CVE-2023-36845.zip
4.1 KB
CVE-2023-36845
Author: kopfjager007
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series
and SRX Series
allows an unauthenticated, network-based attacker to control certain, important environments variables.
Utilizing a crafted request an attacker is able to modify a certain PHP environment variable leading to partial loss of integrity, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on SRX Series:
All versions prior to 21.4R3-S5;
22.1 versions
prior to
22.1R3-S4;
22.2 versions
prior to
22.2R3-S2;
22.3 versions
prior to
22.3R2-S2, 22.3R3-S1;
22.4 versions
prior to
22.4R2-S1, 22.4R3;
23.2 versions prior to 23.2R1-S1, 23.2R2.
GitHub Link:
https://github.com/kopfjager007/CVE-2023-36845
Author: kopfjager007
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series
and SRX Series
allows an unauthenticated, network-based attacker to control certain, important environments variables.
Utilizing a crafted request an attacker is able to modify a certain PHP environment variable leading to partial loss of integrity, which may allow chaining to other vulnerabilities.
This issue affects Juniper Networks Junos OS on SRX Series:
All versions prior to 21.4R3-S5;
22.1 versions
prior to
22.1R3-S4;
22.2 versions
prior to
22.2R3-S2;
22.3 versions
prior to
22.3R2-S2, 22.3R3-S1;
22.4 versions
prior to
22.4R2-S1, 22.4R3;
23.2 versions prior to 23.2R1-S1, 23.2R2.
GitHub Link:
https://github.com/kopfjager007/CVE-2023-36845
CVE-2018-12533.zip
11.4 KB
CVE-2018-12533
Author: LucasKatashi
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.
GitHub Link:
https://github.com/LucasKatashi/paint2die
Author: LucasKatashi
JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310.
GitHub Link:
https://github.com/LucasKatashi/paint2die
CVE-2024-29943.zip
1.2 MB
CVE-2024-29943
Author: seadragnol
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
GitHub Link:
https://github.com/seadragnol/CVE-2024-29943
Author: seadragnol
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.
GitHub Link:
https://github.com/seadragnol/CVE-2024-29943
CVE-2022-37969.zip
3.7 MB
CVE-2022-37969
Author: EmilC3978
Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35803.
GitHub Link:
https://github.com/EmilC3978/CVE-2022-37969PoC
Author: EmilC3978
Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-35803.
GitHub Link:
https://github.com/EmilC3978/CVE-2022-37969PoC
CVE-2024-6387.zip
3.9 MB
CVE-2024-6387
Author: arielrbrdev
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
GitHub Link:
https://github.com/arielrbrdev/redteamlab1
Author: arielrbrdev
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
GitHub Link:
https://github.com/arielrbrdev/redteamlab1
CVE-2024-32019.zip
2.6 KB
CVE-2024-32019
Author: julichaan
Netdata is an open source observability tool. In affected versions the
GitHub Link:
https://github.com/julichaan/CVE-2024-32019-ndsudo-local-privilege-escalation-NetData
Author: julichaan
Netdata is an open source observability tool. In affected versions the
ndsudo tool shipped with affected versions of the Netdata Agent allows an attacker to run arbitrary programs with root permissions. The ndsudo tool is packaged as a root-owned executable with the SUID bit set. It only runs a restricted set of external commands, but its search paths are supplied by the PATH environment variable. This allows an attacker to control where ndsudo looks for these commands, which may be a path the attacker has write access to. This may lead to local privilege escalation. This vulnerability has been addressed in versions 1.45.3 and 1.45.2-169. Users are advised to upgrade. There are no known workarounds for this vulnerability.GitHub Link:
https://github.com/julichaan/CVE-2024-32019-ndsudo-local-privilege-escalation-NetData
CVE-2021-41773.zip
2.7 KB
CVE-2021-41773
Author: faizdotid
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
GitHub Link:
https://github.com/faizdotid/CVE-2021-41773
Author: faizdotid
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
GitHub Link:
https://github.com/faizdotid/CVE-2021-41773