CVE-2024-32019.zip
2.8 KB
CVE-2024-32019
Author: T1erno
Netdata is an open source observability tool. In affected versions the
GitHub Link:
https://github.com/T1erno/CVE-2024-32019-Netdata-ndsudo-Privilege-Escalation-PoC
Author: T1erno
Netdata is an open source observability tool. In affected versions the
ndsudo tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The ndsudo tool is packaged as a root-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the PATH environment variable. This allows an attacker to control where ndsudo looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability.GitHub Link:
https://github.com/T1erno/CVE-2024-32019-Netdata-ndsudo-Privilege-Escalation-PoC
CVE-2018-15473.zip
30.3 KB
CVE-2018-15473
Author: anonymous121029034720384234234
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
GitHub Link:
https://github.com/anonymous121029034720384234234/py-network-scanner
Author: anonymous121029034720384234234
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
GitHub Link:
https://github.com/anonymous121029034720384234234/py-network-scanner
CVE-2018-6574.zip
2.9 KB
CVE-2018-6574
Author: adendarys
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
GitHub Link:
https://github.com/adendarys/CVE-2018-6574
Author: adendarys
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
GitHub Link:
https://github.com/adendarys/CVE-2018-6574
CVE-2017-12865.zip
846.4 KB
CVE-2017-12865
Author: ManaswiJaiswal
Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.
GitHub Link:
https://github.com/ManaswiJaiswal/Reproducing-ConnMan-1.34
Author: ManaswiJaiswal
Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.
GitHub Link:
https://github.com/ManaswiJaiswal/Reproducing-ConnMan-1.34
CVE-2024-4956.zip
2.7 KB
CVE-2024-4956
Author: amalpvatayam67
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
GitHub Link:
https://github.com/amalpvatayam67/day04-nexus-4956
Author: amalpvatayam67
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
GitHub Link:
https://github.com/amalpvatayam67/day04-nexus-4956
CVE-2024-23897.zip
2.3 KB
CVE-2024-23897
Author: amalpvatayam67
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
GitHub Link:
https://github.com/amalpvatayam67/day03-jenkins-23897
Author: amalpvatayam67
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
GitHub Link:
https://github.com/amalpvatayam67/day03-jenkins-23897
CVE-2025-21333.zip
568 B
CVE-2025-21333
Author: rahul0xkr
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/rahul0xkr/Reproducing-CVE-2025-21333-
Author: rahul0xkr
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/rahul0xkr/Reproducing-CVE-2025-21333-
CVE-2025-4123.zip
2.8 KB
CVE-2025-4123
Author: ItsNee
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.
The default Content-Security-Policy (CSP) in Grafana will block the XSS though the
GitHub Link:
https://github.com/ItsNee/Grafana-CVE-2025-4123-POC
Author: ItsNee
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.
The default Content-Security-Policy (CSP) in Grafana will block the XSS though the
connect-src directive.GitHub Link:
https://github.com/ItsNee/Grafana-CVE-2025-4123-POC
CVE-2025-48384.zip
697 B
CVE-2025-48384
Author: airkewld
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
GitHub Link:
ht...
Author: airkewld
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
GitHub Link:
ht...
CVE-2025-48384.zip
697 B
CVE-2025-48384
Author: airkewld
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
GitHub Link:
ht...
Author: airkewld
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
GitHub Link:
ht...
CVE-2025-21333.zip
36.6 KB
CVE-2025-21333
Author: rahul0xkr
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/rahul0xkr/Reproducing-CVE-2025-21333-
Author: rahul0xkr
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
GitHub Link:
https://github.com/rahul0xkr/Reproducing-CVE-2025-21333-
CVE-2025-4123.zip
2.8 KB
CVE-2025-4123
Author: ItsNee
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.
The default Content-Security-Policy (CSP) in Grafana will block the XSS though the
GitHub Link:
https://github.com/ItsNee/Grafana-CVE-2025-4123-POC
Author: ItsNee
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.
The default Content-Security-Policy (CSP) in Grafana will block the XSS though the
connect-src directive.GitHub Link:
https://github.com/ItsNee/Grafana-CVE-2025-4123-POC
👍1
CVE-2024-9264
Author: amalpvatayam67
The SQL Expressions experimental feature of Grafana allows for the evaluation of
GitHub Link:
https://github.com/amalpvatayam67/day05-grafana-sqlexpr-lab
Author: amalpvatayam67
The SQL Expressions experimental feature of Grafana allows for the evaluation of
duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The duckdb binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.GitHub Link:
https://github.com/amalpvatayam67/day05-grafana-sqlexpr-lab
CVE-2025-48384.zip
879 B
CVE-2025-48384
Author: s41r4j
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
GitHub Link:
https:...
Author: s41r4j
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When reading a config value, Git strips any trailing carriage return and line feed (CRLF). When writing a config entry, values with a trailing CR are not quoted, causing the CR to be lost when the config is later read. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read resulting in the submodule being checked out to an incorrect location. If a symlink exists that points the altered path to the submodule hooks directory, and the submodule contains an executable post-checkout hook, the script may be unintentionally executed after checkout. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.
GitHub Link:
https:...