CVE-2001-1473
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
Github link:
https://github.com/alexandermoro/cve-2001-1473
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
Github link:
https://github.com/alexandermoro/cve-2001-1473
GitHub
GitHub - alexandermoro/cve-2001-1473: cve 2001 1473 poc
cve 2001 1473 poc. Contribute to alexandermoro/cve-2001-1473 development by creating an account on GitHub.
CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
Github link:
https://github.com/spidoman/CVE-2023-22809-automated-python-exploits
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
Github link:
https://github.com/spidoman/CVE-2023-22809-automated-python-exploits
GitHub
GitHub - spidoman/CVE-2023-22809-automated-python-exploits: automatically exploit the sudoedit vulnerability fo CVE-2023-22809
automatically exploit the sudoedit vulnerability fo CVE-2023-22809 - spidoman/CVE-2023-22809-automated-python-exploits
CVE-2025-32463
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/y4ney/CVE-2025-32463-lab
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Github link:
https://github.com/y4ney/CVE-2025-32463-lab
GitHub
GitHub - y4ney/CVE-2025-32463-lab: 本项目基于 Docker 搭建了一个用于复现和测试 sudo 本地权限提升漏洞 CVE-2025-32463 的实验环境。
本项目基于 Docker 搭建了一个用于复现和测试 sudo 本地权限提升漏洞 CVE-2025-32463 的实验环境。 - y4ney/CVE-2025-32463-lab
CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
Github link:
https://github.com/joidiego/Detection-struts-cve-2017-5638-detector
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
Github link:
https://github.com/joidiego/Detection-struts-cve-2017-5638-detector
GitHub
joidiego/Detection-struts-cve-2017-5638-detector
Real-time anomaly detection system for Apache Struts CVE-2017-5638 exploit using streaming analytics, 3-gram byte analysis, and Count-Min Sketch. Detects RCE attacks without signatures, with &l...
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/below0day/Honeypot-Logs-CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/below0day/Honeypot-Logs-CVE-2025-5777
GitHub
GitHub - below0day/Honeypot-Logs-CVE-2025-5777: CitrixBleed 2 NetScaler honeypot logs
CitrixBleed 2 NetScaler honeypot logs. Contribute to below0day/Honeypot-Logs-CVE-2025-5777 development by creating an account on GitHub.
CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/Cythonic1/CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/Cythonic1/CVE-2025-27591
GitHub
GitHub - Cythonic1/CVE-2025-27591: a C exploit for CVE-2025-27591, which allow an attacker to escalate privilege to root.
a C exploit for CVE-2025-27591, which allow an attacker to escalate privilege to root. - Cythonic1/CVE-2025-27591
CVE-2023-0159
The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system.
Github link:
https://github.com/Sn20393873/Extensive
The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system.
Github link:
https://github.com/Sn20393873/Extensive
GitHub
GitHub - Sn20393873/Extensive: Automatic Mass Tool for checking vulnerability in CVE-2023-0159 - Extensive VC Addons for WPBakery…
Automatic Mass Tool for checking vulnerability in CVE-2023-0159 - Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated… - Sn20393873/Extensive