CVE-2023-35674
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Github link:
https://github.com/SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674
GitHub
GitHub - SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674: Guide and theoretical code for CVE-2023-35674
Guide and theoretical code for CVE-2023-35674. Contribute to SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674 development by creating an account on GitHub.
CVE-2001-1473
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
Github link:
https://github.com/p1ton3rr/poc-cve-2001-1473
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
Github link:
https://github.com/p1ton3rr/poc-cve-2001-1473
GitHub
GitHub - p1ton3rr/poc-cve-2001-1473: A novel approach to the old problem
A novel approach to the old problem. Contribute to p1ton3rr/poc-cve-2001-1473 development by creating an account on GitHub.
CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Github link:
https://github.com/Bu0uCat/ADSelfService-Plus-RCE-CVE-2021-40539
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
Github link:
https://github.com/Bu0uCat/ADSelfService-Plus-RCE-CVE-2021-40539
GitHub
GitHub - Bu0uCat/ADSelfService-Plus-RCE-CVE-2021-40539: ADSelfService Plus RCE漏洞 检测工具 (二开)
ADSelfService Plus RCE漏洞 检测工具 (二开). Contribute to Bu0uCat/ADSelfService-Plus-RCE-CVE-2021-40539 development by creating an account on GitHub.
CVE-2013-5211
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
Github link:
https://github.com/requiempentest/NTP_CVE-2013-5211
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in December 2013.
Github link:
https://github.com/requiempentest/NTP_CVE-2013-5211
GitHub
GitHub - requiempentest/NTP_CVE-2013-5211: Exploit and check CVE-2013-5211
Exploit and check CVE-2013-5211. Contribute to requiempentest/NTP_CVE-2013-5211 development by creating an account on GitHub.
CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/nwclasantha/Apache_2.4.29_Exploit
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/nwclasantha/Apache_2.4.29_Exploit
CVE-2024-1709
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
Github link:
https://github.com/AMRICHASFUCK/Mass-CVE-2024-1709
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
Github link:
https://github.com/AMRICHASFUCK/Mass-CVE-2024-1709
GitHub
GitHub - AMRICHASFUCK/Mass-CVE-2024-1709: ScreenConnect AuthBypass Mass RCE
ScreenConnect AuthBypass Mass RCE. Contribute to AMRICHASFUCK/Mass-CVE-2024-1709 development by creating an account on GitHub.
CVE-2010-2075
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
Github link:
https://github.com/nwclasantha/unreal_ircd_3281_backdoor_and_mitigation
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
Github link:
https://github.com/nwclasantha/unreal_ircd_3281_backdoor_and_mitigation
GitHub
GitHub - nwclasantha/unreal_ircd_3281_backdoor_and_mitigation: The UnrealIRCd 3.2.8.1 Backdoor is associated with CVE-2010-2075…
The UnrealIRCd 3.2.8.1 Backdoor is associated with CVE-2010-2075, a well-known vulnerability that was introduced when the source code of the UnrealIRCd software was compromised. - nwclasantha/unrea...
CVE-2023-38408
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
Github link:
https://github.com/fazilbaig1/cve_2023_38408_scanner
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
Github link:
https://github.com/fazilbaig1/cve_2023_38408_scanner
GitHub
GitHub - fazilbaig1/cve_2023_38408_scanner: Vulnerability Overview CVE-2023-38408 affects OpenSSH versions < 9.3p2 and stems from…
Vulnerability Overview CVE-2023-38408 affects OpenSSH versions < 9.3p2 and stems from improper validation of data when SSH agent forwarding is enabled. When users connect to a remote server ...
CVE-2020-35575
None
Github link:
https://github.com/dylvie/CVE-2020-35575-TP-LINK-TL-WR841ND-password-disclosure
None
Github link:
https://github.com/dylvie/CVE-2020-35575-TP-LINK-TL-WR841ND-password-disclosure
GitHub
GitHub - dylvie/CVE-2020-35575-TP-LINK-TL-WR841ND-password-disclosure: password-disclosure issue in the web interface on certain…
password-disclosure issue in the web interface on certain TP-Link devices - dylvie/CVE-2020-35575-TP-LINK-TL-WR841ND-password-disclosure