CVE-2021-25646
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
Github link:
https://github.com/tiemio/RCE-PoC-CVE-2021-25646
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and earlier, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.
Github link:
https://github.com/tiemio/RCE-PoC-CVE-2021-25646
GitHub
GitHub - tiemio/RCE-PoC-CVE-2021-25646: A proof-of-concept for the CVE-2021-25646, which allows for Command Injection
A proof-of-concept for the CVE-2021-25646, which allows for Command Injection - tiemio/RCE-PoC-CVE-2021-25646
CVE-2018-17246
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
Github link:
https://github.com/Almandev/Sub-folderFetcher
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.
Github link:
https://github.com/Almandev/Sub-folderFetcher
GitHub
GitHub - Almandev/Sub-folderFetcher: A script to download specific Vulhub repository folder (kibana/CVE-2018-17246) from GitHub.
A script to download specific Vulhub repository folder (kibana/CVE-2018-17246) from GitHub. - Almandev/Sub-folderFetcher
CVE-2017-5487
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
Github link:
https://github.com/ndr-repo/CVE-2017-5487
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.
Github link:
https://github.com/ndr-repo/CVE-2017-5487
GitHub
GitHub - ndr-repo/CVE-2017-5487: PoC for CVE-2017-5487 - WordPress User Enumeration via REST
PoC for CVE-2017-5487 - WordPress User Enumeration via REST - ndr-repo/CVE-2017-5487
CVE-2020-24913
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
Github link:
https://github.com/shpaw415/CVE-2020-24913-exploit
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
Github link:
https://github.com/shpaw415/CVE-2020-24913-exploit
GitHub
GitHub - shpaw415/CVE-2020-24913-exploit: automated SQL injection for QCubed profile.php file
automated SQL injection for QCubed profile.php file - shpaw415/CVE-2020-24913-exploit
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/tntrock/CVE-2024-4577_PowerShell
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/tntrock/CVE-2024-4577_PowerShell
GitHub
GitHub - tntrock/CVE-2024-4577_PowerShell: 使用PowsrShell掃描CVE-2024-4577
使用PowsrShell掃描CVE-2024-4577. Contribute to tntrock/CVE-2024-4577_PowerShell development by creating an account on GitHub.
CVE-2023-24932
Secure Boot Security Feature Bypass Vulnerability
Github link:
https://github.com/ajf8729/BlackLotus
Secure Boot Security Feature Bypass Vulnerability
Github link:
https://github.com/ajf8729/BlackLotus
GitHub
GitHub - ajf8729/BlackLotus: BlackLotus aka CVE-2023-24932 Detection/Remediation Scripts for Intune, ConfigMgr, and generic use
BlackLotus aka CVE-2023-24932 Detection/Remediation Scripts for Intune, ConfigMgr, and generic use - ajf8729/BlackLotus
CVE-2023-42793
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Github link:
https://github.com/syaifulandy/Nuclei-Template-CVE-2023-42793.yaml
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Github link:
https://github.com/syaifulandy/Nuclei-Template-CVE-2023-42793.yaml
GitHub
GitHub - syaifulandy/Nuclei-Template-CVE-2023-42793.yaml: Windows & linux support
Windows & linux support. Contribute to syaifulandy/Nuclei-Template-CVE-2023-42793.yaml development by creating an account on GitHub.
CVE-2025-0411
None
Github link:
https://github.com/betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass
None
Github link:
https://github.com/betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass
GitHub
GitHub - betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass: CVE-2025-0411 7-Zip Mark-of-the-Web Bypass
CVE-2025-0411 7-Zip Mark-of-the-Web Bypass. Contribute to betulssahin/CVE-2025-0411-7-Zip-Mark-of-the-Web-Bypass development by creating an account on GitHub.