unSafe.sh - 不安全

XiaomingX/CVE-2024-40711-poc CVE-2024-40711 是 Veeam Backup & Replication 软件中的一个严重漏洞，允许未经身份验证的攻击者远程执行代码。
Create: 2024-11-23 04:02:34 +0000 UTC Push: 2024-11-23 04:02:34 +0000 UTC |

XiaomingX/CVE-2024-23692-poc CVE-2024-23692 是影响 Rejetto HTTP File Server（HFS）2.3m 及之前版本的模板注入漏洞。该漏洞允许远程未授权的攻击者通过发送特制的 HTTP 请求，在受影响的系统上执行任意命令。
Create: 2024-11-23 03:59:13 +0000 UTC Push: 2024-11-23 03:59:34 +0000 UTC |

XiaomingX/cveCVE-2024-38856-poc CVE-2024-38856 是 Apache OFBiz 中的一个严重漏洞，允许未经身份验证的攻击者在受影响的系统上执行任意代码。
Create: 2024-11-23 03:54:28 +0000 UTC Push: 2024-11-23 03:54:28 +0000 UTC |

XiaomingX/cve-2024-38856-poc CVE-2024-38856 是 Apache OFBiz 中的一个严重漏洞，允许未经身份验证的攻击者在受影响的系统上执行任意代码。
Create: 2024-11-23 03:54:28 +0000 UTC Push: 2024-11-23 03:57:02 +0000 UTC |

sagisar1/CVE-2019-25065---POC A POC for CVE-2019-25065, os command injection in OpenNetAdmin
Create: 2024-11-22 22:56:42 +0000 UTC Push: 2024-11-22 22:56:42 +0000 UTC |

sagisar1/CVE-2019-25065-exploit A POC for CVE-2019-25065, os command injection in OpenNetAdmin
Create: 2024-11-22 22:56:42 +0000 UTC Push: 2024-11-22 23:02:50 +0000 UTC |

tcbutler320/CVE-2024-55040-Sensaphone-XSS Public disclose of several stored XSS vulnerabilities in the Sensaphone WEB600 (CVE-2024-55040)
Create: 2024-11-22 22:25:18 +0000 UTC Push: 2025-02-05 01:19:59 +0000 UTC |

haimrait/CVE-2022-29078
Create: 2024-11-22 22:05:07 +0000 UTC Push: 2024-11-25 14:24:30 +0000 UTC |

g1thubb002/poc-CVE-2020-35489 poc-CVE-2020-35489
Create: 2024-11-22 21:42:32 +0000 UTC Push: 2024-11-22 21:42:33 +0000 UTC |

aib0litt/poc-CVE-2020-1938 poc-CVE-2020-1938
Create: 2024-11-22 21:24:22 +0000 UTC Push: 2024-11-22 21:24:22 +0000 UTC |

PunitTailor55/Paloalto-CVE-2024-0012
Create: 2024-11-22 20:58:17 +0000 UTC Push: 2024-11-22 20:58:17 +0000 UTC |

ubaii/CVE-2024-52475 Broken Authentication in Wordpress plugin (Wawp Plugin < 3.0.18)
Create: 2024-11-22 18:29:54 +0000 UTC Push: 2024-11-22 18:29:54 +0000 UTC |

felmoltor/CVE-2024-48990 Qualys needsrestart vulnerability CVE-2024-48990
Create: 2024-11-22 17:35:58 +0000 UTC Push: 2024-11-22 17:41:34 +0000 UTC |

windz3r0day/CVE-2024-11381 CVE-2024-11381 poc exploit
Create: 2024-11-22 16:53:14 +0000 UTC Push: 2024-11-22 16:53:32 +0000 UTC |

windz3r0day/CVE-2024-11428 CVE-2024-11428 poc exploit
Create: 2024-11-22 16:51:47 +0000 UTC Push: 2024-11-22 16:52:04 +0000 UTC |

windz3r0day/CVE-2024-11412 CVE-2024-11412 poc exploit
Create: 2024-11-22 16:50:08 +0000 UTC Push: 2024-11-22 16:50:30 +0000 UTC |

windz3r0day/CVE-2024-11388 CVE-2024-11388 poc exploit
Create: 2024-11-22 16:48:21 +0000 UTC Push: 2024-11-22 16:48:22 +0000 UTC |

windz3r0day/CVE-2024-11432 CVE-2024-11432 poc exploit
Create: 2024-11-22 16:46:24 +0000 UTC Push: 2024-11-22 16:46:25 +0000 UTC |

RandomRobbieBF/CVE-2024-43919 YARPP <= 5.30.10 - Missing Authorization
Create: 2024-11-22 15:42:39 +0000 UTC Push: 2024-11-22 15:42:39 +0000 UTC |

XiaomingX/CVE-2024-36401-poc CVE-2024-36401是GeoServer中的一个高危远程代码执行漏洞。GeoServer是一款开源的地理数据服务器软件，主要用于发布、共享和处理各种地理空间数据。 ALIYUN 漏洞原理：该漏洞源于GeoServer在处理属性名称时，将其不安全地解析为XPath表达式。具体而言，GeoServer调用的GeoTools库API在评估要素类型的属性名称时，以不安全的方式将其传递给commons-jxpath库。由于commons-jxpath库在解析XPath表达式时允许执行任意代码，攻击者可以通过构造特定的输入，利用多个OGC请求参数（如WFS GetFeature、WFS GetPropertyValue、WMS GetMap等），在未经身份验证的情况下远程执行任意代码。
Create: 2024-11-22 14:21:53 +0000 UTC Push: 2024-11-22 14:21:54 +0000 UTC |