CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/jkska23/Additive-Vulnerability-Analysis-CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/jkska23/Additive-Vulnerability-Analysis-CVE-2021-41773
GitHub
GitHub - jkska23/Additive-Vulnerability-Analysis-CVE-2021-41773: Apache: a Mainstream Web Service Turned a Vector of Attack for…
Apache: a Mainstream Web Service Turned a Vector of Attack for Remote Code Execution - jkska23/Additive-Vulnerability-Analysis-CVE-2021-41773
CVE-2024-6387
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/identity-threat-labs/CVE-2024-6387-Vulnerability-Checker
A signal handler race condition was found in OpenSSH's server (sshd), where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog().
Github link:
https://github.com/identity-threat-labs/CVE-2024-6387-Vulnerability-Checker
GitHub
GitHub - identity-threat-labs/CVE-2024-6387-Vulnerability-Checker: This Python script checks for the CVE-2024-6387 vulnerability…
This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file. - ...
CVE-2019-15107
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
Github link:
https://github.com/NasrallahBaadi/CVE-2019-15107
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
Github link:
https://github.com/NasrallahBaadi/CVE-2019-15107
GitHub
GitHub - NasrallahBaadi/CVE-2019-15107: CVE-2019-15107 Webmin unauthenticated RCE
CVE-2019-15107 Webmin unauthenticated RCE. Contribute to NasrallahBaadi/CVE-2019-15107 development by creating an account on GitHub.
CVE-2024-1071
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Github link:
https://github.com/fa-rrel/CVE-2024-1071-SQL-Injection
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Github link:
https://github.com/fa-rrel/CVE-2024-1071-SQL-Injection
GitHub
GitHub - gh-ost00/CVE-2024-1071-SQL-Injection: Proof of concept : CVE-2024-1071: WordPress Vulnerability Exploited
Proof of concept : CVE-2024-1071: WordPress Vulnerability Exploited - gh-ost00/CVE-2024-1071-SQL-Injection
CVE-2023-38831
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
Github link:
https://github.com/FirFirdaus/CVE-2023-38831
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.
Github link:
https://github.com/FirFirdaus/CVE-2023-38831
GitHub
GitHub - FirFirdaus/CVE-2023-38831: A POC demo on CVE-2023-38831
A POC demo on CVE-2023-38831. Contribute to FirFirdaus/CVE-2023-38831 development by creating an account on GitHub.
CVE-2024-0195
A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.
Github link:
https://github.com/fa-rrel/CVE-2024-0195-SpiderFlow
A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.
Github link:
https://github.com/fa-rrel/CVE-2024-0195-SpiderFlow
GitHub
GitHub - gh-ost00/CVE-2024-0195-SpiderFlow: CVE-2024-0195 Improper Control of Generation of Code ('Code Injection')
CVE-2024-0195 Improper Control of Generation of Code ('Code Injection') - gh-ost00/CVE-2024-0195-SpiderFlow
CVE-2023-29360
Microsoft Streaming Service Elevation of Privilege Vulnerability
Github link:
https://github.com/0xDivyanshu-new/CVE-2023-29360-
Microsoft Streaming Service Elevation of Privilege Vulnerability
Github link:
https://github.com/0xDivyanshu-new/CVE-2023-29360-
GitHub
GitHub - 0xDivyanshu-new/CVE-2023-29360-: POC for CVE-2023–29360
POC for CVE-2023–29360 . Contribute to 0xDivyanshu-new/CVE-2023-29360- development by creating an account on GitHub.