Einstein2150/CVE-2022-48656-POC
https://github.com/Einstein2150/CVE-2022-48656-POC
Published: October 22, 2024 05:58
[GitHub]A proof-of-concept for CVE-2022-48656 - python plistlib XML deserialisation attack
@poc-in-github.motikan2010.net@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
PoC auto collect from GitHub. Be careful Malware.
Site URL: poc-in-github.motikan2010.net/
Feed URL: poc-in-github.motikan2010.net/rss
Posts: 51
Followers: 1
Einstein2150/CVE-2022-48656-POC
https://github.com/Einstein2150/CVE-2022-48656-POC
Published: October 22, 2024 05:58
[GitHub]A proof-of-concept for CVE-2022-48656 - python plistlib XML deserialisation attack
CVE-2018-0101 (2018-01-30) MikeHorn-git/CVE-2018-0101
https://github.com/MikeHorn-git/CVE-2018-0101
Published: October 21, 2024 12:56
A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. Theā¦
EQSTLab/CVE-2024-48914
https://github.com/EQSTLab/CVE-2024-48914
Published: October 21, 2024 10:02
[GitHub]PoC for CVE-2024-48914
pankass/CVE-2024-45436
https://github.com/pankass/CVE-2024-45436
Published: October 21, 2024 05:44
[GitHub]CVE-2024-45436
z3k0sec/CVE-2024-9264-RCE-Exploit
https://github.com/z3k0sec/CVE-2024-9264-RCE-Exploit
Published: October 21, 2024 03:36
[GitHub]Grafana RCE exploit (CVE-2024-9264)
CVE-2024-23334 (2024-01-30) wizarddos/CVE-2024-23334
https://github.com/wizarddos/CVE-2024-23334
Published: October 20, 2024 15:28
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can beā¦
zgimszhd61/CVE-2024-9264
https://github.com/zgimszhd61/CVE-2024-9264
Published: October 20, 2024 05:23
[GitHub]Exploit for Grafana arbitrary file-read (CVE-2024-9264)
z3k0sec/File-Read-CVE-2024-9264
https://github.com/z3k0sec/File-Read-CVE-2024-9264
Published: October 20, 2024 01:13
[GitHub]File Read Proof of Concept for CVE-2024-9264
CVE-2021-39433 (2021-10-05) ibnurusdianto/CVE-2021-39433
https://github.com/ibnurusdianto/CVE-2021-39433
Published: October 19, 2024 19:04
A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with theā¦
nollium/CVE-2024-9264
https://github.com/nollium/CVE-2024-9264
Published: October 19, 2024 13:50
[GitHub]Exploit for Grafana arbitrary file-read (CVE-2024-9264)
MarioTesoro/CVE-2024-47854
https://github.com/MarioTesoro/CVE-2024-47854
Published: October 19, 2024 13:38
[GitHub]Proof of concept of multiple Reflected Cross-Site Scripting (XSS) vulnerabilities discovered in Veritas Data Insight before 7.1.
fazilbaig1/CVE-2021-32708
https://github.com/fazilbaig1/CVE-2021-32708
Published: October 19, 2024 12:49
[GitHub]Affected versions of this package are vulnerable to Race Condition. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute codeā¦
CVE-2020-28458 (2020-12-16) fazilbaig1/CVE-2020-28458
https://github.com/fazilbaig1/CVE-2020-28458
Published: October 19, 2024 11:53
All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.[GitHub]Affected versions of this package are vulnerable to Prototype Pollution.
CVE-2021-23383 (2021-05-04) fazilbaig1/CVE-2021-23383
https://github.com/fazilbaig1/CVE-2021-23383
Published: October 19, 2024 11:37
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.[GitHub]The package handlebars before 4.7.7 are vulnerable to Prototype Pollution whenā¦
fazilbaig1/CVE-2021-23369
https://github.com/fazilbaig1/CVE-2021-23369
Published: October 19, 2024 11:27
[GitHub]Handlebars CVE-2021-23369 Vulnerability
CVE-2019-19919 (2019-12-21) fazilbaig1/CVE-2019-19919
https://github.com/fazilbaig1/CVE-2019-19919
Published: October 19, 2024 11:05
Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through craftedā¦
CVE-2024-30088 (2024-06-12) l0n3m4n/CVE-2024-30088
https://github.com/l0n3m4n/CVE-2024-30088
Published: October 19, 2024 10:35
Windows Kernel Elevation of Privilege Vulnerability[GitHub]Windows privilege escalation: Time-of-check Time-of-use (TOCTOU) Race Condition
paragbagul111/CVE-2024-48652
https://github.com/paragbagul111/CVE-2024-48652
Published: October 19, 2024 10:06
[GitHub]Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field
holypryx/CVE-2024-9466
https://github.com/holypryx/CVE-2024-9466
Published: October 19, 2024 08:22
[GitHub]CVE-2024-9466 poc
0x7556/CVE-2024-47176
https://github.com/0x7556/CVE-2024-47176
Published: October 19, 2024 08:08
[GitHub]Unix CUPSęå°ē³»ē» čæēØ代ē ę§č”ę¼ę“
fdzdev/CVE-2024-33231
https://github.com/fdzdev/CVE-2024-33231
Published: October 18, 2024 22:09
[GitHub]XSS Vulnerability via File Upload in Ferozo Webmail Application
CVE-2020-35575 (2020-12-26) dylvie/CVE-2020-35575-TP-LINK-TL-WR841ND-password-disclosure
https://github.com/dylvie/CVE-2020-35575-TP-LINK-TL-WR841ND-password-disclosure
Published: October 18, 2024 17:08
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400,ā¦
RandomRobbieBF/CVE-2024-9796
https://github.com/RandomRobbieBF/CVE-2024-9796
Published: October 18, 2024 14:30
[GitHub]WordPress WP-Advanced-Search <= 3.3.9 - Unauthenticated SQL Injection
kn32/cve-2024-46483
https://github.com/kn32/cve-2024-46483
Published: October 18, 2024 11:46
[GitHub]Pre-Authentication Heap Overflow in Xlight SFTP server <= 3.9.4.2
RandomRobbieBF/CVE-2024-9593
https://github.com/RandomRobbieBF/CVE-2024-9593
Published: October 18, 2024 09:11
[GitHub]Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Unauthenticated (Limited) Remote Code Execution
rosembergpro/CVE-2024-48644
https://github.com/rosembergpro/CVE-2024-48644
Published: October 17, 2024 23:27
[GitHub]Reolink Duo 2 WiFi v1.0.280 - Account Enumeration Vulnerability
RandomRobbieBF/CVE-2024-9234
https://github.com/RandomRobbieBF/CVE-2024-9234
Published: October 17, 2024 18:48
[GitHub]GutenKit <= 2.1.0 - Unauthenticated Arbitrary File Upload
gianlu335/CUPS-CVE-2024-47176
https://github.com/gianlu335/CUPS-CVE-2024-47176
Published: October 17, 2024 18:21
[GitHub]A Mass Scanner designed to detect the CVE-2024-47176 vulnerability across systems running the Common Unix Printing System (CUPS).
CVE-2023-38408 (2023-07-20) fazilbaig1/cve_2023_38408_scanner
https://github.com/fazilbaig1/cve_2023_38408_scanner
Published: October 17, 2024 13:03
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading intoā¦
CVE-2010-2075 (2010-06-15) nwclasantha/unreal_ircd_3281_backdoor_and_mitigation
https://github.com/nwclasantha/unreal_ircd_3281_backdoor_and_mitigation
Published: October 17, 2024 10:59
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitraryā¦
Dor00tkit/CVE-2024-30090
https://github.com/Dor00tkit/CVE-2024-30090
Published: October 17, 2024 08:38
[GitHub]CVE-2024-30090 - LPE PoC
CVE-2021-40539 (2021-09-08) Bu0uCat/ADSelfService-Plus-RCE-CVE-2021-40539
https://github.com/Bu0uCat/ADSelfService-Plus-RCE-CVE-2021-40539
Published: October 16, 2024 11:23
Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.[GitHub]ADSelfService Plus RCEę¼ę“ ę£ęµå·„å · (äŗå¼)
CVE-2013-5211 (2014-01-02) requiempentest/NTP_CVE-2013-5211
https://github.com/requiempentest/NTP_CVE-2013-5211
Published: October 16, 2024 09:45
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in Decemberā¦
CVE-2013-5211 (2014-01-02) requiempentest/-exploit-check-CVE-2013-5211
https://github.com/requiempentest/-exploit-check-CVE-2013-5211
Published: October 16, 2024 09:35
The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote attackers to cause a denial of service (traffic amplification) via forged (1) REQ_MON_GETLIST or (2) REQ_MON_GETLIST_1 requests, as exploited in the wild in Decemberā¦
CVE-2021-41773 (2021-10-05) nwclasantha/Apache_2.4.29_Exploit
https://github.com/nwclasantha/Apache_2.4.29_Exploit
Published: October 16, 2024 08:38
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories areā¦
CVE-2024-1709 (2024-02-22) AMRICHASFUCK/Mass-CVE-2024-1709
https://github.com/AMRICHASFUCK/Mass-CVE-2024-1709
Published: October 16, 2024 08:05
ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. [GitHub]ScreenConnectā¦
realstatus/CVE-2024-40711-Exp
https://github.com/realstatus/CVE-2024-40711-Exp
Published: October 16, 2024 05:02
[GitHub]CVE-2024-40711-exp
CVE-2001-1473 (2001-01-18) p1ton3rr/poc-cve-2001-1473
https://github.com/p1ton3rr/poc-cve-2001-1473
Published: October 16, 2024 01:54
The SSH-1 protocol allows remote servers to conduct man-in-the-middle attacks and replay a client challenge response to a target server by creating a Session ID that matches the Session ID of the target, but which uses a public key pair that is weaker thanā¦
SpiralBL0CK/CVE-2024-24686
https://github.com/SpiralBL0CK/CVE-2024-24686
Published: October 15, 2024 23:20
[GitHub]Crash File ( Poc for CVE-2024-24686)
SpiralBL0CK/CVE-2024-24685
https://github.com/SpiralBL0CK/CVE-2024-24685
Published: October 15, 2024 23:16
[GitHub]Crash File ( Poc for CVE-2024-24685)
SpiralBL0CK/CVE-2024-24684
https://github.com/SpiralBL0CK/CVE-2024-24684
Published: October 15, 2024 23:04
[GitHub]Crash File ( Poc for CVE-2024-24684)
A0be/CVE-2024-37084-Exp
https://github.com/A0be/CVE-2024-37084-Exp
Published: October 15, 2024 18:54
[GitHub]Spring Cloud Data Flow CVE-2024-37084 exp
CVE-2023-35674 (2023-09-12) SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674
https://github.com/SpiralBL0CK/Guide-and-theoretical-code-for-CVE-2023-35674
Published: October 15, 2024 18:30
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed forā¦
Brinmon/CVE-2024-44337
https://github.com/Brinmon/CVE-2024-44337
Published: October 15, 2024 13:44
[GitHub]CVE-2024-44337 POC The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. which allowed a remote attacker to cause a denial of service (DoS) condition by providing a tailor-made input thatā¦
Ly4j/CVE-2024-37084-Exp
https://github.com/Ly4j/CVE-2024-37084-Exp
Published: October 15, 2024 06:55
[GitHub]Spring Cloud Data Flow CVE-2024-37084 exp
CVE-2019-5544 (2019-12-07) vpxuser/VMware-ESXI-OpenSLP-Exploit
https://github.com/vpxuser/VMware-ESXI-OpenSLP-Exploit
Published: October 15, 2024 03:28
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.[GitHub]CVE-2019-5544åCVE-2020-3992ę¼ę“å©ēØčę¬
thanawee321/CVE-2024-38063
https://github.com/thanawee321/CVE-2024-38063
Published: October 15, 2024 03:18
[GitHub]Vulnerability CVE-2024-38063
bxtshit/CVE-2023-1488
https://github.com/bxtshit/CVE-2023-1488
Published: October 15, 2024 01:32
[GitHub]CVE + VDM Controls
whwhwh96/CVE-2024-35584
https://github.com/whwhwh96/CVE-2024-35584
Published: October 14, 2024 17:24
[GitHub]OpenSIS SQLi Injection
CVE-2024-27198 (2024-03-05) Cythonic1/CVE-2024-27198_POC
https://github.com/Cythonic1/CVE-2024-27198_POC
Published: October 14, 2024 16:40
In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible[GitHub]a proof of concept of the CVE-2024-27198 which infect jetbrains teamCity
Yogehi/cve-2024-4406-xiaomi13pro-exploit-files
https://github.com/Yogehi/cve-2024-4406-xiaomi13pro-exploit-files
Published: October 14, 2024 09:38
[GitHub]Files related to the Pwn2Own Toronto 2023 exploit against the Xiaomi 13 Pro.