CVE-2018-9995
Author: jameseyes
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
GitHub Link:
https://github.com/jameseyes/DVRC
Author: jameseyes
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin" header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response.
GitHub Link:
https://github.com/jameseyes/DVRC
CVE-2025-49493.zip
1.6 KB
CVE-2025-49493
Author: Soham-id
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
GitHub Link:
https://github.com/Soham-id/2025hvv
Author: Soham-id
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
GitHub Link:
https://github.com/Soham-id/2025hvv
CVE-2025-20265.zip
3.6 KB
CVE-2025-20265
Author: amalpvatayam67
A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.
This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level.
Note: For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.
GitHub Link:
https://github.com/amalpvatayam67/day08-CISCO-fmc-sim
Author: amalpvatayam67
A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.
This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level.
Note: For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.
GitHub Link:
https://github.com/amalpvatayam67/day08-CISCO-fmc-sim
CVE-2018-25031.zip
4 KB
CVE-2018-25031
Author: RelicHunt3r
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
GitHub Link:
https://github.com/RelicHunt3r/swagger-ui
Author: RelicHunt3r
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
GitHub Link:
https://github.com/RelicHunt3r/swagger-ui
CVE-2025-32463.zip
1.8 KB
CVE-2025-32463
Author: At0mXploit
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/At0mXploit/CVE-2025-32463
Author: At0mXploit
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/At0mXploit/CVE-2025-32463
CVE-2018-25031.zip
4.7 KB
CVE-2018-25031
Author: rh007pt
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
GitHub Link:
https://github.com/rh007pt/swagger-ui
Author: rh007pt
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
GitHub Link:
https://github.com/rh007pt/swagger-ui
CVE-2018-25031.zip
4 KB
CVE-2018-25031
Author: RelicHunt3r
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
GitHub Link:
https://github.com/RelicHunt3r/swagger-ui
Author: RelicHunt3r
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
GitHub Link:
https://github.com/RelicHunt3r/swagger-ui
CVE-2025-32463.zip
2.3 KB
CVE-2025-32463
Author: At0mXploit
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/At0mXploit/CVE-2025-32463
Author: At0mXploit
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
GitHub Link:
https://github.com/At0mXploit/CVE-2025-32463
CVE-2018-25031.zip
4.7 KB
CVE-2018-25031
Author: rh007pt
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
GitHub Link:
https://github.com/rh007pt/swagger-ui
Author: rh007pt
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
GitHub Link:
https://github.com/rh007pt/swagger-ui
CVE-2025-20265.zip
3.6 KB
CVE-2025-20265
Author: amalpvatayam67
A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.
This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level.
Note: For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.
GitHub Link:
https://github.com/amalpvatayam67/day08-CISCO-fmc-sim
Author: amalpvatayam67
A vulnerability in the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.
This vulnerability is due to a lack of proper handling of user input during the authentication phase. An attacker could exploit this vulnerability by sending crafted input when entering credentials that will be authenticated at the configured RADIUS server. A successful exploit could allow the attacker to execute commands at a high privilege level.
Note: For this vulnerability to be exploited, Cisco Secure FMC Software must be configured for RADIUS authentication for the web-based management interface, SSH management, or both.
GitHub Link:
https://github.com/amalpvatayam67/day08-CISCO-fmc-sim
CVE-2025-49493.zip
1.6 KB
CVE-2025-49493
Author: Soham-id
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
GitHub Link:
https://github.com/Soham-id/2025hvv
Author: Soham-id
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
GitHub Link:
https://github.com/Soham-id/2025hvv