CVE-2019-10149
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Github link:
https://github.com/VoyagerOnne/Exim-CVE-2019-10149
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Github link:
https://github.com/VoyagerOnne/Exim-CVE-2019-10149
GitHub
GitHub - VoyagerOnne/Exim-CVE-2019-10149: PoC for exploitation of vulnerability CVE-2019-10149
PoC for exploitation of vulnerability CVE-2019-10149 - VoyagerOnne/Exim-CVE-2019-10149
CVE-2024-4367
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Github link:
https://github.com/BektiHandoyo/cve-pdf-host
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Github link:
https://github.com/BektiHandoyo/cve-pdf-host
GitHub
GitHub - BektiHandoyo/cve-pdf-host: PDF host for CVE-2024-4367
PDF host for CVE-2024-4367. Contribute to BektiHandoyo/cve-pdf-host development by creating an account on GitHub.
CVE-2024-36991
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/xploitnik/CVE-2024-36991-modified
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
Github link:
https://github.com/xploitnik/CVE-2024-36991-modified
GitHub
GitHub - xploitnik/CVE-2024-36991-modified: The modified version of the original script can be described as a Proof of Concept…
The modified version of the original script can be described as a Proof of Concept (PoC) Exploit Script for CVE-2024-36991, designed to read sensitive files from a vulnerable Splunk Enterprise inst...
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/sug4r-wr41th/CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/sug4r-wr41th/CVE-2024-4577
GitHub
GitHub - sug4r-wr41th/CVE-2024-4577: PHP CGI CVE-2024-4577 PoC
PHP CGI CVE-2024-4577 PoC. Contribute to sug4r-wr41th/CVE-2024-4577 development by creating an account on GitHub.
CVE-2023-1177
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
Github link:
https://github.com/paultheal1en/CVE-2023-1177-PoC-reproduce
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
Github link:
https://github.com/paultheal1en/CVE-2023-1177-PoC-reproduce
GitHub
GitHub - paultheal1en/CVE-2023-1177-PoC-reproduce: PoC of CVE-2023-1177 vulnerability in MLflow (Reproduce)
PoC of CVE-2023-1177 vulnerability in MLflow (Reproduce) - paultheal1en/CVE-2023-1177-PoC-reproduce
CVE-2023-28121
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
Github link:
https://github.com/sug4r-wr41th/CVE-2023-28121
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.
Github link:
https://github.com/sug4r-wr41th/CVE-2023-28121
GitHub
GitHub - sug4r-wr41th/CVE-2023-28121: WooCommerce Payments (WordPress plugin) =< 5.6.1 CVE-2023-28121 PoC
WooCommerce Payments (WordPress plugin) =< 5.6.1 CVE-2023-28121 PoC - sug4r-wr41th/CVE-2023-28121
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/sug4r-wr41th/CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/sug4r-wr41th/CVE-2011-2523
GitHub
GitHub - sug4r-wr41th/CVE-2011-2523: vsFTPd 2.3.4 CVE-2011-2523 PoC
vsFTPd 2.3.4 CVE-2011-2523 PoC. Contribute to sug4r-wr41th/CVE-2011-2523 development by creating an account on GitHub.
CVE-2018-16763
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Github link:
https://github.com/ArtemCyberLab/Project-Exploiting-a-Vulnerability-in-Fuel-CMS-CVE-2018-16763-
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Github link:
https://github.com/ArtemCyberLab/Project-Exploiting-a-Vulnerability-in-Fuel-CMS-CVE-2018-16763-
GitHub
GitHub - ArtemCyberLab/Project-Exploiting-a-Vulnerability-in-Fuel-CMS-CVE-2018-16763-: The goal of this project was to conduct…
The goal of this project was to conduct a security audit of a blog recently launched by Ackme Support Incorporated, identifying any critical vulnerabilities before the site goes public. The task in...
CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/marcosChoucino/CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/marcosChoucino/CVE-2021-4034
GitHub
GitHub - marcosChoucino/CVE-2021-4034: Exploit de la vulneravilidad CVE-2021-4034
Exploit de la vulneravilidad CVE-2021-4034. Contribute to marcosChoucino/CVE-2021-4034 development by creating an account on GitHub.
CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/igonzalez357/CVE-2021-4034-PwnKit-
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/igonzalez357/CVE-2021-4034-PwnKit-
GitHub
GitHub - igonzalez357/CVE-2021-4034-PwnKit-: Este repositorio muestra cómo explotar la vulnerabilidad CVE-2021-4034.
Este repositorio muestra cómo explotar la vulnerabilidad CVE-2021-4034. - igonzalez357/CVE-2021-4034-PwnKit-
CVE-2023-46818
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
Github link:
https://github.com/blindma1den/CVE-2023-46818-Exploit
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
Github link:
https://github.com/blindma1den/CVE-2023-46818-Exploit
GitHub
GitHub - blindma1den/CVE-2023-46818-Exploit: This is my own exploit for CVE-2023-46818 happy hacking!
This is my own exploit for CVE-2023-46818 happy hacking! - blindma1den/CVE-2023-46818-Exploit
CVE-2024-4367
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Github link:
https://github.com/Bhavyakcwestern/Hacking-pdf.js-vulnerability
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Github link:
https://github.com/Bhavyakcwestern/Hacking-pdf.js-vulnerability
GitHub
GitHub - Bhavyakcwestern/Hacking-pdf.js-vulnerability: CVE-2024-4367
CVE-2024-4367. Contribute to Bhavyakcwestern/Hacking-pdf.js-vulnerability development by creating an account on GitHub.