CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Github link:
https://github.com/baesh3r/poc-CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Github link:
https://github.com/baesh3r/poc-CVE-2023-3824
GitHub
GitHub - baesh3r/poc-CVE-2023-3824: CVE-2023-3824 PoC
CVE-2023-3824 PoC. Contribute to baesh3r/poc-CVE-2023-3824 development by creating an account on GitHub.
CVE-2024-4439
WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. In addition, it also makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that have the comment block present and display the comment author's avatar.
Github link:
https://github.com/soltanali0/CVE-2024-4439
WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. In addition, it also makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that have the comment block present and display the comment author's avatar.
Github link:
https://github.com/soltanali0/CVE-2024-4439
GitHub
GitHub - soltanali0/CVE-2024-4439: aa
aa. Contribute to soltanali0/CVE-2024-4439 development by creating an account on GitHub.
CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/geniuszlyy/CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/geniuszlyy/CVE-2024-27198
GitHub
GitHub - geniuszlyy/CVE-2024-27198: is a PoC tool that targets a vulnerability in the TeamCity server (CVE-2024-27198)
is a PoC tool that targets a vulnerability in the TeamCity server (CVE-2024-27198) - geniuszlyy/CVE-2024-27198
CVE-2020-14179
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.
Github link:
https://github.com/0x0060/CVE-2020-14179
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.
Github link:
https://github.com/0x0060/CVE-2020-14179
GitHub
GitHub - 0x0060/CVE-2020-14179: 𓃌 - Jira 8.5.8 & 8.6.0 - 8.11.1 unauthorized view of SLA fields.
𓃌 - Jira 8.5.8 & 8.6.0 - 8.11.1 unauthorized view of SLA fields. - 0x0060/CVE-2020-14179
CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/Carlos-Mesquita/TPASLog4ShellPoC
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/Carlos-Mesquita/TPASLog4ShellPoC
GitHub
GitHub - Carlos-Mesquita/TPASLog4ShellPoC: Proof of Concept (PoC) for the Log4Shell vulnerability (CVE-2021-44228), developed as…
Proof of Concept (PoC) for the Log4Shell vulnerability (CVE-2021-44228), developed as part of the coursework for the curricular unit TPAS in the Master's degree in Information Security at F...