CVE-2015-1427
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
Github link:
https://github.com/Sebikea/CVE-2015-1427-for-trixie
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
Github link:
https://github.com/Sebikea/CVE-2015-1427-for-trixie
GitHub
GitHub - Sebikea/CVE-2015-1427-for-trixie: To test elasticsearch vulnerabillity on newer version of debian
To test elasticsearch vulnerabillity on newer version of debian - Sebikea/CVE-2015-1427-for-trixie
CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/AhmedMansour93/-Unveiling-the-Lessons-from-Log4Shell-A-Wake-Up-Call-for-Cybersecurity-
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/AhmedMansour93/-Unveiling-the-Lessons-from-Log4Shell-A-Wake-Up-Call-for-Cybersecurity-
GitHub
GitHub - AhmedMansour93/-Unveiling-the-Lessons-from-Log4Shell-A-Wake-Up-Call-for-Cybersecurity-: In December 2021, the world of…
In December 2021, the world of cybersecurity was shaken by the discovery of the Log4Shell vulnerability (CVE-2021-44228), embedded within the widely-used Apache Log4j library. With a CVSS score of ...
CVE-2024-23897
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/safeer-accuknox/Jenkins-Args4j-CVE-2024-23897-POC
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
Github link:
https://github.com/safeer-accuknox/Jenkins-Args4j-CVE-2024-23897-POC
GitHub
GitHub - safeer-accuknox/BLOG-POC: This repository contains proofs-of-concept (PoCs) for vulnerabilities and exploits discussed…
This repository contains proofs-of-concept (PoCs) for vulnerabilities and exploits discussed in the blogs - safeer-accuknox/BLOG-POC
CVE-2024-3400
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.
Github link:
https://github.com/workshop748/CVE-2024-3400
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.
Github link:
https://github.com/workshop748/CVE-2024-3400
GitHub
GitHub - workshop748/CVE-2024-3400: Attempt at making the CVE-2024-3400 initial exploit (for educational purposes)
Attempt at making the CVE-2024-3400 initial exploit (for educational purposes) - workshop748/CVE-2024-3400
CVE-2019-16278
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
Github link:
https://github.com/cancela24/CVE-2019-16278-Nostromo-1.9.6-RCE
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
Github link:
https://github.com/cancela24/CVE-2019-16278-Nostromo-1.9.6-RCE
GitHub
GitHub - cancela24/CVE-2019-16278-Nostromo-1.9.6-RCE: This repository contains an exploit for CVE-2019-16278 in Nostromo Web Server…
This repository contains an exploit for CVE-2019-16278 in Nostromo Web Server 1.9.6, allowing remote code execution via a directory traversal vulnerability. The script uses pwntools to establish a ...
CVE-2015-1328
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
Github link:
https://github.com/YastrebX/CVE-2015-1328
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
Github link:
https://github.com/YastrebX/CVE-2015-1328
GitHub
GitHub - YastrebX/CVE-2015-1328: CVE: 2015-1328 On python test
CVE: 2015-1328 On python test. Contribute to YastrebX/CVE-2015-1328 development by creating an account on GitHub.
CVE-2022-21661
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
Github link:
https://github.com/w0r1i0g1ht/CVE-2022-21661
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
Github link:
https://github.com/w0r1i0g1ht/CVE-2022-21661
GitHub
GitHub - w0r1i0g1ht/CVE-2022-21661: CVE-2022-21661 docker and poc
CVE-2022-21661 docker and poc. Contribute to w0r1i0g1ht/CVE-2022-21661 development by creating an account on GitHub.
CVE-2013-0156
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
Github link:
https://github.com/oxBEN10/CVE-2013-0156
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
Github link:
https://github.com/oxBEN10/CVE-2013-0156
GitHub
GitHub - oxBEN10/CVE-2013-0156: This script is specifically designed to solve the challenge on PentesterLab for the CVE-2013-0156…
This script is specifically designed to solve the challenge on PentesterLab for the CVE-2013-0156 exploit - oxBEN10/CVE-2013-0156
CVE-2021-21425
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.
Github link:
https://github.com/bluetoothStrawberry/cve-2021-21425
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.
Github link:
https://github.com/bluetoothStrawberry/cve-2021-21425
GitHub
GitHub - bluetoothStrawberry/cve-2021-21425: working exploit for the old cve-2021-21425 grav cms 1.7.10 vuln
working exploit for the old cve-2021-21425 grav cms 1.7.10 vuln - bluetoothStrawberry/cve-2021-21425
CVE-2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Github link:
https://github.com/Bad3r/CVE-2021-3156-without-ip-command
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Github link:
https://github.com/Bad3r/CVE-2021-3156-without-ip-command
GitHub
GitHub - Bad3r/CVE-2021-3156-without-ip-command: fork of worawit/CVE-2021-3156 exploit_nss.py modified to work with ifconfig instead…
fork of worawit/CVE-2021-3156 exploit_nss.py modified to work with ifconfig instead of the ip command - Bad3r/CVE-2021-3156-without-ip-command
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/numaan911098/CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/numaan911098/CVE-2023-4220
GitHub
GitHub - numaan911098/CVE-2023-4220: https://nvd.nist.gov/vuln/detail/CVE-2023-4220
https://nvd.nist.gov/vuln/detail/CVE-2023-4220. Contribute to numaan911098/CVE-2023-4220 development by creating an account on GitHub.