CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/Night-have-dreams/php-cgi-Injector
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/Night-have-dreams/php-cgi-Injector
GitHub
GitHub - Night-have-dreams/php-cgi-Injector: 一個測試CVE-2024-4577和CVE-2024-8926的安全滲透工具
一個測試CVE-2024-4577和CVE-2024-8926的安全滲透工具. Contribute to Night-have-dreams/php-cgi-Injector development by creating an account on GitHub.
CVE-2023-21839
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Github link:
https://github.com/lovingpot/CVE-2023-21839
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Github link:
https://github.com/lovingpot/CVE-2023-21839
CVE-2019-19781
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Github link:
https://github.com/chihyeonwon/CVE-2019-19781
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
Github link:
https://github.com/chihyeonwon/CVE-2019-19781
GitHub
GitHub - chihyeonwon/CVE-2019-19781: RCE, Citirx ADC and Gateway Directory Traversal
RCE, Citirx ADC and Gateway Directory Traversal. Contribute to chihyeonwon/CVE-2019-19781 development by creating an account on GitHub.
CVE-2023-34598
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.
Github link:
https://github.com/Zer0F8th/CVE-2023-34598
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response.
Github link:
https://github.com/Zer0F8th/CVE-2023-34598
GitHub
GitHub - Zer0F8th/CVE-2023-34598: Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI)
Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) - Zer0F8th/CVE-2023-34598
CVE-2022-3689
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users
Github link:
https://github.com/mr-won/CVE-2022-3689
The HTML Forms WordPress plugin before 1.3.25 does not properly properly escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users
Github link:
https://github.com/mr-won/CVE-2022-3689
GitHub
GitHub - mr-won/CVE-2022-3689: CVE-2022-3689
CVE-2022-3689. Contribute to mr-won/CVE-2022-3689 development by creating an account on GitHub.