CVE-2023-41425
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
Github link:
https://github.com/xpltive/CVE-2023-41425
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
Github link:
https://github.com/xpltive/CVE-2023-41425
GitHub
GitHub - xpltive/CVE-2023-41425: WonderCMS v3.2.0 - v3.4.2 XSS to RCE exploit
WonderCMS v3.2.0 - v3.4.2 XSS to RCE exploit. Contribute to xpltive/CVE-2023-41425 development by creating an account on GitHub.
CVE-2023-50564
An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.
Github link:
https://github.com/xpltive/CVE-2023-50564
An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file.
Github link:
https://github.com/xpltive/CVE-2023-50564
GitHub
GitHub - xpltive/CVE-2023-50564: Pluck-CMS v4.7.18 RCE exploit
Pluck-CMS v4.7.18 RCE exploit. Contribute to xpltive/CVE-2023-50564 development by creating an account on GitHub.
CVE-2022-46463
An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication.
Github link:
https://github.com/CodeSecurityTeam/harbor
An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication.
Github link:
https://github.com/CodeSecurityTeam/harbor
GitHub
GitHub - CodeSecurityTeam/harbor: CVE-2022-46463 harbor公开镜像全自动下载脚本
CVE-2022-46463 harbor公开镜像全自动下载脚本. Contribute to CodeSecurityTeam/harbor development by creating an account on GitHub.
CVE-2024-10914
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Github link:
https://github.com/dragonXZH/CVE-2024-10914
A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Github link:
https://github.com/dragonXZH/CVE-2024-10914
GitHub
GitHub - dragonXZH/CVE-2024-10914: A PoC exploit for CVE-2024-10914 - D-Link Remote Code Execution (RCE)
A PoC exploit for CVE-2024-10914 - D-Link Remote Code Execution (RCE) - dragonXZH/CVE-2024-10914
CVE-2018-9206
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
Github link:
https://github.com/MikeyPPPPPPPP/CVE-2018-9206
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
Github link:
https://github.com/MikeyPPPPPPPP/CVE-2018-9206
GitHub
GitHub - MikeyPPPPPPPP/CVE-2018-9206: Blueimp's jQuery File Upload
Blueimp's jQuery File Upload. Contribute to MikeyPPPPPPPP/CVE-2018-9206 development by creating an account on GitHub.
CVE-2024-32113
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
Github link:
https://github.com/MikeyPPPPPPPP/CVE-2024-32113
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
Github link:
https://github.com/MikeyPPPPPPPP/CVE-2024-32113
GitHub
GitHub - MikeyPPPPPPPP/CVE-2024-32113: CVE-2024-32113 PoC
CVE-2024-32113 PoC. Contribute to MikeyPPPPPPPP/CVE-2024-32113 development by creating an account on GitHub.