RSS Parrot

BETA

šŸ¦œ PoC-in-GitHub RSS

@poc-in-github.motikan2010.net@rss-parrot.net

I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.

---

PoC auto collect from GitHub. Be careful Malware.

Your feed and you don't want it here? Just e-mail the birb.

Site URL: poc-in-github.motikan2010.net/

Feed URL: poc-in-github.motikan2010.net/rss

Posts: 51

Followers: 1

CVE-2018-0101 (2018-01-30) MikeHorn-git/CVE-2018-0101

https://github.com/MikeHorn-git/CVE-2018-0101

Published: October 21, 2024 12:56

A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. Theā€¦

CVE-2024-23334 (2024-01-30) wizarddos/CVE-2024-23334

https://github.com/wizarddos/CVE-2024-23334

Published: October 20, 2024 15:28

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can beā€¦

CVE-2021-39433 (2021-10-05) ibnurusdianto/CVE-2021-39433

https://github.com/ibnurusdianto/CVE-2021-39433

Published: October 19, 2024 19:04

A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with theā€¦

MarioTesoro/CVE-2024-47854

https://github.com/MarioTesoro/CVE-2024-47854

Published: October 19, 2024 13:38

[GitHub]Proof of concept of multiple Reflected Cross-Site Scripting (XSS) vulnerabilities discovered in Veritas Data Insight before 7.1.

fazilbaig1/CVE-2021-32708

https://github.com/fazilbaig1/CVE-2021-32708

Published: October 19, 2024 12:49

[GitHub]Affected versions of this package are vulnerable to Race Condition. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute codeā€¦

CVE-2020-28458 (2020-12-16) fazilbaig1/CVE-2020-28458

https://github.com/fazilbaig1/CVE-2020-28458

Published: October 19, 2024 11:53

All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.[GitHub]Affected versions of this package are vulnerable to Prototype Pollution.

CVE-2021-23383 (2021-05-04) fazilbaig1/CVE-2021-23383

https://github.com/fazilbaig1/CVE-2021-23383

Published: October 19, 2024 11:37

The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.[GitHub]The package handlebars before 4.7.7 are vulnerable to Prototype Pollution whenā€¦

CVE-2019-19919 (2019-12-21) fazilbaig1/CVE-2019-19919

https://github.com/fazilbaig1/CVE-2019-19919

Published: October 19, 2024 11:05

Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through craftedā€¦

CVE-2024-30088 (2024-06-12) l0n3m4n/CVE-2024-30088

https://github.com/l0n3m4n/CVE-2024-30088

Published: October 19, 2024 10:35

Windows Kernel Elevation of Privilege Vulnerability[GitHub]Windows privilege escalation: Time-of-check Time-of-use (TOCTOU) Race Condition

paragbagul111/CVE-2024-48652

https://github.com/paragbagul111/CVE-2024-48652

Published: October 19, 2024 10:06

[GitHub]Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field

CVE-2020-35575 (2020-12-26) dylvie/CVE-2020-35575-TP-LINK-TL-WR841ND-password-disclosure

https://github.com/dylvie/CVE-2020-35575-TP-LINK-TL-WR841ND-password-disclosure

Published: October 18, 2024 17:08

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400,ā€¦

gianlu335/CUPS-CVE-2024-47176

https://github.com/gianlu335/CUPS-CVE-2024-47176

Published: October 17, 2024 18:21

[GitHub]A Mass Scanner designed to detect the CVE-2024-47176 vulnerability across systems running the Common Unix Printing System (CUPS).

CVE-2023-38408 (2023-07-20) fazilbaig1/cve_2023_38408_scanner

https://github.com/fazilbaig1/cve_2023_38408_scanner

Published: October 17, 2024 13:03

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading intoā€¦

CVE-2010-2075 (2010-06-15) nwclasantha/unreal_ircd_3281_backdoor_and_mitigation

https://github.com/nwclasantha/unreal_ircd_3281_backdoor_and_mitigation

Published: October 17, 2024 10:59

UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitraryā€¦

CVE-2021-40539 (2021-09-08) Bu0uCat/ADSelfService-Plus-RCE-CVE-2021-40539

https://github.com/Bu0uCat/ADSelfService-Plus-RCE-CVE-2021-40539

Published: October 16, 2024 11:23

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.[GitHub]ADSelfService Plus RCEę¼ę“ž ę£€ęµ‹å·„å…· (äŗŒå¼€)

CVE-2013-5211 (2014-01-02) requiempentest/NTP_CVE-2013-5211

https://github.com/requiempentest/NTP_CVE-2013-5211

Published: October 16, 2024 09:45

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in Decemberā€¦

CVE-2013-5211 (2014-01-02) requiempentest/-exploit-check-CVE-2013-5211

https://github.com/requiempentest/-exploit-check-CVE-2013-5211

Published: October 16, 2024 09:35

The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in Decemberā€¦

CVE-2021-41773 (2021-10-05) nwclasantha/Apache_2.4.29_Exploit

https://github.com/nwclasantha/Apache_2.4.29_Exploit

Published: October 16, 2024 08:38

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories areā€¦

CVE-2024-1709 (2024-02-22) AMRICHASFUCK/Mass-CVE-2024-1709

https://github.com/AMRICHASFUCK/Mass-CVE-2024-1709

Published: October 16, 2024 08:05

ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. [GitHub]ScreenConnectā€¦

CVE-2001-1473 (2001-01-18) p1ton3rr/poc-cve-2001-1473

https://github.com/p1ton3rr/poc-cve-2001-1473

Published: October 16, 2024 01:54

The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker thanā€¦

CVE-2023-35674 (2023-09-12) SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674

https://github.com/SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674

Published: October 15, 2024 18:30

In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed forā€¦

Brinmon/CVE-2024-44337

https://github.com/Brinmon/CVE-2024-44337

Published: October 15, 2024 13:44

[GitHub]CVE-2024-44337 POC The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input thatā€¦

CVE-2019-5544 (2019-12-07) vpxuser/VMware-ESXI-OpenSLP-Exploit

https://github.com/vpxuser/VMware-ESXI-OpenSLP-Exploit

Published: October 15, 2024 03:28

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.[GitHub]CVE-2019-5544和CVE-2020-3992ę¼ę“žåˆ©ē”Øč„šęœ¬

CVE-2024-27198 (2024-03-05) Cythonic1/CVE-2024-27198_POC

https://github.com/Cythonic1/CVE-2024-27198_POC

Published: October 14, 2024 16:40

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible[GitHub]a proof of concept of the CVE-2024-27198 which infect jetbrains teamCity