CVE-2023-26326
None
Github link:
https://github.com/omarelshopky/exploit_cve-2023-26326_using_cve-2024-2961
None
Github link:
https://github.com/omarelshopky/exploit_cve-2023-26326_using_cve-2024-2961
GitHub
GitHub - omarelshopky/exploit_cve-2023-26326_using_cve-2024-2961: Exploit for CVE-2023-26326 in the WordPress BuddyForms plugin…
Exploit for CVE-2023-26326 in the WordPress BuddyForms plugin, leveraging CVE-2024-2961 for remote code execution. This exploit bypasses PHP 8+ deserialization limitations by chaining vulnerabiliti...
CVE-2014-3704
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
Github link:
https://github.com/joaomorenorf/CVE-2014-3704
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
Github link:
https://github.com/joaomorenorf/CVE-2014-3704
GitHub
GitHub - joaomorenorf/CVE-2014-3704: This code is taken from "Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Add Admin User)"…
This code is taken from "Drupal 7.0 < 7.31 - 'Drupalgeddon' SQL Injection (Add Admin User)" and was converted to Python 3 to suit the exercise in Academy fo...
CVE-2024-10924
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
Github link:
https://github.com/Nxploited/CVE-2024-10924-Exploit
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
Github link:
https://github.com/Nxploited/CVE-2024-10924-Exploit
GitHub
GitHub - Nxploited/CVE-2024-10924-Exploit: Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication…
Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass - Nxploited/CVE-2024-10924-Exploit
CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/tiemio/SSH-key-and-RCE-PoC-for-CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/tiemio/SSH-key-and-RCE-PoC-for-CVE-2021-41773
GitHub
GitHub - tiemio/SSH-key-and-RCE-PoC-for-CVE-2021-41773: This repository contains a Proof-of-Concept for the CVE-2021-41773. This…
This repository contains a Proof-of-Concept for the CVE-2021-41773. This CVE contains a LFI and RCE vulnerablity. - tiemio/SSH-key-and-RCE-PoC-for-CVE-2021-41773