CVE-2018-13379
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
Github link:
https://github.com/Farzan-Kh/CVE-2018-13379
An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests.
Github link:
https://github.com/Farzan-Kh/CVE-2018-13379
GitHub
GitHub - Farzan-Kh/CVE-2018-13379: An exploit for Fortinet CVE-2018-13379
An exploit for Fortinet CVE-2018-13379. Contribute to Farzan-Kh/CVE-2018-13379 development by creating an account on GitHub.
CVE-2023-43208
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.
Github link:
https://github.com/Avento/CVE-2023-43208_Detection_PoC
NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.
Github link:
https://github.com/Avento/CVE-2023-43208_Detection_PoC
GitHub
GitHub - Avento/CVE-2023-43208_Detection_PoC: Use java.net.InetAddress for detection
Use java.net.InetAddress for detection. Contribute to Avento/CVE-2023-43208_Detection_PoC development by creating an account on GitHub.
CVE-2018-0886
The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".
Github link:
https://github.com/andychao/Remote_code_execution_vulnerability_CVE-2018-0886_vulnerability_fixing_resources_download
The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".
Github link:
https://github.com/andychao/Remote_code_execution_vulnerability_CVE-2018-0886_vulnerability_fixing_resources_download
GitHub
GitHub - andychao/Remote_code_execution_vulnerability_CVE-2018-0886_vulnerability_fixing_resources_download: 远程执行代码漏洞CVE-2018-0886漏洞修复资源下载…
远程执行代码漏洞CVE-2018-0886漏洞修复资源下载 免费下载. Contribute to andychao/Remote_code_execution_vulnerability_CVE-2018-0886_vulnerability_fixing_resources_download development by creating an account on GitHub.
CVE-2021-26690
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
Github link:
https://github.com/0xdeviner/CVE-2021-26690
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
Github link:
https://github.com/0xdeviner/CVE-2021-26690
CVE-2024-21683
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.
This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.3, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.
Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html
You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.
This vulnerability was found internally.
Github link:
https://github.com/XiaomingX/cve-2024-21683-rce
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.
This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.3, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.
Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html
You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives.
This vulnerability was found internally.
Github link:
https://github.com/XiaomingX/cve-2024-21683-rce
CVE-2024-3400
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.
Github link:
https://github.com/nanwinata/CVE-2024-3400
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.
Github link:
https://github.com/nanwinata/CVE-2024-3400
GitHub
GitHub - nanwinata/CVE-2024-3400: CVE-2024-3400 PAN-OS Vulnerability Scanner.
CVE-2024-3400 PAN-OS Vulnerability Scanner. Contribute to nanwinata/CVE-2024-3400 development by creating an account on GitHub.
CVE-2024-52301
Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.
Github link:
https://github.com/nanwinata/CVE-2024-52301
Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs.
Github link:
https://github.com/nanwinata/CVE-2024-52301
GitHub
GitHub - nanwinata/CVE-2024-52301: Arbitrary Argument Injection Scanner CVE-2024-52301
Arbitrary Argument Injection Scanner CVE-2024-52301 - nanwinata/CVE-2024-52301
CVE-2017-7921
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
Github link:
https://github.com/andychao/CVE-2017-7921_reproduces_decrypted_file_sharing
An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.
Github link:
https://github.com/andychao/CVE-2017-7921_reproduces_decrypted_file_sharing
GitHub
GitHub - andychao/CVE-2017-7921_reproduces_decrypted_file_sharing: CVE-2017-7921复现解密文件分享 免费下载
CVE-2017-7921复现解密文件分享 免费下载. Contribute to andychao/CVE-2017-7921_reproduces_decrypted_file_sharing development by creating an account on GitHub.
CVE-2022-37042
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.
Github link:
https://github.com/romero-javi/zimbra8_lab
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.
Github link:
https://github.com/romero-javi/zimbra8_lab
GitHub
GitHub - romero-javi/zimbra8_lab: Zimbra Lab de CVE-2022-37042 y CVE-2022-37393
Zimbra Lab de CVE-2022-37042 y CVE-2022-37393 . Contribute to romero-javi/zimbra8_lab development by creating an account on GitHub.
CVE-2023-0297
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
Github link:
https://github.com/oxapavan/CVE-2023-0297
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
Github link:
https://github.com/oxapavan/CVE-2023-0297
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/oxapavan/CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/oxapavan/CVE-2024-6387
CVE-2023-41425
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
Github link:
https://github.com/0x0d3ad/CVE-2023-41425
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
Github link:
https://github.com/0x0d3ad/CVE-2023-41425
GitHub
GitHub - 0x0d3ad/CVE-2023-41425: CVE-2023-41425 (XSS to RCE, Wonder CMS 3.2.0 <= 3.4.2)
CVE-2023-41425 (XSS to RCE, Wonder CMS 3.2.0 <= 3.4.2) - 0x0d3ad/CVE-2023-41425
CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/XiaomingX/cve-2024-3094-xz-backdoor-exploit
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/XiaomingX/cve-2024-3094-xz-backdoor-exploit
GitHub
GitHub - XiaomingX/cve-2024-3094-xz-backdoor-exploit: CVE-2024-3094 (XZ Backdoor) Tools
CVE-2024-3094 (XZ Backdoor) Tools. Contribute to XiaomingX/cve-2024-3094-xz-backdoor-exploit development by creating an account on GitHub.