CVE-2023-20198
Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory
Cisco will provide updates on the status of this investigation and when a software patch is available.
Github link:
https://github.com/punyconspir/cisco-ios-xe-implant-scanner
Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory
Cisco will provide updates on the status of this investigation and when a software patch is available.
Github link:
https://github.com/punyconspir/cisco-ios-xe-implant-scanner
CVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/Fauzan-Aldi/Log4j-_Vulnerability
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Github link:
https://github.com/Fauzan-Aldi/Log4j-_Vulnerability
GitHub
GitHub - Fauzan-Aldi/Log4j-_Vulnerability: The Web Is Vulnerable to CVE-2021-44228
The Web Is Vulnerable to CVE-2021-44228. Contribute to Fauzan-Aldi/Log4j-_Vulnerability development by creating an account on GitHub.
CVE-2021-25646
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
Github link:
https://github.com/tiemio/RCE-PoC-CVE-2021-25646
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
Github link:
https://github.com/tiemio/RCE-PoC-CVE-2021-25646
GitHub
GitHub - tiemio/RCE-PoC-CVE-2021-25646: A proof-of-concept for the CVE-2021-25646, which allows for Command Injection
A proof-of-concept for the CVE-2021-25646, which allows for Command Injection - tiemio/RCE-PoC-CVE-2021-25646
CVE-2018-17246
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
Github link:
https://github.com/Almandev/Sub-folderFetcher
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
Github link:
https://github.com/Almandev/Sub-folderFetcher
GitHub
GitHub - Almandev/Sub-folderFetcher: A script to download specific Vulhub repository folder (kibana/CVE-2018-17246) from GitHub.
A script to download specific Vulhub repository folder (kibana/CVE-2018-17246) from GitHub. - Almandev/Sub-folderFetcher
CVE-2017-5487
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
Github link:
https://github.com/ndr-repo/CVE-2017-5487
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
Github link:
https://github.com/ndr-repo/CVE-2017-5487
GitHub
GitHub - ndr-repo/CVE-2017-5487: PoC for CVE-2017-5487 - WordPress User Enumeration via REST
PoC for CVE-2017-5487 - WordPress User Enumeration via REST - ndr-repo/CVE-2017-5487
CVE-2020-24913
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
Github link:
https://github.com/shpaw415/CVE-2020-24913-exploit
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
Github link:
https://github.com/shpaw415/CVE-2020-24913-exploit
GitHub
GitHub - shpaw415/CVE-2020-24913-exploit: automated SQL injection for QCubed profile.php file
automated SQL injection for QCubed profile.php file - shpaw415/CVE-2020-24913-exploit
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/tntrock/CVE-2024-4577_PowerShell
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/tntrock/CVE-2024-4577_PowerShell
GitHub
GitHub - tntrock/CVE-2024-4577_PowerShell: 使用PowsrShell掃描CVE-2024-4577
使用PowsrShell掃描CVE-2024-4577. Contribute to tntrock/CVE-2024-4577_PowerShell development by creating an account on GitHub.
CVE-2023-24932
Secure Boot Security Feature Bypass Vulnerability
Github link:
https://github.com/ajf8729/BlackLotus
Secure Boot Security Feature Bypass Vulnerability
Github link:
https://github.com/ajf8729/BlackLotus
GitHub
GitHub - ajf8729/BlackLotus: BlackLotus aka CVE-2023-24932 Detection/Remediation Scripts for Intune, ConfigMgr, and generic use
BlackLotus aka CVE-2023-24932 Detection/Remediation Scripts for Intune, ConfigMgr, and generic use - ajf8729/BlackLotus
CVE-2023-42793
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Github link:
https://github.com/syaifulandy/Nuclei-Template-CVE-2023-42793.yaml
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Github link:
https://github.com/syaifulandy/Nuclei-Template-CVE-2023-42793.yaml
GitHub
GitHub - syaifulandy/Nuclei-Template-CVE-2023-42793.yaml: Windows & linux support
Windows & linux support. Contribute to syaifulandy/Nuclei-Template-CVE-2023-42793.yaml development by creating an account on GitHub.
CVE-2025-0411
None
Github link:
https://github.com/betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass
None
Github link:
https://github.com/betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass
GitHub
GitHub - betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass: CVE-2025-0411 7-Zip Mark-of-the-Web Bypass
CVE-2025-0411 7-Zip Mark-of-the-Web Bypass. Contribute to betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass development by creating an account on GitHub.