CVE-2024-21887

This repository contains a functional exploit for CVE-2024-21887, a command injection vulnerability in Ivanti Connect and Policy Secure systems. The exploit includes both scanning and interactive shell capabilities, demonstrating the ability to execute arbitrary commands on vulnerable systems.

This repository contains a functional exploit for chaining CVE-2024-21893 (SSRF) and CVE-2024-21887 (command injection) in Ivanti Connect Secure appliances. The exploit includes a Python script for RCE and Nuclei templates for detection.

The repository contains functional exploit scripts for CVE-2023-46805 (authentication bypass) and CVE-2024-21887 (command injection) in Ivanti Connect Secure and Policy Secure. The scripts demonstrate path traversal and command injection via crafted API requests.

The repository contains a Python script designed to scan Ivanti Connect Secure & Policy Secure appliances for vulnerabilities related to CVE-2023-46805 and CVE-2024-21887. It performs multiple checks to detect authentication bypass and command injection vulnerabilities without exploiting them.

The repository contains a Python script that checks for the presence of CVE-2024-21887 by sending a GET request to a specific endpoint and analyzing the response. It does not exploit the vulnerability but scans for its presence.

This repository provides a Python script to parse Ivanti Secure Connect .vc0 log files into CSV format for forensic analysis, specifically targeting CVE-2025-0282. The tool extracts timestamps, converts hex values to human-readable formats, and maps message codes to descriptions.

The repository contains a functional Python script that exploits CVE-2023-46805 (authentication bypass) and CVE-2024-21887 (remote code execution) in Ivanti Connect Secure. It includes both vulnerability checking and command execution capabilities via crafted API requests.

The repository claims to be an exploit for CVE-2024-21887 but contains obfuscated Python code that uses marshal.loads to execute a hidden payload, which is highly suspicious and indicative of malicious intent.

This repository provides a Python script to decrypt and parse Ivanti Connect Secure system snapshots for IOCs related to CVE-2025-0282 and other vulnerabilities. It uses YARA rules to detect malware artifacts and parses process lists for suspicious activity.

The repository contains a functional exploit script for CVE-2024-21887, an RCE vulnerability in Ivanti Connect Secure. The script crafts a malicious payload using command injection via a path traversal technique and sends it to the target API endpoint.

The repository claims to be an exploit for CVE-2024-21887 but contains obfuscated Python code that uses marshal.loads to execute a hidden payload, which is highly suspicious and indicative of malicious intent.

This repository contains a functional Python script that exploits CVE-2024-21887 in Ivanti Connect Secure gateways by leveraging a path traversal vulnerability to execute a reverse shell via Ngrok. The script automates the setup of an Ngrok tunnel, constructs a malicious payload, and delivers it to the target system using a crafted curl command.

This Metasploit module chains CVE-2024-21893 (SSRF) and CVE-2024-21887 (command injection) to achieve unauthenticated RCE on Ivanti Connect Secure/Policy Secure. It leverages an SSRF in the xmltooling library to target a vulnerable internal service for command execution.

This Metasploit module chains CVE-2023-46805 (auth bypass) and CVE-2024-21887 (command injection) to achieve unauthenticated RCE on Ivanti Connect Secure/Policy Secure. It exploits a path traversal flaw to bypass authentication and injects commands via a JSON payload to the cloud-server-test-connection endpoint.

The repository contains detailed technical writeups for multiple CVEs, including CVE-2024-21887 (Ivanti Connect Secure RCE). Each writeup includes vulnerability descriptions, affected versions, and payload examples, demonstrating a clear understanding of the vulnerabilities.

This repository contains a functional exploit for CVE-2024-21887, which targets a path traversal vulnerability in an unspecified API endpoint to achieve remote code execution (RCE) via a reverse shell payload.