CVE-2018-16763
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Github link:
https://github.com/ArtemCyberLab/Project-Exploiting-a-Vulnerability-in-Fuel-CMS-CVE-2018-16763-
FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution.
Github link:
https://github.com/ArtemCyberLab/Project-Exploiting-a-Vulnerability-in-Fuel-CMS-CVE-2018-16763-
GitHub
GitHub - ArtemCyberLab/Project-Exploiting-a-Vulnerability-in-Fuel-CMS-CVE-2018-16763-: The goal of this project was to conduct…
The goal of this project was to conduct a security audit of a blog recently launched by Ackme Support Incorporated, identifying any critical vulnerabilities before the site goes public. The task in...
CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/marcosChoucino/CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/marcosChoucino/CVE-2021-4034
GitHub
GitHub - marcosChoucino/CVE-2021-4034: Exploit de la vulneravilidad CVE-2021-4034
Exploit de la vulneravilidad CVE-2021-4034. Contribute to marcosChoucino/CVE-2021-4034 development by creating an account on GitHub.
CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/igonzalez357/CVE-2021-4034-PwnKit-
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Github link:
https://github.com/igonzalez357/CVE-2021-4034-PwnKit-
GitHub
GitHub - igonzalez357/CVE-2021-4034-PwnKit-: Este repositorio muestra cómo explotar la vulnerabilidad CVE-2021-4034.
Este repositorio muestra cómo explotar la vulnerabilidad CVE-2021-4034. - igonzalez357/CVE-2021-4034-PwnKit-
CVE-2023-46818
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
Github link:
https://github.com/blindma1den/CVE-2023-46818-Exploit
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
Github link:
https://github.com/blindma1den/CVE-2023-46818-Exploit
GitHub
GitHub - blindma1den/CVE-2023-46818-Exploit: This is my own exploit for CVE-2023-46818 happy hacking!
This is my own exploit for CVE-2023-46818 happy hacking! - blindma1den/CVE-2023-46818-Exploit
CVE-2024-4367
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Github link:
https://github.com/Bhavyakcwestern/Hacking-pdf.js-vulnerability
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Github link:
https://github.com/Bhavyakcwestern/Hacking-pdf.js-vulnerability
GitHub
GitHub - Bhavyakcwestern/Hacking-pdf.js-vulnerability: CVE-2024-4367
CVE-2024-4367. Contribute to Bhavyakcwestern/Hacking-pdf.js-vulnerability development by creating an account on GitHub.
CVE-2023-46818
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
Github link:
https://github.com/ajdumanhug/CVE-2023-46818
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.
Github link:
https://github.com/ajdumanhug/CVE-2023-46818
GitHub
GitHub - ajdumanhug/CVE-2023-46818: CVE-2023-46818 Python3 Exploit for ISPConfig <= 3.2.11 (language_edit.php) PHP Code Injection…
CVE-2023-46818 Python3 Exploit for ISPConfig <= 3.2.11 (language_edit.php) PHP Code Injection Vulnerability - ajdumanhug/CVE-2023-46818
CVE-2023-27350
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
Github link:
https://github.com/0xB0y426/CVE-2023-27350-PoC
This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.
Github link:
https://github.com/0xB0y426/CVE-2023-27350-PoC
GitHub
GitHub - 0xB0y426/CVE-2023-27350-PoC: PoC for CVE-2023-27350
PoC for CVE-2023-27350. Contribute to 0xB0y426/CVE-2023-27350-PoC development by creating an account on GitHub.
CVE-2024-38816
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
Specifically, an application is vulnerable when both of the following are true:
* the web application uses RouterFunctions to serve static resources
* resource handling is explicitly configured with a FileSystemResource location
However, malicious requests are blocked and rejected when any of the following is true:
* the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html is in use
* the application runs on Tomcat or Jetty
Github link:
https://github.com/jaloon/spring-webmvc5
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
Specifically, an application is vulnerable when both of the following are true:
* the web application uses RouterFunctions to serve static resources
* resource handling is explicitly configured with a FileSystemResource location
However, malicious requests are blocked and rejected when any of the following is true:
* the Spring Security HTTP Firewall https://docs.spring.io/spring-security/reference/servlet/exploits/firewall.html is in use
* the application runs on Tomcat or Jetty
Github link:
https://github.com/jaloon/spring-webmvc5
CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/khaidtraivch/CVE-2021-44228-Log4Shell-
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/khaidtraivch/CVE-2021-44228-Log4Shell-
GitHub
GitHub - khaidtraivch/CVE-2021-44228-Log4Shell-: Kiểm thử xâm nhập
Kiểm thử xâm nhập . Contribute to khaidtraivch/CVE-2021-44228-Log4Shell- development by creating an account on GitHub.
CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/khaidtraivch/CVE-2021-41773-Apache-2.4.49-
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/khaidtraivch/CVE-2021-41773-Apache-2.4.49-
GitHub
GitHub - khaidtraivch/CVE-2021-41773-Apache-2.4.49-: Kiểm thử xâm nhập
Kiểm thử xâm nhập . Contribute to khaidtraivch/CVE-2021-41773-Apache-2.4.49- development by creating an account on GitHub.
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/JohanMV/explotacion-vsftpd-nmap_Laboratorio_1
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/JohanMV/explotacion-vsftpd-nmap_Laboratorio_1
GitHub
GitHub - JohanMV/explotacion-vsftpd-nmap_Laboratorio_1: Laboratorio técnico de ciberseguridad donde se realiza reconocimiento de…
Laboratorio técnico de ciberseguridad donde se realiza reconocimiento de red con Nmap y explotación de la vulnerabilidad CVE-2011-2523 (vsftpd 2.3.4) mediante Metasploit Framework. Proyecto académi...