CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/0xgh057r3c0n/CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/0xgh057r3c0n/CVE-2025-5777
GitHub
GitHub - 0xgh057r3c0n/CVE-2025-5777: Citrix NetScaler Memory Leak PoC
Citrix NetScaler Memory Leak PoC. Contribute to 0xgh057r3c0n/CVE-2025-5777 development by creating an account on GitHub.
CVE-2022-36934
An integer overflow in WhatsApp could result in remote code execution in an established video call.
Github link:
https://github.com/Teexo/mailenable-cve-2022-36934
An integer overflow in WhatsApp could result in remote code execution in an established video call.
Github link:
https://github.com/Teexo/mailenable-cve-2022-36934
GitHub
GitHub - Teexo/mailenable-cve-2022-36934: Metasploit module for MailEnable CVE-2022-36934 authentication bypass RCE
Metasploit module for MailEnable CVE-2022-36934 authentication bypass RCE - Teexo/mailenable-cve-2022-36934
CVE-2024-32113
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
Github link:
https://github.com/guinea-offensive-security/Ofbiz-RCE
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13.
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
Github link:
https://github.com/guinea-offensive-security/Ofbiz-RCE
GitHub
GitHub - guinea-offensive-security/Ofbiz-RCE: CVE-2024-32113 & CVE-2024-38856
CVE-2024-32113 & CVE-2024-38856. Contribute to guinea-offensive-security/Ofbiz-RCE development by creating an account on GitHub.
CVE-2014-6287
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
Github link:
https://github.com/rahisec/rejetto-http-file-server-2.3.x-RCE-exploit-CVE-2014-6287
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
Github link:
https://github.com/rahisec/rejetto-http-file-server-2.3.x-RCE-exploit-CVE-2014-6287
GitHub
GitHub - rahisec/rejetto-http-file-server-2.3.x-RCE-exploit-CVE-2014-6287: This repository contains Detailed explanation and working…
This repository contains Detailed explanation and working poc for Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution. - rahisec/rejetto-http-file-server-2.3.x-RCE-exploit-CVE-2014-6287
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/Jishanluhar/CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/Jishanluhar/CVE-2025-5777
CVE-2025-48384
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
Github link:
https://github.com/vinieger/vinieger-CVE-2025-48384-Dockerfile
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
Github link:
https://github.com/vinieger/vinieger-CVE-2025-48384-Dockerfile
GitHub
GitHub - vinieger/vinieger-CVE-2025-48384-Dockerfile: PoC dockerfile image for CVE-2025-48384
PoC dockerfile image for CVE-2025-48384. Contribute to vinieger/vinieger-CVE-2025-48384-Dockerfile development by creating an account on GitHub.
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/ZeroMemoryEx/PHP-CGI-INTERNAL-RCE
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/ZeroMemoryEx/PHP-CGI-INTERNAL-RCE
GitHub
GitHub - ZeroMemoryEx/PHP-CGI-INTERNAL-RCE: Delivering PHP RCE (CVE-2024-4577) to the Local Network Servers
Delivering PHP RCE (CVE-2024-4577) to the Local Network Servers - ZeroMemoryEx/PHP-CGI-INTERNAL-RCE
CVE-2007-2447
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Github link:
https://github.com/MrRoma577/exploit_cve-2007-2447_again
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
Github link:
https://github.com/MrRoma577/exploit_cve-2007-2447_again
GitHub
GitHub - MrRoma577/exploit_cve-2007-2447_again: just remeber how small mistake in santisize username could give yoy root access…
just remeber how small mistake in santisize username could give yoy root access to the full machine - GitHub - MrRoma577/exploit_cve-2007-2447_again: just remeber how small mistake in santisize us...
CVE-2025-32462
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
Github link:
https://github.com/toohau/CVE-2025-32462-32463-Detection-Script-
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
Github link:
https://github.com/toohau/CVE-2025-32462-32463-Detection-Script-
GitHub
GitHub - toohau/CVE-2025-32462-32463-Detection-Script-: Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux…
Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros - toohau/CVE-2025-32462-32463-Detection-Script-
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/morgenm/sudo-chroot-CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/morgenm/sudo-chroot-CVE-2025-32463
GitHub
GitHub - morgenm/sudo-chroot-CVE-2025-32463: Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc)
Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc) - morgenm/sudo-chroot-CVE-2025-32463
CVE-2025-24813
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/sentilaso1/CVE-2025-24813-Apache-Tomcat-RCE-PoC
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial
Github link:
https://github.com/sentilaso1/CVE-2025-24813-Apache-Tomcat-RCE-PoC
GitHub
GitHub - sentilaso1/CVE-2025-24813-Apache-Tomcat-RCE-PoC: Proof of Concept for CVE-2025-24813, a Remote Code Execution vulnerability…
Proof of Concept for CVE-2025-24813, a Remote Code Execution vulnerability in Apache Tomcat. This PoC exploits unsafe deserialization via crafted session files uploaded through HTTP PUT requests, a...
CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/krill-x7/CVE-2011-2523
vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.
Github link:
https://github.com/krill-x7/CVE-2011-2523
GitHub
GitHub - krill-x7/CVE-2011-2523: Python exploit for vsftpd 2.3.4 - Backdoor Command Execution
Python exploit for vsftpd 2.3.4 - Backdoor Command Execution - GitHub - krill-x7/CVE-2011-2523: Python exploit for vsftpd 2.3.4 - Backdoor Command Execution