PoCHub.io

Latest — 06 May 2025

CVE-2021-23017

Description: A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. Link: Visit the GitHub Repository Language: Python Owner: moften Stars: 0

More issues

CVE-2014-6271

Description: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the

CVE-2016-5195

Description: Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016,

CVE-2012-3576

Description: Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart. Link: Visit the

CVE-2023-46818

Description: An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled. Link: Visit the GitHub Repository Language: Shell Owner: rvizx Stars: 1 Forks: 0

CVE-2023-4226

Description: Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Link: Visit the GitHub Repository Language: Python Owner: SkyW4r33x Stars: 0 Forks: 0

CVE-2024-36401

Description: GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation

CVE-2022-25012

Description: Argus Surveillance DVR v4.0 employs weak password encryption. Link: Visit the GitHub Repository Language: Python Owner: G4sp4rCS Stars: 0 Forks: 0

CVE-2023-27372

Description: SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1. Link: Visit the GitHub Repository Language: Python Owner: 1Ronkkeli Stars: 0 Forks:

CVE-2022-3552

Description: Unrestricted Upload of File with Dangerous Type in GitHub repository boxbilling/boxbilling prior to 0.0.1. Link: Visit the GitHub Repository Language: Python Owner: BakalMode Stars: 1 Forks: 0