CVE-2020-14882.zip
1.2 KB
CVE-2020-14882
Author: b1g-b33f
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
GitHub Link:
https://github.com/b1g-b33f/CVE-2020-14882
Author: b1g-b33f
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
GitHub Link:
https://github.com/b1g-b33f/CVE-2020-14882
CVE-2025-24813.zip
3.2 KB
CVE-2025-24813
Author: gunyakit
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious...
Author: gunyakit
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious...
CVE-2025-1974.zip
2.2 KB
CVE-2025-1974
Author: gunyakit
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
GitHub Link:
https://github.com/gunyakit/CVE-2025-1974-PoC-exploit
Author: gunyakit
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
GitHub Link:
https://github.com/gunyakit/CVE-2025-1974-PoC-exploit
CVE-1999-0524.zip
1.2 KB
CVE-1999-0524
Author: b1tsec
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
GitHub Link:
https://github.com/b1tsec/CVE-1999-0524
Author: b1tsec
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
GitHub Link:
https://github.com/b1tsec/CVE-1999-0524
CVE-2025-57462.zip
569 B
CVE-2025-57462
Author: aljoharasubaie
None
GitHub Link:
https://github.com/aljoharasubaie/CVE-2025-57462
Author: aljoharasubaie
None
GitHub Link:
https://github.com/aljoharasubaie/CVE-2025-57462
CVE-2025-57459.zip
567 B
CVE-2025-57459
Author: aljoharasubaie
None
GitHub Link:
https://github.com/aljoharasubaie/CVE-2025-57459
Author: aljoharasubaie
None
GitHub Link:
https://github.com/aljoharasubaie/CVE-2025-57459
CVE-2025-62221
Author: JeanKauffman1305
None
GitHub Link:
https://github.com/JeanKauffman1305/CVE-2025-62221-Exploit-
Author: JeanKauffman1305
None
GitHub Link:
https://github.com/JeanKauffman1305/CVE-2025-62221-Exploit-
CVE-2025-57460.zip
595 B
CVE-2025-57460
Author: aljoharasubaie
None
GitHub Link:
https://github.com/aljoharasubaie/CVE-2025-57460
Author: aljoharasubaie
None
GitHub Link:
https://github.com/aljoharasubaie/CVE-2025-57460