unSafe.sh - 不安全

RandomRobbieBF/CVE-2024-43919 YARPP <= 5.30.10 - Missing Authorization
Create: 2024-11-22 15:42:39 +0000 UTC Push: 2024-11-22 15:42:39 +0000 UTC |

XiaomingX/CVE-2024-36401-poc CVE-2024-36401是GeoServer中的一个高危远程代码执行漏洞。GeoServer是一款开源的地理数据服务器软件，主要用于发布、共享和处理各种地理空间数据。 ALIYUN 漏洞原理：该漏洞源于GeoServer在处理属性名称时，将其不安全地解析为XPath表达式。具体而言，GeoServer调用的GeoTools库API在评估要素类型的属性名称时，以不安全的方式将其传递给commons-jxpath库。由于commons-jxpath库在解析XPath表达式时允许执行任意代码，攻击者可以通过构造特定的输入，利用多个OGC请求参数（如WFS GetFeature、WFS GetPropertyValue、WMS GetMap等），在未经身份验证的情况下远程执行任意代码。
Create: 2024-11-22 14:21:53 +0000 UTC Push: 2024-11-22 14:21:54 +0000 UTC |

XiaomingX/CVE-2024-27130-poc CVE-2024-27130是影响QNAP网络附加存储（NAS）设备的一个严重漏洞。该漏洞源于QTS操作系统中share.cgi脚本的No_Support_ACL函数中不安全地使用strcpy函数，导致堆栈缓冲区溢出。攻击者可以利用此漏洞，通过精心构造的请求在目标系统上执行任意代码，进而完全控制受影响的设备。
Create: 2024-11-22 14:18:08 +0000 UTC Push: 2024-11-22 14:18:24 +0000 UTC |

XiaomingX/cve-2024-0012-poc
Create: 2024-11-22 14:11:56 +0000 UTC Push: 2024-11-22 14:11:57 +0000 UTC |

XiaomingX/cve-2024-25641-poc PoC for CVE-2024-25641 Authenticated RCE on Cacti v1.2.26
Create: 2024-11-22 14:05:37 +0000 UTC Push: 2024-11-22 14:05:37 +0000 UTC |

XiaomingX/cve-2024-37084-Poc Analysis , Demo exploit and poc about CVE-2024-37084
Create: 2024-11-22 13:53:42 +0000 UTC Push: 2024-11-22 13:53:43 +0000 UTC |

synacktiv/CVE-2023-32413 Exploit code for CVE-2023-42914 / pwn2own Vancouver 2023
Create: 2024-11-22 11:28:35 +0000 UTC Push: 2024-11-22 12:10:47 +0000 UTC |

RandomRobbieBF/CVE-2024-52429 WP Quick Setup <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin/Theme Installation
Create: 2024-11-22 10:26:55 +0000 UTC Push: 2024-11-22 10:26:55 +0000 UTC |

RandomRobbieBF/CVE-2024-52433 My Geo Posts Free <= 1.2 - Unauthenticated PHP Object Injection
Create: 2024-11-22 08:56:58 +0000 UTC Push: 2024-11-22 08:56:58 +0000 UTC |

iSee857/CVE-2024-0012-poc CVE-2024-0012批量检测脚本
Create: 2024-11-22 07:52:11 +0000 UTC Push: 2024-11-22 07:52:11 +0000 UTC |

XiaomingX/cve-2024-5452-poc cve-2024-5452-poc
Create: 2024-11-22 06:56:12 +0000 UTC Push: 2024-11-22 06:56:32 +0000 UTC |

XiaomingX/cve-2023-38646-poc CVE-2023-38646是Metabase中的一个远程代码执行漏洞。该漏洞源于Metabase在处理未经身份验证的API端点/api/setup/validate时，对JDBC连接字符串的处理存在安全缺陷。攻击者可以通过构造特定的JDBC连接字符串，利用该端点在服务器上执行任意命令，而无需进行身份验证。
Create: 2024-11-22 04:15:25 +0000 UTC Push: 2024-11-22 04:15:26 +0000 UTC |

XiaomingX/CVE-2023-20198-poc CVE-2023-20198是思科IOS XE软件Web UI功能中的一个严重漏洞，允许未经身份验证的远程攻击者在受影响的系统上创建具有特权级别15的账户，从而完全控制设备。
Create: 2024-11-22 04:10:28 +0000 UTC Push: 2024-11-22 04:10:46 +0000 UTC |

thestar0/CVE-2024-36401-WoodpeckerPlugin CVE-2024-36401 GeoServer Property 表达式注入命令执行WoodpeckerPlugin
Create: 2024-11-22 03:26:58 +0000 UTC Push: 2024-11-22 03:26:59 +0000 UTC |

XiaomingX/cve-2024-47575-poc CVE-2024-47575是Fortinet的FortiManager和FortiManager Cloud产品中的一个严重漏洞，源于fgfmsd守护进程缺乏对关键功能的身份验证。
Create: 2024-11-22 03:13:03 +0000 UTC Push: 2024-11-22 03:13:03 +0000 UTC |

XiaomingX/cve-2024-47575-exp CVE-2024-47575是Fortinet的FortiManager和FortiManager Cloud产品中的一个严重漏洞，源于fgfmsd守护进程缺乏对关键功能的身份验证。
Create: 2024-11-22 03:13:03 +0000 UTC Push: 2024-11-22 03:17:57 +0000 UTC |

XiaomingX/cve-2024-7965-poc cve-2024-7965-poc
Create: 2024-11-22 02:55:33 +0000 UTC Push: 2024-11-22 02:55:33 +0000 UTC |

XiaomingX/cve-2024-9441-poc
Create: 2024-11-22 02:04:21 +0000 UTC Push: 2024-11-22 02:04:21 +0000 UTC |

XiaomingX/CVE-2024-45519-POC
Create: 2024-11-22 01:56:21 +0000 UTC Push: 2024-11-22 01:56:21 +0000 UTC |

XiaomingX/cve-2024-23113-exp
Create: 2024-11-22 01:46:58 +0000 UTC Push: 2024-11-22 01:46:58 +0000 UTC |