CVE-2019-16278
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
Github link:
https://github.com/cancela24/CVE-2019-16278-Nostromo-1.9.6-RCE
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
Github link:
https://github.com/cancela24/CVE-2019-16278-Nostromo-1.9.6-RCE
GitHub
GitHub - cancela24/CVE-2019-16278-Nostromo-1.9.6-RCE: This repository contains an exploit for CVE-2019-16278 in Nostromo Web Server…
This repository contains an exploit for CVE-2019-16278 in Nostromo Web Server 1.9.6, allowing remote code execution via a directory traversal vulnerability. The script uses pwntools to establish a ...
CVE-2015-1328
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
Github link:
https://github.com/YastrebX/CVE-2015-1328
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
Github link:
https://github.com/YastrebX/CVE-2015-1328
GitHub
GitHub - YastrebX/CVE-2015-1328: CVE: 2015-1328 On python test
CVE: 2015-1328 On python test. Contribute to YastrebX/CVE-2015-1328 development by creating an account on GitHub.
CVE-2022-21661
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
Github link:
https://github.com/w0r1i0g1ht/CVE-2022-21661
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.
Github link:
https://github.com/w0r1i0g1ht/CVE-2022-21661
GitHub
GitHub - w0r1i0g1ht/CVE-2022-21661: CVE-2022-21661 docker and poc
CVE-2022-21661 docker and poc. Contribute to w0r1i0g1ht/CVE-2022-21661 development by creating an account on GitHub.
CVE-2013-0156
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
Github link:
https://github.com/oxBEN10/CVE-2013-0156
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
Github link:
https://github.com/oxBEN10/CVE-2013-0156
GitHub
GitHub - oxBEN10/CVE-2013-0156: This script is specifically designed to solve the challenge on PentesterLab for the CVE-2013-0156…
This script is specifically designed to solve the challenge on PentesterLab for the CVE-2013-0156 exploit - oxBEN10/CVE-2013-0156
CVE-2021-21425
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.
Github link:
https://github.com/bluetoothStrawberry/cve-2021-21425
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.
Github link:
https://github.com/bluetoothStrawberry/cve-2021-21425
GitHub
GitHub - bluetoothStrawberry/cve-2021-21425: working exploit for the old cve-2021-21425 grav cms 1.7.10 vuln
working exploit for the old cve-2021-21425 grav cms 1.7.10 vuln - bluetoothStrawberry/cve-2021-21425
CVE-2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Github link:
https://github.com/Bad3r/CVE-2021-3156-without-ip-command
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Github link:
https://github.com/Bad3r/CVE-2021-3156-without-ip-command
GitHub
GitHub - Bad3r/CVE-2021-3156-without-ip-command: fork of worawit/CVE-2021-3156 exploit_nss.py modified to work with ifconfig instead…
fork of worawit/CVE-2021-3156 exploit_nss.py modified to work with ifconfig instead of the ip command - Bad3r/CVE-2021-3156-without-ip-command
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/numaan911098/CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/numaan911098/CVE-2023-4220
GitHub
GitHub - numaan911098/CVE-2023-4220: https://nvd.nist.gov/vuln/detail/CVE-2023-4220
https://nvd.nist.gov/vuln/detail/CVE-2023-4220. Contribute to numaan911098/CVE-2023-4220 development by creating an account on GitHub.
CVE-2001-1473
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
Github link:
https://github.com/m00n3rrr/poc-CVE-2001-1473
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
Github link:
https://github.com/m00n3rrr/poc-CVE-2001-1473
GitHub
GitHub - m00n3rrr/poc-CVE-2001-1473: poc-CVE-2001-1473
poc-CVE-2001-1473. Contribute to m00n3rrr/poc-CVE-2001-1473 development by creating an account on GitHub.
CVE-2022-20474
In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294
Github link:
https://github.com/cxxsheng/CVE-2022-20474
In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294
Github link:
https://github.com/cxxsheng/CVE-2022-20474
GitHub
GitHub - cxxsheng/CVE-2022-20474: PoC of CVE-2022-20474
PoC of CVE-2022-20474. Contribute to cxxsheng/CVE-2022-20474 development by creating an account on GitHub.