CVE-2021-41773
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/nwclasantha/Apache_2.4.29_Exploit
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.
Github link:
https://github.com/nwclasantha/Apache_2.4.29_Exploit
CVE-2024-1709
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
Github link:
https://github.com/AMRICHASFUCK/Mass-CVE-2024-1709
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel
vulnerability, which may allow an attacker direct access to confidential information or
critical systems.
Github link:
https://github.com/AMRICHASFUCK/Mass-CVE-2024-1709
GitHub
GitHub - AMRICHASFUCK/Mass-CVE-2024-1709: ScreenConnect AuthBypass Mass RCE
ScreenConnect AuthBypass Mass RCE. Contribute to AMRICHASFUCK/Mass-CVE-2024-1709 development by creating an account on GitHub.
CVE-2010-2075
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
Github link:
https://github.com/nwclasantha/unreal_ircd_3281_backdoor_and_mitigation
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
Github link:
https://github.com/nwclasantha/unreal_ircd_3281_backdoor_and_mitigation
GitHub
GitHub - nwclasantha/unreal_ircd_3281_backdoor_and_mitigation: The UnrealIRCd 3.2.8.1 Backdoor is associated with CVE-2010-2075…
The UnrealIRCd 3.2.8.1 Backdoor is associated with CVE-2010-2075, a well-known vulnerability that was introduced when the source code of the UnrealIRCd software was compromised. - nwclasantha/unrea...
CVE-2023-38408
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
Github link:
https://github.com/fazilbaig1/cve_2023_38408_scanner
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
Github link:
https://github.com/fazilbaig1/cve_2023_38408_scanner
GitHub
GitHub - fazilbaig1/cve_2023_38408_scanner: Vulnerability Overview CVE-2023-38408 affects OpenSSH versions < 9.3p2 and stems from…
Vulnerability Overview CVE-2023-38408 affects OpenSSH versions < 9.3p2 and stems from improper validation of data when SSH agent forwarding is enabled. When users connect to a remote server ...
CVE-2020-35575
None
Github link:
https://github.com/dylvie/CVE-2020-35575-TP-LINK-TL-WR841ND-password-disclosure
None
Github link:
https://github.com/dylvie/CVE-2020-35575-TP-LINK-TL-WR841ND-password-disclosure
GitHub
GitHub - dylvie/CVE-2020-35575-TP-LINK-TL-WR841ND-password-disclosure: password-disclosure issue in the web interface on certain…
password-disclosure issue in the web interface on certain TP-Link devices - dylvie/CVE-2020-35575-TP-LINK-TL-WR841ND-password-disclosure
CVE-2021-23383
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
Github link:
https://github.com/fazilbaig1/CVE-2021-23383
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
Github link:
https://github.com/fazilbaig1/CVE-2021-23383
GitHub
GitHub - fazilbaig1/CVE-2021-23383: The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain…
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source. - fazilbaig1/CVE-2021-23383
CVE-2024-30088
Windows Kernel Elevation of Privilege Vulnerability
Github link:
https://github.com/l0n3m4n/CVE-2024-30088
Windows Kernel Elevation of Privilege Vulnerability
Github link:
https://github.com/l0n3m4n/CVE-2024-30088
GitHub
GitHub - l0n3m4n/CVE-2024-30088: Windows Kernel Elevation of Privilege
Windows Kernel Elevation of Privilege . Contribute to l0n3m4n/CVE-2024-30088 development by creating an account on GitHub.