CVE-2023-46747
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Github link:
https://github.com/Rizzler4562/CVE-2023-46747-Mass-RCE
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Github link:
https://github.com/Rizzler4562/CVE-2023-46747-Mass-RCE
CVE-2023-46747
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Github link:
https://github.com/Xanexs/CVE-2023-46747-Mass-RCE
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Github link:
https://github.com/Xanexs/CVE-2023-46747-Mass-RCE
CVE-2022-41082
Microsoft Exchange Server Remote Code Execution Vulnerability.
Github link:
https://github.com/soltanali0/CVE-2022-41082
Microsoft Exchange Server Remote Code Execution Vulnerability.
Github link:
https://github.com/soltanali0/CVE-2022-41082
GitHub
GitHub - soltanali0/CVE-2022-41082: CVE-2022-41082-poc
CVE-2022-41082-poc. Contribute to soltanali0/CVE-2022-41082 development by creating an account on GitHub.
CVE-2023-46747
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Github link:
https://github.com/AMELYA13/CVE-2023-46747-Mass-RCE
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Github link:
https://github.com/AMELYA13/CVE-2023-46747-Mass-RCE
CVE-2024-23113
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
Github link:
https://github.com/groshi/CVE-2024-23113-Private-POC
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.
Github link:
https://github.com/groshi/CVE-2024-23113-Private-POC
CVE-2023-46747
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Github link:
https://github.com/MacTavish2/CVE-2023-46747-Mass-RCE
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Github link:
https://github.com/MacTavish2/CVE-2023-46747-Mass-RCE
CVE-2022-23131
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
Github link:
https://github.com/davidzzo23/CVE-2022-23131
In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default).
Github link:
https://github.com/davidzzo23/CVE-2022-23131
GitHub
GitHub - davidzzo23/CVE-2022-23131: Zabbix Frontend Authentication Bypass Vulnerability
Zabbix Frontend Authentication Bypass Vulnerability - davidzzo23/CVE-2022-23131
CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Github link:
https://github.com/louisthedonothing/CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Github link:
https://github.com/louisthedonothing/CVE-2019-9053
GitHub
GitHub - louisthedonothing/CVE-2019-9053: CVE-2019-9053 rewritten in python3 to fix broken syntax. Affects CMS made simple <2.2.10
CVE-2019-9053 rewritten in python3 to fix broken syntax. Affects CMS made simple <2.2.10 - louisthedonothing/CVE-2019-9053