128 lines
No EOL
5.1 KiB
JSON
128 lines
No EOL
5.1 KiB
JSON
[
|
||
{
|
||
"name": "CVE-2024-36401",
|
||
"full_name": "Chocapikk/CVE-2024-36401",
|
||
"html_url": "https://github.com/Chocapikk/CVE-2024-36401",
|
||
"description": "GeoServer Remote Code Execution",
|
||
"stargazers_count": 78,
|
||
"forks_count": 12,
|
||
"created_at": "2024-07-30T18:43:40Z"
|
||
},
|
||
{
|
||
"name": "CVE-2024-36401",
|
||
"full_name": "Mr-xn/CVE-2024-36401",
|
||
"html_url": "https://github.com/Mr-xn/CVE-2024-36401",
|
||
"description": "Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploit",
|
||
"stargazers_count": 46,
|
||
"forks_count": 6,
|
||
"created_at": "2024-07-06T01:10:28Z"
|
||
},
|
||
{
|
||
"name": "CVE-2024-36401",
|
||
"full_name": "netuseradministrator/CVE-2024-36401",
|
||
"html_url": "https://github.com/netuseradministrator/CVE-2024-36401",
|
||
"description": "geoserver图形化漏洞利用工具",
|
||
"stargazers_count": 39,
|
||
"forks_count": 2,
|
||
"created_at": "2024-10-05T10:08:55Z"
|
||
},
|
||
{
|
||
"name": "CVE-2024-36401",
|
||
"full_name": "bigb0x/CVE-2024-36401",
|
||
"html_url": "https://github.com/bigb0x/CVE-2024-36401",
|
||
"description": "POC for CVE-2024-36401. This POC will attempt to establish a reverse shell from the vlun targets.",
|
||
"stargazers_count": 33,
|
||
"forks_count": 18,
|
||
"created_at": "2024-07-04T13:19:47Z"
|
||
},
|
||
{
|
||
"name": "CVE-2024-36401-WoodpeckerPlugin",
|
||
"full_name": "thestar0/CVE-2024-36401-WoodpeckerPlugin",
|
||
"html_url": "https://github.com/thestar0/CVE-2024-36401-WoodpeckerPlugin",
|
||
"description": "CVE-2024-36401-GeoServer Property 表达式注入 Rce woodpecker-framework 插件",
|
||
"stargazers_count": 11,
|
||
"forks_count": 1,
|
||
"created_at": "2024-11-22T03:57:12Z"
|
||
},
|
||
{
|
||
"name": "cve-2024-36401-poc",
|
||
"full_name": "XiaomingX/cve-2024-36401-poc",
|
||
"html_url": "https://github.com/XiaomingX/cve-2024-36401-poc",
|
||
"description": "CVE-2024-36401是GeoServer中的一个高危远程代码执行漏洞。GeoServer是一款开源的地理数据服务器软件,主要用于发布、共享和处理各种地理空间数据。 ALIYUN 漏洞原理: 该漏洞源于GeoServer在处理属性名称时,将其不安全地解析为XPath表达式。具体而言,GeoServer调用的GeoTools库API在评估要素类型的属性名称时,以不安全的方式将其传递给commons-jxpath库。由于commons-jxpath库在解析XPath表达式时允许执行任意代码,攻击者可以通过构造特定的输入,利用多个OGC请求参数(如WFS GetFeature、WFS GetPropertyValue、WMS GetMap等),在未经身份验证的情况下远程执行任意代码。 ",
|
||
"stargazers_count": 5,
|
||
"forks_count": 0,
|
||
"created_at": "2024-11-22T14:21:53Z"
|
||
},
|
||
{
|
||
"name": "CVE-2024-36401",
|
||
"full_name": "Niuwoo/CVE-2024-36401",
|
||
"html_url": "https://github.com/Niuwoo/CVE-2024-36401",
|
||
"description": "POC",
|
||
"stargazers_count": 4,
|
||
"forks_count": 0,
|
||
"created_at": "2024-07-05T03:02:30Z"
|
||
},
|
||
{
|
||
"name": "CVE-2024-36401-PoC",
|
||
"full_name": "daniellowrie/CVE-2024-36401-PoC",
|
||
"html_url": "https://github.com/daniellowrie/CVE-2024-36401-PoC",
|
||
"description": "Proof-of-Concept Exploit for CVE-2024-36401 GeoServer 2.25.1",
|
||
"stargazers_count": 3,
|
||
"forks_count": 2,
|
||
"created_at": "2024-09-13T10:28:48Z"
|
||
},
|
||
{
|
||
"name": "CVE-2024-36401",
|
||
"full_name": "0x0d3ad/CVE-2024-36401",
|
||
"html_url": "https://github.com/0x0d3ad/CVE-2024-36401",
|
||
"description": "CVE-2024-36401 (GeoServer Remote Code Execution)",
|
||
"stargazers_count": 2,
|
||
"forks_count": 0,
|
||
"created_at": "2024-11-27T19:13:49Z"
|
||
},
|
||
{
|
||
"name": "CVE-2024-36401",
|
||
"full_name": "RevoltSecurities/CVE-2024-36401",
|
||
"html_url": "https://github.com/RevoltSecurities/CVE-2024-36401",
|
||
"description": "Exploiter a Vulnerability detection and Exploitation tool for GeoServer Unauthenticated Remote Code Execution CVE-2024-36401.",
|
||
"stargazers_count": 2,
|
||
"forks_count": 1,
|
||
"created_at": "2024-07-05T15:24:50Z"
|
||
},
|
||
{
|
||
"name": "GeoServer-CVE-2024-36401",
|
||
"full_name": "punitdarji/GeoServer-CVE-2024-36401",
|
||
"html_url": "https://github.com/punitdarji/GeoServer-CVE-2024-36401",
|
||
"description": "GeoServer CVE-2024-36401: Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions",
|
||
"stargazers_count": 2,
|
||
"forks_count": 0,
|
||
"created_at": "2024-09-28T14:55:50Z"
|
||
},
|
||
{
|
||
"name": "CVE-2024-36401",
|
||
"full_name": "kkhackz0013/CVE-2024-36401",
|
||
"html_url": "https://github.com/kkhackz0013/CVE-2024-36401",
|
||
"description": null,
|
||
"stargazers_count": 0,
|
||
"forks_count": 0,
|
||
"created_at": "2024-10-14T15:57:06Z"
|
||
},
|
||
{
|
||
"name": "CVE-2024-36401-PoC",
|
||
"full_name": "yisas93/CVE-2024-36401-PoC",
|
||
"html_url": "https://github.com/yisas93/CVE-2024-36401-PoC",
|
||
"description": null,
|
||
"stargazers_count": 0,
|
||
"forks_count": 0,
|
||
"created_at": "2024-08-01T21:22:51Z"
|
||
},
|
||
{
|
||
"name": "CVE-2024-36401-GeoServer-RCE",
|
||
"full_name": "jakabakos/CVE-2024-36401-GeoServer-RCE",
|
||
"html_url": "https://github.com/jakabakos/CVE-2024-36401-GeoServer-RCE",
|
||
"description": null,
|
||
"stargazers_count": 0,
|
||
"forks_count": 0,
|
||
"created_at": "2024-07-12T07:01:12Z"
|
||
}
|
||
] |