CVE-2020-14179
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.
Github link:
https://github.com/0x0060/CVE-2020-14179
Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.
Github link:
https://github.com/0x0060/CVE-2020-14179
GitHub
GitHub - 0x0060/CVE-2020-14179: 𓃌 - Jira 8.5.8 & 8.6.0 - 8.11.1 unauthorized view of SLA fields.
𓃌 - Jira 8.5.8 & 8.6.0 - 8.11.1 unauthorized view of SLA fields. - 0x0060/CVE-2020-14179
CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/Carlos-Mesquita/TPASLog4ShellPoC
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/Carlos-Mesquita/TPASLog4ShellPoC
GitHub
GitHub - Carlos-Mesquita/TPASLog4ShellPoC: Proof of Concept (PoC) for the Log4Shell vulnerability (CVE-2021-44228), developed as…
Proof of Concept (PoC) for the Log4Shell vulnerability (CVE-2021-44228), developed as part of the coursework for the curricular unit TPAS in the Master's degree in Information Security at F...
CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/Cythonic1/CVE-2024-27198_POC
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/Cythonic1/CVE-2024-27198_POC
GitHub
GitHub - Cythonic1/CVE-2024-27198_POC: a proof of concept of the CVE-2024-27198 which infect jetbrains teamCity
a proof of concept of the CVE-2024-27198 which infect jetbrains teamCity - Cythonic1/CVE-2024-27198_POC
CVE-2019-5544
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Github link:
https://github.com/vpxuser/VMware-ESXI-OpenSLP-Exploit
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Github link:
https://github.com/vpxuser/VMware-ESXI-OpenSLP-Exploit