CVE-2024-42640
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Github link:
https://github.com/KTN1990/CVE-2024-42640
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Github link:
https://github.com/KTN1990/CVE-2024-42640
GitHub
GitHub - KTN1990/CVE-2024-42640: Unauthenticated Remote Code Execution via Angular-Base64-Upload Library (npm:bower)
Unauthenticated Remote Code Execution via Angular-Base64-Upload Library (npm:bower) - KTN1990/CVE-2024-42640
CVE-2023-50164
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
Github link:
https://github.com/Trackflaw/CVE-2024-10924-Wordpress-Docker
An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.
Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue.
Github link:
https://github.com/Trackflaw/CVE-2024-10924-Wordpress-Docker
GitHub
GitHub - Trackflaw/CVE-2024-10924-Wordpress-Docker: Vulnerable docker container for Really Simple Security (Free, Pro, and Pro…
Vulnerable docker container for Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 – 9.1.1.1 – Authentication Bypass CVE-2023-50164 - Trackflaw/CVE-2024-10924-Wordpress-Docker
CVE-2018-15473
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Github link:
https://github.com/SUDORM0X/PoC-CVE-2018-15473
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
Github link:
https://github.com/SUDORM0X/PoC-CVE-2018-15473
GitHub
GitHub - SUDORM0X/PoC-CVE-2018-15473: FAFAF
FAFAF. Contribute to SUDORM0X/PoC-CVE-2018-15473 development by creating an account on GitHub.
CVE-2024-10924
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
Github link:
https://github.com/julesbsz/CVE-2024-10924
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
Github link:
https://github.com/julesbsz/CVE-2024-10924
GitHub
GitHub - julesbsz/CVE-2024-10924: POC for CVE-2024-10924 written in Python
POC for CVE-2024-10924 written in Python. Contribute to julesbsz/CVE-2024-10924 development by creating an account on GitHub.
CVE-2024-5084
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Github link:
https://github.com/z1gazaga/CVE-2024-5084
The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'file_upload_action' function in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Github link:
https://github.com/z1gazaga/CVE-2024-5084
GitHub
GitHub - z1gazaga/CVE-2024-5084: Материалы для научной работы
Материалы для научной работы. Contribute to z1gazaga/CVE-2024-5084 development by creating an account on GitHub.
CVE-2024-8856
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Github link:
https://github.com/Jenderal92/CVE-2024-8856
The Backup and Staging by WP Time Capsule plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the the UploadHandler.php file and no direct file access prevention in all versions up to, and including, 1.22.21. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Github link:
https://github.com/Jenderal92/CVE-2024-8856
GitHub
GitHub - Jenderal92/CVE-2024-8856: This tool scans WordPress websites for vulnerabilities in the WP Time Capsule plugin related…
This tool scans WordPress websites for vulnerabilities in the WP Time Capsule plugin related to CVE-2024-8856. It identifies plugin versions below 1.22.22 as vulnerable and logs results to vuln.txt...
CVE-2024-4439
WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. In addition, it also makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that have the comment block present and display the comment author's avatar.
Github link:
https://github.com/w0r1i0g1ht/CVE-2024-4439
WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. In addition, it also makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that have the comment block present and display the comment author's avatar.
Github link:
https://github.com/w0r1i0g1ht/CVE-2024-4439
GitHub
GitHub - w0r1i0g1ht/CVE-2024-4439: CVE-2024-4439 docker and poc
CVE-2024-4439 docker and poc. Contribute to w0r1i0g1ht/CVE-2024-4439 development by creating an account on GitHub.