CVE-2019-11248
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.
Github link:
https://github.com/bash3rt3am/poc-cve
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.
Github link:
https://github.com/bash3rt3am/poc-cve
CVE-2024-3400
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.
Github link:
https://github.com/XiaomingX/CVE-2024-3400-poc
A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
Fixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted.
Github link:
https://github.com/XiaomingX/CVE-2024-3400-poc
GitHub
GitHub - XiaomingX/CVE-2024-3400-poc: CVE-2024-3400的攻击脚本
CVE-2024-3400的攻击脚本. Contribute to XiaomingX/CVE-2024-3400-poc development by creating an account on GitHub.
CVE-2024-42845
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
Github link:
https://github.com/theexploiters/CVE-2024-42845-Exploit
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.
Github link:
https://github.com/theexploiters/CVE-2024-42845-Exploit
GitHub
GitHub - theexploiters/CVE-2024-42845-Exploit: Exploit For: CVE-2024-42845: Remote Code Execution (RCE) in Invesalius 3.1
Exploit For: CVE-2024-42845: Remote Code Execution (RCE) in Invesalius 3.1 - theexploiters/CVE-2024-42845-Exploit
CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Github link:
https://github.com/bluefish3r/poc-cve
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
Github link:
https://github.com/bluefish3r/poc-cve
GitHub
GitHub - bluefish3r/poc-cve: poc-cve-2023-3824
poc-cve-2023-3824. Contribute to bluefish3r/poc-cve development by creating an account on GitHub.
CVE-2019-17240
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
Github link:
https://github.com/0xDTC/Bludit-3.9.2-Auth-Bruteforce-Bypass-CVE-2019-17240
bl-kernel/security.class.php in Bludit 3.9.2 allows attackers to bypass a brute-force protection mechanism by using many different forged X-Forwarded-For or Client-IP HTTP headers.
Github link:
https://github.com/0xDTC/Bludit-3.9.2-Auth-Bruteforce-Bypass-CVE-2019-17240
GitHub
GitHub - 0xDTC/Bludit-3.9.2-Auth-Bruteforce-Bypass-CVE-2019-17240: Bludit 3.9.2 - Auth Bruteforce Bypass CVE:2019-17240 Refurbish…
Bludit 3.9.2 - Auth Bruteforce Bypass CVE:2019-17240 Refurbish In bash - 0xDTC/Bludit-3.9.2-Auth-Bruteforce-Bypass-CVE-2019-17240