit a 2021 Kernel vulnerability in Ubuntu to become root almost instantly! - fathallah17/OverlayFS-CVE-2021-3493
CVE-2022-25479
None
Github link:
https://github.com/SpiralBL0CK/CVE-2024-40431-CVE-2022-25479-EOP-CHAIN
None
Github link:
https://github.com/SpiralBL0CK/CVE-2024-40431-CVE-2022-25479-EOP-CHAIN
GitHub
GitHub - SpiralBL0CK/CVE-2024-40431-CVE-2022-25479-EOP-CHAIN: CVE-2024-40431+CVE-2022-25479 chain for EOP(DATA ONLY ATTACK)
CVE-2024-40431+CVE-2022-25479 chain for EOP(DATA ONLY ATTACK) - GitHub - SpiralBL0CK/CVE-2024-40431-CVE-2022-25479-EOP-CHAIN: CVE-2024-40431+CVE-2022-25479 chain for EOP(DATA ONLY ATTACK)
CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Github link:
https://github.com/lpyydxs/CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Github link:
https://github.com/lpyydxs/CVE-2021-40539
GitHub
GitHub - lpyydxs/CVE-2021-40539: CVE-2021-40539:ADSelfService Plus RCE漏洞
CVE-2021-40539:ADSelfService Plus RCE漏洞. Contribute to lpyydxs/CVE-2021-40539 development by creating an account on GitHub.
CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Github link:
https://github.com/lpyzds/CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Github link:
https://github.com/lpyzds/CVE-2021-40539
GitHub
GitHub - lpyzds/CVE-2021-40539: CVE-2021-40539:ADSelfService Plus RCE漏洞
CVE-2021-40539:ADSelfService Plus RCE漏洞. Contribute to lpyzds/CVE-2021-40539 development by creating an account on GitHub.
CVE-2020-1938
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to pr
Github link:
https://github.com/s3nd3rjz/poc-CVE-2020-1938
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to pr
Github link:
https://github.com/s3nd3rjz/poc-CVE-2020-1938
GitHub
GitHub - s3nd3rjz/poc-CVE-2020-1938: cve-2020-1938 POC, updated version
cve-2020-1938 POC, updated version. Contribute to s3nd3rjz/poc-CVE-2020-1938 development by creating an account on GitHub.
CVE-2023-36845
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series
and SRX Series
allows an unauthenticated, network-based attacker to control certain, important environments variables.
Utilizing a crafted request an attacker is able to modify a certain PHP environment variable leading to partial loss of integrity, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on SRX Series:
* All versions prior to 21.4R3-S5;
* 22.1 versions
prior to
22.1R3-S4;
* 22.2 versions
prior to
22.2R3-S2;
* 22.3 versions
prior to
22.3R2-S2, 22.3R3-S1;
* 22.4 versions
prior to
22.4R2-S1, 22.4R3;
* 23.2 versions prior to 23.2R1-S1, 23.2R2.
Github link:
https://github.com/functionofpwnosec/CVE-2023-36845
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series
and SRX Series
allows an unauthenticated, network-based attacker to control certain, important environments variables.
Utilizing a crafted request an attacker is able to modify a certain PHP environment variable leading to partial loss of integrity, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on SRX Series:
* All versions prior to 21.4R3-S5;
* 22.1 versions
prior to
22.1R3-S4;
* 22.2 versions
prior to
22.2R3-S2;
* 22.3 versions
prior to
22.3R2-S2, 22.3R3-S1;
* 22.4 versions
prior to
22.4R2-S1, 22.4R3;
* 23.2 versions prior to 23.2R1-S1, 23.2R2.
Github link:
https://github.com/functionofpwnosec/CVE-2023-36845
GitHub
GitHub - functionofpwnosec/CVE-2023-36845: Juniper Networks POC Understanding CVE-2023–36845 Remote Code Execution Exploit and…
Juniper Networks POC Understanding CVE-2023–36845 Remote Code Execution Exploit and Protection - functionofpwnosec/CVE-2023-36845
CVE-2024-23113
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
Github link:
https://github.com/CheckCve2/CVE-2024-23113
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
Github link:
https://github.com/CheckCve2/CVE-2024-23113
GitHub
GitHub - CheckCve2/CVE-2024-23113: test_private_CVE
test_private_CVE. Contribute to CheckCve2/CVE-2024-23113 development by creating an account on GitHub.
CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Github link:
https://github.com/baesh3r/poc-CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Github link:
https://github.com/baesh3r/poc-CVE-2023-3824
GitHub
GitHub - baesh3r/poc-CVE-2023-3824: CVE-2023-3824 PoC
CVE-2023-3824 PoC. Contribute to baesh3r/poc-CVE-2023-3824 development by creating an account on GitHub.