CVE-2018-9995
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
Github link:
https://github.com/its-anya/DVR_Credential_Scanner
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
Github link:
https://github.com/its-anya/DVR_Credential_Scanner
GitHub
GitHub - its-anya/DVR_Credential_Scanner: A tool for scanning DVR systems vulnerable to CVE-2018-9995 credential disclosure. Educational…
A tool for scanning DVR systems vulnerable to CVE-2018-9995 credential disclosure. Educational purposes only - demonstrates how attackers exploit authentication bypasses in DVR/IP camera systems. I...
CVE-2008-4250
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
Github link:
https://github.com/NoTrustedx/Exploit_MS08-067
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
Github link:
https://github.com/NoTrustedx/Exploit_MS08-067
GitHub
GitHub - NoTrustedx/Exploit_MS08-067: MS08-067 | CVE-2008-4250
MS08-067 | CVE-2008-4250. Contribute to NoTrustedx/Exploit_MS08-067 development by creating an account on GitHub.
CVE-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/valeriot30/cve-2024-3094
Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. The tarballs included extra .m4 files, which contained instructions for building with automake that did not exist in the repository. These instructions, through a series of complex obfuscations, extract a prebuilt object file from one of the test archives, which is then used to modify specific functions in the code while building the liblzma package. This issue results in liblzma being used by additional software, like sshd, to provide functionality that will be interpreted by the modified functions.
Github link:
https://github.com/valeriot30/cve-2024-3094
GitHub
GitHub - valeriot30/cve-2024-3094: A XZ backdoor vulnerability explained in details
A XZ backdoor vulnerability explained in details. Contribute to valeriot30/cve-2024-3094 development by creating an account on GitHub.
CVE-2025-3102
The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.
Github link:
https://github.com/0xgh057r3c0n/CVE-2025-3102
The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.
Github link:
https://github.com/0xgh057r3c0n/CVE-2025-3102
GitHub
GitHub - 0xgh057r3c0n/CVE-2025-3102: SureTriggers <= 1.0.78 - Authorization Bypass Exploit
SureTriggers <= 1.0.78 - Authorization Bypass Exploit - 0xgh057r3c0n/CVE-2025-3102
CVE-2019-7214
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
Github link:
https://github.com/ElusiveHacker/CVE-2019-7214
SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This port is not accessible remotely by default after applying the Build 6985 patch.
Github link:
https://github.com/ElusiveHacker/CVE-2019-7214
GitHub
GitHub - ElusiveHacker/CVE-2019-7214: For CTF use only (the CVE-2019-7214 also resolves the host from /etc/hosts)
For CTF use only (the CVE-2019-7214 also resolves the host from /etc/hosts) - ElusiveHacker/CVE-2019-7214
CVE-2023-27163
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Github link:
https://github.com/J0ey17/Exploit_CVE-2023-27163
request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.
Github link:
https://github.com/J0ey17/Exploit_CVE-2023-27163
GitHub
GitHub - J0ey17/Exploit_CVE-2023-27163: Proof of Concept exploit for Server Side Request Forgery vulnerability in Requests Basket…
Proof of Concept exploit for Server Side Request Forgery vulnerability in Requests Basket v1.2.1 and before. - J0ey17/Exploit_CVE-2023-27163
CVE-2025-32206
Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects allows Upload a Web Shell to a Web Server. This issue affects Processing Projects: from n/a through 1.0.2.
Github link:
https://github.com/postal-filled-zap/CVE
Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects allows Upload a Web Shell to a Web Server. This issue affects Processing Projects: from n/a through 1.0.2.
Github link:
https://github.com/postal-filled-zap/CVE
CVE-2019-20085
TVT NVMS-1000 devices allow GET /.. Directory Traversal
Github link:
https://github.com/Z3R0-0x30/CVE-2019-20085
TVT NVMS-1000 devices allow GET /.. Directory Traversal
Github link:
https://github.com/Z3R0-0x30/CVE-2019-20085
GitHub
GitHub - Z3R0-0x30/CVE-2019-20085: A repository used for Hackthebox ServMon Machine
A repository used for Hackthebox ServMon Machine. Contribute to Z3R0-0x30/CVE-2019-20085 development by creating an account on GitHub.
CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/Ademking/CVE-2025-49113-nuclei-template
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
Github link:
https://github.com/Ademking/CVE-2025-49113-nuclei-template
GitHub
GitHub - Ademking/CVE-2025-49113-nuclei-template: CVE-2025-49113 - Roundcube <= 1.6.10 Post-Auth RCE via PHP Object Deserialization
CVE-2025-49113 - Roundcube <= 1.6.10 Post-Auth RCE via PHP Object Deserialization - Ademking/CVE-2025-49113-nuclei-template
CVE-2019-12840
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
Github link:
https://github.com/fenix0499/CVE-2019-12840-NodeJs-Exploit
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
Github link:
https://github.com/fenix0499/CVE-2019-12840-NodeJs-Exploit
GitHub
GitHub - fenix0499/CVE-2019-12840-NodeJs-Exploit: Authenticated Remote Command Execution - Webmin <= 1.910
Authenticated Remote Command Execution - Webmin <= 1.910 - fenix0499/CVE-2019-12840-NodeJs-Exploit