CVE PoC

In this post, we explore how to leverage tools from ProjectDiscovery—nuclei, naabu, and subfinder—to perform mass-scale vulnerability scanning across the internet. The IP address datasets are sourced from pre-compiled lists provided by kaeferjaeger. We’ll also offer best-practice recommendations to optimize your workflow for speed and reliability.

CVE-2020-1938 is a critical vulnerability affecting the Apache Tomcat server that allows remote code execution (RCE). It specifically concerns the AJP (Apache JServ Protocol) connector, which is often enabled by default. This vulnerability arises from the improper handling of requests, allowing an attacker to exploit the AJP interface to read arbitrary files on the server or even execute commands.

CVE-2023-3824 is a critical remote code execution (RCE) vulnerability in PHP, affecting versions 8.0.x (before 8.0.30), 8.1.x (before 8.1.22), and 8.2.x (before 8.2.8). The vulnerability arises from insufficient length checking when processing PHAR files (PHP’s archive format), specifically when reading PHAR directory entries in the Phar::loadPhar() function.

We revisited an old flaw in the SSH-1 protocol that could let an attacker eavesdrop on secure connections. Our updated method goes a step further—it can directly recover the server’s private key, giving full access, without needing to trick users or intercept their traffic. This makes the exploit much simpler and more powerful than before.

This repository contains a proof-of-concept (PoC) exploit for CVE-2019-11248, a medium-severity vulnerability in Kubernetes’ Kubelet, which can lead to Remote Code Execution (RCE) under certain conditions. The vulnerability stems from the exposure of the /debug/pprof endpoint on the Kubelet’s healthz port. This PoC showcases a novel method to escalate the initial information disclosure into a full-blown RCE attack, utilizing unprotected memory and internal Kubelet data.

CVE-2023-21716 is a critical vulnerability in Microsoft Word, specifically affecting the RTF (Rich Text Format) parsing functionality, which allows for remote code execution (RCE). Here’s a breakdown of what this vulnerability entails and why it’s significant:

CVE-2020-35489 is a vulnerability in the mod_auth_openidc module for Apache HTTP Server, which enables OpenID Connect authentication. It allows an attacker to bypass access restrictions by manipulating session cookies, potentially granting unauthorized access to protected resources. This flaw arises from improper validation of session state and was patched in later versions of the module.

The issue is a stack buffer overflow vulnerability discovered in Tenda AC11 routers, with firmware versions through 02.03.01.104_CN. This type of vulnerability, if exploited, allows attackers to execute arbitrary code on the affected device. Here’s a breakdown of this CVE based on the description:

CVE-2024-5057 is a critical SQL Injection vulnerability identified in the Easy Digital Downloads plugin for WordPress, affecting versions up to and including 3.2.12. The vulnerability arises from improper neutralization of special elements used in SQL commands, allowing unauthenticated attackers to inject malicious SQL queries. This can lead to unauthorized access to sensitive information stored in the database.