swap.gs

This page gathers some of the public bugs I found; don’t hesitate to reach out if you want to know more about them!

Popular Software

RCE in the Git URL handler in Visual Studio Code < 1.67.1 (CVE-2022-30129) Authentication bypass in Zabbix < 5.4.9 (CVE-2022-23131, CVE-2022-23134) RCE via Git in Visual Studio Code < 1.63.1 (CVE-2021-43891) RCEs in elFinder <= 2.1.59 (CVE-2021-32682) LPE in Ubuntu pppd < 2.4.7-2+4.1ubuntu5.1 (CVE-2020-15704) RCEs in ruTorrent <= 55ddfb4 RCE in Duplicator < 1.2.42 (CVE-2018-17207) RCE in Etherpad <= 1.6.3 (CVE-2018-9326) RCE in Etherpad's UberDB <= 1.6.3 (CVE-2018-9327)

Pwn2Own Targets

Pwn2Own 2022 – WAN RCE on Synology RT6600ax Pwn2Own 2020 – LAN RCE on TP-Link AC1750 sync-server (CVE-2021-27246) Pwn2Own 2020 – LAN RCE on Western Digital PR4100 login_mgr.cgi

Package Managers Backends and Code Hosting

RCEs in SourceHut’s git.sr.ht (1, 2) RCEs in SourceHut’s hg.sr.ht (patch) RCE in Soko affecting packages.gentoo.org (CVE-2023-28424, CVE-TBD) RCE in pearweb affecting pear.php.net (CVE-2022-27158, CVE-2022-27157) RCE in Composer <= 2.3.4 affecting packagist.org (CVE-2022-24828) RCE in Composer <= 2.0.12 affecting packagist.org (CVE-2021-29472)

Misc.

Heap Overflow in Zscaler for Linux (CVE-2023-28793) JavaScript Injection in pacparser < 1.4.2 (CVE-2023-28798) Blind SSRF on WordPress (CVE-2022-3590) RCEs in Melis Platform (CVE-2022-39296, CVE-2022-39297, CVE-2022-39298) RCE in Icinga < 2.8.6, 2.9.6, 2.10 (CVE-2022-24715, CVE-2022-24716) RCE in Crypt_GPG < 1.6.7 (CVE-2022-24953) PID recycling in ZscalerTunnel for MacOS (CVE-2021-26737) RCE in GoCD < 21.3.0 (CVE-2021-43286) Stored XSS to RCE in SmartStoreNET (CVE-2021-32607, CVE-2021-32608) RCE in Cachet <= 2.4 (CVE-2021-39172, CVE-2021-39173, CVE-2021-39174) RCE via phar handler in elFinder <= 2.1.59 (CVE-2021-23394) Format String in mod-auth-openidc <= 2.4.8.4 (CVE-2021-32785) Open Redirect in mod-auth-openidc <= 2.4.8.4 (CVE-2021-32786) RCE via missing authorization in Grav CMS < 1.7.10 (CVE-2021-29439) RCE via SSTI in Grav CMS < 1.7.10 (CVE-2021-29440) LPE in Softaculous (CVE-2020-26886) LPE in Fortinet's SSL VPN client for Linux LPE in Aegir Hostmaster XXE in SAP Control Center, SAP Cockpit Framework SSRF in w3-total-cache < 0.9.7.4 (CVE-2018-9845) SQLi in wp-google-maps < 7.11.18 (CVE-2019-10692) RCE in elFinder < 2.1.48 (CVE-2019-9194) SQLi in GLPI <= 9.3.3 (CVE-2019-10232) XXE and SSRF in Jenkins Job Import <= 2.1 Blind SQLi in wp-statistics < 12.6.7 (CVE-2019-13275) RCEs in PineApp Mail Secure 5.1 SQLi in Flyspray <= v1.0-rc6 SQLi in Image Intense <= 3.2.5 LPE in Super Duper <= 3.1.6 Reflected XSS in Zend Server < 9.1.3 (CVE-2018-10230) Authentication bypass in Etherpad <= 1.6.3 (CVE-2018-9845) Information leak in Etherpad <= 1.6.3 (CVE-2018-9325)