CVE-2017-5638
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
Github link:
https://github.com/joidiego/Detection-struts-cve-2017-5638-detector
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header, as exploited in the wild in March 2017 with a Content-Type header containing a #cmd= string.
Github link:
https://github.com/joidiego/Detection-struts-cve-2017-5638-detector
GitHub
joidiego/Detection-struts-cve-2017-5638-detector
Real-time anomaly detection system for Apache Struts CVE-2017-5638 exploit using streaming analytics, 3-gram byte analysis, and Count-Min Sketch. Detects RCE attacks without signatures, with &l...
CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/below0day/Honeypot-Logs-CVE-2025-5777
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
Github link:
https://github.com/below0day/Honeypot-Logs-CVE-2025-5777
GitHub
GitHub - below0day/Honeypot-Logs-CVE-2025-5777: CitrixBleed 2 NetScaler honeypot logs
CitrixBleed 2 NetScaler honeypot logs. Contribute to below0day/Honeypot-Logs-CVE-2025-5777 development by creating an account on GitHub.
CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/Cythonic1/CVE-2025-27591
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Github link:
https://github.com/Cythonic1/CVE-2025-27591
GitHub
GitHub - Cythonic1/CVE-2025-27591: a C exploit for CVE-2025-27591, which allow an attacker to escalate privilege to root.
a C exploit for CVE-2025-27591, which allow an attacker to escalate privilege to root. - Cythonic1/CVE-2025-27591
CVE-2023-0159
The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system.
Github link:
https://github.com/Sn20393873/Extensive
The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system.
Github link:
https://github.com/Sn20393873/Extensive
GitHub
GitHub - Sn20393873/Extensive: Automatic Mass Tool for checking vulnerability in CVE-2023-0159 - Extensive VC Addons for WPBakery…
Automatic Mass Tool for checking vulnerability in CVE-2023-0159 - Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated… - Sn20393873/Extensive
CVE-2023-23752
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Github link:
https://github.com/0xVoodoo/CVE-2023-23752
An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.
Github link:
https://github.com/0xVoodoo/CVE-2023-23752
GitHub
GitHub - 0xVoodoo/CVE-2023-23752: CVE-2023-23752 - Joomla Information Disclosure Vulnerability
CVE-2023-23752 - Joomla Information Disclosure Vulnerability - 0xVoodoo/CVE-2023-23752
CVE-2016-4631
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
Github link:
https://github.com/l3onkers/FuxiOS
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
Github link:
https://github.com/l3onkers/FuxiOS
GitHub
GitHub - l3onkers/FuxiOS: 🎯 FuxiOS.py v2.0 - CVE-2016-4631 Exploit PoC modernizado
🎯 FuxiOS.py v2.0 - CVE-2016-4631 Exploit PoC modernizado - l3onkers/FuxiOS
CVE-2016-5195
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
Github link:
https://github.com/mohammadamin382/dirtycow-lab
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
Github link:
https://github.com/mohammadamin382/dirtycow-lab
GitHub
GitHub - mohammadamin382/dirtycow-lab: Educational PoC for Dirty COW (CVE-2016-5195) with logging, ptrace fallback, and binary…
Educational PoC for Dirty COW (CVE-2016-5195) with logging, ptrace fallback, and binary payload support. - mohammadamin382/dirtycow-lab