CVE-2021-41805
HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.
Github link:
https://github.com/acfirthh/CVE-2021-41805
HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.
Github link:
https://github.com/acfirthh/CVE-2021-41805
GitHub
GitHub - acfirthh/CVE-2021-41805: A proof-of-concept for CVE-2021-41805 which is a vulnerability in HashiCorp Consul Enterprise…
A proof-of-concept for CVE-2021-41805 which is a vulnerability in HashiCorp Consul Enterprise allowing for Remote Code Execution (RCE) with escalated privileges. - acfirthh/CVE-2021-41805
CVE-2022-29078
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
Github link:
https://github.com/chuckdu21/CVE-2022-29078
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
Github link:
https://github.com/chuckdu21/CVE-2022-29078
GitHub
GitHub - chuckdu21/CVE-2022-29078: PoC for CVE-2022-29078
PoC for CVE-2022-29078. Contribute to chuckdu21/CVE-2022-29078 development by creating an account on GitHub.
CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Github link:
https://github.com/fr33c0d3/poc-cve-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Github link:
https://github.com/fr33c0d3/poc-cve-2023-3824
GitHub
GitHub - fr33c0d3/poc-cve-2023-3824: PoC CVE 2023-3824
PoC CVE 2023-3824. Contribute to fr33c0d3/poc-cve-2023-3824 development by creating an account on GitHub.
CVE-2018-16763
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Github link:
https://github.com/altsun/CVE-2018-16763-FuelCMS-1.4.1-RCE
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Github link:
https://github.com/altsun/CVE-2018-16763-FuelCMS-1.4.1-RCE
GitHub
GitHub - altsun/CVE-2018-16763-FuelCMS-1.4.1-RCE: Fuel CMS 1.4.1 - Remote Code Execution
Fuel CMS 1.4.1 - Remote Code Execution. Contribute to altsun/CVE-2018-16763-FuelCMS-1.4.1-RCE development by creating an account on GitHub.
CVE-2015-9251
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Github link:
https://github.com/hackgiver/CVE-2015-9251
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Github link:
https://github.com/hackgiver/CVE-2015-9251
GitHub
GitHub - hackgiver/CVE-2015-9251: This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery…
This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery versions prior to 3.0.0 that allows attackers to perform Cross-Site Scripting (XSS) attacks under cert...
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/Dejavu666/CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/Dejavu666/CVE-2024-4577
GitHub
GitHub - Dejavu666/CVE-2024-4577: CVE-2024-4577 POC
CVE-2024-4577 POC. Contribute to Dejavu666/CVE-2024-4577 development by creating an account on GitHub.
CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
Github link:
https://github.com/mithunmadhukuttan/Dirty-Pipe-Exploit
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
Github link:
https://github.com/mithunmadhukuttan/Dirty-Pipe-Exploit
GitHub
GitHub - mithunmadhukuttan/Dirty-Pipe-Exploit: The **Dirty Pipe exploit (CVE-2022-0847)** is a Linux kernel vulnerability (v5.8+)…
The **Dirty Pipe exploit (CVE-2022-0847)** is a Linux kernel vulnerability (v5.8+) allowing unprivileged attackers to overwrite arbitrary files via a flaw in the pipe mechanism. This leads to privi...