CVE-2022-46689
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
Github link:
https://github.com/Code2Crusader/46689
A race condition was addressed with additional validation. This issue is fixed in tvOS 16.2, macOS Monterey 12.6.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. An app may be able to execute arbitrary code with kernel privileges.
Github link:
https://github.com/Code2Crusader/46689
GitHub
GitHub - Code2Crusader/46689: Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.
Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689. - Code2Crusader/46689
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/fabulouscounc/CVE-2024-4577-PHP-RCE
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/fabulouscounc/CVE-2024-4577-PHP-RCE
CVE-2024-7479
Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers.
Github link:
https://github.com/fortra/CVE-2024-7479
Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers.
Github link:
https://github.com/fortra/CVE-2024-7479
GitHub
GitHub - fortra/CVE-2024-7479: Proof of concept for CVE-2024-7479
Proof of concept for CVE-2024-7479. Contribute to fortra/CVE-2024-7479 development by creating an account on GitHub.
CVE-2019-9978
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
Github link:
https://github.com/echoosso/CVE-2019-9978
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
Github link:
https://github.com/echoosso/CVE-2019-9978
GitHub
GitHub - echoosso/CVE-2019-9978: A Remote Code Execution (RCE) vulnerability in the Social Warfare plugin for WordPress, affecting…
A Remote Code Execution (RCE) vulnerability in the Social Warfare plugin for WordPress, affecting versions below 3.5.3. - echoosso/CVE-2019-9978