CVE-2022-26134
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Github link:
https://github.com/XiaomingX/cve-2022-26134-poc
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Github link:
https://github.com/XiaomingX/cve-2022-26134-poc
GitHub
GitHub - XiaomingX/cve-2022-26134-poc: CVE-2022-26134 是一个影响 Atlassian Confluence Server 和 Data Center 的 远程代码执行漏洞(RCE),其成因是服务器处理…
CVE-2022-26134 是一个影响 Atlassian Confluence Server 和 Data Center 的 远程代码执行漏洞(RCE),其成因是服务器处理 OGNL 表达式时未能正确过滤输入,从而允许攻击者以特权账户权限执行任意代码。 - XiaomingX/cve-2022-26134-poc
CVE-2023-47246
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
Github link:
https://github.com/XiaomingX/cve-2023-47246-poc
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
Github link:
https://github.com/XiaomingX/cve-2023-47246-poc
GitHub
GitHub - XiaomingX/cve-2023-47246-poc: CVE-2023-47246 是 SysAid On-Premise 软件(版本 23.3.36 之前)中的一个路径遍历漏洞。攻击者可以利用该漏洞将文件写入 Tomcat 的…
CVE-2023-47246 是 SysAid On-Premise 软件(版本 23.3.36 之前)中的一个路径遍历漏洞。攻击者可以利用该漏洞将文件写入 Tomcat 的 webroot 目录,从而在服务器上执行任意代码。 - XiaomingX/cve-2023-47246-poc
CVE-2023-41425
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
Github link:
https://github.com/Diegomjx/CVE-2023-41425-WonderCMS-Authenticated-RCE
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
Github link:
https://github.com/Diegomjx/CVE-2023-41425-WonderCMS-Authenticated-RCE
GitHub
GitHub - Diegomjx/CVE-2023-41425-WonderCMS-Authenticated-RCE: Xss injection, WonderCMS 3.2.0 -3.4.2
Xss injection, WonderCMS 3.2.0 -3.4.2 . Contribute to Diegomjx/CVE-2023-41425-WonderCMS-Authenticated-RCE development by creating an account on GitHub.
CVE-2019-10149
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Github link:
https://github.com/uyerr/PoC_CVE-2019-10149--rce
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Github link:
https://github.com/uyerr/PoC_CVE-2019-10149--rce
GitHub
GitHub - uyerr/PoC_CVE-2019-10149--rce: Remote Command Execution into shell from a vulnerable exim service.
Remote Command Execution into shell from a vulnerable exim service. - uyerr/PoC_CVE-2019-10149--rce
CVE-2023-26360
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/issamjr/CVE-2023-26360
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/issamjr/CVE-2023-26360
GitHub
GitHub - issamjr/CVE-2023-26360: CVE-2023-26360 - Adobe Coldfusion
CVE-2023-26360 - Adobe Coldfusion . Contribute to issamjr/CVE-2023-26360 development by creating an account on GitHub.
CVE-2022-30190
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
Github link:
https://github.com/madbaiu/CVE-2022-30190
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
Github link:
https://github.com/madbaiu/CVE-2022-30190
GitHub
GitHub - madbaiu/CVE-2022-30190: msdt-follina payload testing on local vm
msdt-follina payload testing on local vm. Contribute to madbaiu/CVE-2022-30190 development by creating an account on GitHub.
CVE-2022-24086
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
Github link:
https://github.com/wubinworks/magento2-template-filter-patch
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
Github link:
https://github.com/wubinworks/magento2-template-filter-patch
GitHub
GitHub - wubinworks/magento2-template-filter-patch: Magento 2 patch for CVE-2022-24086, CVE-2022-24087. Fix the RCE vulnerability…
Magento 2 patch for CVE-2022-24086, CVE-2022-24087. Fix the RCE vulnerability and related bugs by performing deep template variable escaping. If you cannot upgrade Magento or cannot apply the offic...
CVE-2024-5057
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
Github link:
https://github.com/g1thubb004/poc-CVE-2024-5057
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
Github link:
https://github.com/g1thubb004/poc-CVE-2024-5057
CVE-2024-51567
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
Github link:
https://github.com/XiaomingX/cve-2024-51567-poc
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
Github link:
https://github.com/XiaomingX/cve-2024-51567-poc
GitHub
GitHub - XiaomingX/cve-2024-51567-poc: CVE-2024-51567 is a Python PoC exploit targeting an RCE vulnerability in CyberPanel v2.3.6’s…
CVE-2024-51567 is a Python PoC exploit targeting an RCE vulnerability in CyberPanel v2.3.6’s upgrademysqlstatus endpoint, bypassing CSRF protections. - XiaomingX/cve-2024-51567-poc
CVE-2024-52427
None
Github link:
https://github.com/DoTTak/WP-Event-Tickets-with-Ticket-Scanner-CVE-Report
None
Github link:
https://github.com/DoTTak/WP-Event-Tickets-with-Ticket-Scanner-CVE-Report
CVE-2022-25845
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
Github link:
https://github.com/ph0ebus/CVE-2022-25845-In-Spring
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
Github link:
https://github.com/ph0ebus/CVE-2022-25845-In-Spring
GitHub
fastjson_safemode
A fast JSON parser/generator for Java. . Contribute to alibaba/fastjson development by creating an account on GitHub.