CVE-2022-3699
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45
that could allow a local user to execute code with elevated privileges.
Github link:
https://github.com/Eap2468/CVE-2022-3699
A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45
that could allow a local user to execute code with elevated privileges.
Github link:
https://github.com/Eap2468/CVE-2022-3699
GitHub
GitHub - Eap2468/CVE-2022-3699: Proof of Concept exploit for CVE-2022-3699
Proof of Concept exploit for CVE-2022-3699. Contribute to Eap2468/CVE-2022-3699 development by creating an account on GitHub.
CVE-2022-27925
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Github link:
https://github.com/sanan2004/CVE-2022-27925
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Github link:
https://github.com/sanan2004/CVE-2022-27925
GitHub
GitHub - sanan2004/CVE-2022-27925: PoC
PoC. Contribute to sanan2004/CVE-2022-27925 development by creating an account on GitHub.
CVE-2022-37706
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Github link:
https://github.com/sanan2004/CVE-2022-37706
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Github link:
https://github.com/sanan2004/CVE-2022-37706
GitHub
GitHub - sanan2004/CVE-2022-37706: PoC
PoC. Contribute to sanan2004/CVE-2022-37706 development by creating an account on GitHub.
CVE-2018-17431
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.
Github link:
https://github.com/sanan2004/CVE-2018-17431-Comodo
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.
Github link:
https://github.com/sanan2004/CVE-2018-17431-Comodo
GitHub
GitHub - sanan2004/CVE-2018-17431-Comodo: Comodo
Comodo . Contribute to sanan2004/CVE-2018-17431-Comodo development by creating an account on GitHub.
CVE-2023-1177
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
Github link:
https://github.com/saimahmed/MLflow-Vuln
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
Github link:
https://github.com/saimahmed/MLflow-Vuln
GitHub
GitHub - saimahmed/MLflow-Vuln: MLflow LFI/RFI Vulnerability -CVE-2023-1177 - Reproduced
MLflow LFI/RFI Vulnerability -CVE-2023-1177 - Reproduced - saimahmed/MLflow-Vuln
CVE-2019-11447
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
Github link:
https://github.com/ojo5/CVE-2019-11447.c
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
Github link:
https://github.com/ojo5/CVE-2019-11447.c
GitHub
GitHub - ojo5/CVE-2019-11447.c: CVE-2019-11447 written in C
CVE-2019-11447 written in C. Contribute to ojo5/CVE-2019-11447.c development by creating an account on GitHub.
CVE-2023-41425
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
Github link:
https://github.com/tiyeume25112004/CVE-2023-41425
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
Github link:
https://github.com/tiyeume25112004/CVE-2023-41425
GitHub
GitHub - tiyeume25112004/CVE-2023-41425: Research
Research. Contribute to tiyeume25112004/CVE-2023-41425 development by creating an account on GitHub.