JAPAN AIR SELF DEFENSE FORCE, MINISTRY OF DEFENSE Security Vulnerabilities

Exploit for Deserialization of Untrusted Data in Salesagility Suitecrm

CVE-2022-23940 PoC for...

Exploit for Deserialization of Untrusted Data in Microsoft

nse-exchange Nmap NSE scripts to check against exchange...

Exploit for Cleartext Transmission of Sensitive Information in Keepass

Keepass-Dumper This is my PoC implementation for...

Exploit for Deserialization of Untrusted Data in Apache Log4J

CVE-2021-44228 Abuse Log4J CVE-2021-44228 to patch...

Exploit for Deserialization of Untrusted Data in Apache Log4J

-- This repository has been archived -- Further development...

Exploit for Out-of-bounds Read in Adobe Bridge

Exploit for CVE-2021-44168 Purpose Exploit CVE-2021-44168...

CVE-2024-20716 Force high-usage of resources by generating unlimited coupons: Adobe Commerce

Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application....

Denial of service in langchain-community

Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...

Mattermost vulnerable to denial of service via large number of emoji reactions

Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the...

Use-of-uninitialized-value in icalmemory_strdup

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69527 Crash type: Use-of-uninitialized-value Crash state: icalmemory_strdup icalparameter_new_from_value_string...

Denial of service of Minder Server from maliciously crafted GitHub attestations

Minder is vulnerable to a denial-of-service (DoS) attack which could allow an attacker to crash the Minder server and deny other users access to it. The root cause of the vulnerability is that Minders sigstore verifier reads an untrusted response entirely into memory without enforcing a limit on...

Regular Expression Denial Of Service (ReDoS)

ua-parser/uap-php is vulnerable toRegular Expression Denial Of Service (ReDoS). The vulnerability is due to use of inefficient or poorly constructed regular expressions that can take an exceptionally long time to evaluate against certain input strings, which results in Regular Expression Denial Of....

Denial Of Service Via Account Lockout

org.keycloak, keycloak-services is vulnerable to Denial of Service via account lockout. The vulnerability is due to improper handling of usernames formatted as email addresses, which allows attackers to lock out legitimate users by repeatedly using incorrect...

Denial of service in langchain-community

Denial of service in SitemapLoader Document Loader in the langchain-community package, affecting versions below 0.2.5. The parse_sitemap method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap...

Exploit for Out-of-bounds Write in Haxx Libcurl

CVE-2023-38545: Curl Vulnerability Proof of Concept This...

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604 This repository contains an exploit script...

Regular Expression Denial Of Service (ReDoS)

rack is vulnerable to a Denial Of Service. This vulnerability is due the handling of content type parsing which utilizes a regex pattern with inefficient complexity, which allows attackers to launch DoS...

Gitea allowed assignment of private issues

In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue...

Gitea allowed assignment of private issues

In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue...

Denial of Service in TenderMint

Description Denial of Service Tendermint 0.33.0 and above allow block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it without changing the chainID. (It is a misconfiguration to reuse chainIDs.) Correct.....

Mattermost vulnerable to denial of service via large number of emoji reactions

Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the...

self-suspendingproppant.com Cross Site Scripting vulnerability OBB-3905818

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for CVE-2023-33733

CODE INJECTION VULNERABILITY IN REPORTLAB PYTHON LIBRARY...

Exploit for Deserialization of Untrusted Data in Apache Log4J

🤝 Show your support - give a ⭐️ if you...

Denial Of Service (DOS)

Intel(R) Core(TM) Ultra Processors are vulnerable to Denial Of Service (DOS). The vulnerability is caused due to a Sequence of processor instructions leading to unexpected behavior. This can allow an authenticated user to potentially enable Denial Of Service (DOS) via local...

Deserialization Of Untrusted Data

joblib is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe handling of pickle files in the read_array() function within numpy_pickle.py where pickle.load is enabled by default. This allows an attacker to execute arbitrary code by loading a maliciously crafted...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4jCenter Exploiting CVE-2021-44228 in vCenter for remote...

ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting

ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password...

Denial Of Service (DoS)

github.com/stacklok/minder is vulnerable to Denial Of Service (DoS). The vulnerability is due to the engines lack of template size limits, which allows an attacker to execute a Denial of Service (DoS) attack by submitting maliciously crafted large...

Exploit for Out-of-bounds Write in Google Chrome

CVE-2023-4863/CVE-2023-41064 A POC for...

Exploit for Out-of-bounds Write in Google Chrome

libwebp CVE-2023-4863 [A Vulnerability...

Exploit for Out-of-bounds Write in Polkit Project Polkit

Python3 code to exploit...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 One day for the polkit privilege escalation...

Exploit for Out-of-bounds Write in Lenovo Diagnostics

lenovo_exec...

Adobe ColdFusion - Deserialization of Untrusted Data

Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation...

Denial Of Service (DoS)

pocketmine/pocketmine-mp is vulnerable to Denial Of Service (DoS). The vulnerability exists in due to the netresearch/jsonmapper dependency due to improper mappings of JSON arrays and objects onto scalar model properties which allows an attacker to send malformed JWT JSON in the LoginPacket...

Use-of-uninitialized-value in ihevce_strm_fill_done

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57401 Crash type: Use-of-uninitialized-value Crash state: ihevce_strm_fill_done ihevce_ent_coding_thrd...

Denial Of Service (DoS)

gvisor.dev/gvisor is vulnerable to a Denial of Service (DoS). The vulnerability is due to improper checks for mounts marked as unmounted before propagating, which could lead to a panic. This allows an attacker running as root and with permission to mount volumes to kill the...

Exploit for Out-of-bounds Write in Linux Linux Kernel

CVE-2022-1015 This repository contains a PoC for local...

Exploit for Out-of-bounds Write in Polkit Project Polkit

PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec...

Use-of-uninitialized-value in ihevce_enc_frm_proc_slave_thrd

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57397 Crash type: Use-of-uninitialized-value Crash state: ihevce_enc_frm_proc_slave_thrd osal_func...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof...

TYPO3 Information Disclosure of Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...

Use-of-uninitialized-value in complexity_RC_reset_marking

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57398 Crash type: Use-of-uninitialized-value Crash state: complexity_RC_reset_marking ihevce_pre_enc_process_frame_thrd...

TYPO3 Information Disclosure of Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...

Denial Of Service (DoS)

github.com/stacklok/minder is vulnerable to a Denial of Service (DoS). The vulnerability is due to missing request size limits by the REST ingester when processing responses from remote REST endpoints, which allows an attacker to execute a Denial of Service attack by controlling a remote REST...

Exploit for Deserialization of Untrusted Data in Apache Log4J

Log4Shell-Rex The following RegEx was written in an attempt...

.netrc parser out-of-bounds access

curl can be told to parse a .netrc file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, write a zero byte possibly beyond its boundary. This does in most cases cause....

Out-of-bounds Read

libXpm is vulnerable to Out-of-bounds Read. The vulnerability is caused due to a boundary condition that can be exploited to read contents of memory of the system. An attacker can trigger this out-of-bounds read error compromising confidentiality of the...