CVE-2023-47246
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
Github link:
https://github.com/XiaomingX/cve-2023-47246-poc
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
Github link:
https://github.com/XiaomingX/cve-2023-47246-poc
GitHub
GitHub - XiaomingX/cve-2023-47246-poc: CVE-2023-47246 是 SysAid On-Premise 软件(版本 23.3.36 之前)中的一个路径遍历漏洞。攻击者可以利用该漏洞将文件写入 Tomcat 的…
CVE-2023-47246 是 SysAid On-Premise 软件(版本 23.3.36 之前)中的一个路径遍历漏洞。攻击者可以利用该漏洞将文件写入 Tomcat 的 webroot 目录,从而在服务器上执行任意代码。 - XiaomingX/cve-2023-47246-poc
CVE-2023-41425
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
Github link:
https://github.com/Diegomjx/CVE-2023-41425-WonderCMS-Authenticated-RCE
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
Github link:
https://github.com/Diegomjx/CVE-2023-41425-WonderCMS-Authenticated-RCE
GitHub
GitHub - Diegomjx/CVE-2023-41425-WonderCMS-Authenticated-RCE: Xss injection, WonderCMS 3.2.0 -3.4.2
Xss injection, WonderCMS 3.2.0 -3.4.2 . Contribute to Diegomjx/CVE-2023-41425-WonderCMS-Authenticated-RCE development by creating an account on GitHub.
CVE-2019-10149
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Github link:
https://github.com/uyerr/PoC_CVE-2019-10149--rce
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Github link:
https://github.com/uyerr/PoC_CVE-2019-10149--rce
GitHub
GitHub - uyerr/PoC_CVE-2019-10149--rce: Remote Command Execution into shell from a vulnerable exim service.
Remote Command Execution into shell from a vulnerable exim service. - uyerr/PoC_CVE-2019-10149--rce
CVE-2023-26360
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/issamjr/CVE-2023-26360
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
Github link:
https://github.com/issamjr/CVE-2023-26360
GitHub
GitHub - issamjr/CVE-2023-26360: CVE-2023-26360 - Adobe Coldfusion
CVE-2023-26360 - Adobe Coldfusion . Contribute to issamjr/CVE-2023-26360 development by creating an account on GitHub.
CVE-2022-30190
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
Github link:
https://github.com/madbaiu/CVE-2022-30190
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.
Github link:
https://github.com/madbaiu/CVE-2022-30190
GitHub
GitHub - madbaiu/CVE-2022-30190: msdt-follina payload testing on local vm
msdt-follina payload testing on local vm. Contribute to madbaiu/CVE-2022-30190 development by creating an account on GitHub.
CVE-2022-24086
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
Github link:
https://github.com/wubinworks/magento2-template-filter-patch
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution.
Github link:
https://github.com/wubinworks/magento2-template-filter-patch
GitHub
GitHub - wubinworks/magento2-template-filter-patch: Magento 2 patch for CVE-2022-24086, CVE-2022-24087. Fix the RCE vulnerability…
Magento 2 patch for CVE-2022-24086, CVE-2022-24087. Fix the RCE vulnerability and related bugs by performing deep template variable escaping. If you cannot upgrade Magento or cannot apply the offic...
CVE-2024-5057
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
Github link:
https://github.com/g1thubb004/poc-CVE-2024-5057
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Easy Digital Downloads allows SQL Injection.This issue affects Easy Digital Downloads: from n/a through 3.2.12.
Github link:
https://github.com/g1thubb004/poc-CVE-2024-5057
CVE-2024-51567
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
Github link:
https://github.com/XiaomingX/cve-2024-51567-poc
upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
Github link:
https://github.com/XiaomingX/cve-2024-51567-poc
GitHub
GitHub - XiaomingX/cve-2024-51567-poc: CVE-2024-51567 is a Python PoC exploit targeting an RCE vulnerability in CyberPanel v2.3.6’s…
CVE-2024-51567 is a Python PoC exploit targeting an RCE vulnerability in CyberPanel v2.3.6’s upgrademysqlstatus endpoint, bypassing CSRF protections. - XiaomingX/cve-2024-51567-poc
CVE-2024-52427
None
Github link:
https://github.com/DoTTak/WP-Event-Tickets-with-Ticket-Scanner-CVE-Report
None
Github link:
https://github.com/DoTTak/WP-Event-Tickets-with-Ticket-Scanner-CVE-Report
CVE-2022-25845
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
Github link:
https://github.com/ph0ebus/CVE-2022-25845-In-Spring
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode).
Github link:
https://github.com/ph0ebus/CVE-2022-25845-In-Spring
GitHub
fastjson_safemode
A fast JSON parser/generator for Java. . Contribute to alibaba/fastjson development by creating an account on GitHub.
CVE-2017-7921
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
Github link:
https://github.com/aengussong/hikvision_probe
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
Github link:
https://github.com/aengussong/hikvision_probe
GitHub
GitHub - aengussong/hikvision_probe: Identify hikvision ip and probe for cve-s (CVE-2017-7921, CVE-2022-28171, CVE-2021-36260)
Identify hikvision ip and probe for cve-s (CVE-2017-7921, CVE-2022-28171, CVE-2021-36260) - aengussong/hikvision_probe