CVE-2019-11447
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
Github link:
https://github.com/ojo5/CVE-2019-11447.c
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatar_file field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content of a file can be changed and the control can be bypassed for code execution. (An attacker can use the GIF header for this.)
Github link:
https://github.com/ojo5/CVE-2019-11447.c
GitHub
GitHub - ojo5/CVE-2019-11447.c: CVE-2019-11447 written in C
CVE-2019-11447 written in C. Contribute to ojo5/CVE-2019-11447.c development by creating an account on GitHub.
CVE-2023-41425
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
Github link:
https://github.com/tiyeume25112004/CVE-2023-41425
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
Github link:
https://github.com/tiyeume25112004/CVE-2023-41425
GitHub
GitHub - tiyeume25112004/CVE-2023-41425: Research
Research. Contribute to tiyeume25112004/CVE-2023-41425 development by creating an account on GitHub.
CVE-2024-4358
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
Github link:
https://github.com/fa-rrel/CVE-2024-4358
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
Github link:
https://github.com/fa-rrel/CVE-2024-4358
GitHub
GitHub - gh-ost00/CVE-2024-4358: Telerik Report Server deserialization and authentication bypass exploit chain for CVE-2024-4358/CVE…
Telerik Report Server deserialization and authentication bypass exploit chain for CVE-2024-4358/CVE-2024-1800 - gh-ost00/CVE-2024-4358
CVE-2023-42793
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Github link:
https://github.com/FlojBoj/CVE-2023-42793
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible
Github link:
https://github.com/FlojBoj/CVE-2023-42793
GitHub
GitHub - FlojBoj/CVE-2023-42793: TeamCity CVE-2023-42793 RCE (Remote Code Execution)
TeamCity CVE-2023-42793 RCE (Remote Code Execution) - FlojBoj/CVE-2023-42793