CVE-2024-10914
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Github link:
https://github.com/jahithoque/CVE-2024-10914-Exploit
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Github link:
https://github.com/jahithoque/CVE-2024-10914-Exploit
GitHub
GitHub - jahithoque/CVE-2024-10914-Exploit: CVE-2024-10914 is a critical vulnerability affecting the D-Link DNS-320, DNS-320LW…
CVE-2024-10914 is a critical vulnerability affecting the D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L up to version 20241028. The function cgi_user_add in the file /cgi-bin/account_mgr.cgi?cmd=...
CVE-2024-50498
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0.
Github link:
https://github.com/p0et08/CVE-2024-50498
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0.
Github link:
https://github.com/p0et08/CVE-2024-50498
GitHub
GitHub - p0et08/CVE-2024-50498: This is a exploit for CVE-2024-50498
This is a exploit for CVE-2024-50498. Contribute to p0et08/CVE-2024-50498 development by creating an account on GitHub.
CVE-2018-16763
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Github link:
https://github.com/saccles/CVE-2018-16763-Proof-of-Concept
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Github link:
https://github.com/saccles/CVE-2018-16763-Proof-of-Concept
GitHub
GitHub - saccles/CVE-2018-16763-Proof-of-Concept: A Proof-of-Concept (PoC) exploit for CVE-2018-16763 (Fuel CMS - Preauthenticated…
A Proof-of-Concept (PoC) exploit for CVE-2018-16763 (Fuel CMS - Preauthenticated Remote Code Execution). - saccles/CVE-2018-16763-Proof-of-Concept
CVE-2021-42260
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.
Github link:
https://github.com/vm2mv/tinyxml
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.
Github link:
https://github.com/vm2mv/tinyxml
GitHub
GitHub - vm2mv/tinyxml: TinyXML 2.6.2 with fixes for CVE-2021-42260 and CVE-2023-34194
TinyXML 2.6.2 with fixes for CVE-2021-42260 and CVE-2023-34194 - vm2mv/tinyxml
CVE-2021-3129
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
Github link:
https://github.com/Prabesh01/hoh4
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
Github link:
https://github.com/Prabesh01/hoh4
GitHub
GitHub - Prabesh01/hoh4: Modified version of laravel ignition RCE (CVE-2021-3129) exploit script for Hour of Hack Session-4
Modified version of laravel ignition RCE (CVE-2021-3129) exploit script for Hour of Hack Session-4 - Prabesh01/hoh4
CVE-2024-46538
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.
Github link:
https://github.com/LauLeysen/CVE-2024-46538
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_edit.php.
Github link:
https://github.com/LauLeysen/CVE-2024-46538
GitHub
GitHub - LauLeysen/CVE-2024-46538: based on [EQSTLab](https://github.com/EQSTLab)
based on [EQSTLab](https://github.com/EQSTLab). Contribute to LauLeysen/CVE-2024-46538 development by creating an account on GitHub.
CVE-2022-1386
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.
Github link:
https://github.com/lamcodeofpwnosec/CVE-2022-1386
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the server's local network bypassing firewalls and access control measures.
Github link:
https://github.com/lamcodeofpwnosec/CVE-2022-1386
GitHub
GitHub - lamcodeofpwnosec/CVE-2022-1386: Fusion Builder < 3.6.2 - Unauthenticated SSRF
Fusion Builder < 3.6.2 - Unauthenticated SSRF. Contribute to lamcodeofpwnosec/CVE-2022-1386 development by creating an account on GitHub.
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/MikeyPPPPPPPP/CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/MikeyPPPPPPPP/CVE-2023-4220
GitHub
GitHub - MikeyPPPPPPPP/CVE-2023-4220: Remote command execution exploit made for redteamers.
Remote command execution exploit made for redteamers. - MikeyPPPPPPPP/CVE-2023-4220
CVE-2022-26318
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Github link:
https://github.com/egilas/Watchguard-RCE-POC-CVE-2022-26318
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
Github link:
https://github.com/egilas/Watchguard-RCE-POC-CVE-2022-26318
GitHub
GitHub - egilas/Watchguard-RCE-POC-CVE-2022-26318: PoC for Watchguard CVE-2022-26318 updated to Python3.12
PoC for Watchguard CVE-2022-26318 updated to Python3.12 - egilas/Watchguard-RCE-POC-CVE-2022-26318
CVE-2024-9465
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.
Github link:
https://github.com/Farzan-Kh/CVE-2024-9465
An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.
Github link:
https://github.com/Farzan-Kh/CVE-2024-9465
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/Pr1or95/CVE-2023-4220-exploit
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/Pr1or95/CVE-2023-4220-exploit
GitHub
GitHub - Pr1or95/CVE-2023-4220-exploit: Carga de archivos sin restricciones en la funcionalidad de carga de archivos grandes en…
Carga de archivos sin restricciones en la funcionalidad de carga de archivos grandes en `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` en Chamilo LMS en versiones <= 1.11.24 permite ...