Herbs & Flowers Dictionary Project Security Vulnerabilities

Exploit for Injection in Vm2 Project Vm2

CVE-2023-30547 PoC Exploit for VM2 Sandbox Escape...

Exploit for Incorrect Authorization in Dompdf Project Dompdf

CVE-2023-23924 Dompdf vulnerable to URI validation failure...

Exploit for Prototype Pollution in Qs Project Qs

CVE-2022-24999 This repository contain exploits samples of...

Exploit for Code Injection in Exiftool Project Exiftool

CVE-2021-22204 Summary of the CVE Improper sanitization...

WordPress Personal Dictionary <1.3.4 - Blind SQL Injection

WordPress Personal Dictionary plugin before 1.3.4 contains a blind SQL injection vulnerability. The plugin fails to properly sanitize user-supplied POST data before being interpolated in an SQL statement and executed. An attacker can possibly obtain sensitive information, modify data, and/or...

Exploit for Improper Privilege Management in Sudo Project Sudo

CVE-2023-22809 sudo Privilege escalation Affected sudo...

Exploit for OS Command Injection in Vm2 Project Vm2

CVE-2023-37903...

Exploit for Improper Privilege Management in Sudo Project Sudo

CVE-2023-22809 CVE-2023-22809 is a critical...

Exploit for Code Injection in Exiftool Project Exiftool

Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code...

Exploit for Out-of-bounds Write in Polkit Project Polkit

pkexec-exploit Local Privilege Escalation in polkit's pkexec...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 One day for the polkit privilege escalation...

Exploit for Injection in Vm2 Project Vm2

CVE-2023-30547 vm2 is a sandbox that can run untrusted code...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation...

Exploit for Out-of-bounds Write in Polkit Project Polkit

PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 CVE-2021-4034 Add Root User - Pkexec Local...

Exploit for Improper Privilege Management in Sudo Project Sudo

Linux Privilege...

Grant "Browse Project" permission to "User Custom Field Value" makes project visible to all users

{panel:bgColor=#e7f4fa} NOTE: This bug report is for JIRA Server. Using JIRA Cloud? [See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-37117]. {panel} If in your permission schema, you grant Browse Project permission to "User Custom Field Value", the project is visible...

Exploit for Improper Preservation of Permissions in Podman Project Podman

CVE-2022-1227_Exploit A script for exploiting CVE-2022-1227....

Exploit for Out-of-bounds Write in Polkit Project Polkit

Python3 code to exploit...

Exploit for OS Command Injection in Ray Project Ray

Python POC Derived...

Exploit for Cross-Site Request Forgery (CSRF) in Sitemap Project Sitemap

CVE-2022-0952 Sitemap by click5 &lt; 1.0.36 - Unauthenticated...

Exploit for Injection in Glpi-Project Glpi

CVE-2022-35914 PoC References ...

Exploit for Injection in Glpi-Project Glpi

Exploit Script Utility...

Exploit for Out-of-bounds Write in Polkit Project Polkit

PwnKit-Exploit CVE-2021-4034 ...

Malicious code in eslint-plugin-cdp-project (npm)

-= Per source details. Do not edit below this...

Exploit for Uncontrolled Resource Consumption in Quic-Go Project Quic-Go

QUIC-attacks (CVE-2022-30591) The current repository serves...

Exploit for Off-by-one Error in Sudo Project Sudo

PE_CVE-CVE-2021-3156 Exploit for Ubuntu 20.04 using...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 CVE-2021-4034 centos8可用版本...

Exploit for Improper Check for Unusual or Exceptional Conditions in Polkit Project Polkit

Description As part of my cybersecurity thesis I wanted to...

kanboard -- Project Takeover via IDOR in ProjectPermissionController

[email protected] reports: Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL...

Exploit for Out-of-bounds Write in Polkit Project Polkit

b0VIM...

Exploit for Improper Check for Unusual or Exceptional Conditions in Polkit Project Polkit

PolicyKit CVE-2021-3560 Exploit (Authentication Agent)...

Exploit for Out-of-bounds Write in Polkit Project Polkit

██████╗ ██╗ ██╗██╗ ██╗███╗ ██╗███████╗██████╗ ██╔══██...

CVE-2024-37167

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034 Precompiled builds for CVE-2021-4034. Of...

Exploit for Server-Side Request Forgery in Fusion Builder Project Fusion Builder

Fubucker | CVE-2022-1386 - Fusion Builder Automatic Mass Tool...

Exploit for Off-by-one Error in Sudo Project Sudo

CVE-2021-3156 [toc] 漏洞简介 漏洞编号: CVE-2021-3156...

Art Gallery Management System Project v1.0 - Cross-Site Scripting

A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation...

Argo CD's API server does not enforce project sourceNamespaces

Impact I can convince the UI to let me do things with an invalid Application. 1. Admin gives me p, michael, applications, , demo/ , allow, where demo can just deploy to the demo namespace 2. Admin gives me AppProject dev which reconciles from ns dev-apps 3. Admin gives me p, michael,...

Enrollment System Project v1.0 - SQL Injection Authentication Bypass

Enrollment System Project V1.0, developed by Sourcecodester, has been found to be vulnerable to SQL Injection (SQLI) attacks. This vulnerability allows an attacker to manipulate the SQL queries executed by the application. The system fails to properly validate user-supplied input in the username...

flowers-midland.ca Cross Site Scripting vulnerability OBB-3876860

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034-PwnKit PwnKit PoC for Polkit pkexec...

Exploit for Code Injection in Exiftool Project Exiftool

CVE-2021-22204 Exploit for CVE-2021-22204 (ExifTool) -...

WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload

WordPress SP Project & Document Manager plugin before 4.22 is susceptible to authenticated shell upload. The plugin allows users to upload files; however, the plugin attempts to prevent PHP and other similar executable files from being uploaded via checking the file extension. PHP files can still.....

Security Bulletin: IBM Asset Data Dictionary Component uses jose4j-0.9.3.jar which is vulnerable to CVE-2023-51775.

Summary IBM Asset Data Dictionary Component uses jose4j-0.9.3.jar which is vulnerable to CVE-2023-51775. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service,...

Argo CD's API server does not enforce project sourceNamespaces in github.com/argoproj/argo-cd

Argo CD's API server does not enforce project sourceNamespaces in...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034-CTF-writeup This is a CTF pwn challenge that I...

CVE-2024-31852

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

Exploit for Out-of-bounds Write in Polkit Project Polkit

CVE-2021-4034-CTF-writeup This is a CTF pwn challenge that I...

CVE-2022-45935

Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior...