Artworks Gallery In Php, Css, Javascript, And Mysql Project Security Vulnerabilities

CVE-2024-22206

Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version...

Malicious code in bleeding-edge-css (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (a9158e7fb120bf930c7e6ed6c50765fdc9d7c3d1a40435bf8a4b4d202cfd1dd1) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-50249

Sentry-Javascript is official Sentry SDKs for JavaScript. A ReDoS (Regular expression Denial of Service) vulnerability has been identified in Sentry's Astro SDK 7.78.0-7.86.0. Under certain conditions, this vulnerability allows an attacker to cause excessive computation times on the server,...

Malicious code in avx-javascript-testing (npm)

-= Per source details. Do not edit below this...

CVE-2023-46729

sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been....

Malicious code in incom-css (npm)

-= Per source details. Do not edit below this...

Malicious code in applied-css (RubyGems)

-= Per source details. Do not edit below this...

Exploit for Injection in Vm2 Project Vm2

CVE-2023-30547 PoC Exploit for VM2 Sandbox Escape...

BIT-php-2024-5585

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command....

BIT-php-2024-4577

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

Exploit for Incorrect Authorization in Dompdf Project Dompdf

CVE-2023-23924 Dompdf vulnerable to URI validation failure...

MySQL Login Utility

This module simply queries the MySQL instance for a specific user/pass (default is root with...

Exploit for Prototype Pollution in Qs Project Qs

CVE-2022-24999 This repository contain exploits samples of...

BIT-php-2024-5458

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs)....

CVE-2024-34345

The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version...

Exploit for Code Injection in Exiftool Project Exiftool

CVE-2021-22204 Summary of the CVE Improper sanitization...

BIT-php-2024-1874

In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary...

BIT-php-2024-2408

The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 ...

Malicious code in run-in-packages (npm)

-= Per source details. Do not edit below this...

Exploit for Improper Privilege Management in Sudo Project Sudo

CVE-2023-22809 sudo Privilege escalation Affected sudo...

BIT-php-2024-2757

In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this...

Exploit for OS Command Injection in Vm2 Project Vm2

CVE-2023-37903...

Art Gallery Management System Project v1.0 - Cross-Site Scripting

A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation...

BIT-php-2024-3096

In PHP version 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return...

Exploit for Improper Privilege Management in Sudo Project Sudo

CVE-2023-22809 CVE-2023-22809 is a critical...

BIT-php-2024-2756

Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP...

Exploit for Code Injection in Exiftool Project Exiftool

Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code...

CVE-2024-25218

A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 One day for the polkit privilege escalation...

BIT-mysql-client-2022-0778

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with.....

Exploit for Injection in Vm2 Project Vm2

CVE-2023-30547 vm2 is a sandbox that can run untrusted code...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation...

Malicious code in watch-john-wick-chapter-4-full-movies-at-in-home-stremings_free_4ksdf (npm)

-= Per source details. Do not edit below this...

Exploit for Out-of-bounds Write in Polkit Project Polkit

pkexec-exploit Local Privilege Escalation in polkit's pkexec...

Exploit for Out-of-bounds Write in Polkit Project Polkit

PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec...

BIT-mysql-client-2021-27928

A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database.....

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 CVE-2021-4034 Add Root User - Pkexec Local...

Exploit for Improper Preservation of Permissions in Podman Project Podman

CVE-2022-1227_Exploit A script for exploiting CVE-2022-1227....

CVE-2024-20978

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

CVE-2024-20974

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

Exploit for Out-of-bounds Write in Polkit Project Polkit

Python3 code to exploit...

CVE-2022-21592

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

CVE-2023-22032

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. ...

CVE-2022-21589

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 5.7.39 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

BIT-mysql-client-2023-5157

A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of...

CVE-2023-22068

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2023-22066

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Exploit for OS Command Injection in Php

CVE-2024-4577 A Proof of Concept developed by...

Exploit for OS Command Injection in Php

CVE-2024-4577 - PHP CGI Argument Injection Remote Code...

Exploit for OS Command Injection in Php

CVE-2024-4577: PHP CGI Argument Injection (XAMPP) 💀...