CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Github link:
https://github.com/fr33c0d3/poc-cve-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Github link:
https://github.com/fr33c0d3/poc-cve-2023-3824
GitHub
GitHub - fr33c0d3/poc-cve-2023-3824: PoC CVE 2023-3824
PoC CVE 2023-3824. Contribute to fr33c0d3/poc-cve-2023-3824 development by creating an account on GitHub.
CVE-2018-16763
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Github link:
https://github.com/altsun/CVE-2018-16763-FuelCMS-1.4.1-RCE
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Github link:
https://github.com/altsun/CVE-2018-16763-FuelCMS-1.4.1-RCE
GitHub
GitHub - altsun/CVE-2018-16763-FuelCMS-1.4.1-RCE: Fuel CMS 1.4.1 - Remote Code Execution
Fuel CMS 1.4.1 - Remote Code Execution. Contribute to altsun/CVE-2018-16763-FuelCMS-1.4.1-RCE development by creating an account on GitHub.
CVE-2015-9251
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Github link:
https://github.com/hackgiver/CVE-2015-9251
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Github link:
https://github.com/hackgiver/CVE-2015-9251
GitHub
GitHub - hackgiver/CVE-2015-9251: This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery…
This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery versions prior to 3.0.0 that allows attackers to perform Cross-Site Scripting (XSS) attacks under cert...
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/Dejavu666/CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/Dejavu666/CVE-2024-4577
GitHub
GitHub - Dejavu666/CVE-2024-4577: CVE-2024-4577 POC
CVE-2024-4577 POC. Contribute to Dejavu666/CVE-2024-4577 development by creating an account on GitHub.
CVE-2022-0847
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
Github link:
https://github.com/mithunmadhukuttan/Dirty-Pipe-Exploit
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.
Github link:
https://github.com/mithunmadhukuttan/Dirty-Pipe-Exploit
GitHub
GitHub - mithunmadhukuttan/Dirty-Pipe-Exploit: The **Dirty Pipe exploit (CVE-2022-0847)** is a Linux kernel vulnerability (v5.8+)…
The **Dirty Pipe exploit (CVE-2022-0847)** is a Linux kernel vulnerability (v5.8+) allowing unprivileged attackers to overwrite arbitrary files via a flaw in the pipe mechanism. This leads to privi...