CVE-2021-43798
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
Github link:
https://github.com/davidr-io/Grafana-8.3-Directory-Traversal
Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline.
Github link:
https://github.com/davidr-io/Grafana-8.3-Directory-Traversal
GitHub
GitHub - davidr-io/Grafana-8.3-Directory-Traversal: CVE-2021-43798 working exploit
CVE-2021-43798 working exploit. Contribute to davidr-io/Grafana-8.3-Directory-Traversal development by creating an account on GitHub.
CVE-2024-2961
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
Github link:
https://github.com/kyotozx/CVE-2024-2961-Remote-File-Read
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
Github link:
https://github.com/kyotozx/CVE-2024-2961-Remote-File-Read
GitHub
GitHub - kyotozx/CVE-2024-2961-Remote-File-Read: This script demonstrates a proof-of-concept (PoC) for exploiting a file read vulnerability…
This script demonstrates a proof-of-concept (PoC) for exploiting a file read vulnerability in the iconv library, as detailed in Ambionics Security's blog https://www.ambionics.io/blog/iconv...
CVE-2015-9235
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).
Github link:
https://github.com/z-bool/Venom-JWT
In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family).
Github link:
https://github.com/z-bool/Venom-JWT
GitHub
GitHub - z-bool/Venom-JWT: 针对JWT渗透开发的漏洞验证/密钥爆破工具,针对CVE-2015-9235/空白密钥/未验证签名攻击/CVE-2016-10555/CVE-2018-0114/CVE-2020-28042的结果生成…
针对JWT渗透开发的漏洞验证/密钥爆破工具,针对CVE-2015-9235/空白密钥/未验证签名攻击/CVE-2016-10555/CVE-2018-0114/CVE-2020-28042的结果生成用于FUZZ,也可使用字典/字符枚举(包括JJWT)的方式进行爆破(JWT Crack) - z-bool/Venom-JWT
CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/dh4r4/PwnKit-CVE-2021-4034-
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/dh4r4/PwnKit-CVE-2021-4034-
GitHub
GitHub - dh4r4/PwnKit-CVE-2021-4034-: A rewrite of the Polkit vulnerability.
A rewrite of the Polkit vulnerability. Contribute to dh4r4/PwnKit-CVE-2021-4034- development by creating an account on GitHub.
CVE-2024-2961
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
Github link:
https://github.com/4wayhandshake/CVE-2024-2961
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
Github link:
https://github.com/4wayhandshake/CVE-2024-2961
GitHub
GitHub - 4wayhandshake/CVE-2024-2961: Uses CVE-2024-2961 to perform an arbitrary file read
Uses CVE-2024-2961 to perform an arbitrary file read - 4wayhandshake/CVE-2024-2961
CVE-2021-3129
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
Github link:
https://github.com/lukwagoasuman/CVE-2021-3129---Laravel-RCE
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.
Github link:
https://github.com/lukwagoasuman/CVE-2021-3129---Laravel-RCE
GitHub
GitHub - lukwagoasuman/CVE-2021-3129---Laravel-RCE: ## About The script has been made for exploiting the Laravel RCE (CVE-2021…
## About The script has been made for exploiting the Laravel RCE (CVE-2021-3129) vulnerability.
This script allows you to write/execute commands on a website running <b&...
This script allows you to write/execute commands on a website running <b&...
CVE-2024-0235
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog
Github link:
https://github.com/Nxploited/CVE-2024-0235-PoC
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog
Github link:
https://github.com/Nxploited/CVE-2024-0235-PoC
GitHub
GitHub - Nxploited/CVE-2024-0235-PoC: The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have…
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users...