CVE-2013-0156
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
Github link:
https://github.com/oxBEN10/CVE-2013-0156
active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion.
Github link:
https://github.com/oxBEN10/CVE-2013-0156
GitHub
GitHub - oxBEN10/CVE-2013-0156: This script is specifically designed to solve the challenge on PentesterLab for the CVE-2013-0156…
This script is specifically designed to solve the challenge on PentesterLab for the CVE-2013-0156 exploit - oxBEN10/CVE-2013-0156
CVE-2021-21425
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.
Github link:
https://github.com/bluetoothStrawberry/cve-2021-21425
Grav Admin Plugin is an HTML user interface that provides a way to configure Grav and create and modify pages. In versions 1.10.7 and earlier, an unauthenticated user can execute some methods of administrator controller without needing any credentials. Particular method execution will result in arbitrary YAML file creation or content change of existing YAML files on the system. Successfully exploitation of that vulnerability results in configuration changes, such as general site information change, custom scheduler job definition, etc. Due to the nature of the vulnerability, an adversary can change some part of the webpage, or hijack an administrator account, or execute operating system command under the context of the web-server user. This vulnerability is fixed in version 1.10.8. Blocking access to the `/admin` path from untrusted sources can be applied as a workaround.
Github link:
https://github.com/bluetoothStrawberry/cve-2021-21425
GitHub
GitHub - bluetoothStrawberry/cve-2021-21425: working exploit for the old cve-2021-21425 grav cms 1.7.10 vuln
working exploit for the old cve-2021-21425 grav cms 1.7.10 vuln - bluetoothStrawberry/cve-2021-21425
CVE-2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Github link:
https://github.com/Bad3r/CVE-2021-3156-without-ip-command
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Github link:
https://github.com/Bad3r/CVE-2021-3156-without-ip-command
GitHub
GitHub - Bad3r/CVE-2021-3156-without-ip-command: fork of worawit/CVE-2021-3156 exploit_nss.py modified to work with ifconfig instead…
fork of worawit/CVE-2021-3156 exploit_nss.py modified to work with ifconfig instead of the ip command - Bad3r/CVE-2021-3156-without-ip-command
CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/numaan911098/CVE-2023-4220
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Github link:
https://github.com/numaan911098/CVE-2023-4220
GitHub
GitHub - numaan911098/CVE-2023-4220: https://nvd.nist.gov/vuln/detail/CVE-2023-4220
https://nvd.nist.gov/vuln/detail/CVE-2023-4220. Contribute to numaan911098/CVE-2023-4220 development by creating an account on GitHub.
CVE-2001-1473
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
Github link:
https://github.com/m00n3rrr/poc-CVE-2001-1473
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker than the target's public key, which allows the attacker to compute the corresponding private key and use the target's Session ID with the compromised key pair to masquerade as the target.
Github link:
https://github.com/m00n3rrr/poc-CVE-2001-1473
GitHub
GitHub - m00n3rrr/poc-CVE-2001-1473: poc-CVE-2001-1473
poc-CVE-2001-1473. Contribute to m00n3rrr/poc-CVE-2001-1473 development by creating an account on GitHub.
CVE-2022-20474
In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294
Github link:
https://github.com/cxxsheng/CVE-2022-20474
In readLazyValue of Parcel.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-240138294
Github link:
https://github.com/cxxsheng/CVE-2022-20474
GitHub
GitHub - cxxsheng/CVE-2022-20474: PoC of CVE-2022-20474
PoC of CVE-2022-20474. Contribute to cxxsheng/CVE-2022-20474 development by creating an account on GitHub.
CVE-2019-1653
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.
Github link:
https://github.com/elzerjp/nuclei-CiscoRV320Dump-CVE-2019-1653
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.
Github link:
https://github.com/elzerjp/nuclei-CiscoRV320Dump-CVE-2019-1653
GitHub
GitHub - elzerjp/nuclei-CiscoRV320Dump-CVE-2019-1653: CiscoRV320Dump CVE-2019-1653 - Automatition.
CiscoRV320Dump CVE-2019-1653 - Automatition. . Contribute to elzerjp/nuclei-CiscoRV320Dump-CVE-2019-1653 development by creating an account on GitHub.
CVE-2023-27997
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
Github link:
https://github.com/node011/CVE-2023-27997-POC
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.
Github link:
https://github.com/node011/CVE-2023-27997-POC
GitHub
GitHub - node011/CVE-2023-27997-POC: Fortigate SSL VPN buffer overflow exploit
Fortigate SSL VPN buffer overflow exploit. Contribute to node011/CVE-2023-27997-POC development by creating an account on GitHub.
CVE-2024-23334
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
Github link:
https://github.com/TheRedP4nther/LFI-aiohttp-CVE-2024-23334-PoC
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
Github link:
https://github.com/TheRedP4nther/LFI-aiohttp-CVE-2024-23334-PoC
GitHub
GitHub - TheRedP4nther/LFI-aiohttp-CVE-2024-23334-PoC: Bash script to automate Local File Inclusion (LFI) attacks on aiohttp server…
Bash script to automate Local File Inclusion (LFI) attacks on aiohttp server version 3.9.1. - TheRedP4nther/LFI-aiohttp-CVE-2024-23334-PoC