CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/Carlos-Mesquita/TPASLog4ShellPoC
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/Carlos-Mesquita/TPASLog4ShellPoC
GitHub
GitHub - Carlos-Mesquita/TPASLog4ShellPoC: Proof of Concept (PoC) for the Log4Shell vulnerability (CVE-2021-44228), developed as…
Proof of Concept (PoC) for the Log4Shell vulnerability (CVE-2021-44228), developed as part of the coursework for the curricular unit TPAS in the Master's degree in Information Security at F...
CVE-2024-27198
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/Cythonic1/CVE-2024-27198_POC
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
Github link:
https://github.com/Cythonic1/CVE-2024-27198_POC
GitHub
GitHub - Cythonic1/CVE-2024-27198_POC: a proof of concept of the CVE-2024-27198 which infect jetbrains teamCity
a proof of concept of the CVE-2024-27198 which infect jetbrains teamCity - Cythonic1/CVE-2024-27198_POC
CVE-2019-5544
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Github link:
https://github.com/vpxuser/VMware-ESXI-OpenSLP-Exploit
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Github link:
https://github.com/vpxuser/VMware-ESXI-OpenSLP-Exploit
CVE-2023-35674
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674
GitHub
GitHub - SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674: Guide and theoretical code for CVE-2023-35674
Guide and theoretical code for CVE-2023-35674. Contribute to SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674 development by creating an account on GitHub.
CVE-2001-1473
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
Github link:
https://github.com/p1ton3rr/poc-cve-2001-1473
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
Github link:
https://github.com/p1ton3rr/poc-cve-2001-1473
GitHub
GitHub - p1ton3rr/poc-cve-2001-1473: A novel approach to the old problem
A novel approach to the old problem. Contribute to p1ton3rr/poc-cve-2001-1473 development by creating an account on GitHub.