CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/chihyeonwon/Log4shell
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/chihyeonwon/Log4shell
GitHub
GitHub - chihyeonwon/Log4shell: CVE-2021-44228
CVE-2021-44228. Contribute to chihyeonwon/Log4shell development by creating an account on GitHub.
CVE-2017-11882
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
Github link:
https://github.com/xdrake1010/CVE-2017-11882-Preventer
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
Github link:
https://github.com/xdrake1010/CVE-2017-11882-Preventer
GitHub
GitHub - xdrake1010/CVE-2017-11882-Preventer: CVE-2017-11882 Preventer for .docx files
CVE-2017-11882 Preventer for .docx files. Contribute to xdrake1010/CVE-2017-11882-Preventer development by creating an account on GitHub.
CVE-2013-2010
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
Github link:
https://github.com/spyata123/w3-total-cache-cve-2013-2010
WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability
Github link:
https://github.com/spyata123/w3-total-cache-cve-2013-2010
GitHub
GitHub - spyata123/w3-total-cache-cve-2013-2010: Remote code execution running on w3 total cache cve 2013-2010
Remote code execution running on w3 total cache cve 2013-2010 - spyata123/w3-total-cache-cve-2013-2010
CVE-2024-10924
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
Github link:
https://github.com/sharafu-sblsec/CVE-2024-10924
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).
Github link:
https://github.com/sharafu-sblsec/CVE-2024-10924
GitHub
GitHub - sharafu-sblsec/CVE-2024-10924: CVE-2024-10924 - Authentication Bypass in ReallySimpleSSL Wordpress Plugin
CVE-2024-10924 - Authentication Bypass in ReallySimpleSSL Wordpress Plugin - sharafu-sblsec/CVE-2024-10924
CVE-2012-2982
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
Github link:
https://github.com/lpuv/CVE-2012-2982
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
Github link:
https://github.com/lpuv/CVE-2012-2982
GitHub
GitHub - lpuv/CVE-2012-2982: Webmin 1.580 /file/show.cgi Remote Code Execution
Webmin 1.580 /file/show.cgi Remote Code Execution - GitHub - lpuv/CVE-2012-2982: Webmin 1.580 /file/show.cgi Remote Code Execution
CVE-2016-6210
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
Github link:
https://github.com/coolbabayaga/CVE-2016-6210
sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.
Github link:
https://github.com/coolbabayaga/CVE-2016-6210
GitHub
GitHub - coolbabayaga/CVE-2016-6210: User name enumeration against SSH daemons affected by CVE-2016-6210.
User name enumeration against SSH daemons affected by CVE-2016-6210. - coolbabayaga/CVE-2016-6210
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/Night-have-dreams/php-cgi-Injector
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/Night-have-dreams/php-cgi-Injector
GitHub
GitHub - Night-have-dreams/php-cgi-Injector: 一個測試CVE-2024-4577和CVE-2024-8926的安全滲透工具
一個測試CVE-2024-4577和CVE-2024-8926的安全滲透工具. Contribute to Night-have-dreams/php-cgi-Injector development by creating an account on GitHub.