CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Github link:
https://github.com/moften/CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Github link:
https://github.com/moften/CVE-2023-44487
GitHub
GitHub - moften/CVE-2023-44487-HTTP-2-Rapid-Reset-Attack: HTTP/2 Rapid Reset Exploit PoC
HTTP/2 Rapid Reset Exploit PoC. Contribute to moften/CVE-2023-44487-HTTP-2-Rapid-Reset-Attack development by creating an account on GitHub.
CVE-2021-21424
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that 403s are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist. The patch for this issue is available for branch 3.4.
Github link:
https://github.com/moften/CVE-2021-21424
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that 403s are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist. The patch for this issue is available for branch 3.4.
Github link:
https://github.com/moften/CVE-2021-21424
GitHub
GitHub - moften/CVE-2021-21424: El WebProfiler de Symfony expone rutas internas del servidor si no está deshabilitado en producción
El WebProfiler de Symfony expone rutas internas del servidor si no está deshabilitado en producción - moften/CVE-2021-21424
CVE-2021-42362
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.
Github link:
https://github.com/samiba6/CVE-2021-42362
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2.
Github link:
https://github.com/samiba6/CVE-2021-42362
GitHub
GitHub - samiba6/CVE-2021-42362: The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient…
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for att...
CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Github link:
https://github.com/del0x3/CVE-2019-9053-port-py3
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Github link:
https://github.com/del0x3/CVE-2019-9053-port-py3
GitHub
GitHub - del0x3/CVE-2019-9053-port-py3: CVE-2019-9053.
CVE-2019-9053. Contribute to del0x3/CVE-2019-9053-port-py3 development by creating an account on GitHub.
CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Github link:
https://github.com/kaizoku73/CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Github link:
https://github.com/kaizoku73/CVE-2019-9053
GitHub
GitHub - kaizoku73/CVE-2019-9053: CMS Made Simple ≤ 2.2.9 SQL Injection Vulnerability CVE-2019-9053 is a vulnerability found in…
CMS Made Simple ≤ 2.2.9 SQL Injection Vulnerability CVE-2019-9053 is a vulnerability found in CMS Made Simple (CMSMS) versions up to 2.2.9, where the application is vulnerable to a blind time-based...
CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Github link:
https://github.com/Hackheart-tech/-exploit-lab
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Github link:
https://github.com/Hackheart-tech/-exploit-lab
GitHub
GitHub - Hackheart-tech/-exploit-lab: Exploits Python cve-2019-9053– by HackHeart
Exploits Python cve-2019-9053– by HackHeart. Contribute to Hackheart-tech/-exploit-lab development by creating an account on GitHub.