CVE-2024-30078
Windows Wi-Fi Driver Remote Code Execution Vulnerability
Github link:
https://github.com/zgimszhd61/CVE-2024-30078-POC_WIFI
Windows Wi-Fi Driver Remote Code Execution Vulnerability
Github link:
https://github.com/zgimszhd61/CVE-2024-30078-POC_WIFI
CVE-2022-29078
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
Github link:
https://github.com/l0n3m4n/CVE-2022-29078
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
Github link:
https://github.com/l0n3m4n/CVE-2022-29078
GitHub
GitHub - l0n3m4n/CVE-2022-29078: Serverside Template Injection (SSTI) RCE - THM challenge "whiterose"
Serverside Template Injection (SSTI) RCE - THM challenge "whiterose" - GitHub - l0n3m4n/CVE-2022-29078: Serverside Template Injection (SSTI) RCE - THM challenge "whiterose"
CVE-2015-5254
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
Github link:
https://github.com/guigui237/Exploitation-de-la-vuln-rabilit-CVE-2015-5254-
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.
Github link:
https://github.com/guigui237/Exploitation-de-la-vuln-rabilit-CVE-2015-5254-
GitHub
GitHub - guigui237/Exploitation-de-la-vuln-rabilit-CVE-2015-5254-: La vulnérabilité CVE-2015-5254 est une faille de sécurité dans…
La vulnérabilité CVE-2015-5254 est une faille de sécurité dans Apache ActiveMQ, un serveur de messages open source largement utilisé pour la communication entre applications. Cette vulnérabilité to...
CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/BTtea/CVE-2024-4577-RCE-PoC
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Github link:
https://github.com/BTtea/CVE-2024-4577-RCE-PoC
GitHub
GitHub - BTtea/CVE-2024-4577-RCE-PoC: CVE-2024-4577 RCE PoC
CVE-2024-4577 RCE PoC. Contribute to BTtea/CVE-2024-4577-RCE-PoC development by creating an account on GitHub.