Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/rhinosecuritylabs/cves

A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.
https://github.com/rhinosecuritylabs/cves

Last synced: 3 months ago
JSON representation

A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.

Lists

README 

        
# Rhino CVE Proof-of-Concept Exploits

A collection of proof-of-concept exploit scripts written by the team at Rhino Security Labs for various CVEs.

* [CVE-2023-47327: Silverpeas Core Space Create Function is vulnerable to Broken Access Control](CVE-2023-47327/)

* [CVE-2023-47326: Silverpeas Core Domain Creation is vulnerable to CSRF](CVE-2023-47326/)

* [CVE-2023-47325: Silverpeas Core Broken Access Control on the "Bin" Allows Modification of Deleted Spaces](CVE-2023-47325/)

* [CVE-2023-47324: Silverpeas Core Stored XSS in Messages](CVE-2023-47324/)

* [CVE-2023-47323: Silverpeas Core Broken Access Control Allows Reading All Messages](CVE-2023-47323/)

* [CVE-2023-47322: Silverpeas Core CSRF Leading to Privilege Escalation](CVE-2023-47322/)

* [CVE-2023-47321: Silverpeas Core Portlet Deployer Access via Broken Access Control](CVE-2023-47321/)

* [CVE-2023-47320: Silverpeas Core Denial of Service via Broken Access Control](CVE-2023-47320/)

* [CVE-2023-43121: Extreme Networks EXOS Unauthenticated File Read](CVE-2023-43121/)

* [CVE-2023-43120: Extreme Networks EXOS Privilege Escalation from read-only User to Admin](CVE-2023-43120/)

* [CVE-2023-43119: Extreme Networks EXOS Arbitrary File Write as Root](CVE-2023-43119/)

* [CVE-2023-43118: Extreme Networks EXOS CSRF to RCE](CVE-2023-43118/)

* [CVE-2022-25372: Local Privilege Escalation In Pritunl VPN Client](CVE-2022-25372/)

* [CVE-2022-25237: Authorization Bypass Leading to RCE in Bonitasoft Web](CVE-2022-25237/)

* [CVE-2022-25166: AWS VPN Client Arbitrary File Write as SYSTEM](CVE-2022-25166/)

* [CVE-2022-25165: AWS VPN Client Information Disclosure Via UNC Path](CVE-2022-25165/)

* [CVE-2021-38112: AWS WorkSpaces Remote Code Execution](CVE-2021-38112/)

* [CVE-2020-5377 and CVE-2021-21514: Dell OpenManage Server Administrator Arbitrary File Read](CVE-2020-5377_CVE-2021-21514/)

* [CVE-2020-13405: MicroWeber Unauthenticated User Database Disclosure](CVE-2020-13405/)

* [CVE-2019-9926: LabKey Server CSRF](CVE-2019-9926/)

* [CVE-2019-9758: LabKey Server Stored XSS](CVE-2019-9758/)

* [CVE-2019-9757: LabKey Server XXE](CVE-2019-9757/)

* [CVE‑2019‑5678: Command Injection in Nvidia GeForce Experience Web Helper](CVE-2019-5678/)

* [CVE‑2019‑5674: NVIDIA GeForce Experience Arbitrary File Overwrites](CVE-2019-5674/)

* [CVE-2019-3722: Dell EMC OpenManage Server Administrator (OMSA) XXE](CVE-2019-3722/)

* [CVE‑2019‑16864: CompleteFTP Server Authenticated Remote Command Execution](CVE-2019-16864/)

* [CVE‑2019‑16116: CompleteFTP Server Local Privilege Escalation ](CVE-2019-16116/)

* [CVE-2019-0227: Apache Axis 1.4 Remote Code Execution](CVE-2019-0227/)

* [CVE-2018-8024: Apache Spark XSS vulnerability in UI](CVE-2018-8024/)

* [CVE-2018-5758: XXE in Jive-n](CVE-2018-5758/)

* [CVE-2018-5757: RCE In AudioCodes 450HD Phone](CVE-2018-5757/)

* [CVE-2018-20621: MEmu Android Emulator Local Privilege Escalation](CVE-2018-20621/)

* [CVE-2018-1335: Command Injection in Apache Tika-server](CVE-2018-1335/)

* [CVE-2018-1000110: User and Node Enumeration Through Jenkins Git Plugin