B&R Security Vulnerabilities

Serendipity 2.5.0 Remote Code Execution

...

Serendipity 2.5.0 - Remote Code Execution (RCE)

...

Exploit for CVE-2023-38646

Metabase Pre Authentication RCE (CVE-2023-38646) We have...

BIT-artifactory-2024-4142

An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory.Due to this vulnerability, users with low privileges may gain administrative access to the system.This issue can also be exploited in Artifactory platforms with...

Exploit for Path Traversal in Aiohttp

[ CVE-2024-23334 :; 남의 exploit 리뷰 ] Review an exploit...

CVE-2022-25899

Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network...

BIT-artifactory-2023-42661

JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of...

BIT-artifactory-2024-2247

JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override...

CVE-2021-42046

An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and...

Exploit for Code Injection in Crushftp

CVE-2024-4040 - exploit scanners This repository contains...

Dotclear 2.29 - Remote Code Execution Exploit

...

CVE-2022-34750

An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the...

r-models.eu Cross Site Scripting vulnerability OBB-3846919

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for CVE-2023-33733

LAB Reportlab This lab was set up to...

Dotclear 2.29 - Remote Code Execution (RCE)

...

Dotclear 2.29 Remote Code Execution

...

CVE-2022-37341

Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local...

Exploit for SQL Injection in Layerslider

CVE-2024-2879 Description LayerSlider 7.9.11 - 7.10.0 -...

CVE-2022-33324 Denial-of-Service Vulnerability in Ethernet port of MELSEC iQ-R, iQ-L Series and MELIPC Series

Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation...

Exploit for Infinite Loop in Openssl

CVE-2022-0778 The discovered vulnerability triggers an...

Exploit for Path Traversal in Sysaid Sysaid On-Premises

Vulnerability Details fofa: ```text ...

Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)

Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...

Exploit for CVE-2023-38646

🛡️ Exploit for CVE-2023-38646 🛡️ Welcome to this powerful...

Exploit for CVE-2023-4596

CVE-2023-4596...

Exploit for CVE-2024-0757

CVE-2024-0757 (Exploit) Description The Insert or Embed...

Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)

Summary ruby module Rack class MediaType SPLIT_PATTERN = %r{\s*[;,]\s*} The above regexp is subject to ReDos. 50K blank characters as a prefix to the header will take over 10s to split. PoC A simple HTTP request with lots of blank characters in the content-type header: ruby...

Exploit for Path Traversal in Microsoft

CVE-2021-40444 Usage Ensure to run setup.sh first as...

CVE-2023-45733

Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...

K000139654: Intel oneAPI vulnerabilities CVE-2023-24592 and CVE-2023-27383

Security Advisory Description CVE-2023-24592 Path traversal in the some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access. CVE-2023-27383 Protection mechanism failure in some...

CVE-2022-21233

Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local...

Exploit for Improper Authentication in Wpdeveloper Essential Addons For Elementor

CVE-2023-32243. Essential Addons for Elementor 5.4.0-5.7.1 -...

Exploit for Improper Authentication in Wpdeveloper Essential Addons For Elementor

CVE-2023-32243. Essential Addons for Elementor 5.4.0-5.7.1 -...

Exploit for CVE-2024-29895

CVE-2024-29895 Cacti CVE-2024-29895 POC A command injection...

CVE-2024-35796

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...

CVE-2023-38575

Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local...

CVE-2024-35796

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in...

Exploit for Use After Free in Microsoft

CVE-2023-36802 Local Privilege Escalation POC authors:...

Exploit for Expression Language Injection in Atlassian Confluence Data Center

......

CVE-2023-37302

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title...

CVE-2023-39368

Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network...

Exploit for Cross-site Scripting in Citrix Gateway

CVE-2023-24488 POC for CVE-2023-24488 Citrix Gateway...

CVE-2023-45745

Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local...

Exploit for Code Injection in Apache Ofbiz

ofbiz-CVE-2023-49070-RCE-POC This is a pre-auth RCE POC For...

Exploit for Authentication Bypass by Spoofing in Telerik Report Server 2024

CVE-2024-4358_Mass_Exploit Modified tools from @sinsinology...

CVE-2023-46103

Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

$$\ce{$\unicode[goombafont; color:red; pointer-events:...

CVE-2022-40982

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local...

Exploit for Origin Validation Error in Trendmicro Apex One

NotProxyShellScanner Python implementation for NotProxyShell...

[SECURITY] Fedora 39 Update: nextcloud-28.0.5-2.fc39

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. NextCloud is extendable via a simple but powerful API.....

[SECURITY] Fedora 40 Update: nextcloud-28.0.5-2.fc40

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. NextCloud is extendable via a simple but powerful API.....