From 3428c6bdc68b01b3834d6cf30d039e60f927f4f5 Mon Sep 17 00:00:00 2001 From: 0xMarcio Date: Mon, 5 Aug 2024 18:41:32 +0000 Subject: [PATCH] Update CVE sources 2024-08-05 18:41 --- 2000/CVE-2000-0114.md | 2 + 2000/CVE-2000-0564.md | 1 + 2001/CVE-2001-0080.md | 17 + 2003/CVE-2003-0282.md | 1 + 2003/CVE-2003-0983.md | 17 + 2004/CVE-2004-1151.md | 18 + 2005/CVE-2005-0196.md | 17 + 2006/CVE-2006-0179.md | 1 + 2006/CVE-2006-2166.md | 17 + 2006/CVE-2006-5051.md | 2 + 2007/CVE-2007-1860.md | 1 + 2008/CVE-2008-0166.md | 1 + 2008/CVE-2008-1930.md | 1 + 2008/CVE-2008-3531.md | 1 + 2008/CVE-2008-4109.md | 2 + 2008/CVE-2008-4250.md | 1 + 2008/CVE-2008-6178.md | 1 + 2009/CVE-2009-2265.md | 1 + 2009/CVE-2009-2324.md | 17 + 2010/CVE-2010-0219.md | 2 + 2010/CVE-2010-0828.md | 17 + 2010/CVE-2010-1238.md | 17 + 2010/CVE-2010-2918.md | 1 + 2011/CVE-2011-1002.md | 1 + 2011/CVE-2011-2523.md | 3 + 2012/CVE-2012-1823.md | 1 + 2012/CVE-2012-2122.md | 1 + 2012/CVE-2012-2661.md | 1 + 2012/CVE-2012-6081.md | 1 + 2013/CVE-2013-2028.md | 1 + 2013/CVE-2013-4547.md | 1 + 2013/CVE-2013-6026.md | 1 + 2013/CVE-2013-6632.md | 1 + 2014/CVE-2014-0160.md | 2 + 2014/CVE-2014-0224.md | 1 + 2014/CVE-2014-0260.md | 17 + 2014/CVE-2014-125106.md | 17 + 2014/CVE-2014-1513.md | 1 + 2014/CVE-2014-1705.md | 1 + 2014/CVE-2014-3176.md | 1 + 2014/CVE-2014-3566.md | 1 + 2014/CVE-2014-3704.md | 1 + 2014/CVE-2014-4113.md | 1 + 2014/CVE-2014-4210.md | 1 + 2014/CVE-2014-6271.md | 4 + 2014/CVE-2014-6446.md | 1 + 2014/CVE-2014-7927.md | 1 + 2014/CVE-2014-7928.md | 1 + 2015/CVE-2015-0057.md | 1 + 2015/CVE-2015-0886.md | 1 + 2015/CVE-2015-10065.md | 17 + 2015/CVE-2015-1233.md | 1 + 2015/CVE-2015-1242.md | 1 + 2015/CVE-2015-1427.md | 1 + 2015/CVE-2015-1635.md | 2 + 2015/CVE-2015-1701.md | 1 + 2015/CVE-2015-2208.md | 1 + 2015/CVE-2015-3440.md | 1 + 2015/CVE-2015-4000.md | 1 + 2015/CVE-2015-5377.md | 1 + 2015/CVE-2015-6668.md | 1 + 2015/CVE-2015-6764.md | 1 + 2015/CVE-2015-6771.md | 1 + 2015/CVE-2015-7204.md | 17 + 2015/CVE-2015-7808.md | 1 + 2015/CVE-2015-8548.md | 1 + 2015/CVE-2015-8584.md | 1 + 2016/CVE-2016-0638.md | 1 + 2016/CVE-2016-0783.md | 1 + 2016/CVE-2016-1531.md | 1 + 2016/CVE-2016-1646.md | 1 + 2016/CVE-2016-1653.md | 1 + 2016/CVE-2016-1665.md | 1 + 2016/CVE-2016-1669.md | 1 + 2016/CVE-2016-1677.md | 1 + 2016/CVE-2016-1688.md | 1 + 2016/CVE-2016-1857.md | 1 + 2016/CVE-2016-2177.md | 1 + 2016/CVE-2016-2178.md | 1 + 2016/CVE-2016-2179.md | 1 + 2016/CVE-2016-2180.md | 1 + 2016/CVE-2016-2182.md | 1 + 2016/CVE-2016-3309.md | 1 + 2016/CVE-2016-3386.md | 1 + 2016/CVE-2016-3510.md | 1 + 2016/CVE-2016-4437.md | 1 + 2016/CVE-2016-4622.md | 1 + 2016/CVE-2016-4734.md | 1 + 2016/CVE-2016-4977.md | 1 + 2016/CVE-2016-5129.md | 1 + 2016/CVE-2016-5172.md | 1 + 2016/CVE-2016-5195.md | 1 + 2016/CVE-2016-5198.md | 1 + 2016/CVE-2016-5200.md | 1 + 2016/CVE-2016-6306.md | 1 + 2016/CVE-2016-6309.md | 1 + 2016/CVE-2016-7052.md | 1 + 2016/CVE-2016-7189.md | 1 + 2016/CVE-2016-7190.md | 1 + 2016/CVE-2016-7194.md | 1 + 2016/CVE-2016-7200.md | 1 + 2016/CVE-2016-7201.md | 1 + 2016/CVE-2016-7202.md | 1 + 2016/CVE-2016-7203.md | 1 + 2016/CVE-2016-7240.md | 1 + 2016/CVE-2016-7241.md | 1 + 2016/CVE-2016-7255.md | 1 + 2016/CVE-2016-7286.md | 1 + 2016/CVE-2016-7287.md | 1 + 2016/CVE-2016-7288.md | 1 + 2016/CVE-2016-8869.md | 1 + 2016/CVE-2016-8870.md | 1 + 2016/CVE-2016-9651.md | 1 + 2017/CVE-2017-0005.md | 1 + 2017/CVE-2017-0015.md | 1 + 2017/CVE-2017-0071.md | 1 + 2017/CVE-2017-0134.md | 1 + 2017/CVE-2017-0141.md | 1 + 2017/CVE-2017-0144.md | 1 + 2017/CVE-2017-0199.md | 1 + 2017/CVE-2017-0234.md | 1 + 2017/CVE-2017-0236.md | 1 + 2017/CVE-2017-10271.md | 2 + 2017/CVE-2017-11764.md | 1 + 2017/CVE-2017-11793.md | 1 + 2017/CVE-2017-11799.md | 1 + 2017/CVE-2017-11802.md | 1 + 2017/CVE-2017-11809.md | 1 + 2017/CVE-2017-11811.md | 1 + 2017/CVE-2017-11839.md | 1 + 2017/CVE-2017-11840.md | 1 + 2017/CVE-2017-11841.md | 1 + 2017/CVE-2017-11855.md | 1 + 2017/CVE-2017-11861.md | 1 + 2017/CVE-2017-11870.md | 1 + 2017/CVE-2017-11873.md | 1 + 2017/CVE-2017-11890.md | 1 + 2017/CVE-2017-11893.md | 1 + 2017/CVE-2017-11903.md | 1 + 2017/CVE-2017-11906.md | 1 + 2017/CVE-2017-11907.md | 1 + 2017/CVE-2017-11909.md | 1 + 2017/CVE-2017-11911.md | 1 + 2017/CVE-2017-11914.md | 1 + 2017/CVE-2017-11918.md | 1 + 2017/CVE-2017-12615.md | 1 + 2017/CVE-2017-12794.md | 1 + 2017/CVE-2017-14849.md | 1 + 2017/CVE-2017-14961.md | 1 + 2017/CVE-2017-15399.md | 1 + 2017/CVE-2017-15401.md | 1 + 2017/CVE-2017-15715.md | 1 + 2017/CVE-2017-18640.md | 1 + 2017/CVE-2017-2446.md | 1 + 2017/CVE-2017-2447.md | 1 + 2017/CVE-2017-2464.md | 1 + 2017/CVE-2017-2491.md | 1 + 2017/CVE-2017-2521.md | 1 + 2017/CVE-2017-2531.md | 1 + 2017/CVE-2017-2536.md | 1 + 2017/CVE-2017-2547.md | 1 + 2017/CVE-2017-3248.md | 1 + 2017/CVE-2017-3506.md | 1 + 2017/CVE-2017-5030.md | 1 + 2017/CVE-2017-5040.md | 1 + 2017/CVE-2017-5053.md | 1 + 2017/CVE-2017-5070.md | 1 + 2017/CVE-2017-5071.md | 1 + 2017/CVE-2017-5088.md | 1 + 2017/CVE-2017-5098.md | 1 + 2017/CVE-2017-5115.md | 1 + 2017/CVE-2017-5116.md | 1 + 2017/CVE-2017-5121.md | 1 + 2017/CVE-2017-5122.md | 1 + 2017/CVE-2017-5638.md | 1 + 2017/CVE-2017-5645.md | 1 + 2017/CVE-2017-5929.md | 1 + 2017/CVE-2017-6980.md | 1 + 2017/CVE-2017-6984.md | 1 + 2017/CVE-2017-7056.md | 1 + 2017/CVE-2017-7061.md | 1 + 2017/CVE-2017-7092.md | 1 + 2017/CVE-2017-7117.md | 1 + 2017/CVE-2017-8046.md | 1 + 2017/CVE-2017-8360.md | 1 + 2017/CVE-2017-8548.md | 1 + 2017/CVE-2017-8601.md | 1 + 2017/CVE-2017-8634.md | 1 + 2017/CVE-2017-8636.md | 1 + 2017/CVE-2017-8640.md | 1 + 2017/CVE-2017-8645.md | 1 + 2017/CVE-2017-8646.md | 1 + 2017/CVE-2017-8656.md | 1 + 2017/CVE-2017-8657.md | 1 + 2017/CVE-2017-8670.md | 1 + 2017/CVE-2017-8671.md | 1 + 2017/CVE-2017-8729.md | 1 + 2017/CVE-2017-8740.md | 1 + 2017/CVE-2017-8755.md | 1 + 2018/CVE-2018-0758.md | 1 + 2018/CVE-2018-0767.md | 1 + 2018/CVE-2018-0769.md | 1 + 2018/CVE-2018-0770.md | 1 + 2018/CVE-2018-0774.md | 1 + 2018/CVE-2018-0775.md | 1 + 2018/CVE-2018-0776.md | 1 + 2018/CVE-2018-0777.md | 1 + 2018/CVE-2018-0780.md | 1 + 2018/CVE-2018-0834.md | 1 + 2018/CVE-2018-0835.md | 1 + 2018/CVE-2018-0837.md | 1 + 2018/CVE-2018-0838.md | 1 + 2018/CVE-2018-0840.md | 1 + 2018/CVE-2018-0860.md | 1 + 2018/CVE-2018-0891.md | 1 + 2018/CVE-2018-0933.md | 1 + 2018/CVE-2018-0934.md | 1 + 2018/CVE-2018-0935.md | 1 + 2018/CVE-2018-0953.md | 1 + 2018/CVE-2018-0980.md | 1 + 2018/CVE-2018-1000030.md | 1 + 2018/CVE-2018-1000129.md | 1 + 2018/CVE-2018-1000802.md | 2 +- 2018/CVE-2018-10237.md | 1 + 2018/CVE-2018-1058.md | 1 + 2018/CVE-2018-1060.md | 1 + 2018/CVE-2018-1061.md | 17 + 2018/CVE-2018-10933.md | 1 + 2018/CVE-2018-12387.md | 1 + 2018/CVE-2018-1335.md | 1 + 2018/CVE-2018-13379.md | 1 + 2018/CVE-2018-14574.md | 1 + 2018/CVE-2018-14647.md | 2 +- 2018/CVE-2018-16065.md | 1 + 2018/CVE-2018-16259.md | 2 +- 2018/CVE-2018-16310.md | 2 +- 2018/CVE-2018-16509.md | 1 + 2018/CVE-2018-16585.md | 17 + 2018/CVE-2018-16710.md | 17 + 2018/CVE-2018-17103.md | 2 +- 2018/CVE-2018-17231.md | 17 + 2018/CVE-2018-17400.md | 17 + 2018/CVE-2018-17401.md | 17 + 2018/CVE-2018-17402.md | 17 + 2018/CVE-2018-17403.md | 17 + 2018/CVE-2018-17463.md | 1 + 2018/CVE-2018-17538.md | 17 + 2018/CVE-2018-17861.md | 2 +- 2018/CVE-2018-17862.md | 2 +- 2018/CVE-2018-17865.md | 17 + 2018/CVE-2018-18013.md | 1 + 2018/CVE-2018-18014.md | 2 +- 2018/CVE-2018-18260.md | 2 +- 2018/CVE-2018-18290.md | 17 + 2018/CVE-2018-18307.md | 2 +- 2018/CVE-2018-18319.md | 2 +- 2018/CVE-2018-18320.md | 2 +- 2018/CVE-2018-18405.md | 17 + 2018/CVE-2018-18466.md | 17 + 2018/CVE-2018-2628.md | 1 + 2018/CVE-2018-2893.md | 1 + 2018/CVE-2018-2894.md | 2 + 2018/CVE-2018-3191.md | 1 + 2018/CVE-2018-3245.md | 1 + 2018/CVE-2018-3252.md | 1 + 2018/CVE-2018-4233.md | 1 + 2018/CVE-2018-4382.md | 1 + 2018/CVE-2018-4386.md | 1 + 2018/CVE-2018-4416.md | 1 + 2018/CVE-2018-4438.md | 1 + 2018/CVE-2018-4441.md | 1 + 2018/CVE-2018-4442.md | 1 + 2018/CVE-2018-4443.md | 1 + 2018/CVE-2018-6056.md | 1 + 2018/CVE-2018-6061.md | 1 + 2018/CVE-2018-6064.md | 1 + 2018/CVE-2018-6065.md | 1 + 2018/CVE-2018-6092.md | 1 + 2018/CVE-2018-6106.md | 1 + 2018/CVE-2018-6122.md | 1 + 2018/CVE-2018-6136.md | 1 + 2018/CVE-2018-6142.md | 1 + 2018/CVE-2018-6143.md | 1 + 2018/CVE-2018-6149.md | 1 + 2018/CVE-2018-7600.md | 1 + 2018/CVE-2018-8139.md | 1 + 2018/CVE-2018-8145.md | 1 + 2018/CVE-2018-8229.md | 1 + 2018/CVE-2018-8279.md | 1 + 2018/CVE-2018-8288.md | 1 + 2018/CVE-2018-8291.md | 1 + 2018/CVE-2018-8298.md | 1 + 2018/CVE-2018-8353.md | 1 + 2018/CVE-2018-8355.md | 1 + 2018/CVE-2018-8384.md | 1 + 2018/CVE-2018-8389.md | 1 + 2018/CVE-2018-8453.md | 1 + 2018/CVE-2018-8466.md | 1 + 2018/CVE-2018-8467.md | 1 + 2018/CVE-2018-8589.md | 1 + 2018/CVE-2018-8617.md | 1 + 2018/CVE-2018-8631.md | 1 + 2019/CVE-2019-0539.md | 1 + 2019/CVE-2019-0567.md | 1 + 2019/CVE-2019-0568.md | 1 + 2019/CVE-2019-0708.md | 1 + 2019/CVE-2019-0859.md | 1 + 2019/CVE-2019-0930.md | 1 + 2019/CVE-2019-1132.md | 1 + 2019/CVE-2019-11358.md | 3 + 2019/CVE-2019-14234.md | 1 + 2019/CVE-2019-14287.md | 1 + 2019/CVE-2019-15107.md | 1 + 2019/CVE-2019-16869.md | 1 + 2019/CVE-2019-16884.md | 1 + 2019/CVE-2019-18634.md | 2 + 2019/CVE-2019-18845.md | 1 + 2019/CVE-2019-19921.md | 1 + 2019/CVE-2019-2222.md | 17 + 2019/CVE-2019-25078.md | 17 + 2019/CVE-2019-2618.md | 1 + 2019/CVE-2019-2725.md | 1 + 2019/CVE-2019-2729.md | 1 + 2019/CVE-2019-2890.md | 1 + 2019/CVE-2019-5736.md | 1 + 2019/CVE-2019-5755.md | 1 + 2019/CVE-2019-5782.md | 1 + 2019/CVE-2019-5784.md | 1 + 2019/CVE-2019-6215.md | 1 + 2019/CVE-2019-6447.md | 1 + 2019/CVE-2019-7304.md | 1 + 2019/CVE-2019-7314.md | 1 + 2019/CVE-2019-8506.md | 1 + 2019/CVE-2019-8518.md | 1 + 2019/CVE-2019-8558.md | 1 + 2019/CVE-2019-9193.md | 1 + 2019/CVE-2019-9791.md | 1 + 2019/CVE-2019-9813.md | 1 + 2020/CVE-2020-0796.md | 3 + 2020/CVE-2020-1054.md | 1 + 2020/CVE-2020-11651.md | 1 + 2020/CVE-2020-11652.md | 1 + 2020/CVE-2020-12138.md | 1 + 2020/CVE-2020-1472.md | 3 + 2020/CVE-2020-14750.md | 1 + 2020/CVE-2020-14882.md | 1 + 2020/CVE-2020-14883.md | 1 + 2020/CVE-2020-15999.md | 1 + 2020/CVE-2020-17519.md | 1 + 2020/CVE-2020-1938.md | 1 + 2020/CVE-2020-2034.md | 1 + 2020/CVE-2020-2551.md | 1 + 2020/CVE-2020-26048.md | 1 + 2020/CVE-2020-5410.md | 1 + 2020/CVE-2020-6514.md | 1 + 2020/CVE-2020-8808.md | 1 + 2021/CVE-2021-1675.md | 2 + 2021/CVE-2021-2086.md | 2 + 2021/CVE-2021-21972.md | 1 + 2021/CVE-2021-22204.md | 1 + 2021/CVE-2021-22986.md | 1 + 2021/CVE-2021-26085.md | 1 + 2021/CVE-2021-26706.md | 17 + 2021/CVE-2021-27550.md | 1 + 2021/CVE-2021-27928.md | 1 + 2021/CVE-2021-28169.md | 1 + 2021/CVE-2021-29425.md | 1 + 2021/CVE-2021-31207.md | 1 + 2021/CVE-2021-3129.md | 1 + 2021/CVE-2021-3156.md | 1 + 2021/CVE-2021-32292.md | 2 +- 2021/CVE-2021-32495.md | 1 + 2021/CVE-2021-32845.md | 2 +- 2021/CVE-2021-32846.md | 2 +- 2021/CVE-2021-33304.md | 17 + 2021/CVE-2021-33797.md | 2 +- 2021/CVE-2021-34119.md | 2 +- 2021/CVE-2021-34280.md | 2 + 2021/CVE-2021-34473.md | 1 + 2021/CVE-2021-34523.md | 1 + 2021/CVE-2021-34527.md | 1 + 2021/CVE-2021-3493.md | 1 + 2021/CVE-2021-34973.md | 2 + 2021/CVE-2021-35540.md | 2 + 2021/CVE-2021-3560.md | 1 + 2021/CVE-2021-36934.md | 1 + 2021/CVE-2021-36942.md | 1 + 2021/CVE-2021-37778.md | 1 + 2021/CVE-2021-4034.md | 2 + 2021/CVE-2021-41379.md | 1 + 2021/CVE-2021-41773.md | 2 + 2021/CVE-2021-42013.md | 2 + 2021/CVE-2021-42278.md | 1 + 2021/CVE-2021-42287.md | 1 + 2021/CVE-2021-42321.md | 1 + 2021/CVE-2021-42550.md | 1 + 2021/CVE-2021-44228.md | 2 + 2021/CVE-2021-45978.md | 2 + 2021/CVE-2021-45979.md | 2 + 2021/CVE-2021-45980.md | 2 + 2022/CVE-2022-0129.md | 1 + 2022/CVE-2022-0517.md | 1 + 2022/CVE-2022-0847.md | 2 + 2022/CVE-2022-1638.md | 1 + 2022/CVE-2022-21999.md | 1 + 2022/CVE-2022-22004.md | 1 + 2022/CVE-2022-22947.md | 1 + 2022/CVE-2022-22963.md | 1 + 2022/CVE-2022-22965.md | 1 + 2022/CVE-2022-23119.md | 1 + 2022/CVE-2022-23120.md | 1 + 2022/CVE-2022-23202.md | 1 + 2022/CVE-2022-24356.md | 1 + 2022/CVE-2022-24370.md | 1 + 2022/CVE-2022-24543.md | 1 + 2022/CVE-2022-24715.md | 1 + 2022/CVE-2022-24954.md | 1 + 2022/CVE-2022-24955.md | 1 + 2022/CVE-2022-26134.md | 3 + 2022/CVE-2022-26319.md | 1 + 2022/CVE-2022-26337.md | 1 + 2022/CVE-2022-27842.md | 1 + 2022/CVE-2022-27843.md | 1 + 2022/CVE-2022-28541.md | 1 + 2022/CVE-2022-28550.md | 1 + 2022/CVE-2022-28779.md | 1 + 2022/CVE-2022-29021.md | 2 +- 2022/CVE-2022-30557.md | 1 + 2022/CVE-2022-30744.md | 1 + 2022/CVE-2022-31003.md | 18 + 2022/CVE-2022-31214.md | 1 + 2022/CVE-2022-32787.md | 1 + 2022/CVE-2022-32816.md | 1 + 2022/CVE-2022-33711.md | 1 + 2022/CVE-2022-34918.md | 1 + 2022/CVE-2022-36840.md | 1 + 2022/CVE-2022-37376.md | 1 + 2022/CVE-2022-37377.md | 1 + 2022/CVE-2022-37378.md | 1 + 2022/CVE-2022-39227.md | 2 +- 2022/CVE-2022-39421.md | 1 + 2022/CVE-2022-39845.md | 1 + 2022/CVE-2022-40684.md | 1 + 2022/CVE-2022-41040.md | 1 + 2022/CVE-2022-41082.md | 1 + 2022/CVE-2022-4202.md | 2 +- 2022/CVE-2022-42799.md | 1 + 2022/CVE-2022-42823.md | 1 + 2022/CVE-2022-42824.md | 1 + 2022/CVE-2022-44010.md | 17 + 2022/CVE-2022-4568.md | 17 + 2022/CVE-2022-4603.md | 17 + 2022/CVE-2022-46169.md | 1 + 2022/CVE-2022-46698.md | 1 + 2022/CVE-2022-46875.md | 1 + 2022/CVE-2022-47445.md | 17 + 2022/CVE-2022-47589.md | 17 + 2022/CVE-2022-48666.md | 2 +- 2023/CVE-2023-1829.md | 1 + 2023/CVE-2023-2033.md | 1 + 2023/CVE-2023-2052.md | 17 + 2023/CVE-2023-2097.md | 1 + 2023/CVE-2023-2136.md | 1 + 2023/CVE-2023-21746.md | 1 + 2023/CVE-2023-21768.md | 1 + 2023/CVE-2023-21817.md | 1 + 2023/CVE-2023-22518.md | 1 + 2023/CVE-2023-22622.md | 1 + 2023/CVE-2023-22809.md | 1 + 2023/CVE-2023-23517.md | 1 + 2023/CVE-2023-23518.md | 1 + 2023/CVE-2023-23609.md | 17 + 2023/CVE-2023-23752.md | 1 + 2023/CVE-2023-25076.md | 1 + 2023/CVE-2023-25143.md | 1 + 2023/CVE-2023-25564.md | 17 + 2023/CVE-2023-25690.md | 1 + 2023/CVE-2023-25741.md | 1 + 2023/CVE-2023-2598.md | 2 + 2023/CVE-2023-26048.md | 1 + 2023/CVE-2023-26049.md | 1 + 2023/CVE-2023-2640.md | 1 + 2023/CVE-2023-27103.md | 2 +- 2023/CVE-2023-27429.md | 17 + 2023/CVE-2023-28201.md | 1 + 2023/CVE-2023-2865.md | 17 + 2023/CVE-2023-28879.md | 1 + 2023/CVE-2023-2905.md | 2 +- 2023/CVE-2023-29531.md | 1 + 2023/CVE-2023-29539.md | 1 + 2023/CVE-2023-29546.md | 18 + 2023/CVE-2023-30078.md | 17 + 2023/CVE-2023-30746.md | 17 + 2023/CVE-2023-3079.md | 1 + 2023/CVE-2023-31568.md | 2 +- 2023/CVE-2023-32233.md | 1 + 2023/CVE-2023-32236.md | 17 + 2023/CVE-2023-32409.md | 1 + 2023/CVE-2023-32629.md | 1 + 2023/CVE-2023-33246.md | 1 + 2023/CVE-2023-34127.md | 2 +- 2023/CVE-2023-34133.md | 2 +- 2023/CVE-2023-34362.md | 1 + 2023/CVE-2023-34462.md | 17 + 2023/CVE-2023-36478.md | 18 + 2023/CVE-2023-36479.md | 17 + 2023/CVE-2023-36874.md | 1 + 2023/CVE-2023-3776.md | 1 + 2023/CVE-2023-39434.md | 1 + 2023/CVE-2023-39848.md | 1 + 2023/CVE-2023-40167.md | 17 + 2023/CVE-2023-40284.md | 17 + 2023/CVE-2023-40287.md | 17 + 2023/CVE-2023-40288.md | 17 + 2023/CVE-2023-40403.md | 1 + 2023/CVE-2023-41061.md | 1 + 2023/CVE-2023-41064.md | 1 + 2023/CVE-2023-41361.md | 17 + 2023/CVE-2023-41504.md | 1 + 2023/CVE-2023-41991.md | 1 + 2023/CVE-2023-41992.md | 1 + 2023/CVE-2023-41993.md | 1 + 2023/CVE-2023-4206.md | 1 + 2023/CVE-2023-4260.md | 1 + 2023/CVE-2023-4262.md | 8 +- 2023/CVE-2023-42793.md | 1 + 2023/CVE-2023-42916.md | 1 + 2023/CVE-2023-42917.md | 1 + 2023/CVE-2023-43177.md | 1 + 2023/CVE-2023-43641.md | 1 + 2023/CVE-2023-43768.md | 17 + 2023/CVE-2023-44483.md | 1 + 2023/CVE-2023-44487.md | 1 + 2023/CVE-2023-4450.md | 1 + 2023/CVE-2023-4582.md | 1 + 2023/CVE-2023-46602.md | 1 + 2023/CVE-2023-46747.md | 1 + 2023/CVE-2023-48106.md | 1 + 2023/CVE-2023-48107.md | 1 + 2023/CVE-2023-48903.md | 1 + 2023/CVE-2023-49070.md | 1 + 2023/CVE-2023-4911.md | 2 + 2023/CVE-2023-4966.md | 1 + 2023/CVE-2023-4967.md | 18 + 2023/CVE-2023-49984.md | 1 + 2023/CVE-2023-5072.md | 1 + 2023/CVE-2023-50965.md | 1 + 2023/CVE-2023-51467.md | 1 + 2023/CVE-2023-51775.md | 2 +- 2023/CVE-2023-5217.md | 1 + 2023/CVE-2023-52428.md | 1 + 2023/CVE-2023-52430.md | 2 +- 2023/CVE-2023-6267.md | 2 +- 2023/CVE-2023-6378.md | 1 + 2023/CVE-2023-6394.md | 2 +- 2023/CVE-2023-6856.md | 1 + 2023/CVE-2023-7023.md | 17 + 2023/CVE-2023-7024.md | 1 + 2023/CVE-2023-7028.md | 1 + 2024/CVE-2024-0023.md | 2 +- 2024/CVE-2024-0040.md | 1 + 2024/CVE-2024-0044.md | 1 + 2024/CVE-2024-0049.md | 2 +- 2024/CVE-2024-0321.md | 1 + 2024/CVE-2024-0560.md | 2 +- 2024/CVE-2024-0769.md | 1 + 2024/CVE-2024-0874.md | 1 + 2024/CVE-2024-1023.md | 2 +- 2024/CVE-2024-1086.md | 1 + 2024/CVE-2024-1112.md | 1 + 2024/CVE-2024-1286.md | 17 + 2024/CVE-2024-1287.md | 17 + 2024/CVE-2024-1300.md | 2 +- 2024/CVE-2024-1635.md | 1 - 2024/CVE-2024-1708.md | 1 + 2024/CVE-2024-1709.md | 1 + 2024/CVE-2024-1724.md | 17 + 2024/CVE-2024-1747.md | 18 + 2024/CVE-2024-20666.md | 1 + 2024/CVE-2024-20861.md | 1 + 2024/CVE-2024-20862.md | 1 + 2024/CVE-2024-21006.md | 1 + 2024/CVE-2024-21338.md | 1 + 2024/CVE-2024-2149.md | 2 +- 2024/CVE-2024-21492.md | 1 + 2024/CVE-2024-21493.md | 1 + 2024/CVE-2024-21494.md | 1 + 2024/CVE-2024-21495.md | 1 + 2024/CVE-2024-21496.md | 1 + 2024/CVE-2024-21497.md | 1 + 2024/CVE-2024-21498.md | 1 + 2024/CVE-2024-21499.md | 1 + 2024/CVE-2024-21500.md | 1 + 2024/CVE-2024-21521.md | 1 + 2024/CVE-2024-21522.md | 1 + 2024/CVE-2024-21523.md | 1 + 2024/CVE-2024-21524.md | 1 + 2024/CVE-2024-21525.md | 1 + 2024/CVE-2024-21583.md | 4 + 2024/CVE-2024-2191.md | 17 + 2024/CVE-2024-22201.md | 17 + 2024/CVE-2024-2232.md | 17 + 2024/CVE-2024-23079.md | 17 + 2024/CVE-2024-23282.md | 1 + 2024/CVE-2024-23286.md | 1 + 2024/CVE-2024-23334.md | 1 + 2024/CVE-2024-24092.md | 1 + 2024/CVE-2024-24110.md | 17 + 2024/CVE-2024-24549.md | 1 + 2024/CVE-2024-24786.md | 1 + 2024/CVE-2024-2479.md | 1 + 2024/CVE-2024-2480.md | 1 + 2024/CVE-2024-24919.md | 1 + 2024/CVE-2024-25331.md | 17 + 2024/CVE-2024-25638.md | 2 +- 2024/CVE-2024-25639.md | 17 + 2024/CVE-2024-25710.md | 1 + 2024/CVE-2024-25947.md | 17 + 2024/CVE-2024-25948.md | 17 + 2024/CVE-2024-26308.md | 1 + 2024/CVE-2024-2700.md | 2 +- 2024/CVE-2024-27198.md | 1 + 2024/CVE-2024-27199.md | 1 + 2024/CVE-2024-27211.md | 1 + 2024/CVE-2024-27357.md | 17 + 2024/CVE-2024-27358.md | 17 + 2024/CVE-2024-27440.md | 19 + 2024/CVE-2024-27489.md | 17 + 2024/CVE-2024-27626.md | 1 + 2024/CVE-2024-28093.md | 2 +- 2024/CVE-2024-2843.md | 17 + 2024/CVE-2024-2872.md | 17 + 2024/CVE-2024-28752.md | 1 + 2024/CVE-2024-28804.md | 17 + 2024/CVE-2024-28805.md | 17 + 2024/CVE-2024-28806.md | 17 + 2024/CVE-2024-28835.md | 1 + 2024/CVE-2024-29025.md | 1 + 2024/CVE-2024-29029.md | 4 +- 2024/CVE-2024-29030.md | 4 +- 2024/CVE-2024-29193.md | 2 +- 2024/CVE-2024-29301.md | 2 +- 2024/CVE-2024-29857.md | 1 + 2024/CVE-2024-29944.md | 1 + 2024/CVE-2024-2997.md | 1 + 2024/CVE-2024-30171.md | 1 + 2024/CVE-2024-30172.md | 1 + 2024/CVE-2024-30284.md | 17 + 2024/CVE-2024-3113.md | 17 + 2024/CVE-2024-31211.md | 17 + 2024/CVE-2024-31223.md | 17 + 2024/CVE-2024-31971.md | 2 +- 2024/CVE-2024-32030.md | 2 +- 2024/CVE-2024-32104.md | 17 + 2024/CVE-2024-32113.md | 1 + 2024/CVE-2024-3219.md | 17 + 2024/CVE-2024-32700.md | 17 + 2024/CVE-2024-33365.md | 18 + 2024/CVE-2024-33373.md | 1 + 2024/CVE-2024-33374.md | 1 + 2024/CVE-2024-33375.md | 17 + 2024/CVE-2024-33377.md | 1 + 2024/CVE-2024-33544.md | 17 + 2024/CVE-2024-3400.md | 1 + 2024/CVE-2024-34094.md | 17 + 2024/CVE-2024-34095.md | 17 + 2024/CVE-2024-34096.md | 17 + 2024/CVE-2024-34097.md | 17 + 2024/CVE-2024-34144.md | 1 + 2024/CVE-2024-34447.md | 1 + 2024/CVE-2024-34693.md | 17 + 2024/CVE-2024-35526.md | 17 + 2024/CVE-2024-35527.md | 17 + 2024/CVE-2024-36111.md | 18 + 2024/CVE-2024-3636.md | 17 + 2024/CVE-2024-36401.md | 1 + 2024/CVE-2024-36448.md | 17 + 2024/CVE-2024-36539.md | 2 +- 2024/CVE-2024-36542.md | 17 + 2024/CVE-2024-36572.md | 18 + 2024/CVE-2024-3669.md | 17 + 2024/CVE-2024-37085.md | 21 ++ 2024/CVE-2024-37161.md | 17 + 2024/CVE-2024-3727.md | 1 + 2024/CVE-2024-37298.md | 17 + 2024/CVE-2024-37310.md | 18 + 2024/CVE-2024-37631.md | 17 + 2024/CVE-2024-37639.md | 17 + 2024/CVE-2024-37640.md | 17 + 2024/CVE-2024-37641.md | 17 + 2024/CVE-2024-37645.md | 17 + 2024/CVE-2024-3768.md | 2 +- 2024/CVE-2024-37726.md | 2 +- 2024/CVE-2024-37742.md | 2 +- 2024/CVE-2024-37800.md | 17 + 2024/CVE-2024-37829.md | 17 + 2024/CVE-2024-37830.md | 17 + 2024/CVE-2024-37856.md | 17 + 2024/CVE-2024-37857.md | 17 + 2024/CVE-2024-37858.md | 17 + 2024/CVE-2024-37859.md | 17 + 2024/CVE-2024-37895.md | 17 + 2024/CVE-2024-37906.md | 17 + 2024/CVE-2024-38288.md | 17 + 2024/CVE-2024-38289.md | 17 + 2024/CVE-2024-38353.md | 18 + 2024/CVE-2024-38354.md | 17 + 2024/CVE-2024-38359.md | 17 + 2024/CVE-2024-38472.md | 17 + 2024/CVE-2024-38473.md | 17 + 2024/CVE-2024-38481.md | 17 + 2024/CVE-2024-38489.md | 17 + 2024/CVE-2024-38490.md | 17 + 2024/CVE-2024-3850.md | 17 + 2024/CVE-2024-38514.md | 17 + 2024/CVE-2024-38520.md | 17 + 2024/CVE-2024-38521.md | 17 + 2024/CVE-2024-38522.md | 17 + 2024/CVE-2024-38523.md | 17 + 2024/CVE-2024-38529.md | 17 + 2024/CVE-2024-38856.md | 19 + 2024/CVE-2024-38892.md | 17 + 2024/CVE-2024-38894.md | 17 + 2024/CVE-2024-38895.md | 17 + 2024/CVE-2024-38897.md | 17 + 2024/CVE-2024-38903.md | 17 + 2024/CVE-2024-38949.md | 17 + 2024/CVE-2024-38950.md | 17 + 2024/CVE-2024-38972.md | 17 + 2024/CVE-2024-38983.md | 17 + 2024/CVE-2024-38984.md | 17 + 2024/CVE-2024-38986.md | 17 + 2024/CVE-2024-38987.md | 18 + 2024/CVE-2024-38990.md | 17 + 2024/CVE-2024-38991.md | 17 + 2024/CVE-2024-38992.md | 17 + 2024/CVE-2024-38993.md | 17 + 2024/CVE-2024-38994.md | 17 + 2024/CVE-2024-38996.md | 19 + 2024/CVE-2024-38997.md | 17 + 2024/CVE-2024-38998.md | 17 + 2024/CVE-2024-38999.md | 17 + 2024/CVE-2024-39000.md | 17 + 2024/CVE-2024-39001.md | 19 + 2024/CVE-2024-39002.md | 17 + 2024/CVE-2024-39003.md | 17 + 2024/CVE-2024-39008.md | 17 + 2024/CVE-2024-39010.md | 17 + 2024/CVE-2024-39011.md | 17 + 2024/CVE-2024-39012.md | 17 + 2024/CVE-2024-39013.md | 17 + 2024/CVE-2024-39014.md | 17 + 2024/CVE-2024-39015.md | 17 + 2024/CVE-2024-39016.md | 17 + 2024/CVE-2024-39017.md | 17 + 2024/CVE-2024-39018.md | 17 + 2024/CVE-2024-39019.md | 17 + 2024/CVE-2024-39020.md | 17 + 2024/CVE-2024-39021.md | 17 + 2024/CVE-2024-39022.md | 17 + 2024/CVE-2024-39023.md | 17 + 2024/CVE-2024-39027.md | 17 + 2024/CVE-2024-39031.md | 4 +- 2024/CVE-2024-39036.md | 17 + 2024/CVE-2024-39063.md | 17 + 2024/CVE-2024-39069.md | 1 + 2024/CVE-2024-39090.md | 2 +- 2024/CVE-2024-39119.md | 17 + 2024/CVE-2024-39123.md | 17 + 2024/CVE-2024-39129.md | 17 + 2024/CVE-2024-39130.md | 17 + 2024/CVE-2024-39132.md | 17 + 2024/CVE-2024-39153.md | 17 + 2024/CVE-2024-39154.md | 17 + 2024/CVE-2024-39155.md | 17 + 2024/CVE-2024-39156.md | 17 + 2024/CVE-2024-39157.md | 17 + 2024/CVE-2024-39158.md | 17 + 2024/CVE-2024-39171.md | 17 + 2024/CVE-2024-39202.md | 17 + 2024/CVE-2024-39236.md | 18 + 2024/CVE-2024-39248.md | 1 + 2024/CVE-2024-39249.md | 3 +- 2024/CVE-2024-39250.md | 2 +- 2024/CVE-2024-39251.md | 17 + 2024/CVE-2024-39304.md | 17 + 2024/CVE-2024-39307.md | 17 + 2024/CVE-2024-39321.md | 17 + 2024/CVE-2024-39326.md | 17 + 2024/CVE-2024-39614.md | 17 + 2024/CVE-2024-39678.md | 17 + 2024/CVE-2024-39679.md | 17 + 2024/CVE-2024-39680.md | 17 + 2024/CVE-2024-39681.md | 17 + 2024/CVE-2024-39682.md | 17 + 2024/CVE-2024-39687.md | 17 + 2024/CVE-2024-39694.md | 17 + 2024/CVE-2024-39699.md | 17 + 2024/CVE-2024-39700.md | 17 + 2024/CVE-2024-39701.md | 17 + 2024/CVE-2024-39705.md | 17 + 2024/CVE-2024-39828.md | 18 + 2024/CVE-2024-3983.md | 17 + 2024/CVE-2024-39853.md | 17 + 2024/CVE-2024-3986.md | 17 + 2024/CVE-2024-39863.md | 17 + 2024/CVE-2024-39877.md | 17 + 2024/CVE-2024-39895.md | 17 + 2024/CVE-2024-39899.md | 2 +- 2024/CVE-2024-39904.md | 17 + 2024/CVE-2024-39907.md | 17 + 2024/CVE-2024-39909.md | 17 + 2024/CVE-2024-39912.md | 17 + 2024/CVE-2024-39914.md | 2 +- 2024/CVE-2024-39915.md | 17 + 2024/CVE-2024-39916.md | 17 + 2024/CVE-2024-39918.md | 17 + 2024/CVE-2024-39919.md | 17 + 2024/CVE-2024-39929.md | 1 + 2024/CVE-2024-39962.md | 17 + 2024/CVE-2024-39963.md | 17 + 2024/CVE-2024-40035.md | 17 + 2024/CVE-2024-40036.md | 17 + 2024/CVE-2024-40039.md | 17 + 2024/CVE-2024-40060.md | 17 + 2024/CVE-2024-40096.md | 17 + 2024/CVE-2024-40110.md | 17 + 2024/CVE-2024-40116.md | 17 + 2024/CVE-2024-40318.md | 17 + 2024/CVE-2024-4032.md | 17 + 2024/CVE-2024-40322.md | 17 + 2024/CVE-2024-40324.md | 17 + 2024/CVE-2024-40328.md | 17 + 2024/CVE-2024-40329.md | 17 + 2024/CVE-2024-40331.md | 17 + 2024/CVE-2024-40332.md | 17 + 2024/CVE-2024-40334.md | 17 + 2024/CVE-2024-40348.md | 1 + 2024/CVE-2024-40392.md | 17 + 2024/CVE-2024-40393.md | 17 + 2024/CVE-2024-40394.md | 17 + 2024/CVE-2024-4040.md | 2 + 2024/CVE-2024-40400.md | 17 + 2024/CVE-2024-40402.md | 17 + 2024/CVE-2024-40420.md | 17 + 2024/CVE-2024-40430.md | 3 +- 2024/CVE-2024-40492.md | 2 +- 2024/CVE-2024-40576.md | 18 + 2024/CVE-2024-40617.md | 18 + 2024/CVE-2024-40626.md | 17 + 2024/CVE-2024-40627.md | 17 + 2024/CVE-2024-40632.md | 17 + 2024/CVE-2024-40634.md | 17 + 2024/CVE-2024-40636.md | 17 + 2024/CVE-2024-40641.md | 17 + 2024/CVE-2024-40645.md | 17 + 2024/CVE-2024-40726.md | 17 + 2024/CVE-2024-40727.md | 17 + 2024/CVE-2024-40728.md | 17 + 2024/CVE-2024-40729.md | 17 + 2024/CVE-2024-40730.md | 17 + 2024/CVE-2024-40731.md | 17 + 2024/CVE-2024-40732.md | 17 + 2024/CVE-2024-40733.md | 17 + 2024/CVE-2024-40734.md | 17 + 2024/CVE-2024-40735.md | 17 + 2024/CVE-2024-40736.md | 17 + 2024/CVE-2024-40737.md | 17 + 2024/CVE-2024-40738.md | 17 + 2024/CVE-2024-40739.md | 17 + 2024/CVE-2024-40740.md | 17 + 2024/CVE-2024-40741.md | 17 + 2024/CVE-2024-40742.md | 17 + 2024/CVE-2024-40784.md | 24 ++ 2024/CVE-2024-4090.md | 17 + 2024/CVE-2024-4096.md | 17 + 2024/CVE-2024-41107.md | 1 + 2024/CVE-2024-41110.md | 4 +- 2024/CVE-2024-41112.md | 17 + 2024/CVE-2024-41113.md | 17 + 2024/CVE-2024-41114.md | 17 + 2024/CVE-2024-41115.md | 17 + 2024/CVE-2024-41116.md | 17 + 2024/CVE-2024-41117.md | 17 + 2024/CVE-2024-41118.md | 17 + 2024/CVE-2024-41119.md | 17 + 2024/CVE-2024-41120.md | 17 + 2024/CVE-2024-41123.md | 17 + 2024/CVE-2024-41127.md | 17 + 2024/CVE-2024-41468.md | 17 + 2024/CVE-2024-41473.md | 17 + 2024/CVE-2024-41597.md | 17 + 2024/CVE-2024-41628.md | 17 + 2024/CVE-2024-41637.md | 17 + 2024/CVE-2024-41640.md | 17 + 2024/CVE-2024-41806.md | 17 + 2024/CVE-2024-41819.md | 18 + 2024/CVE-2024-41943.md | 18 + 2024/CVE-2024-41946.md | 17 + 2024/CVE-2024-42029.md | 17 + 2024/CVE-2024-42054.md | 17 + 2024/CVE-2024-42055.md | 17 + 2024/CVE-2024-42348.md | 17 + 2024/CVE-2024-42349.md | 17 + 2024/CVE-2024-4320.md | 17 + 2024/CVE-2024-4483.md | 17 + 2024/CVE-2024-4577.md | 1 + 2024/CVE-2024-4879.md | 2 +- 2024/CVE-2024-4950.md | 17 + 2024/CVE-2024-5081.md | 18 + 2024/CVE-2024-5217.md | 18 + 2024/CVE-2024-5246.md | 17 + 2024/CVE-2024-5285.md | 17 + 2024/CVE-2024-5595.md | 17 + 2024/CVE-2024-5670.md | 20 + 2024/CVE-2024-5678.md | 19 + 2024/CVE-2024-5737.md | 3 +- 2024/CVE-2024-5765.md | 17 + 2024/CVE-2024-5807.md | 17 + 2024/CVE-2024-5808.md | 17 + 2024/CVE-2024-5809.md | 17 + 2024/CVE-2024-5882.md | 17 + 2024/CVE-2024-5883.md | 17 + 2024/CVE-2024-5975.md | 17 + 2024/CVE-2024-6021.md | 17 + 2024/CVE-2024-6127.md | 17 + 2024/CVE-2024-6162.md | 2 +- 2024/CVE-2024-6165.md | 17 + 2024/CVE-2024-6196.md | 17 + 2024/CVE-2024-6223.md | 17 + 2024/CVE-2024-6224.md | 18 + 2024/CVE-2024-6226.md | 17 + 2024/CVE-2024-6230.md | 17 + 2024/CVE-2024-6270.md | 17 + 2024/CVE-2024-6272.md | 17 + 2024/CVE-2024-6273.md | 1 + 2024/CVE-2024-6308.md | 17 + 2024/CVE-2024-6362.md | 17 + 2024/CVE-2024-6366.md | 17 + 2024/CVE-2024-6373.md | 17 + 2024/CVE-2024-6387.md | 8 + 2024/CVE-2024-6390.md | 17 + 2024/CVE-2024-6408.md | 17 + 2024/CVE-2024-6412.md | 17 + 2024/CVE-2024-6417.md | 17 + 2024/CVE-2024-6477.md | 17 + 2024/CVE-2024-6487.md | 17 + 2024/CVE-2024-6490.md | 17 + 2024/CVE-2024-6496.md | 17 + 2024/CVE-2024-6498.md | 17 + 2024/CVE-2024-6518.md | 17 + 2024/CVE-2024-6520.md | 17 + 2024/CVE-2024-6521.md | 17 + 2024/CVE-2024-6523.md | 1 + 2024/CVE-2024-6526.md | 18 + 2024/CVE-2024-6529.md | 17 + 2024/CVE-2024-6536.md | 17 + 2024/CVE-2024-6652.md | 17 + 2024/CVE-2024-6695.md | 17 + 2024/CVE-2024-6703.md | 17 + 2024/CVE-2024-6710.md | 17 + 2024/CVE-2024-6716.md | 20 + 2024/CVE-2024-6738.md | 17 + 2024/CVE-2024-6745.md | 17 + 2024/CVE-2024-6808.md | 17 + 2024/CVE-2024-6932.md | 17 + 2024/CVE-2024-6934.md | 17 + 2024/CVE-2024-6938.md | 18 + 2024/CVE-2024-6939.md | 17 + 2024/CVE-2024-6942.md | 17 + 2024/CVE-2024-6947.md | 17 + 2024/CVE-2024-6949.md | 17 + 2024/CVE-2024-6957.md | 17 + 2024/CVE-2024-6963.md | 2 +- 2024/CVE-2024-6966.md | 2 +- 2024/CVE-2024-6967.md | 2 +- 2024/CVE-2024-6975.md | 17 + 2024/CVE-2024-7007.md | 17 + 2024/CVE-2024-7069.md | 17 + 2024/CVE-2024-7080.md | 2 +- 2024/CVE-2024-7106.md | 17 + 2024/CVE-2024-7114.md | 17 + 2024/CVE-2024-7115.md | 17 + 2024/CVE-2024-7116.md | 17 + 2024/CVE-2024-7117.md | 17 + 2024/CVE-2024-7118.md | 17 + 2024/CVE-2024-7119.md | 17 + 2024/CVE-2024-7120.md | 20 + 2024/CVE-2024-7160.md | 17 + 2024/CVE-2024-7161.md | 17 + 2024/CVE-2024-7162.md | 17 + 2024/CVE-2024-7163.md | 17 + 2024/CVE-2024-7164.md | 17 + 2024/CVE-2024-7165.md | 17 + 2024/CVE-2024-7166.md | 17 + 2024/CVE-2024-7167.md | 17 + 2024/CVE-2024-7168.md | 17 + 2024/CVE-2024-7169.md | 17 + 2024/CVE-2024-7170.md | 17 + 2024/CVE-2024-7171.md | 17 + 2024/CVE-2024-7172.md | 17 + 2024/CVE-2024-7173.md | 17 + 2024/CVE-2024-7174.md | 17 + 2024/CVE-2024-7175.md | 17 + 2024/CVE-2024-7176.md | 17 + 2024/CVE-2024-7177.md | 17 + 2024/CVE-2024-7178.md | 17 + 2024/CVE-2024-7179.md | 17 + 2024/CVE-2024-7180.md | 17 + 2024/CVE-2024-7181.md | 17 + 2024/CVE-2024-7182.md | 17 + 2024/CVE-2024-7183.md | 17 + 2024/CVE-2024-7184.md | 17 + 2024/CVE-2024-7185.md | 17 + 2024/CVE-2024-7186.md | 17 + 2024/CVE-2024-7187.md | 17 + 2024/CVE-2024-7188.md | 17 + 2024/CVE-2024-7189.md | 17 + 2024/CVE-2024-7190.md | 17 + 2024/CVE-2024-7191.md | 17 + 2024/CVE-2024-7194.md | 17 + 2024/CVE-2024-7195.md | 17 + 2024/CVE-2024-7196.md | 17 + 2024/CVE-2024-7197.md | 17 + 2024/CVE-2024-7198.md | 17 + 2024/CVE-2024-7199.md | 17 + 2024/CVE-2024-7200.md | 17 + 2024/CVE-2024-7212.md | 17 + 2024/CVE-2024-7213.md | 17 + 2024/CVE-2024-7214.md | 17 + 2024/CVE-2024-7215.md | 17 + 2024/CVE-2024-7216.md | 17 + 2024/CVE-2024-7217.md | 17 + 2024/CVE-2024-7218.md | 17 + 2024/CVE-2024-7219.md | 17 + 2024/CVE-2024-7220.md | 17 + 2024/CVE-2024-7221.md | 17 + 2024/CVE-2024-7222.md | 17 + 2024/CVE-2024-7223.md | 17 + 2024/CVE-2024-7224.md | 17 + 2024/CVE-2024-7225.md | 17 + 2024/CVE-2024-7226.md | 17 + 2024/CVE-2024-7273.md | 17 + 2024/CVE-2024-7274.md | 17 + 2024/CVE-2024-7275.md | 17 + 2024/CVE-2024-7276.md | 17 + 2024/CVE-2024-7277.md | 17 + 2024/CVE-2024-7278.md | 17 + 2024/CVE-2024-7279.md | 17 + 2024/CVE-2024-7280.md | 17 + 2024/CVE-2024-7281.md | 17 + 2024/CVE-2024-7282.md | 17 + 2024/CVE-2024-7283.md | 17 + 2024/CVE-2024-7284.md | 17 + 2024/CVE-2024-7285.md | 17 + 2024/CVE-2024-7286.md | 17 + 2024/CVE-2024-7287.md | 17 + 2024/CVE-2024-7288.md | 17 + 2024/CVE-2024-7289.md | 17 + 2024/CVE-2024-7290.md | 17 + 2024/CVE-2024-7297.md | 17 + 2024/CVE-2024-7299.md | 18 + 2024/CVE-2024-7300.md | 18 + 2024/CVE-2024-7303.md | 17 + 2024/CVE-2024-7306.md | 17 + 2024/CVE-2024-7307.md | 17 + 2024/CVE-2024-7308.md | 17 + 2024/CVE-2024-7311.md | 17 + 2024/CVE-2024-7314.md | 17 + 2024/CVE-2024-7320.md | 17 + 2024/CVE-2024-7321.md | 17 + 2024/CVE-2024-7327.md | 17 + 2024/CVE-2024-7331.md | 17 + 2024/CVE-2024-7332.md | 17 + 2024/CVE-2024-7333.md | 17 + 2024/CVE-2024-7334.md | 17 + 2024/CVE-2024-7335.md | 17 + 2024/CVE-2024-7336.md | 17 + 2024/CVE-2024-7337.md | 17 + 2024/CVE-2024-7338.md | 17 + 2024/CVE-2024-7339.md | 20 + 2024/CVE-2024-7340.md | 17 + 2024/CVE-2024-7342.md | 17 + 2024/CVE-2024-7343.md | 17 + 2024/CVE-2024-7357.md | 17 + 2024/CVE-2024-7358.md | 17 + 2024/CVE-2024-7359.md | 18 + 2024/CVE-2024-7360.md | 17 + 2024/CVE-2024-7361.md | 17 + 2024/CVE-2024-7362.md | 17 + 2024/CVE-2024-7363.md | 17 + 2024/CVE-2024-7364.md | 17 + 2024/CVE-2024-7365.md | 17 + 2024/CVE-2024-7366.md | 17 + 2024/CVE-2024-7367.md | 17 + 2024/CVE-2024-7368.md | 17 + 2024/CVE-2024-7369.md | 17 + 2024/CVE-2024-7370.md | 17 + 2024/CVE-2024-7371.md | 17 + 2024/CVE-2024-7372.md | 17 + 2024/CVE-2024-7373.md | 17 + 2024/CVE-2024-7374.md | 17 + 2024/CVE-2024-7375.md | 17 + 2024/CVE-2024-7376.md | 17 + 2024/CVE-2024-7377.md | 17 + 2024/CVE-2024-7378.md | 17 + 2024/CVE-2024-7436.md | 17 + 2024/CVE-2024-7437.md | 17 + 2024/CVE-2024-7438.md | 17 + 2024/CVE-2024-7439.md | 17 + 2024/CVE-2024-7442.md | 17 + 2024/CVE-2024-7443.md | 17 + 2024/CVE-2024-7444.md | 17 + 2024/CVE-2024-7445.md | 17 + 2024/CVE-2024-7446.md | 17 + 2024/CVE-2024-7449.md | 17 + 2024/CVE-2024-7450.md | 17 + 2024/CVE-2024-7451.md | 17 + 2024/CVE-2024-7452.md | 17 + 2024/CVE-2024-7453.md | 18 + 2024/CVE-2024-7454.md | 17 + 2024/CVE-2024-7455.md | 17 + 2024/CVE-2024-7458.md | 17 + 2024/CVE-2024-7459.md | 17 + 2024/CVE-2024-7460.md | 17 + 2024/CVE-2024-7461.md | 17 + 2024/CVE-2024-7462.md | 17 + 2024/CVE-2024-7463.md | 17 + 2024/CVE-2024-7464.md | 17 + 2024/CVE-2024-7465.md | 17 + 2024/CVE-2024-7466.md | 18 + 2024/CVE-2024-7467.md | 20 + 2024/CVE-2024-7468.md | 20 + 2024/CVE-2024-7469.md | 20 + 2024/CVE-2024-7470.md | 20 + github.txt | 779 +++++++++++++++++++++++++++++++++++++++ references.txt | 481 ++++++++++++++++++++++++ 1137 files changed, 10909 insertions(+), 74 deletions(-) create mode 100644 2001/CVE-2001-0080.md create mode 100644 2003/CVE-2003-0983.md create mode 100644 2004/CVE-2004-1151.md create mode 100644 2005/CVE-2005-0196.md create mode 100644 2006/CVE-2006-2166.md create mode 100644 2009/CVE-2009-2324.md create mode 100644 2010/CVE-2010-0828.md create mode 100644 2010/CVE-2010-1238.md create mode 100644 2014/CVE-2014-0260.md create mode 100644 2014/CVE-2014-125106.md create mode 100644 2015/CVE-2015-10065.md create mode 100644 2015/CVE-2015-7204.md create mode 100644 2018/CVE-2018-1061.md create mode 100644 2018/CVE-2018-16585.md create mode 100644 2018/CVE-2018-16710.md create mode 100644 2018/CVE-2018-17231.md create mode 100644 2018/CVE-2018-17400.md create mode 100644 2018/CVE-2018-17401.md create mode 100644 2018/CVE-2018-17402.md create mode 100644 2018/CVE-2018-17403.md create mode 100644 2018/CVE-2018-17538.md create mode 100644 2018/CVE-2018-17865.md create mode 100644 2018/CVE-2018-18290.md create mode 100644 2018/CVE-2018-18405.md create mode 100644 2018/CVE-2018-18466.md create mode 100644 2019/CVE-2019-2222.md create mode 100644 2019/CVE-2019-25078.md create mode 100644 2021/CVE-2021-26706.md create mode 100644 2021/CVE-2021-33304.md create mode 100644 2022/CVE-2022-31003.md create mode 100644 2022/CVE-2022-44010.md create mode 100644 2022/CVE-2022-4568.md create mode 100644 2022/CVE-2022-4603.md create mode 100644 2022/CVE-2022-47445.md create mode 100644 2022/CVE-2022-47589.md create mode 100644 2023/CVE-2023-2052.md create mode 100644 2023/CVE-2023-23609.md create mode 100644 2023/CVE-2023-25564.md create mode 100644 2023/CVE-2023-27429.md create mode 100644 2023/CVE-2023-2865.md create mode 100644 2023/CVE-2023-29546.md create mode 100644 2023/CVE-2023-30078.md create mode 100644 2023/CVE-2023-30746.md create mode 100644 2023/CVE-2023-32236.md create mode 100644 2023/CVE-2023-34462.md create mode 100644 2023/CVE-2023-36478.md create mode 100644 2023/CVE-2023-36479.md create mode 100644 2023/CVE-2023-40167.md create mode 100644 2023/CVE-2023-40284.md create mode 100644 2023/CVE-2023-40287.md create mode 100644 2023/CVE-2023-40288.md create mode 100644 2023/CVE-2023-41361.md create mode 100644 2023/CVE-2023-43768.md create mode 100644 2023/CVE-2023-4967.md create mode 100644 2023/CVE-2023-7023.md create mode 100644 2024/CVE-2024-1286.md create mode 100644 2024/CVE-2024-1287.md create mode 100644 2024/CVE-2024-1724.md create mode 100644 2024/CVE-2024-1747.md create mode 100644 2024/CVE-2024-2191.md create mode 100644 2024/CVE-2024-22201.md create mode 100644 2024/CVE-2024-2232.md create mode 100644 2024/CVE-2024-23079.md create mode 100644 2024/CVE-2024-24110.md create mode 100644 2024/CVE-2024-25331.md create mode 100644 2024/CVE-2024-25639.md create mode 100644 2024/CVE-2024-25947.md create mode 100644 2024/CVE-2024-25948.md create mode 100644 2024/CVE-2024-27357.md create mode 100644 2024/CVE-2024-27358.md create mode 100644 2024/CVE-2024-27440.md create mode 100644 2024/CVE-2024-27489.md create mode 100644 2024/CVE-2024-2843.md create mode 100644 2024/CVE-2024-2872.md create mode 100644 2024/CVE-2024-28804.md create mode 100644 2024/CVE-2024-28805.md create mode 100644 2024/CVE-2024-28806.md create mode 100644 2024/CVE-2024-30284.md create mode 100644 2024/CVE-2024-3113.md create mode 100644 2024/CVE-2024-31211.md create mode 100644 2024/CVE-2024-31223.md create mode 100644 2024/CVE-2024-32104.md create mode 100644 2024/CVE-2024-3219.md create mode 100644 2024/CVE-2024-32700.md create mode 100644 2024/CVE-2024-33365.md create mode 100644 2024/CVE-2024-33375.md create mode 100644 2024/CVE-2024-33544.md create mode 100644 2024/CVE-2024-34094.md create mode 100644 2024/CVE-2024-34095.md create mode 100644 2024/CVE-2024-34096.md create mode 100644 2024/CVE-2024-34097.md create mode 100644 2024/CVE-2024-34693.md create mode 100644 2024/CVE-2024-35526.md create mode 100644 2024/CVE-2024-35527.md create mode 100644 2024/CVE-2024-36111.md create mode 100644 2024/CVE-2024-3636.md create mode 100644 2024/CVE-2024-36448.md create mode 100644 2024/CVE-2024-36542.md create mode 100644 2024/CVE-2024-36572.md create mode 100644 2024/CVE-2024-3669.md create mode 100644 2024/CVE-2024-37085.md create mode 100644 2024/CVE-2024-37161.md create mode 100644 2024/CVE-2024-37298.md create mode 100644 2024/CVE-2024-37310.md create mode 100644 2024/CVE-2024-37631.md create mode 100644 2024/CVE-2024-37639.md create mode 100644 2024/CVE-2024-37640.md create mode 100644 2024/CVE-2024-37641.md create mode 100644 2024/CVE-2024-37645.md create mode 100644 2024/CVE-2024-37800.md create mode 100644 2024/CVE-2024-37829.md create mode 100644 2024/CVE-2024-37830.md create mode 100644 2024/CVE-2024-37856.md create mode 100644 2024/CVE-2024-37857.md create mode 100644 2024/CVE-2024-37858.md create mode 100644 2024/CVE-2024-37859.md create mode 100644 2024/CVE-2024-37895.md create mode 100644 2024/CVE-2024-37906.md create mode 100644 2024/CVE-2024-38288.md create mode 100644 2024/CVE-2024-38289.md create mode 100644 2024/CVE-2024-38353.md create mode 100644 2024/CVE-2024-38354.md create mode 100644 2024/CVE-2024-38359.md create mode 100644 2024/CVE-2024-38472.md create mode 100644 2024/CVE-2024-38473.md create mode 100644 2024/CVE-2024-38481.md create mode 100644 2024/CVE-2024-38489.md create mode 100644 2024/CVE-2024-38490.md create mode 100644 2024/CVE-2024-3850.md create mode 100644 2024/CVE-2024-38514.md create mode 100644 2024/CVE-2024-38520.md create mode 100644 2024/CVE-2024-38521.md create mode 100644 2024/CVE-2024-38522.md create mode 100644 2024/CVE-2024-38523.md create mode 100644 2024/CVE-2024-38529.md create mode 100644 2024/CVE-2024-38856.md create mode 100644 2024/CVE-2024-38892.md create mode 100644 2024/CVE-2024-38894.md create mode 100644 2024/CVE-2024-38895.md create mode 100644 2024/CVE-2024-38897.md create mode 100644 2024/CVE-2024-38903.md create mode 100644 2024/CVE-2024-38949.md create mode 100644 2024/CVE-2024-38950.md create mode 100644 2024/CVE-2024-38972.md create mode 100644 2024/CVE-2024-38983.md create mode 100644 2024/CVE-2024-38984.md create mode 100644 2024/CVE-2024-38986.md create mode 100644 2024/CVE-2024-38987.md create mode 100644 2024/CVE-2024-38990.md create mode 100644 2024/CVE-2024-38991.md create mode 100644 2024/CVE-2024-38992.md create mode 100644 2024/CVE-2024-38993.md create mode 100644 2024/CVE-2024-38994.md create mode 100644 2024/CVE-2024-38996.md create mode 100644 2024/CVE-2024-38997.md create mode 100644 2024/CVE-2024-38998.md create mode 100644 2024/CVE-2024-38999.md create mode 100644 2024/CVE-2024-39000.md create mode 100644 2024/CVE-2024-39001.md create mode 100644 2024/CVE-2024-39002.md create mode 100644 2024/CVE-2024-39003.md create mode 100644 2024/CVE-2024-39008.md create mode 100644 2024/CVE-2024-39010.md create mode 100644 2024/CVE-2024-39011.md create mode 100644 2024/CVE-2024-39012.md create mode 100644 2024/CVE-2024-39013.md create mode 100644 2024/CVE-2024-39014.md create mode 100644 2024/CVE-2024-39015.md create mode 100644 2024/CVE-2024-39016.md create mode 100644 2024/CVE-2024-39017.md create mode 100644 2024/CVE-2024-39018.md create mode 100644 2024/CVE-2024-39019.md create mode 100644 2024/CVE-2024-39020.md create mode 100644 2024/CVE-2024-39021.md create mode 100644 2024/CVE-2024-39022.md create mode 100644 2024/CVE-2024-39023.md create mode 100644 2024/CVE-2024-39027.md create mode 100644 2024/CVE-2024-39036.md create mode 100644 2024/CVE-2024-39063.md create mode 100644 2024/CVE-2024-39119.md create mode 100644 2024/CVE-2024-39123.md create mode 100644 2024/CVE-2024-39129.md create mode 100644 2024/CVE-2024-39130.md create mode 100644 2024/CVE-2024-39132.md create mode 100644 2024/CVE-2024-39153.md create mode 100644 2024/CVE-2024-39154.md create mode 100644 2024/CVE-2024-39155.md create mode 100644 2024/CVE-2024-39156.md create mode 100644 2024/CVE-2024-39157.md create mode 100644 2024/CVE-2024-39158.md create mode 100644 2024/CVE-2024-39171.md create mode 100644 2024/CVE-2024-39202.md create mode 100644 2024/CVE-2024-39236.md create mode 100644 2024/CVE-2024-39251.md create mode 100644 2024/CVE-2024-39304.md create mode 100644 2024/CVE-2024-39307.md create mode 100644 2024/CVE-2024-39321.md create mode 100644 2024/CVE-2024-39326.md create mode 100644 2024/CVE-2024-39614.md create mode 100644 2024/CVE-2024-39678.md create mode 100644 2024/CVE-2024-39679.md create mode 100644 2024/CVE-2024-39680.md create mode 100644 2024/CVE-2024-39681.md create mode 100644 2024/CVE-2024-39682.md create mode 100644 2024/CVE-2024-39687.md create mode 100644 2024/CVE-2024-39694.md create mode 100644 2024/CVE-2024-39699.md create mode 100644 2024/CVE-2024-39700.md create mode 100644 2024/CVE-2024-39701.md create mode 100644 2024/CVE-2024-39705.md create mode 100644 2024/CVE-2024-39828.md create mode 100644 2024/CVE-2024-3983.md create mode 100644 2024/CVE-2024-39853.md create mode 100644 2024/CVE-2024-3986.md create mode 100644 2024/CVE-2024-39863.md create mode 100644 2024/CVE-2024-39877.md create mode 100644 2024/CVE-2024-39895.md create mode 100644 2024/CVE-2024-39904.md create mode 100644 2024/CVE-2024-39907.md create mode 100644 2024/CVE-2024-39909.md create mode 100644 2024/CVE-2024-39912.md create mode 100644 2024/CVE-2024-39915.md create mode 100644 2024/CVE-2024-39916.md create mode 100644 2024/CVE-2024-39918.md create mode 100644 2024/CVE-2024-39919.md create mode 100644 2024/CVE-2024-39962.md create mode 100644 2024/CVE-2024-39963.md create mode 100644 2024/CVE-2024-40035.md create mode 100644 2024/CVE-2024-40036.md create mode 100644 2024/CVE-2024-40039.md create mode 100644 2024/CVE-2024-40060.md create mode 100644 2024/CVE-2024-40096.md create mode 100644 2024/CVE-2024-40110.md create mode 100644 2024/CVE-2024-40116.md create mode 100644 2024/CVE-2024-40318.md create mode 100644 2024/CVE-2024-4032.md create mode 100644 2024/CVE-2024-40322.md create mode 100644 2024/CVE-2024-40324.md create mode 100644 2024/CVE-2024-40328.md create mode 100644 2024/CVE-2024-40329.md create mode 100644 2024/CVE-2024-40331.md create mode 100644 2024/CVE-2024-40332.md create mode 100644 2024/CVE-2024-40334.md create mode 100644 2024/CVE-2024-40392.md create mode 100644 2024/CVE-2024-40393.md create mode 100644 2024/CVE-2024-40394.md create mode 100644 2024/CVE-2024-40400.md create mode 100644 2024/CVE-2024-40402.md create mode 100644 2024/CVE-2024-40420.md create mode 100644 2024/CVE-2024-40576.md create mode 100644 2024/CVE-2024-40617.md create mode 100644 2024/CVE-2024-40626.md create mode 100644 2024/CVE-2024-40627.md create mode 100644 2024/CVE-2024-40632.md create mode 100644 2024/CVE-2024-40634.md create mode 100644 2024/CVE-2024-40636.md create mode 100644 2024/CVE-2024-40641.md create mode 100644 2024/CVE-2024-40645.md create mode 100644 2024/CVE-2024-40726.md create mode 100644 2024/CVE-2024-40727.md create mode 100644 2024/CVE-2024-40728.md create mode 100644 2024/CVE-2024-40729.md create mode 100644 2024/CVE-2024-40730.md create mode 100644 2024/CVE-2024-40731.md create mode 100644 2024/CVE-2024-40732.md create mode 100644 2024/CVE-2024-40733.md create mode 100644 2024/CVE-2024-40734.md create mode 100644 2024/CVE-2024-40735.md create mode 100644 2024/CVE-2024-40736.md create mode 100644 2024/CVE-2024-40737.md create mode 100644 2024/CVE-2024-40738.md create mode 100644 2024/CVE-2024-40739.md create mode 100644 2024/CVE-2024-40740.md create mode 100644 2024/CVE-2024-40741.md create mode 100644 2024/CVE-2024-40742.md create mode 100644 2024/CVE-2024-40784.md create mode 100644 2024/CVE-2024-4090.md create mode 100644 2024/CVE-2024-4096.md create mode 100644 2024/CVE-2024-41112.md create mode 100644 2024/CVE-2024-41113.md create mode 100644 2024/CVE-2024-41114.md create mode 100644 2024/CVE-2024-41115.md create mode 100644 2024/CVE-2024-41116.md create mode 100644 2024/CVE-2024-41117.md create mode 100644 2024/CVE-2024-41118.md create mode 100644 2024/CVE-2024-41119.md create mode 100644 2024/CVE-2024-41120.md create mode 100644 2024/CVE-2024-41123.md create mode 100644 2024/CVE-2024-41127.md create mode 100644 2024/CVE-2024-41468.md create mode 100644 2024/CVE-2024-41473.md create mode 100644 2024/CVE-2024-41597.md create mode 100644 2024/CVE-2024-41628.md create mode 100644 2024/CVE-2024-41637.md create mode 100644 2024/CVE-2024-41640.md create mode 100644 2024/CVE-2024-41806.md create mode 100644 2024/CVE-2024-41819.md create mode 100644 2024/CVE-2024-41943.md create mode 100644 2024/CVE-2024-41946.md create mode 100644 2024/CVE-2024-42029.md create mode 100644 2024/CVE-2024-42054.md create mode 100644 2024/CVE-2024-42055.md create mode 100644 2024/CVE-2024-42348.md create mode 100644 2024/CVE-2024-42349.md create mode 100644 2024/CVE-2024-4320.md create mode 100644 2024/CVE-2024-4483.md create mode 100644 2024/CVE-2024-4950.md create mode 100644 2024/CVE-2024-5081.md create mode 100644 2024/CVE-2024-5217.md create mode 100644 2024/CVE-2024-5246.md create mode 100644 2024/CVE-2024-5285.md create mode 100644 2024/CVE-2024-5595.md create mode 100644 2024/CVE-2024-5670.md create mode 100644 2024/CVE-2024-5678.md create mode 100644 2024/CVE-2024-5765.md create mode 100644 2024/CVE-2024-5807.md create mode 100644 2024/CVE-2024-5808.md create mode 100644 2024/CVE-2024-5809.md create mode 100644 2024/CVE-2024-5882.md create mode 100644 2024/CVE-2024-5883.md create mode 100644 2024/CVE-2024-5975.md create mode 100644 2024/CVE-2024-6021.md create mode 100644 2024/CVE-2024-6127.md create mode 100644 2024/CVE-2024-6165.md create mode 100644 2024/CVE-2024-6196.md create mode 100644 2024/CVE-2024-6223.md create mode 100644 2024/CVE-2024-6224.md create mode 100644 2024/CVE-2024-6226.md create mode 100644 2024/CVE-2024-6230.md create mode 100644 2024/CVE-2024-6270.md create mode 100644 2024/CVE-2024-6272.md create mode 100644 2024/CVE-2024-6308.md create mode 100644 2024/CVE-2024-6362.md create mode 100644 2024/CVE-2024-6366.md create mode 100644 2024/CVE-2024-6373.md create mode 100644 2024/CVE-2024-6390.md create mode 100644 2024/CVE-2024-6408.md create mode 100644 2024/CVE-2024-6412.md create mode 100644 2024/CVE-2024-6417.md create mode 100644 2024/CVE-2024-6477.md create mode 100644 2024/CVE-2024-6487.md create mode 100644 2024/CVE-2024-6490.md create mode 100644 2024/CVE-2024-6496.md create mode 100644 2024/CVE-2024-6498.md create mode 100644 2024/CVE-2024-6518.md create mode 100644 2024/CVE-2024-6520.md create mode 100644 2024/CVE-2024-6521.md create mode 100644 2024/CVE-2024-6526.md create mode 100644 2024/CVE-2024-6529.md create mode 100644 2024/CVE-2024-6536.md create mode 100644 2024/CVE-2024-6652.md create mode 100644 2024/CVE-2024-6695.md create mode 100644 2024/CVE-2024-6703.md create mode 100644 2024/CVE-2024-6710.md create mode 100644 2024/CVE-2024-6716.md create mode 100644 2024/CVE-2024-6738.md create mode 100644 2024/CVE-2024-6745.md create mode 100644 2024/CVE-2024-6808.md create mode 100644 2024/CVE-2024-6932.md create mode 100644 2024/CVE-2024-6934.md create mode 100644 2024/CVE-2024-6938.md create mode 100644 2024/CVE-2024-6939.md create mode 100644 2024/CVE-2024-6942.md create mode 100644 2024/CVE-2024-6947.md create mode 100644 2024/CVE-2024-6949.md create mode 100644 2024/CVE-2024-6957.md create mode 100644 2024/CVE-2024-6975.md create mode 100644 2024/CVE-2024-7007.md create mode 100644 2024/CVE-2024-7069.md create mode 100644 2024/CVE-2024-7106.md create mode 100644 2024/CVE-2024-7114.md create mode 100644 2024/CVE-2024-7115.md create mode 100644 2024/CVE-2024-7116.md create mode 100644 2024/CVE-2024-7117.md create mode 100644 2024/CVE-2024-7118.md create mode 100644 2024/CVE-2024-7119.md create mode 100644 2024/CVE-2024-7120.md create mode 100644 2024/CVE-2024-7160.md create mode 100644 2024/CVE-2024-7161.md create mode 100644 2024/CVE-2024-7162.md create mode 100644 2024/CVE-2024-7163.md create mode 100644 2024/CVE-2024-7164.md create mode 100644 2024/CVE-2024-7165.md create mode 100644 2024/CVE-2024-7166.md create mode 100644 2024/CVE-2024-7167.md create mode 100644 2024/CVE-2024-7168.md create mode 100644 2024/CVE-2024-7169.md create mode 100644 2024/CVE-2024-7170.md create mode 100644 2024/CVE-2024-7171.md create mode 100644 2024/CVE-2024-7172.md create mode 100644 2024/CVE-2024-7173.md create mode 100644 2024/CVE-2024-7174.md create mode 100644 2024/CVE-2024-7175.md create mode 100644 2024/CVE-2024-7176.md create mode 100644 2024/CVE-2024-7177.md create mode 100644 2024/CVE-2024-7178.md create mode 100644 2024/CVE-2024-7179.md create mode 100644 2024/CVE-2024-7180.md create mode 100644 2024/CVE-2024-7181.md create mode 100644 2024/CVE-2024-7182.md create mode 100644 2024/CVE-2024-7183.md create mode 100644 2024/CVE-2024-7184.md create mode 100644 2024/CVE-2024-7185.md create mode 100644 2024/CVE-2024-7186.md create mode 100644 2024/CVE-2024-7187.md create mode 100644 2024/CVE-2024-7188.md create mode 100644 2024/CVE-2024-7189.md create mode 100644 2024/CVE-2024-7190.md create mode 100644 2024/CVE-2024-7191.md create mode 100644 2024/CVE-2024-7194.md create mode 100644 2024/CVE-2024-7195.md create mode 100644 2024/CVE-2024-7196.md create mode 100644 2024/CVE-2024-7197.md create mode 100644 2024/CVE-2024-7198.md create mode 100644 2024/CVE-2024-7199.md create mode 100644 2024/CVE-2024-7200.md create mode 100644 2024/CVE-2024-7212.md create mode 100644 2024/CVE-2024-7213.md create mode 100644 2024/CVE-2024-7214.md create mode 100644 2024/CVE-2024-7215.md create mode 100644 2024/CVE-2024-7216.md create mode 100644 2024/CVE-2024-7217.md create mode 100644 2024/CVE-2024-7218.md create mode 100644 2024/CVE-2024-7219.md create mode 100644 2024/CVE-2024-7220.md create mode 100644 2024/CVE-2024-7221.md create mode 100644 2024/CVE-2024-7222.md create mode 100644 2024/CVE-2024-7223.md create mode 100644 2024/CVE-2024-7224.md create mode 100644 2024/CVE-2024-7225.md create mode 100644 2024/CVE-2024-7226.md create mode 100644 2024/CVE-2024-7273.md create mode 100644 2024/CVE-2024-7274.md create mode 100644 2024/CVE-2024-7275.md create mode 100644 2024/CVE-2024-7276.md create mode 100644 2024/CVE-2024-7277.md create mode 100644 2024/CVE-2024-7278.md create mode 100644 2024/CVE-2024-7279.md create mode 100644 2024/CVE-2024-7280.md create mode 100644 2024/CVE-2024-7281.md create mode 100644 2024/CVE-2024-7282.md create mode 100644 2024/CVE-2024-7283.md create mode 100644 2024/CVE-2024-7284.md create mode 100644 2024/CVE-2024-7285.md create mode 100644 2024/CVE-2024-7286.md create mode 100644 2024/CVE-2024-7287.md create mode 100644 2024/CVE-2024-7288.md create mode 100644 2024/CVE-2024-7289.md create mode 100644 2024/CVE-2024-7290.md create mode 100644 2024/CVE-2024-7297.md create mode 100644 2024/CVE-2024-7299.md create mode 100644 2024/CVE-2024-7300.md create mode 100644 2024/CVE-2024-7303.md create mode 100644 2024/CVE-2024-7306.md create mode 100644 2024/CVE-2024-7307.md create mode 100644 2024/CVE-2024-7308.md create mode 100644 2024/CVE-2024-7311.md create mode 100644 2024/CVE-2024-7314.md create mode 100644 2024/CVE-2024-7320.md create mode 100644 2024/CVE-2024-7321.md create mode 100644 2024/CVE-2024-7327.md create mode 100644 2024/CVE-2024-7331.md create mode 100644 2024/CVE-2024-7332.md create mode 100644 2024/CVE-2024-7333.md create mode 100644 2024/CVE-2024-7334.md create mode 100644 2024/CVE-2024-7335.md create mode 100644 2024/CVE-2024-7336.md create mode 100644 2024/CVE-2024-7337.md create mode 100644 2024/CVE-2024-7338.md create mode 100644 2024/CVE-2024-7339.md create mode 100644 2024/CVE-2024-7340.md create mode 100644 2024/CVE-2024-7342.md create mode 100644 2024/CVE-2024-7343.md create mode 100644 2024/CVE-2024-7357.md create mode 100644 2024/CVE-2024-7358.md create mode 100644 2024/CVE-2024-7359.md create mode 100644 2024/CVE-2024-7360.md create mode 100644 2024/CVE-2024-7361.md create mode 100644 2024/CVE-2024-7362.md create mode 100644 2024/CVE-2024-7363.md create mode 100644 2024/CVE-2024-7364.md create mode 100644 2024/CVE-2024-7365.md create mode 100644 2024/CVE-2024-7366.md create mode 100644 2024/CVE-2024-7367.md create mode 100644 2024/CVE-2024-7368.md create mode 100644 2024/CVE-2024-7369.md create mode 100644 2024/CVE-2024-7370.md create mode 100644 2024/CVE-2024-7371.md create mode 100644 2024/CVE-2024-7372.md create mode 100644 2024/CVE-2024-7373.md create mode 100644 2024/CVE-2024-7374.md create mode 100644 2024/CVE-2024-7375.md create mode 100644 2024/CVE-2024-7376.md create mode 100644 2024/CVE-2024-7377.md create mode 100644 2024/CVE-2024-7378.md create mode 100644 2024/CVE-2024-7436.md create mode 100644 2024/CVE-2024-7437.md create mode 100644 2024/CVE-2024-7438.md create mode 100644 2024/CVE-2024-7439.md create mode 100644 2024/CVE-2024-7442.md create mode 100644 2024/CVE-2024-7443.md create mode 100644 2024/CVE-2024-7444.md create mode 100644 2024/CVE-2024-7445.md create mode 100644 2024/CVE-2024-7446.md create mode 100644 2024/CVE-2024-7449.md create mode 100644 2024/CVE-2024-7450.md create mode 100644 2024/CVE-2024-7451.md create mode 100644 2024/CVE-2024-7452.md create mode 100644 2024/CVE-2024-7453.md create mode 100644 2024/CVE-2024-7454.md create mode 100644 2024/CVE-2024-7455.md create mode 100644 2024/CVE-2024-7458.md create mode 100644 2024/CVE-2024-7459.md create mode 100644 2024/CVE-2024-7460.md create mode 100644 2024/CVE-2024-7461.md create mode 100644 2024/CVE-2024-7462.md create mode 100644 2024/CVE-2024-7463.md create mode 100644 2024/CVE-2024-7464.md create mode 100644 2024/CVE-2024-7465.md create mode 100644 2024/CVE-2024-7466.md create mode 100644 2024/CVE-2024-7467.md create mode 100644 2024/CVE-2024-7468.md create mode 100644 2024/CVE-2024-7469.md create mode 100644 2024/CVE-2024-7470.md diff --git a/2000/CVE-2000-0114.md b/2000/CVE-2000-0114.md index ee2b6adca..18279dc63 100644 --- a/2000/CVE-2000-0114.md +++ b/2000/CVE-2000-0114.md @@ -13,11 +13,13 @@ Frontpage Server Extensions allows remote attackers to determine the name of the No PoCs from references. #### Github +- https://github.com/0xMe5war/CVE-2000-0114 - https://github.com/0xPugal/One-Liners - https://github.com/0xPugazh/One-Liners - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/CVEDB/awesome-cve-repo - https://github.com/Cappricio-Securities/CVE-2000-0114 +- https://github.com/Josekutty-K/frontpage-server-extensions-vulnerability-scanner - https://github.com/Live-Hack-CVE/CVE-2000-0114 - https://github.com/POORVAJA-195/Nuclei-Analysis-main - https://github.com/bhavesh-pardhi/One-Liner diff --git a/2000/CVE-2000-0564.md b/2000/CVE-2000-0564.md index f55f6abed..db1ee5ff8 100644 --- a/2000/CVE-2000-0564.md +++ b/2000/CVE-2000-0564.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/CamiloEscobar98/DjangoProject +- https://github.com/jairoCO10/security_management diff --git a/2001/CVE-2001-0080.md b/2001/CVE-2001-0080.md new file mode 100644 index 000000000..5abe65108 --- /dev/null +++ b/2001/CVE-2001-0080.md @@ -0,0 +1,17 @@ +### [CVE-2001-0080](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0080) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0282.md b/2003/CVE-2003-0282.md index 1852d1a7c..78753d540 100644 --- a/2003/CVE-2003-0282.md +++ b/2003/CVE-2003-0282.md @@ -20,5 +20,6 @@ No PoCs from references. - https://github.com/runtimed/cve-2003-0282 - https://github.com/runtimem/cve-2003-0282 - https://github.com/runtimme/cve-2003-0282 +- https://github.com/silasol/cve-2003-0282 - https://github.com/theseann/cve-2003-0282 diff --git a/2003/CVE-2003-0983.md b/2003/CVE-2003-0983.md new file mode 100644 index 000000000..5f48682fd --- /dev/null +++ b/2003/CVE-2003-0983.md @@ -0,0 +1,17 @@ +### [CVE-2003-0983](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0983) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via (1) a "bubba" local user account, (2) an open TCP port 34571, or (3) when a local DHCP server is unavailable, a DHCP server on the manufacturer's test network. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20031210-unity.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1151.md b/2004/CVE-2004-1151.md new file mode 100644 index 000000000..3c81ac538 --- /dev/null +++ b/2004/CVE-2004-1151.md @@ -0,0 +1,18 @@ +### [CVE-2004-1151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1151) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local attackers to modify kernel memory and gain privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CVEDB/awesome-cve-repo +- https://github.com/lulugelian/CVE_TEST + diff --git a/2005/CVE-2005-0196.md b/2005/CVE-2005-0196.md new file mode 100644 index 000000000..8a6b68471 --- /dev/null +++ b/2005/CVE-2005-0196.md @@ -0,0 +1,17 @@ +### [CVE-2005-0196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0196) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-0179.md b/2006/CVE-2006-0179.md index 0c9af2082..e107c9ad9 100644 --- a/2006/CVE-2006-0179.md +++ b/2006/CVE-2006-0179.md @@ -10,6 +10,7 @@ The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (re ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-response-20060113-ip-phones.shtml - https://www.exploit-db.com/exploits/1411 #### Github diff --git a/2006/CVE-2006-2166.md b/2006/CVE-2006-2166.md new file mode 100644 index 000000000..775afaa67 --- /dev/null +++ b/2006/CVE-2006-2166.md @@ -0,0 +1,17 @@ +### [CVE-2006-2166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2166) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-5051.md b/2006/CVE-2006-5051.md index bebe4b55c..52ce49fa4 100644 --- a/2006/CVE-2006-5051.md +++ b/2006/CVE-2006-5051.md @@ -13,6 +13,7 @@ Signal handler race condition in OpenSSH before 4.4 allows remote attackers to c - http://www.ubuntu.com/usn/usn-355-1 #### Github +- https://github.com/CVEDB/awesome-cve-repo - https://github.com/David-M-Berry/openssh-cve-discovery - https://github.com/Passyed/regreSSHion-Fix - https://github.com/TAM-K592/CVE-2024-6387 @@ -20,6 +21,7 @@ Signal handler race condition in OpenSSH before 4.4 allows remote attackers to c - https://github.com/azurejoga/CVE-2024-6387-how-to-fix - https://github.com/bigb0x/CVE-2024-6387 - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- +- https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/sardine-web/CVE-2024-6387_Check diff --git a/2007/CVE-2007-1860.md b/2007/CVE-2007-1860.md index 319967616..f9a83fc2c 100644 --- a/2007/CVE-2007-1860.md +++ b/2007/CVE-2007-1860.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/mgeeky/tomcatWarDeployer +- https://github.com/paulveillard/cybersecurity-infosec - https://github.com/sagardevopss/sample_web_app - https://github.com/sagardevopss/simple-maker - https://github.com/yingshang/sturoad diff --git a/2008/CVE-2008-0166.md b/2008/CVE-2008-0166.md index c33aa5fb8..01f7f208c 100644 --- a/2008/CVE-2008-0166.md +++ b/2008/CVE-2008-0166.md @@ -52,6 +52,7 @@ OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating system - https://github.com/nitishbadole/oscp-note-2 - https://github.com/olivexo28/potential-octo-waddle - https://github.com/pixel-wipe/CryptoDeepTools +- https://github.com/pkimetal/pkimetal - https://github.com/rmsbpro/rmsbpro - https://github.com/shn3rd/OpenSSL-PRNG - https://github.com/snowdroppe/ssh-keybrute diff --git a/2008/CVE-2008-1930.md b/2008/CVE-2008-1930.md index 266d22e3b..7589b7991 100644 --- a/2008/CVE-2008-1930.md +++ b/2008/CVE-2008-1930.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/J-16/Pentester-Bootcamp +- https://github.com/paulveillard/cybersecurity-infosec diff --git a/2008/CVE-2008-3531.md b/2008/CVE-2008-3531.md index fa27cb049..a7cd9b1dd 100644 --- a/2008/CVE-2008-3531.md +++ b/2008/CVE-2008-3531.md @@ -13,5 +13,6 @@ Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in FreeBSD 7.0 No PoCs from references. #### Github +- https://github.com/CVEDB/awesome-cve-repo - https://github.com/Snoopy-Sec/Localroot-ALL-CVE diff --git a/2008/CVE-2008-4109.md b/2008/CVE-2008-4109.md index 70e3fa76a..8c559e558 100644 --- a/2008/CVE-2008-4109.md +++ b/2008/CVE-2008-4109.md @@ -13,10 +13,12 @@ A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 o - http://www.ubuntu.com/usn/usn-649-1 #### Github +- https://github.com/CVEDB/awesome-cve-repo - https://github.com/David-M-Berry/openssh-cve-discovery - https://github.com/Passyed/regreSSHion-Fix - https://github.com/TAM-K592/CVE-2024-6387 - https://github.com/azurejoga/CVE-2024-6387-how-to-fix - https://github.com/bigb0x/CVE-2024-6387 - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- +- https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion diff --git a/2008/CVE-2008-4250.md b/2008/CVE-2008-4250.md index 004d7e2e5..c77edc178 100644 --- a/2008/CVE-2008-4250.md +++ b/2008/CVE-2008-4250.md @@ -25,6 +25,7 @@ The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP - https://github.com/AnshumanSrivastavaGit/OSCP-3 - https://github.com/ArcadeHustle/X3_USB_softmod - https://github.com/Ascotbe/Kernelhub +- https://github.com/BrennanStJohn/Sample_Pentest - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo - https://github.com/Cruxer8Mech/Idk diff --git a/2008/CVE-2008-6178.md b/2008/CVE-2008-6178.md index 90f12349c..86aff9959 100644 --- a/2008/CVE-2008-6178.md +++ b/2008/CVE-2008-6178.md @@ -13,5 +13,6 @@ Unrestricted file upload vulnerability in editor/filemanager/browser/default/con - https://www.exploit-db.com/exploits/8060 #### Github +- https://github.com/mactronmedia/FUCKeditor - https://github.com/speedyfriend67/Experiments diff --git a/2009/CVE-2009-2265.md b/2009/CVE-2009-2265.md index c700c99c9..faa3032f8 100644 --- a/2009/CVE-2009-2265.md +++ b/2009/CVE-2009-2265.md @@ -30,6 +30,7 @@ Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow r - https://github.com/crypticdante/CVE-2009-2265 - https://github.com/k4u5h41/CVE-2009-2265 - https://github.com/macosta-42/Exploit-Development +- https://github.com/mactronmedia/FUCKeditor - https://github.com/n3ov4n1sh/CVE-2009-2265 - https://github.com/p1ckzi/CVE-2009-2265 - https://github.com/zaphoxx/zaphoxx-coldfusion diff --git a/2009/CVE-2009-2324.md b/2009/CVE-2009-2324.md new file mode 100644 index 000000000..d5a816345 --- /dev/null +++ b/2009/CVE-2009-2324.md @@ -0,0 +1,17 @@ +### [CVE-2009-2324](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2324) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/mactronmedia/FUCKeditor + diff --git a/2010/CVE-2010-0219.md b/2010/CVE-2010-0219.md index 0eccd7e75..067f8ed6d 100644 --- a/2010/CVE-2010-0219.md +++ b/2010/CVE-2010-0219.md @@ -18,8 +18,10 @@ Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, - https://github.com/ACIC-Africa/metasploitable3 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/CVEDB/awesome-cve-repo - https://github.com/HimmelAward/Goby_POC - https://github.com/Z0fhack/Goby_POC - https://github.com/adamziaja/vulnerability-check - https://github.com/ugurilgin/MoocFiProject-2 +- https://github.com/veritas-rt/CVE-2010-0219 diff --git a/2010/CVE-2010-0828.md b/2010/CVE-2010-0828.md new file mode 100644 index 000000000..21132e062 --- /dev/null +++ b/2010/CVE-2010-0828.md @@ -0,0 +1,17 @@ +### [CVE-2010-0828](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0828) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI. + +### POC + +#### Reference +- http://www.ubuntu.com/usn/USN-925-1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2010/CVE-2010-1238.md b/2010/CVE-2010-1238.md new file mode 100644 index 000000000..cc024864f --- /dev/null +++ b/2010/CVE-2010-1238.md @@ -0,0 +1,17 @@ +### [CVE-2010-1238](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1238) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values. + +### POC + +#### Reference +- http://www.ubuntu.com/usn/USN-925-1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2010/CVE-2010-2918.md b/2010/CVE-2010-2918.md index 9e8c5c123..c565a0391 100644 --- a/2010/CVE-2010-2918.md +++ b/2010/CVE-2010-2918.md @@ -13,5 +13,6 @@ PHP remote file inclusion vulnerability in core/include/myMailer.class.php in th - http://packetstormsecurity.org/0804-exploits/joomlavisites-rfi.txt #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2011/CVE-2011-1002.md b/2011/CVE-2011-1002.md index 0a6809b18..5edc5aa3c 100644 --- a/2011/CVE-2011-1002.md +++ b/2011/CVE-2011-1002.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/DButter/whitehat_public +- https://github.com/EvgeniyaBalanyuk/attacks - https://github.com/Howertx/avahi-dos - https://github.com/NikolayAntipov/DB_13-01 - https://github.com/berradiginamic/32123BC7-Securite-Informatique diff --git a/2011/CVE-2011-2523.md b/2011/CVE-2011-2523.md index 22483b52b..faff199c2 100644 --- a/2011/CVE-2011-2523.md +++ b/2011/CVE-2011-2523.md @@ -25,11 +25,14 @@ vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which - https://github.com/AhmedIrfan198/Penetration-Test-of-Metasploitable-2 - https://github.com/AnugiArrawwala/CVE-Research - https://github.com/Atiwitch15101/vsftpd-2.3.4-Exploit +- https://github.com/BrennanStJohn/Sample_Pentest - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo - https://github.com/CoolerVoid/Vision - https://github.com/CoolerVoid/Vision2 - https://github.com/DButter/whitehat_public +- https://github.com/EvgeniyaBalanyuk/attacks +- https://github.com/Gill-Singh-A/vsFTP-2.3.4-Remote-Root-Shell-Exploit - https://github.com/GodZer/exploit_vsftpd_backdoor - https://github.com/Gr4ykt/CVE-2011-2523 - https://github.com/Hellsender01/vsftpd_2.3.4_Exploit diff --git a/2012/CVE-2012-1823.md b/2012/CVE-2012-1823.md index 5f6228956..f60fb46e9 100644 --- a/2012/CVE-2012-1823.md +++ b/2012/CVE-2012-1823.md @@ -53,6 +53,7 @@ No PoCs from references. - https://github.com/krishpranav/autosploit - https://github.com/marcocastro100/Intrusion_Detection_System-Python - https://github.com/panduki/SIE +- https://github.com/paulveillard/cybersecurity-infosec - https://github.com/psifertex/ctf-vs-the-real-world - https://github.com/pwnwiki/webappurls - https://github.com/slxwzk/slxwzkBotnet diff --git a/2012/CVE-2012-2122.md b/2012/CVE-2012-2122.md index eb884f4df..59ec6d51c 100644 --- a/2012/CVE-2012-2122.md +++ b/2012/CVE-2012-2122.md @@ -37,6 +37,7 @@ No PoCs from references. - https://github.com/kimkaon73/WhiteHatSchool - https://github.com/metaDNA/hackingteamhack - https://github.com/oneplus-x/jok3r +- https://github.com/q99266/saury-vulnhub - https://github.com/qatarattack/nmap-nse-scripts - https://github.com/safe6Sec/PentestNote - https://github.com/zhangkaibin0921/CVE-2012-2122 diff --git a/2012/CVE-2012-2661.md b/2012/CVE-2012-2661.md index 7f916412d..e7bc4c370 100644 --- a/2012/CVE-2012-2661.md +++ b/2012/CVE-2012-2661.md @@ -15,5 +15,6 @@ No PoCs from references. #### Github - https://github.com/Blackyguy/-CVE-2012-2661-ActiveRecord-SQL-injection- - https://github.com/ehayushpathak/WebApp-Hacking +- https://github.com/paulveillard/cybersecurity-infosec - https://github.com/r4x0r1337/-CVE-2012-2661-ActiveRecord-SQL-injection- diff --git a/2012/CVE-2012-6081.md b/2012/CVE-2012-6081.md index 56030daa7..f83795172 100644 --- a/2012/CVE-2012-6081.md +++ b/2012/CVE-2012-6081.md @@ -13,5 +13,6 @@ Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/t - http://www.exploit-db.com/exploits/25304 #### Github +- https://github.com/paulveillard/cybersecurity-infosec - https://github.com/shaynewang/exploits diff --git a/2013/CVE-2013-2028.md b/2013/CVE-2013-2028.md index 88d4c2ee5..846b344aa 100644 --- a/2013/CVE-2013-2028.md +++ b/2013/CVE-2013-2028.md @@ -37,4 +37,5 @@ The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 thro - https://github.com/q40603/Continuous-Invivo-Fuzz - https://github.com/tachibana51/CVE-2013-2028-x64-bypass-ssp-and-pie-PoC - https://github.com/weeka10/-hktalent-TOP +- https://github.com/xiw1ll/CVE-2013-2028_Checker diff --git a/2013/CVE-2013-4547.md b/2013/CVE-2013-4547.md index 36e3c161d..47becfaeb 100644 --- a/2013/CVE-2013-4547.md +++ b/2013/CVE-2013-4547.md @@ -26,6 +26,7 @@ No PoCs from references. - https://github.com/hxysaury/The-Road-to-Safety - https://github.com/hxysaury/saury-vulnhub - https://github.com/lukeber4/usn-search +- https://github.com/q99266/saury-vulnhub - https://github.com/safe6Sec/PentestNote - https://github.com/shuangjiang/DVWA-Note - https://github.com/twfb/DVWA-Note diff --git a/2013/CVE-2013-6026.md b/2013/CVE-2013-6026.md index f2e6474c8..f6bda92b0 100644 --- a/2013/CVE-2013-6026.md +++ b/2013/CVE-2013-6026.md @@ -13,6 +13,7 @@ The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604 - http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/ #### Github +- https://github.com/Ro9ueAdmin/bamf - https://github.com/Soldie/bamf-SHODAN.IO - https://github.com/malwaredllc/bamf diff --git a/2013/CVE-2013-6632.md b/2013/CVE-2013-6632.md index 97ee3d6c0..2c0550dc2 100644 --- a/2013/CVE-2013-6632.md +++ b/2013/CVE-2013-6632.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/allpaca/chrome-sbx-db - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/thelostvoice/global-takeover - https://github.com/thelostvoice/inept-us-military diff --git a/2014/CVE-2014-0160.md b/2014/CVE-2014-0160.md index 2874265e9..378dd83bd 100644 --- a/2014/CVE-2014-0160.md +++ b/2014/CVE-2014-0160.md @@ -128,6 +128,7 @@ The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not p - https://github.com/K1ngDamien/epss-super-sorter - https://github.com/Kapotov/3.9.1 - https://github.com/KayCHENvip/vulnerability-poc +- https://github.com/KenTi0/lista-de-Ferramentas-hacker - https://github.com/KickFootCode/LoveYouALL - https://github.com/LavaOps/LeakReducer - https://github.com/Lekensteyn/pacemaker @@ -191,6 +192,7 @@ The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not p - https://github.com/Soldie/PayloadsAllTheThings - https://github.com/Soldie/Penetration-Testing - https://github.com/Soldie/awesome-pentest-listas +- https://github.com/Sp3c73rSh4d0w/CVE-2014-0160_Heartbleed - https://github.com/Sparrow-Co-Ltd/real_cve_examples - https://github.com/SureshKumarPakalapati/-Penetration-Testing - https://github.com/SwiftfireDev/OpenVPN-install diff --git a/2014/CVE-2014-0224.md b/2014/CVE-2014-0224.md index 1d06766fa..470990775 100644 --- a/2014/CVE-2014-0224.md +++ b/2014/CVE-2014-0224.md @@ -37,6 +37,7 @@ OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not pr - https://github.com/BSolarV/cvedetails-summary - https://github.com/CertifiedCEH/DB - https://github.com/DButter/whitehat_public +- https://github.com/EvgeniyaBalanyuk/attacks - https://github.com/F4RM0X/script_a2sv - https://github.com/H4CK3RT3CH/a2sv - https://github.com/Justic-D/Dev_net_home_1 diff --git a/2014/CVE-2014-0260.md b/2014/CVE-2014-0260.md new file mode 100644 index 000000000..c503e3922 --- /dev/null +++ b/2014/CVE-2014-0260.md @@ -0,0 +1,17 @@ +### [CVE-2014-0260](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0260) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability." + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/splunk-soar-connectors/fireamp + diff --git a/2014/CVE-2014-125106.md b/2014/CVE-2014-125106.md new file mode 100644 index 000000000..68bef2455 --- /dev/null +++ b/2014/CVE-2014-125106.md @@ -0,0 +1,17 @@ +### [CVE-2014-125106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-125106) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiRaltvein/memory-corruption-examples + diff --git a/2014/CVE-2014-1513.md b/2014/CVE-2014-1513.md index 2899e76f1..b0a730bdc 100644 --- a/2014/CVE-2014-1513.md +++ b/2014/CVE-2014-1513.md @@ -15,5 +15,6 @@ TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24. #### Github - https://github.com/RUB-SysSec/PrimGen +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2014/CVE-2014-1705.md b/2014/CVE-2014-1705.md index 7f2e6fd0e..8d29883cc 100644 --- a/2014/CVE-2014-1705.md +++ b/2014/CVE-2014-1705.md @@ -17,6 +17,7 @@ No PoCs from references. - https://github.com/BushraAloraini/Android-Vulnerabilities - https://github.com/Live-Hack-CVE/CVE-2014-1705 - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/thelostvoice/global-takeover - https://github.com/thelostvoice/inept-us-military diff --git a/2014/CVE-2014-3176.md b/2014/CVE-2014-3176.md index 50a977b0f..9700374ea 100644 --- a/2014/CVE-2014-3176.md +++ b/2014/CVE-2014-3176.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/RUB-SysSec/PrimGen - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2014/CVE-2014-3566.md b/2014/CVE-2014-3566.md index c5993f7df..3fb7fa939 100644 --- a/2014/CVE-2014-3566.md +++ b/2014/CVE-2014-3566.md @@ -41,6 +41,7 @@ The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses - https://github.com/CamiloEscobar98/DjangoProject - https://github.com/CertifiedCEH/DB - https://github.com/DButter/whitehat_public +- https://github.com/EvgeniyaBalanyuk/attacks - https://github.com/F4RM0X/script_a2sv - https://github.com/FroggDev/BASH_froggPoodler - https://github.com/GhostTroops/TOP diff --git a/2014/CVE-2014-3704.md b/2014/CVE-2014-3704.md index 1e205068b..0e10389a3 100644 --- a/2014/CVE-2014-3704.md +++ b/2014/CVE-2014-3704.md @@ -49,6 +49,7 @@ The expandArguments function in the database abstraction API in Drupal core 7.x - https://github.com/koutto/jok3r-pocs - https://github.com/maya6/-scan- - https://github.com/moradotai/CMS-Scan +- https://github.com/q99266/saury-vulnhub - https://github.com/smartFlash/pySecurity - https://github.com/superfish9/pt - https://github.com/superlink996/chunqiuyunjingbachang diff --git a/2014/CVE-2014-4113.md b/2014/CVE-2014-4113.md index b771ed452..1d4f31d56 100644 --- a/2014/CVE-2014-4113.md +++ b/2014/CVE-2014-4113.md @@ -44,6 +44,7 @@ win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Wind - https://github.com/JERRY123S/all-poc - https://github.com/JennieXLisa/awe-win-expx - https://github.com/LegendSaber/exp +- https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources - https://github.com/NitroA/windowsexpoitationresources - https://github.com/NullArray/WinKernel-Resources - https://github.com/Ondrik8/RED-Team diff --git a/2014/CVE-2014-4210.md b/2014/CVE-2014-4210.md index 9ef2f3e1a..a39e99dde 100644 --- a/2014/CVE-2014-4210.md +++ b/2014/CVE-2014-4210.md @@ -73,6 +73,7 @@ Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusi - https://github.com/hktalent/TOP - https://github.com/hktalent/myhktools - https://github.com/hmoytx/weblogicscan +- https://github.com/huan-cdm/secure_tools_link - https://github.com/iceberg-N/WL_Scan_GO - https://github.com/ilmila/J2EEScan - https://github.com/iqrok/myhktools diff --git a/2014/CVE-2014-6271.md b/2014/CVE-2014-6271.md index 6aa6f24f5..820a9dc1e 100644 --- a/2014/CVE-2014-6271.md +++ b/2014/CVE-2014-6271.md @@ -31,6 +31,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th #### Github - https://github.com/00xNetrunner/Shodan_Cheet-Sheet - https://github.com/0bfxgh0st/cve-2014-6271 +- https://github.com/0neXo0r/Exploits - https://github.com/0x00-0x00/CVE-2014-6271 - https://github.com/0x0d3ad/Kn0ck - https://github.com/0x43f/Exploits @@ -166,6 +167,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th - https://github.com/KJOONHWAN/CVE-Exploit-Demonstration - https://github.com/Kaizhe/attacker - https://github.com/KateFayra/auto_vulnerability_tester +- https://github.com/KenTi0/lista-de-Ferramentas-hacker - https://github.com/Kr1tz3x3/HTB-Writeups - https://github.com/LearnGolang/LearnGolang - https://github.com/LiuYuancheng/ChatGPT_on_CTF @@ -222,6 +224,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th - https://github.com/SaltwaterC/sploit-tools - https://github.com/Sanket-HP/Ethical-Hacking-Tutorial - https://github.com/Secop/awesome-security +- https://github.com/SenukDias/OSCP_cheat - https://github.com/Sep0lkit/oval-for-el - https://github.com/Sindadziy/cve-2014-6271 - https://github.com/Sindayifu/CVE-2019-14287-CVE-2014-6271 @@ -511,6 +514,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th - https://github.com/paulveillard/cybersecurity - https://github.com/paulveillard/cybersecurity-ethical-hacking - https://github.com/paulveillard/cybersecurity-hacking +- https://github.com/paulveillard/cybersecurity-infosec - https://github.com/paulveillard/cybersecurity-penetration-testing - https://github.com/paulveillard/cybersecurity-pentest - https://github.com/paulveillard/cybersecurity-web-hacking diff --git a/2014/CVE-2014-6446.md b/2014/CVE-2014-6446.md index 7fc4933b4..02819b71f 100644 --- a/2014/CVE-2014-6446.md +++ b/2014/CVE-2014-6446.md @@ -14,6 +14,7 @@ The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does no - http://research.g0blin.co.uk/cve-2014-6446/ #### Github +- https://github.com/0neXo0r/Exploits - https://github.com/0x43f/Exploits - https://github.com/R0B1NL1N/E-x-p-l-o-i-t-s - https://github.com/Xcod3bughunt3r/ExploitsTools diff --git a/2014/CVE-2014-7927.md b/2014/CVE-2014-7927.md index e1fe69a46..be7c48720 100644 --- a/2014/CVE-2014-7927.md +++ b/2014/CVE-2014-7927.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2014/CVE-2014-7928.md b/2014/CVE-2014-7928.md index 3ece7b485..cc38d11c4 100644 --- a/2014/CVE-2014-7928.md +++ b/2014/CVE-2014-7928.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2015/CVE-2015-0057.md b/2015/CVE-2015-0057.md index 3765ced85..b90a69481 100644 --- a/2015/CVE-2015-0057.md +++ b/2015/CVE-2015-0057.md @@ -32,6 +32,7 @@ win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Wind - https://github.com/JennieXLisa/awe-win-expx - https://github.com/Karneades/awesome-vulnerabilities - https://github.com/LegendSaber/exp +- https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources - https://github.com/NitroA/windowsexpoitationresources - https://github.com/NullArray/WinKernel-Resources - https://github.com/Ondrik8/exploit diff --git a/2015/CVE-2015-0886.md b/2015/CVE-2015-0886.md index 3cd27b384..266c6cbd6 100644 --- a/2015/CVE-2015-0886.md +++ b/2015/CVE-2015-0886.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/ytono/gcp-arcade diff --git a/2015/CVE-2015-10065.md b/2015/CVE-2015-10065.md new file mode 100644 index 000000000..f1fb2604b --- /dev/null +++ b/2015/CVE-2015-10065.md @@ -0,0 +1,17 @@ +### [CVE-2015-10065](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-10065) +![](https://img.shields.io/static/v1?label=Product&message=FiND&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in AenBleidd FiND. This vulnerability affects the function init_result of the file validator/my_validator.cpp. The manipulation leads to buffer overflow. The patch is identified as ee2eef34a83644f286c9adcaf30437f92e9c48f1. It is recommended to apply a patch to fix this issue. VDB-218458 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiRaltvein/memory-corruption-examples + diff --git a/2015/CVE-2015-1233.md b/2015/CVE-2015-1233.md index 81e2622e2..c368c20f0 100644 --- a/2015/CVE-2015-1233.md +++ b/2015/CVE-2015-1233.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2015/CVE-2015-1242.md b/2015/CVE-2015-1242.md index 927d888fa..6f0d0b9f1 100644 --- a/2015/CVE-2015-1242.md +++ b/2015/CVE-2015-1242.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2015/CVE-2015-1427.md b/2015/CVE-2015-1427.md index 850635908..73ad29d77 100644 --- a/2015/CVE-2015-1427.md +++ b/2015/CVE-2015-1427.md @@ -16,6 +16,7 @@ The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 #### Github - https://github.com/0day404/vulnerability-poc +- https://github.com/0neXo0r/Exploits - https://github.com/0ps/pocassistdb - https://github.com/0x43f/Exploits - https://github.com/20142995/Goby diff --git a/2015/CVE-2015-1635.md b/2015/CVE-2015-1635.md index 8255dacaf..2152b2c77 100644 --- a/2015/CVE-2015-1635.md +++ b/2015/CVE-2015-1635.md @@ -26,6 +26,8 @@ HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Wind - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/SkinAir/ms15-034-Scan +- https://github.com/Sp3c73rSh4d0w/CVE-2015-1635 +- https://github.com/Sp3c73rSh4d0w/CVE-2015-1635-POC - https://github.com/Zx7ffa4512-Python/Project-CVE-2015-1635 - https://github.com/aedoo/CVE-2015-1635-POC - https://github.com/ahm3dhany/IDS-Evasion diff --git a/2015/CVE-2015-1701.md b/2015/CVE-2015-1701.md index ffe9ad306..587b2d902 100644 --- a/2015/CVE-2015-1701.md +++ b/2015/CVE-2015-1701.md @@ -35,6 +35,7 @@ Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vist - https://github.com/IAmAnubhavSaini/wes.py3 - https://github.com/IMCG/awesome-c - https://github.com/JERRY123S/all-poc +- https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources - https://github.com/NitroA/windowsexpoitationresources - https://github.com/NullArray/WinKernel-Resources - https://github.com/Ondrik8/exploit diff --git a/2015/CVE-2015-2208.md b/2015/CVE-2015-2208.md index c2d05bfe7..2017984e1 100644 --- a/2015/CVE-2015-2208.md +++ b/2015/CVE-2015-2208.md @@ -15,6 +15,7 @@ The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attacke - http://www.exploit-db.com/exploits/36251 #### Github +- https://github.com/0neXo0r/Exploits - https://github.com/0x43f/Exploits - https://github.com/ARPSyndicate/cvemon - https://github.com/AndreaOm/awesome-stars diff --git a/2015/CVE-2015-3440.md b/2015/CVE-2015-3440.md index 34fa7c632..be295f372 100644 --- a/2015/CVE-2015-3440.md +++ b/2015/CVE-2015-3440.md @@ -61,6 +61,7 @@ Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress b - https://github.com/preritpathak/Pentesting-live-targets-2 - https://github.com/rlucus/codepath - https://github.com/theawkwardchild/WordPress-Pentesting +- https://github.com/w3bcooki3/Wordpress-vs-Kali - https://github.com/zakia00/Week7Lab - https://github.com/zjasonshen/CodepathWebSecurityWeek7 - https://github.com/zmh68/codepath-w07 diff --git a/2015/CVE-2015-4000.md b/2015/CVE-2015-4000.md index b7f346c61..e02f22ae5 100644 --- a/2015/CVE-2015-4000.md +++ b/2015/CVE-2015-4000.md @@ -31,6 +31,7 @@ The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a - https://github.com/Artem-Salnikov/devops-netology - https://github.com/Artem-Tvr/sysadmin-09-security - https://github.com/DButter/whitehat_public +- https://github.com/EvgeniyaBalanyuk/attacks - https://github.com/F4RM0X/script_a2sv - https://github.com/H4CK3RT3CH/a2sv - https://github.com/Justic-D/Dev_net_home_1 diff --git a/2015/CVE-2015-5377.md b/2015/CVE-2015-5377.md index e2c52f277..dad8f4a98 100644 --- a/2015/CVE-2015-5377.md +++ b/2015/CVE-2015-5377.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/blackswanburst/afistfulofmetrics +- https://github.com/fi3ro/CVE-2015-5377 - https://github.com/fi3ro/elasticsearch_CVE-2015-5377 - https://github.com/marcocesarato/Shell-BotKiller diff --git a/2015/CVE-2015-6668.md b/2015/CVE-2015-6668.md index d804776c2..0fa8537e4 100644 --- a/2015/CVE-2015-6668.md +++ b/2015/CVE-2015-6668.md @@ -18,6 +18,7 @@ The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary C - https://github.com/G01d3nW01f/CVE-2015-6668 - https://github.com/H3xL00m/CVE-2015-6668 - https://github.com/Ki11i0n4ir3/CVE-2015-6668 +- https://github.com/Sp3c73rSh4d0w/CVE-2015-6668 - https://github.com/c0d3cr4f73r/CVE-2015-6668 - https://github.com/crypticdante/CVE-2015-6668 - https://github.com/k4u5h41/CVE-2015-6668 diff --git a/2015/CVE-2015-6764.md b/2015/CVE-2015-6764.md index 173978488..aa0dcaa98 100644 --- a/2015/CVE-2015-6764.md +++ b/2015/CVE-2015-6764.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/allpaca/chrome-sbx-db - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/secmob/cansecwest2016 - https://github.com/tunz/js-vuln-db diff --git a/2015/CVE-2015-6771.md b/2015/CVE-2015-6771.md index aeb7386b4..512401f1a 100644 --- a/2015/CVE-2015-6771.md +++ b/2015/CVE-2015-6771.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2015/CVE-2015-7204.md b/2015/CVE-2015-7204.md new file mode 100644 index 000000000..04d98c9e6 --- /dev/null +++ b/2015/CVE-2015-7204.md @@ -0,0 +1,17 @@ +### [CVE-2015-7204](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7204) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/splunk-soar-connectors/fireamp + diff --git a/2015/CVE-2015-7808.md b/2015/CVE-2015-7808.md index 5416fef58..334d7688c 100644 --- a/2015/CVE-2015-7808.md +++ b/2015/CVE-2015-7808.md @@ -15,6 +15,7 @@ The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1 - https://www.exploit-db.com/exploits/38629/ #### Github +- https://github.com/0neXo0r/Exploits - https://github.com/0x43f/Exploits - https://github.com/ARPSyndicate/cvemon - https://github.com/PleXone2019/vBulletin-5.1.x-PreAuth-RCE diff --git a/2015/CVE-2015-8548.md b/2015/CVE-2015-8548.md index f04e80cce..05c3a162f 100644 --- a/2015/CVE-2015-8548.md +++ b/2015/CVE-2015-8548.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2015/CVE-2015-8584.md b/2015/CVE-2015-8584.md index e48aea93a..bc2cb3f36 100644 --- a/2015/CVE-2015-8584.md +++ b/2015/CVE-2015-8584.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-0638.md b/2016/CVE-2016-0638.md index e3ff9e5c7..2d1243378 100644 --- a/2016/CVE-2016-0638.md +++ b/2016/CVE-2016-0638.md @@ -49,6 +49,7 @@ Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusi - https://github.com/hanc00l/weblogic_unserialize_exploit - https://github.com/hktalent/TOP - https://github.com/hmoytx/weblogicscan +- https://github.com/huan-cdm/secure_tools_link - https://github.com/iceberg-N/WL_Scan_GO - https://github.com/jbmihoub/all-poc - https://github.com/koutto/jok3r-pocs diff --git a/2016/CVE-2016-0783.md b/2016/CVE-2016-0783.md index 6112abd5a..36112c979 100644 --- a/2016/CVE-2016-0783.md +++ b/2016/CVE-2016-0783.md @@ -15,4 +15,5 @@ The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predic #### Github - https://github.com/Quadrupl3d/ICISPD-47-2023 +- https://github.com/redp4rrot/ICISPD-47-2023 diff --git a/2016/CVE-2016-1531.md b/2016/CVE-2016-1531.md index e35792c82..a4e4a6f48 100644 --- a/2016/CVE-2016-1531.md +++ b/2016/CVE-2016-1531.md @@ -21,6 +21,7 @@ Exim before 4.86.2, when installed setuid root, allows local users to gain privi - https://github.com/HadessCS/Awesome-Privilege-Escalation - https://github.com/Jekyll-Hyde2022/PrivEsc-Linux - https://github.com/Pr1vEsc/Hacking-linux +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/Totes5706/Offensive-Security-Cheat-Sheet - https://github.com/c0d3cr4f73r/CVE-2016-1531 diff --git a/2016/CVE-2016-1646.md b/2016/CVE-2016-1646.md index 06f26655a..9d61422fe 100644 --- a/2016/CVE-2016-1646.md +++ b/2016/CVE-2016-1646.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/hwiwonl/dayone - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-1653.md b/2016/CVE-2016-1653.md index 040692615..4e3b55132 100644 --- a/2016/CVE-2016-1653.md +++ b/2016/CVE-2016-1653.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-1665.md b/2016/CVE-2016-1665.md index 7e8d4d5da..034efd6b9 100644 --- a/2016/CVE-2016-1665.md +++ b/2016/CVE-2016-1665.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-1669.md b/2016/CVE-2016-1669.md index 2a131ed20..7dd3a8f1f 100644 --- a/2016/CVE-2016-1669.md +++ b/2016/CVE-2016-1669.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-1677.md b/2016/CVE-2016-1677.md index 1c91e024b..54794eb66 100644 --- a/2016/CVE-2016-1677.md +++ b/2016/CVE-2016-1677.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-1688.md b/2016/CVE-2016-1688.md index 3b1d7bc0f..91ec9be87 100644 --- a/2016/CVE-2016-1688.md +++ b/2016/CVE-2016-1688.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-1857.md b/2016/CVE-2016-1857.md index fb87e2803..a5917386a 100644 --- a/2016/CVE-2016-1857.md +++ b/2016/CVE-2016-1857.md @@ -16,6 +16,7 @@ WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before - https://github.com/ARPSyndicate/cvemon - https://github.com/hedgeberg/PegMii-Boogaloo - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-2177.md b/2016/CVE-2016-2177.md index 04c9b78fc..0d09e1a7f 100644 --- a/2016/CVE-2016-2177.md +++ b/2016/CVE-2016-2177.md @@ -19,6 +19,7 @@ OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer bound - http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html - http://www.ubuntu.com/usn/USN-3181-1 - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 +- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us - https://www.tenable.com/security/tns-2016-20 #### Github diff --git a/2016/CVE-2016-2178.md b/2016/CVE-2016-2178.md index 22d96b10c..5c07b2608 100644 --- a/2016/CVE-2016-2178.md +++ b/2016/CVE-2016-2178.md @@ -19,6 +19,7 @@ The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h d - http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html - http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 +- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us - https://www.tenable.com/security/tns-2016-20 #### Github diff --git a/2016/CVE-2016-2179.md b/2016/CVE-2016-2179.md index e24e1d87a..23846c4a1 100644 --- a/2016/CVE-2016-2179.md +++ b/2016/CVE-2016-2179.md @@ -16,6 +16,7 @@ The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the l - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 +- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us - https://www.tenable.com/security/tns-2016-20 #### Github diff --git a/2016/CVE-2016-2180.md b/2016/CVE-2016-2180.md index d13269067..859026c52 100644 --- a/2016/CVE-2016-2180.md +++ b/2016/CVE-2016-2180.md @@ -17,6 +17,7 @@ The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infr - http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html - https://hackerone.com/reports/221789 - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 +- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us - https://www.tenable.com/security/tns-2016-20 #### Github diff --git a/2016/CVE-2016-2182.md b/2016/CVE-2016-2182.md index b2ea5df37..ca3442bdb 100644 --- a/2016/CVE-2016-2182.md +++ b/2016/CVE-2016-2182.md @@ -18,6 +18,7 @@ The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not - http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html - https://hackerone.com/reports/221788 - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 +- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us - https://www.tenable.com/security/tns-2016-20 #### Github diff --git a/2016/CVE-2016-3309.md b/2016/CVE-2016-3309.md index 7fab3296b..20e866ddb 100644 --- a/2016/CVE-2016-3309.md +++ b/2016/CVE-2016-3309.md @@ -29,6 +29,7 @@ The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 - https://github.com/GhostTroops/TOP - https://github.com/JERRY123S/all-poc - https://github.com/LegendSaber/exp_x64 +- https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources - https://github.com/Ondrik8/RED-Team - https://github.com/Ondrik8/exploit - https://github.com/Ostorlab/KEV diff --git a/2016/CVE-2016-3386.md b/2016/CVE-2016-3386.md index f9692f2b9..83a23af95 100644 --- a/2016/CVE-2016-3386.md +++ b/2016/CVE-2016-3386.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-3510.md b/2016/CVE-2016-3510.md index 01fc4b82e..01eaef7bf 100644 --- a/2016/CVE-2016-3510.md +++ b/2016/CVE-2016-3510.md @@ -77,6 +77,7 @@ Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusi - https://github.com/hellochunqiu/PayloadsAllTheThings - https://github.com/hktalent/TOP - https://github.com/hmoytx/weblogicscan +- https://github.com/huan-cdm/secure_tools_link - https://github.com/iceberg-N/WL_Scan_GO - https://github.com/jbmihoub/all-poc - https://github.com/koutto/jok3r-pocs diff --git a/2016/CVE-2016-4437.md b/2016/CVE-2016-4437.md index 0a664949a..a365da52a 100644 --- a/2016/CVE-2016-4437.md +++ b/2016/CVE-2016-4437.md @@ -64,6 +64,7 @@ Apache Shiro before 1.2.5, when a cipher key has not been configured for the "re - https://github.com/pen4uin/vulnerability-research - https://github.com/pen4uin/vulnerability-research-list - https://github.com/pizza-power/CVE-2016-4437 +- https://github.com/q99266/saury-vulnhub - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/retr0-13/Goby - https://github.com/skyblueflag/WebSecurityStudy diff --git a/2016/CVE-2016-4622.md b/2016/CVE-2016-4622.md index 27f21381e..3f6822f3e 100644 --- a/2016/CVE-2016-4622.md +++ b/2016/CVE-2016-4622.md @@ -43,6 +43,7 @@ WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 all - https://github.com/m1ghtym0/browser-pwn - https://github.com/mishmashclone/qazbnm456-awesome-web-security - https://github.com/ocipap/My_external_stars +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/paramint/awesome-web-security - https://github.com/paulveillard/cybersecurity-web-security - https://github.com/qazbnm456/awesome-cve-poc diff --git a/2016/CVE-2016-4734.md b/2016/CVE-2016-4734.md index 38d31edfc..48cbdcdbc 100644 --- a/2016/CVE-2016-4734.md +++ b/2016/CVE-2016-4734.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-4977.md b/2016/CVE-2016-4977.md index 96d73a124..789b29086 100644 --- a/2016/CVE-2016-4977.md +++ b/2016/CVE-2016-4977.md @@ -40,6 +40,7 @@ No PoCs from references. - https://github.com/hxysaury/saury-vulnhub - https://github.com/jweny/pocassistdb - https://github.com/langu-xyz/JavaVulnMap +- https://github.com/q99266/saury-vulnhub - https://github.com/superfish9/pt - https://github.com/tpt11fb/SpringVulScan - https://github.com/zisigui123123s/FINAL diff --git a/2016/CVE-2016-5129.md b/2016/CVE-2016-5129.md index 40d6dedcf..e033fd5ab 100644 --- a/2016/CVE-2016-5129.md +++ b/2016/CVE-2016-5129.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-5172.md b/2016/CVE-2016-5172.md index 10f7af283..3bdce49e7 100644 --- a/2016/CVE-2016-5172.md +++ b/2016/CVE-2016-5172.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-5195.md b/2016/CVE-2016-5195.md index 4d6c65639..cc46696fc 100644 --- a/2016/CVE-2016-5195.md +++ b/2016/CVE-2016-5195.md @@ -132,6 +132,7 @@ Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allo - https://github.com/Satya42/OSCP-Guide - https://github.com/SecWiki/linux-kernel-exploits - https://github.com/SenpaiX00/OSCP-Survival +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SexyBeast233/SecBooks - https://github.com/Shadowshusky/linux-kernel-exploits - https://github.com/Shadowven/Vulnerability_Reproduction diff --git a/2016/CVE-2016-5198.md b/2016/CVE-2016-5198.md index f46386710..ba74578e3 100644 --- a/2016/CVE-2016-5198.md +++ b/2016/CVE-2016-5198.md @@ -17,6 +17,7 @@ No PoCs from references. - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-5200.md b/2016/CVE-2016-5200.md index 84cbe28ba..f87c68087 100644 --- a/2016/CVE-2016-5200.md +++ b/2016/CVE-2016-5200.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/BushraAloraini/Android-Vulnerabilities - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-6306.md b/2016/CVE-2016-6306.md index a71eee76d..c7015b4f3 100644 --- a/2016/CVE-2016-6306.md +++ b/2016/CVE-2016-6306.md @@ -18,6 +18,7 @@ The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might al - http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html - https://hackerone.com/reports/221790 - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 +- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us - https://www.oracle.com/security-alerts/cpuapr2020.html - https://www.oracle.com/security-alerts/cpujan2020.html - https://www.oracle.com/security-alerts/cpujul2020.html diff --git a/2016/CVE-2016-6309.md b/2016/CVE-2016-6309.md index 83ff7747e..63500c26d 100644 --- a/2016/CVE-2016-6309.md +++ b/2016/CVE-2016-6309.md @@ -13,6 +13,7 @@ statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html +- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us - https://www.tenable.com/security/tns-2016-20 #### Github diff --git a/2016/CVE-2016-7052.md b/2016/CVE-2016-7052.md index 5aa2455b2..746d338b2 100644 --- a/2016/CVE-2016-7052.md +++ b/2016/CVE-2016-7052.md @@ -14,6 +14,7 @@ crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a deni - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html +- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us - https://www.tenable.com/security/tns-2016-19 - https://www.tenable.com/security/tns-2016-20 diff --git a/2016/CVE-2016-7189.md b/2016/CVE-2016-7189.md index 31dc4c319..5b7a7860f 100644 --- a/2016/CVE-2016-7189.md +++ b/2016/CVE-2016-7189.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice - https://github.com/mynameisv/MMSBGA +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-7190.md b/2016/CVE-2016-7190.md index 92cd47879..ff07edb82 100644 --- a/2016/CVE-2016-7190.md +++ b/2016/CVE-2016-7190.md @@ -17,6 +17,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice - https://github.com/mynameisv/MMSBGA +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-7194.md b/2016/CVE-2016-7194.md index a223410e5..9ce348c67 100644 --- a/2016/CVE-2016-7194.md +++ b/2016/CVE-2016-7194.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice - https://github.com/mynameisv/MMSBGA +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-7200.md b/2016/CVE-2016-7200.md index a86528424..a09759a2b 100644 --- a/2016/CVE-2016-7200.md +++ b/2016/CVE-2016-7200.md @@ -32,6 +32,7 @@ The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers - https://github.com/jbmihoub/all-poc - https://github.com/lnick2023/nicenice - https://github.com/nyerkym/sectools +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/theori-io/chakra-2016-11 - https://github.com/trhacknon/chakra-2016-11 diff --git a/2016/CVE-2016-7201.md b/2016/CVE-2016-7201.md index 8dbf9730a..3dc30eeea 100644 --- a/2016/CVE-2016-7201.md +++ b/2016/CVE-2016-7201.md @@ -31,6 +31,7 @@ The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers - https://github.com/jbmihoub/all-poc - https://github.com/lnick2023/nicenice - https://github.com/nyerkym/sectools +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/theori-io/chakra-2016-11 - https://github.com/trhacknon/chakra-2016-11 diff --git a/2016/CVE-2016-7202.md b/2016/CVE-2016-7202.md index 1894a7bf5..d628e0a7c 100644 --- a/2016/CVE-2016-7202.md +++ b/2016/CVE-2016-7202.md @@ -17,6 +17,7 @@ The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice - https://github.com/mynameisv/MMSBGA +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-7203.md b/2016/CVE-2016-7203.md index 3a2be031c..4c8b2f5e2 100644 --- a/2016/CVE-2016-7203.md +++ b/2016/CVE-2016-7203.md @@ -15,6 +15,7 @@ The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-7240.md b/2016/CVE-2016-7240.md index 9f8f42eee..3ffbcad8c 100644 --- a/2016/CVE-2016-7240.md +++ b/2016/CVE-2016-7240.md @@ -15,6 +15,7 @@ The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-7241.md b/2016/CVE-2016-7241.md index 1e0ccdc2d..d3eaedccc 100644 --- a/2016/CVE-2016-7241.md +++ b/2016/CVE-2016-7241.md @@ -17,6 +17,7 @@ Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to exec - https://github.com/0xdade/bugname.club - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-7255.md b/2016/CVE-2016-7255.md index 356893aae..f26de1599 100644 --- a/2016/CVE-2016-7255.md +++ b/2016/CVE-2016-7255.md @@ -41,6 +41,7 @@ The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 - https://github.com/Iamgublin/CVE-2020-1054 - https://github.com/JERRY123S/all-poc - https://github.com/LegendSaber/exp +- https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources - https://github.com/NitroA/windowsexpoitationresources - https://github.com/NullArray/WinKernel-Resources - https://github.com/Ondrik8/RED-Team diff --git a/2016/CVE-2016-7286.md b/2016/CVE-2016-7286.md index 32f582614..fc669a69d 100644 --- a/2016/CVE-2016-7286.md +++ b/2016/CVE-2016-7286.md @@ -16,6 +16,7 @@ The scripting engines in Microsoft Edge allow remote attackers to execute arbitr #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-7287.md b/2016/CVE-2016-7287.md index 2a4a11365..0f3c8aa99 100644 --- a/2016/CVE-2016-7287.md +++ b/2016/CVE-2016-7287.md @@ -16,6 +16,7 @@ The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-7288.md b/2016/CVE-2016-7288.md index c5b0023dc..5eaf9bbfa 100644 --- a/2016/CVE-2016-7288.md +++ b/2016/CVE-2016-7288.md @@ -31,6 +31,7 @@ The scripting engines in Microsoft Edge allow remote attackers to execute arbitr - https://github.com/hacker-insider/Hacking - https://github.com/lnick2023/nicenice - https://github.com/nitishbadole/PENTESTING-BIBLE +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/phant0n/PENTESTING-BIBLE - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/readloud/Pentesting-Bible diff --git a/2016/CVE-2016-8869.md b/2016/CVE-2016-8869.md index ec628b66b..aa7870005 100644 --- a/2016/CVE-2016-8869.md +++ b/2016/CVE-2016-8869.md @@ -14,6 +14,7 @@ The register method in the UsersModelRegistration class in controllers/user.php - https://www.exploit-db.com/exploits/40637/ #### Github +- https://github.com/0neXo0r/Exploits - https://github.com/0x43f/Exploits - https://github.com/ARPSyndicate/cvemon - https://github.com/Micr067/CMS-Hunter diff --git a/2016/CVE-2016-8870.md b/2016/CVE-2016-8870.md index 1d9133fc2..d4acd0d04 100644 --- a/2016/CVE-2016-8870.md +++ b/2016/CVE-2016-8870.md @@ -14,6 +14,7 @@ The register method in the UsersModelRegistration class in controllers/user.php - https://www.exploit-db.com/exploits/40637/ #### Github +- https://github.com/0neXo0r/Exploits - https://github.com/0x43f/Exploits - https://github.com/ARPSyndicate/cvemon - https://github.com/R0B1NL1N/E-x-p-l-o-i-t-s diff --git a/2016/CVE-2016-9651.md b/2016/CVE-2016-9651.md index 7fc8dd1ba..988d41bb8 100644 --- a/2016/CVE-2016-9651.md +++ b/2016/CVE-2016-9651.md @@ -16,6 +16,7 @@ A missing check for whether a property of a JS object is private in V8 in Google #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/secmob/pwnfest2016 - https://github.com/tunz/js-vuln-db diff --git a/2017/CVE-2017-0005.md b/2017/CVE-2017-0005.md index ec77ea7d4..32f0d4946 100644 --- a/2017/CVE-2017-0005.md +++ b/2017/CVE-2017-0005.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/Ascotbe/Kernelhub - https://github.com/Cruxer8Mech/Idk - https://github.com/FULLSHADE/WindowsExploitationResources +- https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources - https://github.com/NitroA/windowsexpoitationresources - https://github.com/NullArray/WinKernel-Resources - https://github.com/Ondrik8/exploit diff --git a/2017/CVE-2017-0015.md b/2017/CVE-2017-0015.md index d0df2ba53..14aa32843 100644 --- a/2017/CVE-2017-0015.md +++ b/2017/CVE-2017-0015.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-0071.md b/2017/CVE-2017-0071.md index 416e43db5..9549c7b32 100644 --- a/2017/CVE-2017-0071.md +++ b/2017/CVE-2017-0071.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-0134.md b/2017/CVE-2017-0134.md index d23330627..f9448bd7f 100644 --- a/2017/CVE-2017-0134.md +++ b/2017/CVE-2017-0134.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-0141.md b/2017/CVE-2017-0141.md index 731a99de2..6399fc628 100644 --- a/2017/CVE-2017-0141.md +++ b/2017/CVE-2017-0141.md @@ -15,6 +15,7 @@ A remote code execution vulnerability exists in the way affected Microsoft scrip #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-0144.md b/2017/CVE-2017-0144.md index ab26f8477..351978427 100644 --- a/2017/CVE-2017-0144.md +++ b/2017/CVE-2017-0144.md @@ -69,6 +69,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 - https://github.com/RedYetiDev/RedYetiDev - https://github.com/RodrigoVarasLopez/Download-Scanners-from-Nessus-8.7-using-the-API - https://github.com/SaintsConnor/Exploits +- https://github.com/SenukDias/OSCP_cheat - https://github.com/ShubhamGuptaIN/WannaCry-ransomware-attack-Virus - https://github.com/SirElmard/ethical_hacking - https://github.com/Totes5706/TotesHTB diff --git a/2017/CVE-2017-0199.md b/2017/CVE-2017-0199.md index 4d9708ce2..7d97d4449 100644 --- a/2017/CVE-2017-0199.md +++ b/2017/CVE-2017-0199.md @@ -78,6 +78,7 @@ Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, - https://github.com/RxXwx3x/Redteam - https://github.com/S3cur3Th1sSh1t/Pentest-Tools - https://github.com/Saidul-M-Khan/Red-Teaming-Toolkit +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/Soldie/Red-Team-Tool-Kit---Shr3dKit - https://github.com/Sunqiz/CVE-2017-0199-reprofuction diff --git a/2017/CVE-2017-0234.md b/2017/CVE-2017-0234.md index 2941390f3..b79bbf482 100644 --- a/2017/CVE-2017-0234.md +++ b/2017/CVE-2017-0234.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-0236.md b/2017/CVE-2017-0236.md index cbfa3adea..c707d6e7c 100644 --- a/2017/CVE-2017-0236.md +++ b/2017/CVE-2017-0236.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-10271.md b/2017/CVE-2017-10271.md index 3c92b0c5a..c5500c1e5 100644 --- a/2017/CVE-2017-10271.md +++ b/2017/CVE-2017-10271.md @@ -154,6 +154,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/hktalent/bug-bounty - https://github.com/hktalent/myhktools - https://github.com/hmoytx/weblogicscan +- https://github.com/huan-cdm/secure_tools_link - https://github.com/hxysaury/saury-vulnhub - https://github.com/ianxtianxt/-CVE-2017-10271- - https://github.com/iceberg-N/WL_Scan_GO @@ -205,6 +206,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/pjgmonteiro/Pentest-tools - https://github.com/pssss/CVE-2017-10271 - https://github.com/pwnagelabs/VEF +- https://github.com/q99266/saury-vulnhub - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/qi4L/WeblogicScan.go - https://github.com/qince1455373819/awesome-honeypots diff --git a/2017/CVE-2017-11764.md b/2017/CVE-2017-11764.md index f2d58ee7e..2aad5f897 100644 --- a/2017/CVE-2017-11764.md +++ b/2017/CVE-2017-11764.md @@ -15,6 +15,7 @@ Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allow #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11793.md b/2017/CVE-2017-11793.md index da4337710..6ba7b409e 100644 --- a/2017/CVE-2017-11793.md +++ b/2017/CVE-2017-11793.md @@ -19,6 +19,7 @@ Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 - https://github.com/marckwei/temp - https://github.com/merlinepedra/DONATO - https://github.com/merlinepedra25/DONATO +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11799.md b/2017/CVE-2017-11799.md index 3edd27cf0..4ef42f3f1 100644 --- a/2017/CVE-2017-11799.md +++ b/2017/CVE-2017-11799.md @@ -15,6 +15,7 @@ ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, an #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11802.md b/2017/CVE-2017-11802.md index 1d41aa7bf..b6d6b57e3 100644 --- a/2017/CVE-2017-11802.md +++ b/2017/CVE-2017-11802.md @@ -15,6 +15,7 @@ ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, an #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11809.md b/2017/CVE-2017-11809.md index 0cf4f3c4d..65e6a19d1 100644 --- a/2017/CVE-2017-11809.md +++ b/2017/CVE-2017-11809.md @@ -15,6 +15,7 @@ ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, an #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11811.md b/2017/CVE-2017-11811.md index acd88fbb4..9d0546f26 100644 --- a/2017/CVE-2017-11811.md +++ b/2017/CVE-2017-11811.md @@ -15,6 +15,7 @@ ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, an #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11839.md b/2017/CVE-2017-11839.md index 0efe5dd14..e7c773399 100644 --- a/2017/CVE-2017-11839.md +++ b/2017/CVE-2017-11839.md @@ -15,6 +15,7 @@ Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 a #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11840.md b/2017/CVE-2017-11840.md index eacc3fd27..f838e70f6 100644 --- a/2017/CVE-2017-11840.md +++ b/2017/CVE-2017-11840.md @@ -15,6 +15,7 @@ ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Window #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11841.md b/2017/CVE-2017-11841.md index f064d582e..43e4f85e3 100644 --- a/2017/CVE-2017-11841.md +++ b/2017/CVE-2017-11841.md @@ -15,6 +15,7 @@ ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Window #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11855.md b/2017/CVE-2017-11855.md index 510882200..d6b0afe2c 100644 --- a/2017/CVE-2017-11855.md +++ b/2017/CVE-2017-11855.md @@ -19,6 +19,7 @@ Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 - https://github.com/marckwei/temp - https://github.com/merlinepedra/DONATO - https://github.com/merlinepedra25/DONATO +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11861.md b/2017/CVE-2017-11861.md index dbd7793f2..ff3d03298 100644 --- a/2017/CVE-2017-11861.md +++ b/2017/CVE-2017-11861.md @@ -15,6 +15,7 @@ Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows S #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11870.md b/2017/CVE-2017-11870.md index 1116db7fe..a3884eec1 100644 --- a/2017/CVE-2017-11870.md +++ b/2017/CVE-2017-11870.md @@ -15,6 +15,7 @@ ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, vers #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11873.md b/2017/CVE-2017-11873.md index 1d1402b8c..61942b89c 100644 --- a/2017/CVE-2017-11873.md +++ b/2017/CVE-2017-11873.md @@ -15,6 +15,7 @@ ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Serv #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11890.md b/2017/CVE-2017-11890.md index 58f8ca951..add7c82b5 100644 --- a/2017/CVE-2017-11890.md +++ b/2017/CVE-2017-11890.md @@ -15,6 +15,7 @@ Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11893.md b/2017/CVE-2017-11893.md index df02aff31..83eac21e0 100644 --- a/2017/CVE-2017-11893.md +++ b/2017/CVE-2017-11893.md @@ -15,6 +15,7 @@ ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11903.md b/2017/CVE-2017-11903.md index c1d75a4fc..eedd644a0 100644 --- a/2017/CVE-2017-11903.md +++ b/2017/CVE-2017-11903.md @@ -19,6 +19,7 @@ Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Wi - https://github.com/marckwei/temp - https://github.com/merlinepedra/DONATO - https://github.com/merlinepedra25/DONATO +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11906.md b/2017/CVE-2017-11906.md index 141dd51f8..ffb54c036 100644 --- a/2017/CVE-2017-11906.md +++ b/2017/CVE-2017-11906.md @@ -19,6 +19,7 @@ Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Wi - https://github.com/marckwei/temp - https://github.com/merlinepedra/DONATO - https://github.com/merlinepedra25/DONATO +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11907.md b/2017/CVE-2017-11907.md index 98f645a6d..6408a489a 100644 --- a/2017/CVE-2017-11907.md +++ b/2017/CVE-2017-11907.md @@ -20,6 +20,7 @@ Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Wi - https://github.com/marckwei/temp - https://github.com/merlinepedra/DONATO - https://github.com/merlinepedra25/DONATO +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11909.md b/2017/CVE-2017-11909.md index f3952b93b..ac5854e99 100644 --- a/2017/CVE-2017-11909.md +++ b/2017/CVE-2017-11909.md @@ -15,6 +15,7 @@ ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11911.md b/2017/CVE-2017-11911.md index b0558dcd3..3b6bd4e21 100644 --- a/2017/CVE-2017-11911.md +++ b/2017/CVE-2017-11911.md @@ -15,6 +15,7 @@ ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11914.md b/2017/CVE-2017-11914.md index 4a785afb3..b9693e16a 100644 --- a/2017/CVE-2017-11914.md +++ b/2017/CVE-2017-11914.md @@ -15,6 +15,7 @@ ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-11918.md b/2017/CVE-2017-11918.md index e6c27e6c5..4f9fa209a 100644 --- a/2017/CVE-2017-11918.md +++ b/2017/CVE-2017-11918.md @@ -15,6 +15,7 @@ ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Wi #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-12615.md b/2017/CVE-2017-12615.md index 928d22bfc..7567fe5bc 100644 --- a/2017/CVE-2017-12615.md +++ b/2017/CVE-2017-12615.md @@ -87,6 +87,7 @@ When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e. - https://github.com/onewinner/VulToolsKit - https://github.com/password520/Penetration_PoC - https://github.com/password520/RedTeamer +- https://github.com/q99266/saury-vulnhub - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/qiantu88/Tomcat-Exploit - https://github.com/qiwentaidi/Slack diff --git a/2017/CVE-2017-12794.md b/2017/CVE-2017-12794.md index 28714e3a7..a7f699c0d 100644 --- a/2017/CVE-2017-12794.md +++ b/2017/CVE-2017-12794.md @@ -25,6 +25,7 @@ No PoCs from references. - https://github.com/hktalent/bug-bounty - https://github.com/hxysaury/saury-vulnhub - https://github.com/kenuosec/youzai +- https://github.com/q99266/saury-vulnhub - https://github.com/qian-shen/youzai - https://github.com/reph0r/poc-exp - https://github.com/reph0r/poc-exp-tools diff --git a/2017/CVE-2017-14849.md b/2017/CVE-2017-14849.md index ed0d01f16..c513588f4 100644 --- a/2017/CVE-2017-14849.md +++ b/2017/CVE-2017-14849.md @@ -40,6 +40,7 @@ No PoCs from references. - https://github.com/merlinepedra/nuclei-templates - https://github.com/merlinepedra25/nuclei-templates - https://github.com/openx-org/BLEN +- https://github.com/q99266/saury-vulnhub - https://github.com/ronoski/j2ee-rscan - https://github.com/snyk-labs/container-breaking-in-goof - https://github.com/sobinge/nuclei-templates diff --git a/2017/CVE-2017-14961.md b/2017/CVE-2017-14961.md index da0a8fabe..6979eeeef 100644 --- a/2017/CVE-2017-14961.md +++ b/2017/CVE-2017-14961.md @@ -17,6 +17,7 @@ In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write - https://github.com/0xcyberpj/windows-exploitation - https://github.com/0xpetros/windows-privilage-escalation - https://github.com/FULLSHADE/WindowsExploitationResources +- https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources - https://github.com/NitroA/windowsexpoitationresources - https://github.com/NullArray/WinKernel-Resources - https://github.com/TamilHackz/windows-exploitation diff --git a/2017/CVE-2017-15399.md b/2017/CVE-2017-15399.md index f555eb861..2535bcb47 100644 --- a/2017/CVE-2017-15399.md +++ b/2017/CVE-2017-15399.md @@ -17,6 +17,7 @@ No PoCs from references. - https://github.com/IMULMUL/WebAssemblyCVE - https://github.com/hwiwonl/dayone - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-15401.md b/2017/CVE-2017-15401.md index 680efac37..36bc45c10 100644 --- a/2017/CVE-2017-15401.md +++ b/2017/CVE-2017-15401.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/IMULMUL/WebAssemblyCVE - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-15715.md b/2017/CVE-2017-15715.md index fed12d070..ab7dedaed 100644 --- a/2017/CVE-2017-15715.md +++ b/2017/CVE-2017-15715.md @@ -52,6 +52,7 @@ In Apache httpd 2.4.0 to 2.4.29, the expression specified in could - https://github.com/intrigueio/intrigue-ident - https://github.com/jiushill/haq5201314 - https://github.com/kabir0104k/ethan +- https://github.com/q99266/saury-vulnhub - https://github.com/retr0-13/nrich - https://github.com/rnbochsr/yr_of_the_jellyfish - https://github.com/rochoabanuelos/Red-Team-vs-Blue-Team-Analysis diff --git a/2017/CVE-2017-18640.md b/2017/CVE-2017-18640.md index cba685414..bcbb5a134 100644 --- a/2017/CVE-2017-18640.md +++ b/2017/CVE-2017-18640.md @@ -20,4 +20,5 @@ The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load - https://github.com/GangOf7/WebApp - https://github.com/adioss/snakeyaml-test - https://github.com/danielps99/startquarkus +- https://github.com/ytono/gcp-arcade diff --git a/2017/CVE-2017-2446.md b/2017/CVE-2017-2446.md index e261274e1..c6ca4c1fa 100644 --- a/2017/CVE-2017-2446.md +++ b/2017/CVE-2017-2446.md @@ -26,6 +26,7 @@ An issue was discovered in certain Apple products. iOS before 10.3 is affected. - https://github.com/lnick2023/nicenice - https://github.com/m1ghtym0/browser-pwn - https://github.com/mishmashclone/qazbnm456-awesome-web-security +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/paulveillard/cybersecurity-web-security - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/qazbnm456/awesome-web-security diff --git a/2017/CVE-2017-2447.md b/2017/CVE-2017-2447.md index 251500365..e517fa51e 100644 --- a/2017/CVE-2017-2447.md +++ b/2017/CVE-2017-2447.md @@ -15,6 +15,7 @@ An issue was discovered in certain Apple products. iOS before 10.3 is affected. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-2464.md b/2017/CVE-2017-2464.md index 3ce06c354..b7612968c 100644 --- a/2017/CVE-2017-2464.md +++ b/2017/CVE-2017-2464.md @@ -15,6 +15,7 @@ An issue was discovered in certain Apple products. iOS before 10.3 is affected. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/r0ysue/OSG-TranslationTeam - https://github.com/tunz/js-vuln-db diff --git a/2017/CVE-2017-2491.md b/2017/CVE-2017-2491.md index 036221b95..b44e415fd 100644 --- a/2017/CVE-2017-2491.md +++ b/2017/CVE-2017-2491.md @@ -16,6 +16,7 @@ Use after free vulnerability in the String.replace method JavaScriptCore in Appl - https://github.com/ARPSyndicate/cvemon - https://github.com/hedgeberg/PegMii-Boogaloo - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/r0ysue/OSG-TranslationTeam - https://github.com/tunz/js-vuln-db diff --git a/2017/CVE-2017-2521.md b/2017/CVE-2017-2521.md index 19f687280..ecff3efe9 100644 --- a/2017/CVE-2017-2521.md +++ b/2017/CVE-2017-2521.md @@ -15,6 +15,7 @@ An issue was discovered in certain Apple products. iOS before 10.3.2 is affected #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-2531.md b/2017/CVE-2017-2531.md index 499d91cba..61a0ebfe8 100644 --- a/2017/CVE-2017-2531.md +++ b/2017/CVE-2017-2531.md @@ -15,6 +15,7 @@ An issue was discovered in certain Apple products. iOS before 10.3.2 is affected #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-2536.md b/2017/CVE-2017-2536.md index 78c6b700b..2724d1d61 100644 --- a/2017/CVE-2017-2536.md +++ b/2017/CVE-2017-2536.md @@ -16,6 +16,7 @@ An issue was discovered in certain Apple products. iOS before 10.3.2 is affected - https://github.com/ARPSyndicate/cvemon - https://github.com/SkyBulk/RealWorldPwn - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-2547.md b/2017/CVE-2017-2547.md index 1a271721c..a59626eba 100644 --- a/2017/CVE-2017-2547.md +++ b/2017/CVE-2017-2547.md @@ -20,6 +20,7 @@ An issue was discovered in certain Apple products. iOS before 10.3.2 is affected - https://github.com/externalist/exploit_playground - https://github.com/likescam/exploit_playground_lists_androidCVE - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/theori-io/zer0con2018_singi - https://github.com/tunz/js-vuln-db diff --git a/2017/CVE-2017-3248.md b/2017/CVE-2017-3248.md index 24dbf5283..d336af788 100644 --- a/2017/CVE-2017-3248.md +++ b/2017/CVE-2017-3248.md @@ -53,6 +53,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/hanc00l/weblogic_unserialize_exploit - https://github.com/hktalent/TOP - https://github.com/hmoytx/weblogicscan +- https://github.com/huan-cdm/secure_tools_link - https://github.com/ianxtianxt/CVE-2017-3248 - https://github.com/iceberg-N/WL_Scan_GO - https://github.com/jbmihoub/all-poc diff --git a/2017/CVE-2017-3506.md b/2017/CVE-2017-3506.md index f2d1aa566..537363023 100644 --- a/2017/CVE-2017-3506.md +++ b/2017/CVE-2017-3506.md @@ -64,6 +64,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/heane404/CVE_scan - https://github.com/hktalent/TOP - https://github.com/hmoytx/weblogicscan +- https://github.com/huan-cdm/secure_tools_link - https://github.com/ianxtianxt/CVE-2017-3506 - https://github.com/iceberg-N/WL_Scan_GO - https://github.com/jbmihoub/all-poc diff --git a/2017/CVE-2017-5030.md b/2017/CVE-2017-5030.md index 428c9e2c2..5be1b4898 100644 --- a/2017/CVE-2017-5030.md +++ b/2017/CVE-2017-5030.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/gipi/cve-cemetery - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/wh1ant/vulnjs diff --git a/2017/CVE-2017-5040.md b/2017/CVE-2017-5040.md index 93dd66496..05bd405e6 100644 --- a/2017/CVE-2017-5040.md +++ b/2017/CVE-2017-5040.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-5053.md b/2017/CVE-2017-5053.md index e00c05729..17916888c 100644 --- a/2017/CVE-2017-5053.md +++ b/2017/CVE-2017-5053.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-5070.md b/2017/CVE-2017-5070.md index f974367fb..821c7bb07 100644 --- a/2017/CVE-2017-5070.md +++ b/2017/CVE-2017-5070.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/RingLcy/VulnerabilityAnalysisAndExploit - https://github.com/hwiwonl/dayone - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-5071.md b/2017/CVE-2017-5071.md index 2137cafa8..ca9de1bd2 100644 --- a/2017/CVE-2017-5071.md +++ b/2017/CVE-2017-5071.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-5088.md b/2017/CVE-2017-5088.md index 9dc795067..4b035364d 100644 --- a/2017/CVE-2017-5088.md +++ b/2017/CVE-2017-5088.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/IMULMUL/WebAssemblyCVE - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-5098.md b/2017/CVE-2017-5098.md index 2a9c3339e..a4c2abac6 100644 --- a/2017/CVE-2017-5098.md +++ b/2017/CVE-2017-5098.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-5115.md b/2017/CVE-2017-5115.md index 8a3cd02fa..34fcf51d0 100644 --- a/2017/CVE-2017-5115.md +++ b/2017/CVE-2017-5115.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-5116.md b/2017/CVE-2017-5116.md index 1e214c566..1e49e3b1a 100644 --- a/2017/CVE-2017-5116.md +++ b/2017/CVE-2017-5116.md @@ -17,6 +17,7 @@ Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, Windows, an - https://github.com/IMULMUL/WebAssemblyCVE - https://github.com/chibataiki/ttttt - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-5121.md b/2017/CVE-2017-5121.md index 8e3062059..153fb1656 100644 --- a/2017/CVE-2017-5121.md +++ b/2017/CVE-2017-5121.md @@ -17,6 +17,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/alphaSeclab/sec-daily-2019 - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-5122.md b/2017/CVE-2017-5122.md index 96acfbd81..3d6a7475a 100644 --- a/2017/CVE-2017-5122.md +++ b/2017/CVE-2017-5122.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/IMULMUL/WebAssemblyCVE - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-5638.md b/2017/CVE-2017-5638.md index 0b46b8d98..a99160085 100644 --- a/2017/CVE-2017-5638.md +++ b/2017/CVE-2017-5638.md @@ -247,6 +247,7 @@ The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x be - https://github.com/pr0x1ma-byte/cybersecurity-struts2 - https://github.com/pr0x1ma-byte/cybersecurity-struts2-send - https://github.com/pthiagu2/Security-multi-stage-data-analysis +- https://github.com/q99266/saury-vulnhub - https://github.com/qashqao/jexboss - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/random-robbie/CVE-2017-5638 diff --git a/2017/CVE-2017-5645.md b/2017/CVE-2017-5645.md index d009da319..ab2c3a1e9 100644 --- a/2017/CVE-2017-5645.md +++ b/2017/CVE-2017-5645.md @@ -59,6 +59,7 @@ In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket - https://github.com/pen4uin/vulnerability-research - https://github.com/pen4uin/vulnerability-research-list - https://github.com/pimps/CVE-2017-5645 +- https://github.com/q99266/saury-vulnhub - https://github.com/shadow-horse/CVE-2019-17571 - https://github.com/spmonkey/spassassin - https://github.com/thl-cmk/CVE-log4j-check_mk-plugin diff --git a/2017/CVE-2017-5929.md b/2017/CVE-2017-5929.md index ab6618710..36e92e1d4 100644 --- a/2017/CVE-2017-5929.md +++ b/2017/CVE-2017-5929.md @@ -32,4 +32,5 @@ No PoCs from references. - https://github.com/hinat0y/Dataset9 - https://github.com/ilmari666/cybsec - https://github.com/yahoo/cubed +- https://github.com/ytono/gcp-arcade diff --git a/2017/CVE-2017-6980.md b/2017/CVE-2017-6980.md index 463b0469e..a41761aac 100644 --- a/2017/CVE-2017-6980.md +++ b/2017/CVE-2017-6980.md @@ -15,6 +15,7 @@ An issue was discovered in certain Apple products. iOS before 10.3.2 is affected #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-6984.md b/2017/CVE-2017-6984.md index f7654883a..f6739b3e3 100644 --- a/2017/CVE-2017-6984.md +++ b/2017/CVE-2017-6984.md @@ -15,6 +15,7 @@ An issue was discovered in certain Apple products. iOS before 10.3.2 is affected #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-7056.md b/2017/CVE-2017-7056.md index b8d9b50de..f44495ebb 100644 --- a/2017/CVE-2017-7056.md +++ b/2017/CVE-2017-7056.md @@ -15,6 +15,7 @@ An issue was discovered in certain Apple products. iOS before 10.3.3 is affected #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-7061.md b/2017/CVE-2017-7061.md index 3a602c392..6c5254ea4 100644 --- a/2017/CVE-2017-7061.md +++ b/2017/CVE-2017-7061.md @@ -17,6 +17,7 @@ An issue was discovered in certain Apple products. iOS before 10.3.3 is affected - https://github.com/MTJailed/MSF-Webkit-10.3 - https://github.com/TheLoneHaxor/jailbreakme103 - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/pwnuriphone/pwnuriphone.github.io - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db diff --git a/2017/CVE-2017-7092.md b/2017/CVE-2017-7092.md index 1dfd184c4..0ea735a4a 100644 --- a/2017/CVE-2017-7092.md +++ b/2017/CVE-2017-7092.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/NetW0rK1le3r/awesome-hacking-lists - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/readloud/Awesome-Stars - https://github.com/taielab/awesome-hacking-lists diff --git a/2017/CVE-2017-7117.md b/2017/CVE-2017-7117.md index 38094d101..1ac328c95 100644 --- a/2017/CVE-2017-7117.md +++ b/2017/CVE-2017-7117.md @@ -15,6 +15,7 @@ An issue was discovered in certain Apple products. iOS before 11 is affected. Sa #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-8046.md b/2017/CVE-2017-8046.md index 88c32e2b4..601d4c265 100644 --- a/2017/CVE-2017-8046.md +++ b/2017/CVE-2017-8046.md @@ -55,6 +55,7 @@ Malicious PATCH requests submitted to servers using Spring Data REST versions pr - https://github.com/nBp1Ng/FrameworkAndComponentVulnerabilities - https://github.com/nBp1Ng/SpringFramework-Vul - https://github.com/nihaohello/N-MiddlewareScan +- https://github.com/q99266/saury-vulnhub - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/ronoski/j2ee-rscan - https://github.com/sj/spring-data-rest-CVE-2017-8046 diff --git a/2017/CVE-2017-8360.md b/2017/CVE-2017-8360.md index 882ffcd48..914eb7ba1 100644 --- a/2017/CVE-2017-8360.md +++ b/2017/CVE-2017-8360.md @@ -15,5 +15,6 @@ Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZB #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/ffffffff0x/Dork-Admin +- https://github.com/orgTestCodacy11KRepos110MB/repo-1492-Dork-Admin - https://github.com/thom-s/nessus-compliance diff --git a/2017/CVE-2017-8548.md b/2017/CVE-2017-8548.md index a0223b85f..efc02c376 100644 --- a/2017/CVE-2017-8548.md +++ b/2017/CVE-2017-8548.md @@ -16,6 +16,7 @@ Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows S - https://github.com/ARPSyndicate/cvemon - https://github.com/DaramG/IS571-ACSP-Fall-2018 - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-8601.md b/2017/CVE-2017-8601.md index 6b72dfb97..20a3fe366 100644 --- a/2017/CVE-2017-8601.md +++ b/2017/CVE-2017-8601.md @@ -18,6 +18,7 @@ Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows S - https://github.com/PwnAwan/EXP-401-OSEE - https://github.com/gscamelo/OSEE - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-8634.md b/2017/CVE-2017-8634.md index 2024477ac..a2d3275d5 100644 --- a/2017/CVE-2017-8634.md +++ b/2017/CVE-2017-8634.md @@ -16,6 +16,7 @@ Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitr - https://github.com/ARPSyndicate/cvemon - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-8636.md b/2017/CVE-2017-8636.md index 1aedd98f2..6ddbf70af 100644 --- a/2017/CVE-2017-8636.md +++ b/2017/CVE-2017-8636.md @@ -19,6 +19,7 @@ Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windo - https://github.com/ARPSyndicate/cvemon - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-8640.md b/2017/CVE-2017-8640.md index 5c30372e2..1ad4bad7a 100644 --- a/2017/CVE-2017-8640.md +++ b/2017/CVE-2017-8640.md @@ -16,6 +16,7 @@ Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 all - https://github.com/ARPSyndicate/cvemon - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-8645.md b/2017/CVE-2017-8645.md index 3e4a49748..e04ae2e14 100644 --- a/2017/CVE-2017-8645.md +++ b/2017/CVE-2017-8645.md @@ -16,6 +16,7 @@ Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an - https://github.com/ARPSyndicate/cvemon - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-8646.md b/2017/CVE-2017-8646.md index c5407a636..7065d6bf7 100644 --- a/2017/CVE-2017-8646.md +++ b/2017/CVE-2017-8646.md @@ -16,6 +16,7 @@ Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an - https://github.com/ARPSyndicate/cvemon - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-8656.md b/2017/CVE-2017-8656.md index 1d6e5679d..8765f069b 100644 --- a/2017/CVE-2017-8656.md +++ b/2017/CVE-2017-8656.md @@ -16,6 +16,7 @@ Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allow - https://github.com/ARPSyndicate/cvemon - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-8657.md b/2017/CVE-2017-8657.md index 5fe46cf84..7a82d3e9a 100644 --- a/2017/CVE-2017-8657.md +++ b/2017/CVE-2017-8657.md @@ -16,6 +16,7 @@ Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 - https://github.com/ARPSyndicate/cvemon - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-8670.md b/2017/CVE-2017-8670.md index 8812639b2..1d0fb0f77 100644 --- a/2017/CVE-2017-8670.md +++ b/2017/CVE-2017-8670.md @@ -16,6 +16,7 @@ Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allow - https://github.com/ARPSyndicate/cvemon - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-8671.md b/2017/CVE-2017-8671.md index bf5a4c985..e06aa48b5 100644 --- a/2017/CVE-2017-8671.md +++ b/2017/CVE-2017-8671.md @@ -16,6 +16,7 @@ Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 - https://github.com/ARPSyndicate/cvemon - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-8729.md b/2017/CVE-2017-8729.md index 1e6214b63..e13182fb0 100644 --- a/2017/CVE-2017-8729.md +++ b/2017/CVE-2017-8729.md @@ -15,6 +15,7 @@ Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitr #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-8740.md b/2017/CVE-2017-8740.md index 630ef9582..a6d8e8cf8 100644 --- a/2017/CVE-2017-8740.md +++ b/2017/CVE-2017-8740.md @@ -15,6 +15,7 @@ Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitr #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2017/CVE-2017-8755.md b/2017/CVE-2017-8755.md index b34f52325..ae8be4820 100644 --- a/2017/CVE-2017-8755.md +++ b/2017/CVE-2017-8755.md @@ -15,6 +15,7 @@ Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-0758.md b/2018/CVE-2018-0758.md index 4703e6509..8419ac3ac 100644 --- a/2018/CVE-2018-0758.md +++ b/2018/CVE-2018-0758.md @@ -15,6 +15,7 @@ Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 20 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tomoyamachi/gocarts - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-0767.md b/2018/CVE-2018-0767.md index 64fb095fe..a5679d498 100644 --- a/2018/CVE-2018-0767.md +++ b/2018/CVE-2018-0767.md @@ -15,6 +15,7 @@ Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Serve #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tomoyamachi/gocarts - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-0769.md b/2018/CVE-2018-0769.md index 487b6d818..bebb9af2e 100644 --- a/2018/CVE-2018-0769.md +++ b/2018/CVE-2018-0769.md @@ -15,6 +15,7 @@ Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 20 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tomoyamachi/gocarts - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-0770.md b/2018/CVE-2018-0770.md index 446bb2843..5d384f643 100644 --- a/2018/CVE-2018-0770.md +++ b/2018/CVE-2018-0770.md @@ -15,6 +15,7 @@ Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 20 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-0774.md b/2018/CVE-2018-0774.md index 0ccb8f518..264729701 100644 --- a/2018/CVE-2018-0774.md +++ b/2018/CVE-2018-0774.md @@ -15,6 +15,7 @@ Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code i #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-0775.md b/2018/CVE-2018-0775.md index 13f9ba8d8..444182c06 100644 --- a/2018/CVE-2018-0775.md +++ b/2018/CVE-2018-0775.md @@ -15,6 +15,7 @@ Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code i #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-0776.md b/2018/CVE-2018-0776.md index 6cd8f93e9..3630b7b1d 100644 --- a/2018/CVE-2018-0776.md +++ b/2018/CVE-2018-0776.md @@ -15,6 +15,7 @@ Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 20 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-0777.md b/2018/CVE-2018-0777.md index 07bf49d95..cf38ab7e3 100644 --- a/2018/CVE-2018-0777.md +++ b/2018/CVE-2018-0777.md @@ -15,6 +15,7 @@ Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 20 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-0780.md b/2018/CVE-2018-0780.md index c8252f406..a6c551420 100644 --- a/2018/CVE-2018-0780.md +++ b/2018/CVE-2018-0780.md @@ -15,6 +15,7 @@ Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-0834.md b/2018/CVE-2018-0834.md index da212cd26..cbdf34acf 100644 --- a/2018/CVE-2018-0834.md +++ b/2018/CVE-2018-0834.md @@ -15,6 +15,7 @@ Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 17 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tomoyamachi/gocarts - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-0835.md b/2018/CVE-2018-0835.md index 9ed1144c6..41aca0ca6 100644 --- a/2018/CVE-2018-0835.md +++ b/2018/CVE-2018-0835.md @@ -15,6 +15,7 @@ Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 17 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tomoyamachi/gocarts - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-0837.md b/2018/CVE-2018-0837.md index 092038a3a..32fca5df3 100644 --- a/2018/CVE-2018-0837.md +++ b/2018/CVE-2018-0837.md @@ -15,6 +15,7 @@ Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 17 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-0838.md b/2018/CVE-2018-0838.md index 0a96cba4c..400c2380f 100644 --- a/2018/CVE-2018-0838.md +++ b/2018/CVE-2018-0838.md @@ -15,6 +15,7 @@ Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 17 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-0840.md b/2018/CVE-2018-0840.md index 142e522c1..1153a08eb 100644 --- a/2018/CVE-2018-0840.md +++ b/2018/CVE-2018-0840.md @@ -17,6 +17,7 @@ Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Window - https://github.com/BlackburnHax/inntinn - https://github.com/Heretyc/inntinn - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-0860.md b/2018/CVE-2018-0860.md index 0b0dcd277..d979c6bf8 100644 --- a/2018/CVE-2018-0860.md +++ b/2018/CVE-2018-0860.md @@ -15,6 +15,7 @@ Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 17 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-0891.md b/2018/CVE-2018-0891.md index df2f40e13..8fd14b029 100644 --- a/2018/CVE-2018-0891.md +++ b/2018/CVE-2018-0891.md @@ -15,6 +15,7 @@ ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 200 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-0933.md b/2018/CVE-2018-0933.md index 80d24ca09..349b2f395 100644 --- a/2018/CVE-2018-0933.md +++ b/2018/CVE-2018-0933.md @@ -15,6 +15,7 @@ ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Se #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-0934.md b/2018/CVE-2018-0934.md index febd1be4f..b1b03e28b 100644 --- a/2018/CVE-2018-0934.md +++ b/2018/CVE-2018-0934.md @@ -16,6 +16,7 @@ ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Se #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-0935.md b/2018/CVE-2018-0935.md index bfa03d102..24c67940f 100644 --- a/2018/CVE-2018-0935.md +++ b/2018/CVE-2018-0935.md @@ -19,6 +19,7 @@ Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Wi - https://github.com/marckwei/temp - https://github.com/merlinepedra/DONATO - https://github.com/merlinepedra25/DONATO +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-0953.md b/2018/CVE-2018-0953.md index 7d08244d6..47a82149d 100644 --- a/2018/CVE-2018-0953.md +++ b/2018/CVE-2018-0953.md @@ -16,6 +16,7 @@ A remote code execution vulnerability exists in the way that the scripting engin #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-0980.md b/2018/CVE-2018-0980.md index c53201d63..83fab9d75 100644 --- a/2018/CVE-2018-0980.md +++ b/2018/CVE-2018-0980.md @@ -16,6 +16,7 @@ A remote code execution vulnerability exists in the way that the Chakra scriptin #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tomoyamachi/gocarts - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-1000030.md b/2018/CVE-2018-1000030.md index 10752eb60..14fba1d0a 100644 --- a/2018/CVE-2018-1000030.md +++ b/2018/CVE-2018-1000030.md @@ -10,6 +10,7 @@ Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-Afte ### POC #### Reference +- https://usn.ubuntu.com/3817-2/ - https://www.oracle.com/security-alerts/cpujan2020.html #### Github diff --git a/2018/CVE-2018-1000129.md b/2018/CVE-2018-1000129.md index 82e14aa95..4bd0f9ec3 100644 --- a/2018/CVE-2018-1000129.md +++ b/2018/CVE-2018-1000129.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/SexyBeast233/SecBooks - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/drwiiche/resource - https://github.com/lnick2023/nicenice - https://github.com/merlinepedra/nuclei-templates - https://github.com/merlinepedra25/nuclei-templates diff --git a/2018/CVE-2018-1000802.md b/2018/CVE-2018-1000802.md index 93cc0b863..7fbec6afd 100644 --- a/2018/CVE-2018-1000802.md +++ b/2018/CVE-2018-1000802.md @@ -10,7 +10,7 @@ Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Impro ### POC #### Reference -No PoCs from references. +- https://usn.ubuntu.com/3817-2/ #### Github - https://github.com/0xT11/CVE-POC diff --git a/2018/CVE-2018-10237.md b/2018/CVE-2018-10237.md index 3fbd219ed..40733105c 100644 --- a/2018/CVE-2018-10237.md +++ b/2018/CVE-2018-10237.md @@ -29,4 +29,5 @@ Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allo - https://github.com/securityranjan/vulnapp - https://github.com/singhkranjan/vulnapp - https://github.com/surajbabar/dependency-demo-app +- https://github.com/ytono/gcp-arcade diff --git a/2018/CVE-2018-1058.md b/2018/CVE-2018-1058.md index 60d10a567..9a457ce04 100644 --- a/2018/CVE-2018-1058.md +++ b/2018/CVE-2018-1058.md @@ -27,5 +27,6 @@ No PoCs from references. - https://github.com/digoal/blog - https://github.com/hxysaury/saury-vulnhub - https://github.com/ngadminq/Bei-Gai-penetration-test-guide +- https://github.com/q99266/saury-vulnhub - https://github.com/stilet/postgraphile-simple-express-starter diff --git a/2018/CVE-2018-1060.md b/2018/CVE-2018-1060.md index 95fafadad..e3c67a89a 100644 --- a/2018/CVE-2018-1060.md +++ b/2018/CVE-2018-1060.md @@ -10,6 +10,7 @@ python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable ### POC #### Reference +- https://usn.ubuntu.com/3817-2/ - https://www.oracle.com/security-alerts/cpujan2020.html #### Github diff --git a/2018/CVE-2018-1061.md b/2018/CVE-2018-1061.md new file mode 100644 index 000000000..f6db545bd --- /dev/null +++ b/2018/CVE-2018-1061.md @@ -0,0 +1,17 @@ +### [CVE-2018-1061](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1061) +![](https://img.shields.io/static/v1?label=Product&message=python&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20&color=brighgreen) + +### Description + +python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. + +### POC + +#### Reference +- https://usn.ubuntu.com/3817-2/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2018/CVE-2018-10933.md b/2018/CVE-2018-10933.md index 8791af832..13874e719 100644 --- a/2018/CVE-2018-10933.md +++ b/2018/CVE-2018-10933.md @@ -49,6 +49,7 @@ A vulnerability was found in libssh's server-side state machine before versions - https://github.com/Ondrik8/RED-Team - https://github.com/Rubikcuv5/CVE-2018-10933 - https://github.com/SF4bin/SEEKER_dataset +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SexyBeast233/SecBooks - https://github.com/SilasSpringer/CVE-2018-10933 - https://github.com/SirElmard/ethical_hacking diff --git a/2018/CVE-2018-12387.md b/2018/CVE-2018-12387.md index 542f61995..000b7c2d2 100644 --- a/2018/CVE-2018-12387.md +++ b/2018/CVE-2018-12387.md @@ -20,6 +20,7 @@ No PoCs from references. - https://github.com/lnick2023/nicenice - https://github.com/m00zh33/sploits - https://github.com/niklasb/sploits +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-1335.md b/2018/CVE-2018-1335.md index b70068fad..338b94db5 100644 --- a/2018/CVE-2018-1335.md +++ b/2018/CVE-2018-1335.md @@ -41,6 +41,7 @@ From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted head - https://github.com/readloud/Awesome-Stars - https://github.com/siramk/CVE-2018-1335 - https://github.com/sunzu94/AWS-CVEs +- https://github.com/twhelan25/tryhackme-CTF-writeup-for-cyberlens - https://github.com/xbl2022/awesome-hacking-lists - https://github.com/xbl3/awesome-cve-poc_qazbnm456 - https://github.com/zhengjim/loophole diff --git a/2018/CVE-2018-13379.md b/2018/CVE-2018-13379.md index 03743c141..483c56b34 100644 --- a/2018/CVE-2018-13379.md +++ b/2018/CVE-2018-13379.md @@ -66,6 +66,7 @@ An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal" - https://github.com/milo2012/CVE-2018-13379 - https://github.com/murchie85/twitterCyberMonitor - https://github.com/nescam123/forti +- https://github.com/nitish778191/fitness_app - https://github.com/nivdolgin/CVE-2018-13379 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/password520/RedTeamer diff --git a/2018/CVE-2018-14574.md b/2018/CVE-2018-14574.md index c554a2d89..53e760b81 100644 --- a/2018/CVE-2018-14574.md +++ b/2018/CVE-2018-14574.md @@ -24,6 +24,7 @@ No PoCs from references. - https://github.com/garethr/snyksh - https://github.com/hktalent/bug-bounty - https://github.com/hxysaury/saury-vulnhub +- https://github.com/q99266/saury-vulnhub - https://github.com/reph0r/poc-exp - https://github.com/reph0r/poc-exp-tools - https://github.com/sobinge/nuclei-templates diff --git a/2018/CVE-2018-14647.md b/2018/CVE-2018-14647.md index b71123588..0c3a9feb5 100644 --- a/2018/CVE-2018-14647.md +++ b/2018/CVE-2018-14647.md @@ -11,7 +11,7 @@ Python's elementtree C accelerator failed to initialise Expat's hash salt during ### POC #### Reference -No PoCs from references. +- https://usn.ubuntu.com/3817-2/ #### Github - https://github.com/revl-ca/scan-docker-image diff --git a/2018/CVE-2018-16065.md b/2018/CVE-2018-16065.md index d088c3212..3f5259146 100644 --- a/2018/CVE-2018-16065.md +++ b/2018/CVE-2018-16065.md @@ -15,5 +15,6 @@ No PoCs from references. #### Github - https://github.com/Kiprey/Skr_Learning - https://github.com/Self-Study-Committee/Skr_Learning +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-16259.md b/2018/CVE-2018-16259.md index 839912e48..c848d8f46 100644 --- a/2018/CVE-2018-16259.md +++ b/2018/CVE-2018-16259.md @@ -14,5 +14,5 @@ - https://docs.google.com/document/d/1Lfk0YQMIhlMCOOvVRX8HkU6C50s9QSW7C-9gnNmzsHY/edit?usp=sharing #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2018/CVE-2018-16310.md b/2018/CVE-2018-16310.md index 0e4f05aa7..f894a7106 100644 --- a/2018/CVE-2018-16310.md +++ b/2018/CVE-2018-16310.md @@ -13,5 +13,5 @@ - http://buddieshub27.blogspot.com/2018/09/cve-2018-16310-technicolor-tg588v-v2.html #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2018/CVE-2018-16509.md b/2018/CVE-2018-16509.md index 83c6e73c7..e17414cc6 100644 --- a/2018/CVE-2018-16509.md +++ b/2018/CVE-2018-16509.md @@ -22,6 +22,7 @@ An issue was discovered in Artifex Ghostscript before 9.24. Incorrect "restorati - https://github.com/AssassinUKG/CVE_2018_16509 - https://github.com/Ly0nt4r/OSCP - https://github.com/NCSU-DANCE-Research-Group/CDL +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SexyBeast233/SecBooks - https://github.com/SirElmard/ethical_hacking - https://github.com/Threekiii/Awesome-Exploit diff --git a/2018/CVE-2018-16585.md b/2018/CVE-2018-16585.md new file mode 100644 index 000000000..202c20c6b --- /dev/null +++ b/2018/CVE-2018-16585.md @@ -0,0 +1,17 @@ +### [CVE-2018-16585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16585) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2018/CVE-2018-16710.md b/2018/CVE-2018-16710.md new file mode 100644 index 000000000..ac62cff2c --- /dev/null +++ b/2018/CVE-2018-16710.md @@ -0,0 +1,17 @@ +### [CVE-2018-16710](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16710) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough." + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2018/CVE-2018-17103.md b/2018/CVE-2018-17103.md index 29a6a99a0..79411c63d 100644 --- a/2018/CVE-2018-17103.md +++ b/2018/CVE-2018-17103.md @@ -13,5 +13,5 @@ - https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1295 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2018/CVE-2018-17231.md b/2018/CVE-2018-17231.md new file mode 100644 index 000000000..a666f77b1 --- /dev/null +++ b/2018/CVE-2018-17231.md @@ -0,0 +1,17 @@ +### [CVE-2018-17231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17231) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by multiple third parties because the described attack scenario does not cross a privilege boundary. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2018/CVE-2018-17400.md b/2018/CVE-2018-17400.md new file mode 100644 index 000000000..e0a0fed3b --- /dev/null +++ b/2018/CVE-2018-17400.md @@ -0,0 +1,17 @@ +### [CVE-2018-17400](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17400) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2018/CVE-2018-17401.md b/2018/CVE-2018-17401.md new file mode 100644 index 000000000..177506222 --- /dev/null +++ b/2018/CVE-2018-17401.md @@ -0,0 +1,17 @@ +### [CVE-2018-17401](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17401) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2018/CVE-2018-17402.md b/2018/CVE-2018-17402.md new file mode 100644 index 000000000..a6740da84 --- /dev/null +++ b/2018/CVE-2018-17402.md @@ -0,0 +1,17 @@ +### [CVE-2018-17402](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17402) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to discover the Credit/Debit card number, expiration date, and CVV number. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2018/CVE-2018-17403.md b/2018/CVE-2018-17403.md new file mode 100644 index 000000000..a1a5c55c0 --- /dev/null +++ b/2018/CVE-2018-17403.md @@ -0,0 +1,17 @@ +### [CVE-2018-17403](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17403) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to impersonate a user and set up their account without their knowledge. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2018/CVE-2018-17463.md b/2018/CVE-2018-17463.md index c90d64033..3eb492398 100644 --- a/2018/CVE-2018-17463.md +++ b/2018/CVE-2018-17463.md @@ -22,6 +22,7 @@ Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 al - https://github.com/hwiwonl/dayone - https://github.com/jhalon/CVE-2018-17463 - https://github.com/kdmarti2/CVE-2018-17463 +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/rycbar77/V8Exploits - https://github.com/rycbar77/rycbar77 - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-17538.md b/2018/CVE-2018-17538.md new file mode 100644 index 000000000..ce3b4ff72 --- /dev/null +++ b/2018/CVE-2018-17538.md @@ -0,0 +1,17 @@ +### [CVE-2018-17538](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17538) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2018/CVE-2018-17861.md b/2018/CVE-2018-17861.md index 619721a4d..3c9a8e901 100644 --- a/2018/CVE-2018-17861.md +++ b/2018/CVE-2018-17861.md @@ -15,5 +15,5 @@ - https://seclists.org/bugtraq/2019/Mar/4 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2018/CVE-2018-17862.md b/2018/CVE-2018-17862.md index ebd3e6c54..7cf23e506 100644 --- a/2018/CVE-2018-17862.md +++ b/2018/CVE-2018-17862.md @@ -14,5 +14,5 @@ - https://seclists.org/bugtraq/2019/Mar/5 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2018/CVE-2018-17865.md b/2018/CVE-2018-17865.md new file mode 100644 index 000000000..082d5394e --- /dev/null +++ b/2018/CVE-2018-17865.md @@ -0,0 +1,17 @@ +### [CVE-2018-17865](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17865) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2018/CVE-2018-18013.md b/2018/CVE-2018-18013.md index a645199bd..a4bfea104 100644 --- a/2018/CVE-2018-18013.md +++ b/2018/CVE-2018-18013.md @@ -14,4 +14,5 @@ #### Github - https://github.com/PalindromeLabs/Java-Deserialization-CVEs +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2018/CVE-2018-18014.md b/2018/CVE-2018-18014.md index 17ede35dc..77cebf7fb 100644 --- a/2018/CVE-2018-18014.md +++ b/2018/CVE-2018-18014.md @@ -13,5 +13,5 @@ - https://advisories.dxw.com/advisories/xen-mobile-backing-service-allows-unauthenticated-local-users-to-execute-system-commands-as-root/ #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2018/CVE-2018-18260.md b/2018/CVE-2018-18260.md index 450699fcf..607b22072 100644 --- a/2018/CVE-2018-18260.md +++ b/2018/CVE-2018-18260.md @@ -13,5 +13,5 @@ - http://packetstormsecurity.com/files/149772/CAMALEON-CMS-2.4-Cross-Site-Scripting.html #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2018/CVE-2018-18290.md b/2018/CVE-2018-18290.md new file mode 100644 index 000000000..776fee95b --- /dev/null +++ b/2018/CVE-2018-18290.md @@ -0,0 +1,17 @@ +### [CVE-2018-18290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18290) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2018/CVE-2018-18307.md b/2018/CVE-2018-18307.md index 39334e89d..94de1a329 100644 --- a/2018/CVE-2018-18307.md +++ b/2018/CVE-2018-18307.md @@ -13,5 +13,5 @@ - http://packetstormsecurity.com/files/149787/Alchemy-CMS-4.1-Stable-Cross-Site-Scripting.html #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2018/CVE-2018-18319.md b/2018/CVE-2018-18319.md index 0d1bde034..45bc5371a 100644 --- a/2018/CVE-2018-18319.md +++ b/2018/CVE-2018-18319.md @@ -14,5 +14,5 @@ - https://github.com/qoli/Merlin.PHP/issues/27 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2018/CVE-2018-18320.md b/2018/CVE-2018-18320.md index e33375bce..d09eb2ad2 100644 --- a/2018/CVE-2018-18320.md +++ b/2018/CVE-2018-18320.md @@ -13,5 +13,5 @@ - https://github.com/qoli/Merlin.PHP/issues/26 #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2018/CVE-2018-18405.md b/2018/CVE-2018-18405.md new file mode 100644 index 000000000..a75a53d83 --- /dev/null +++ b/2018/CVE-2018-18405.md @@ -0,0 +1,17 @@ +### [CVE-2018-18405](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18405) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2018/CVE-2018-18466.md b/2018/CVE-2018-18466.md new file mode 100644 index 000000000..2153eb103 --- /dev/null +++ b/2018/CVE-2018-18466.md @@ -0,0 +1,17 @@ +### [CVE-2018-18466](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18466) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability since the disclosure of a local account password (actually an alpha numeric passcode) is achievable only when a custom registry key is added to the windows registry. This action requires administrator access and the registry key is only provided by support staff at securenvoy to troubleshoot customer issues. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2018/CVE-2018-2628.md b/2018/CVE-2018-2628.md index 19922797f..bbb088b37 100644 --- a/2018/CVE-2018-2628.md +++ b/2018/CVE-2018-2628.md @@ -86,6 +86,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/hktalent/TOP - https://github.com/hktalent/bug-bounty - https://github.com/hmoytx/weblogicscan +- https://github.com/huan-cdm/secure_tools_link - https://github.com/iceberg-N/WL_Scan_GO - https://github.com/jas502n/CVE-2018-2628 - https://github.com/jas502n/CVE-2018-2893 diff --git a/2018/CVE-2018-2893.md b/2018/CVE-2018-2893.md index 453cd6500..5ccfbfd25 100644 --- a/2018/CVE-2018-2893.md +++ b/2018/CVE-2018-2893.md @@ -67,6 +67,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP - https://github.com/hmoytx/weblogicscan +- https://github.com/huan-cdm/secure_tools_link - https://github.com/hudunkey/Red-Team-links - https://github.com/ianxtianxt/CVE-2018-2893 - https://github.com/ianxtianxt/CVE-2018-3245 diff --git a/2018/CVE-2018-2894.md b/2018/CVE-2018-2894.md index a91cfdb3c..98507d121 100644 --- a/2018/CVE-2018-2894.md +++ b/2018/CVE-2018-2894.md @@ -92,6 +92,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/hellochunqiu/PayloadsAllTheThings - https://github.com/hktalent/TOP - https://github.com/hmoytx/weblogicscan +- https://github.com/huan-cdm/secure_tools_link - https://github.com/hxysaury/saury-vulnhub - https://github.com/iceberg-N/WL_Scan_GO - https://github.com/jared1981/More-Pentest-Tools @@ -121,6 +122,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/pathakabhi24/Pentest-Tools - https://github.com/pjgmonteiro/Pentest-tools - https://github.com/pwnagelabs/VEF +- https://github.com/q99266/saury-vulnhub - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/qi4L/WeblogicScan.go - https://github.com/rabbitmask/WeblogicScan diff --git a/2018/CVE-2018-3191.md b/2018/CVE-2018-3191.md index 03adca711..1bcf95db3 100644 --- a/2018/CVE-2018-3191.md +++ b/2018/CVE-2018-3191.md @@ -55,6 +55,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/hasee2018/Safety-net-information - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP +- https://github.com/huan-cdm/secure_tools_link - https://github.com/hudunkey/Red-Team-links - https://github.com/iceberg-N/WL_Scan_GO - https://github.com/jas502n/CVE-2018-3191 diff --git a/2018/CVE-2018-3245.md b/2018/CVE-2018-3245.md index 727fd9e18..276e1ccdd 100644 --- a/2018/CVE-2018-3245.md +++ b/2018/CVE-2018-3245.md @@ -50,6 +50,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/hasee2018/Safety-net-information - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP +- https://github.com/huan-cdm/secure_tools_link - https://github.com/hudunkey/Red-Team-links - https://github.com/ianxtianxt/CVE-2018-3245 - https://github.com/jas502n/CVE-2018-3245 diff --git a/2018/CVE-2018-3252.md b/2018/CVE-2018-3252.md index 878596037..8c9ab99a2 100644 --- a/2018/CVE-2018-3252.md +++ b/2018/CVE-2018-3252.md @@ -41,6 +41,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/go-spider/CVE-2018-3252 - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP +- https://github.com/huan-cdm/secure_tools_link - https://github.com/iceberg-N/WL_Scan_GO - https://github.com/jas502n/CVE-2018-3252 - https://github.com/jbmihoub/all-poc diff --git a/2018/CVE-2018-4233.md b/2018/CVE-2018-4233.md index b6909d851..fc1d3af3e 100644 --- a/2018/CVE-2018-4233.md +++ b/2018/CVE-2018-4233.md @@ -42,6 +42,7 @@ An issue was discovered in certain Apple products. iOS before 11.4 is affected. - https://github.com/m00zh33/sploits - https://github.com/niklasb/sploits - https://github.com/nqcshady/webvfs +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/saelo/cve-2018-4233 - https://github.com/salcho/spiderMonkeyDebugEnv diff --git a/2018/CVE-2018-4382.md b/2018/CVE-2018-4382.md index ed5d58039..0036ef713 100644 --- a/2018/CVE-2018-4382.md +++ b/2018/CVE-2018-4382.md @@ -13,5 +13,6 @@ Multiple memory corruption issues were addressed with improved memory handling. No PoCs from references. #### Github +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-4386.md b/2018/CVE-2018-4386.md index 6f351c41a..d9e628caf 100644 --- a/2018/CVE-2018-4386.md +++ b/2018/CVE-2018-4386.md @@ -17,5 +17,6 @@ Multiple memory corruption issues were addressed with improved memory handling. - https://github.com/Fire30/bad_hoist - https://github.com/Francesco146/Francesco146.github.io - https://github.com/alphaSeclab/sec-daily-2019 +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-4416.md b/2018/CVE-2018-4416.md index 7528acae8..94ef4f0cb 100644 --- a/2018/CVE-2018-4416.md +++ b/2018/CVE-2018-4416.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/SkyBulk/RealWorldPwn - https://github.com/erupmi/CVE-2018-4416 - https://github.com/erupmi/CVE-2018-4416-exploit +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/raystyle/SafariTour - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-4438.md b/2018/CVE-2018-4438.md index c2c6d96f8..5ca9fd23b 100644 --- a/2018/CVE-2018-4438.md +++ b/2018/CVE-2018-4438.md @@ -13,5 +13,6 @@ A logic issue existed resulting in memory corruption. This was addressed with im No PoCs from references. #### Github +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-4441.md b/2018/CVE-2018-4441.md index 9c866d34b..8bc2604d9 100644 --- a/2018/CVE-2018-4441.md +++ b/2018/CVE-2018-4441.md @@ -24,6 +24,7 @@ No PoCs from references. - https://github.com/howmuch515/howmuch515 - https://github.com/jakubolsaki/ja - https://github.com/ktiOSz/kexploit620FW- +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/sploitem/WebKitPwn - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-4442.md b/2018/CVE-2018-4442.md index caca86558..051d4cceb 100644 --- a/2018/CVE-2018-4442.md +++ b/2018/CVE-2018-4442.md @@ -13,5 +13,6 @@ A memory corruption issue was addressed with improved memory handling. This issu No PoCs from references. #### Github +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-4443.md b/2018/CVE-2018-4443.md index 9f56701df..c10753ee5 100644 --- a/2018/CVE-2018-4443.md +++ b/2018/CVE-2018-4443.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/niklasb/sploits +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-6056.md b/2018/CVE-2018-6056.md index 6f8a3ecbd..9ae9a3b6b 100644 --- a/2018/CVE-2018-6056.md +++ b/2018/CVE-2018-6056.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-6061.md b/2018/CVE-2018-6061.md index b459019a9..1a66f3034 100644 --- a/2018/CVE-2018-6061.md +++ b/2018/CVE-2018-6061.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/IMULMUL/WebAssemblyCVE - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-6064.md b/2018/CVE-2018-6064.md index ec34f49fc..6c354ed14 100644 --- a/2018/CVE-2018-6064.md +++ b/2018/CVE-2018-6064.md @@ -15,6 +15,7 @@ Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-6065.md b/2018/CVE-2018-6065.md index 68f991454..f40606da1 100644 --- a/2018/CVE-2018-6065.md +++ b/2018/CVE-2018-6065.md @@ -18,6 +18,7 @@ Integer overflow in computing the required allocation size when instantiating a - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/b1tg/CVE-2018-6065-exploit - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-6092.md b/2018/CVE-2018-6092.md index fb2ad2cf0..2e7da497d 100644 --- a/2018/CVE-2018-6092.md +++ b/2018/CVE-2018-6092.md @@ -15,5 +15,6 @@ An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 6 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/IMULMUL/WebAssemblyCVE +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-6106.md b/2018/CVE-2018-6106.md index 70a8d958d..6050b8350 100644 --- a/2018/CVE-2018-6106.md +++ b/2018/CVE-2018-6106.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-6122.md b/2018/CVE-2018-6122.md index 64e688f81..ef3bca745 100644 --- a/2018/CVE-2018-6122.md +++ b/2018/CVE-2018-6122.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/IMULMUL/WebAssemblyCVE +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-6136.md b/2018/CVE-2018-6136.md index ceea5b325..16293fe0f 100644 --- a/2018/CVE-2018-6136.md +++ b/2018/CVE-2018-6136.md @@ -13,5 +13,6 @@ Missing type check in V8 in Google Chrome prior to 67.0.3396.62 allowed a remote No PoCs from references. #### Github +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-6142.md b/2018/CVE-2018-6142.md index de248fc9c..b91c24c7b 100644 --- a/2018/CVE-2018-6142.md +++ b/2018/CVE-2018-6142.md @@ -15,5 +15,6 @@ No PoCs from references. #### Github - https://github.com/0xCyberY/CVE-T4PDF - https://github.com/ARPSyndicate/cvemon +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-6143.md b/2018/CVE-2018-6143.md index 8b477d38a..84322db8d 100644 --- a/2018/CVE-2018-6143.md +++ b/2018/CVE-2018-6143.md @@ -13,5 +13,6 @@ Insufficient validation in V8 in Google Chrome prior to 67.0.3396.62 allowed a r No PoCs from references. #### Github +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-6149.md b/2018/CVE-2018-6149.md index a7f279d3a..325357a52 100644 --- a/2018/CVE-2018-6149.md +++ b/2018/CVE-2018-6149.md @@ -13,5 +13,6 @@ Type confusion in JavaScript in Google Chrome prior to 67.0.3396.87 allowed a re No PoCs from references. #### Github +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-7600.md b/2018/CVE-2018-7600.md index 8fffb3930..456694366 100644 --- a/2018/CVE-2018-7600.md +++ b/2018/CVE-2018-7600.md @@ -89,6 +89,7 @@ Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 - https://github.com/S3cur3Th1sSh1t/Pentest-Tools - https://github.com/SPuerBRead/kun - https://github.com/SecPentester/CVE-7600-2018 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SexyBeast233/SecBooks - https://github.com/Sh4dowX404Unknown/Drupalgeddon2 - https://github.com/SirElmard/ethical_hacking diff --git a/2018/CVE-2018-8139.md b/2018/CVE-2018-8139.md index a9f51fd8a..c9e08e5fb 100644 --- a/2018/CVE-2018-8139.md +++ b/2018/CVE-2018-8139.md @@ -16,6 +16,7 @@ A remote code execution vulnerability exists in the way that the scripting engin #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-8145.md b/2018/CVE-2018-8145.md index 0211c2f60..3ca0b3dad 100644 --- a/2018/CVE-2018-8145.md +++ b/2018/CVE-2018-8145.md @@ -16,5 +16,6 @@ An information disclosure vulnerability exists when Chakra improperly discloses - https://www.exploit-db.com/exploits/45011/ #### Github +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-8229.md b/2018/CVE-2018-8229.md index b97adc152..659fcf04c 100644 --- a/2018/CVE-2018-8229.md +++ b/2018/CVE-2018-8229.md @@ -14,5 +14,6 @@ A remote code execution vulnerability exists in the way that the Chakra scriptin - https://www.exploit-db.com/exploits/45013/ #### Github +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-8279.md b/2018/CVE-2018-8279.md index 3114abcd0..460d79385 100644 --- a/2018/CVE-2018-8279.md +++ b/2018/CVE-2018-8279.md @@ -14,5 +14,6 @@ A remote code execution vulnerability exists when Microsoft Edge improperly acce - https://www.exploit-db.com/exploits/45214/ #### Github +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-8288.md b/2018/CVE-2018-8288.md index 1be277566..96dd06a38 100644 --- a/2018/CVE-2018-8288.md +++ b/2018/CVE-2018-8288.md @@ -15,5 +15,6 @@ A remote code execution vulnerability exists in the way the scripting engine han - https://www.exploit-db.com/exploits/45213/ #### Github +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-8291.md b/2018/CVE-2018-8291.md index 6e6af4f21..b919c6cea 100644 --- a/2018/CVE-2018-8291.md +++ b/2018/CVE-2018-8291.md @@ -15,5 +15,6 @@ A remote code execution vulnerability exists in the way the scripting engine han - https://www.exploit-db.com/exploits/45215/ #### Github +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-8298.md b/2018/CVE-2018-8298.md index dcec9e591..1d9b9976a 100644 --- a/2018/CVE-2018-8298.md +++ b/2018/CVE-2018-8298.md @@ -15,5 +15,6 @@ A remote code execution vulnerability exists in the way that the ChakraCore scri #### Github - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-8353.md b/2018/CVE-2018-8353.md index a41857bae..70cadaf9b 100644 --- a/2018/CVE-2018-8353.md +++ b/2018/CVE-2018-8353.md @@ -21,6 +21,7 @@ A remote code execution vulnerability exists in the way that the scripting engin - https://github.com/marckwei/temp - https://github.com/merlinepedra/DONATO - https://github.com/merlinepedra25/DONATO +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/whereisr0da/CVE-2018-8353-POC diff --git a/2018/CVE-2018-8355.md b/2018/CVE-2018-8355.md index 05b66e13d..ab24f43c3 100644 --- a/2018/CVE-2018-8355.md +++ b/2018/CVE-2018-8355.md @@ -19,6 +19,7 @@ A remote code execution vulnerability exists in the way the scripting engine han - https://github.com/ARPSyndicate/cvemon - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-8384.md b/2018/CVE-2018-8384.md index b4e9d5315..940c4b9ce 100644 --- a/2018/CVE-2018-8384.md +++ b/2018/CVE-2018-8384.md @@ -14,5 +14,6 @@ A remote code execution vulnerability exists in the way that the Chakra scriptin #### Github - https://github.com/chenghungpan/test_data +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-8389.md b/2018/CVE-2018-8389.md index ab5b897eb..28cac4421 100644 --- a/2018/CVE-2018-8389.md +++ b/2018/CVE-2018-8389.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/sharmasandeepkr/cve-2018-8389 - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-8453.md b/2018/CVE-2018-8453.md index 793b1a22c..46479d625 100644 --- a/2018/CVE-2018-8453.md +++ b/2018/CVE-2018-8453.md @@ -42,6 +42,7 @@ An elevation of privilege vulnerability exists in Windows when the Win32k compon - https://github.com/LegendSaber/exp_x64 - https://github.com/Micr067/windows-kernel-exploits - https://github.com/Mkv4/cve-2018-8453-exp +- https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources - https://github.com/NitroA/windowsexpoitationresources - https://github.com/NullArray/WinKernel-Resources - https://github.com/Ondrik8/exploit diff --git a/2018/CVE-2018-8466.md b/2018/CVE-2018-8466.md index d73ef09e6..417782550 100644 --- a/2018/CVE-2018-8466.md +++ b/2018/CVE-2018-8466.md @@ -16,6 +16,7 @@ A remote code execution vulnerability exists in the way that the Chakra scriptin #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-8467.md b/2018/CVE-2018-8467.md index 3c94b7bbb..42f1b115e 100644 --- a/2018/CVE-2018-8467.md +++ b/2018/CVE-2018-8467.md @@ -16,6 +16,7 @@ A remote code execution vulnerability exists in the way that the Chakra scriptin #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2018/CVE-2018-8589.md b/2018/CVE-2018-8589.md index 9218b16cb..8d2f047ce 100644 --- a/2018/CVE-2018-8589.md +++ b/2018/CVE-2018-8589.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/0xpetros/windows-privilage-escalation - https://github.com/ARPSyndicate/cvemon - https://github.com/FULLSHADE/WindowsExploitationResources +- https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources - https://github.com/NitroA/windowsexpoitationresources - https://github.com/NullArray/WinKernel-Resources - https://github.com/Ondrik8/exploit diff --git a/2018/CVE-2018-8617.md b/2018/CVE-2018-8617.md index ba0e58f6f..fd86ebc7d 100644 --- a/2018/CVE-2018-8617.md +++ b/2018/CVE-2018-8617.md @@ -18,5 +18,6 @@ A remote code execution vulnerability exists in the way that the Chakra scriptin - https://github.com/bb33bb/cve-2018-8617-aab-r-w- - https://github.com/ommadawn46/Chakra-TypeConfusions - https://github.com/ommadawn46/chakra-type-confusions +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2018/CVE-2018-8631.md b/2018/CVE-2018-8631.md index f915ca98d..501083a16 100644 --- a/2018/CVE-2018-8631.md +++ b/2018/CVE-2018-8631.md @@ -19,5 +19,6 @@ A remote code execution vulnerability exists when Internet Explorer improperly a - https://github.com/marckwei/temp - https://github.com/merlinepedra/DONATO - https://github.com/merlinepedra25/DONATO +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2019/CVE-2019-0539.md b/2019/CVE-2019-0539.md index 82f1d7006..610a8c459 100644 --- a/2019/CVE-2019-0539.md +++ b/2019/CVE-2019-0539.md @@ -29,6 +29,7 @@ A remote code execution vulnerability exists in the way that the Chakra scriptin - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/ommadawn46/Chakra-TypeConfusions - https://github.com/ommadawn46/chakra-type-confusions +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/paulveillard/cybersecurity-windows-exploitation - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db diff --git a/2019/CVE-2019-0567.md b/2019/CVE-2019-0567.md index 5209637fa..de3476d83 100644 --- a/2019/CVE-2019-0567.md +++ b/2019/CVE-2019-0567.md @@ -26,6 +26,7 @@ A remote code execution vulnerability exists in the way that the Chakra scriptin - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/ommadawn46/Chakra-TypeConfusions - https://github.com/ommadawn46/chakra-type-confusions +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/r1mit/awesome-browser-security - https://github.com/tunz/js-vuln-db diff --git a/2019/CVE-2019-0568.md b/2019/CVE-2019-0568.md index b502fd24a..932eecbc7 100644 --- a/2019/CVE-2019-0568.md +++ b/2019/CVE-2019-0568.md @@ -20,6 +20,7 @@ A remote code execution vulnerability exists in the way that the Chakra scriptin - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/lnick2023/nicenice - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2019/CVE-2019-0708.md b/2019/CVE-2019-0708.md index 78f2ffc64..4e41950f9 100644 --- a/2019/CVE-2019-0708.md +++ b/2019/CVE-2019-0708.md @@ -112,6 +112,7 @@ A remote code execution vulnerability exists in Remote Desktop Services formerly - https://github.com/Micle5858/PENTESTING-BIBLE - https://github.com/Micr067/Pentest_Note - https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources - https://github.com/NAXG/cve_2019_0708_bluekeep_rce - https://github.com/NetW0rK1le3r/PENTESTING-BIBLE - https://github.com/NetW0rK1le3r/awesome-hacking-lists diff --git a/2019/CVE-2019-0859.md b/2019/CVE-2019-0859.md index e4d5b3872..c24ff6f91 100644 --- a/2019/CVE-2019-0859.md +++ b/2019/CVE-2019-0859.md @@ -20,6 +20,7 @@ No PoCs from references. - https://github.com/Ascotbe/Kernelhub - https://github.com/Cruxer8Mech/Idk - https://github.com/FULLSHADE/WindowsExploitationResources +- https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources - https://github.com/NitroA/windowsexpoitationresources - https://github.com/NullArray/WinKernel-Resources - https://github.com/Ondrik8/exploit diff --git a/2019/CVE-2019-0930.md b/2019/CVE-2019-0930.md index 5f6d37aec..1014ad298 100644 --- a/2019/CVE-2019-0930.md +++ b/2019/CVE-2019-0930.md @@ -20,5 +20,6 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2019/CVE-2019-1132.md b/2019/CVE-2019-1132.md index 9c1566af0..8b51cfee8 100644 --- a/2019/CVE-2019-1132.md +++ b/2019/CVE-2019-1132.md @@ -21,6 +21,7 @@ No PoCs from references. - https://github.com/Cruxer8Mech/Idk - https://github.com/ExpLife0011/awesome-windows-kernel-security-development - https://github.com/FULLSHADE/WindowsExploitationResources +- https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources - https://github.com/NitroA/windowsexpoitationresources - https://github.com/NullArray/WinKernel-Resources - https://github.com/Ondrik8/exploit diff --git a/2019/CVE-2019-11358.md b/2019/CVE-2019-11358.md index 000f1069d..c9f03ce9f 100644 --- a/2019/CVE-2019-11358.md +++ b/2019/CVE-2019-11358.md @@ -2212,6 +2212,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/Tech-Turtles/CenterStage - https://github.com/Tech-Turtles/Power-Play - https://github.com/Tech-X-CNDV/CenterStage +- https://github.com/Tech-X-CNDV/codCenterStage - https://github.com/Techarinos/FTC - https://github.com/Techno-Goats-9224/FtcRobotController - https://github.com/Techno-Goats-9224/FtcRobotController-master-9224 @@ -3841,6 +3842,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/standerryan/Marburn-2122 - https://github.com/stcline/FtcRobotController-master - https://github.com/stemosofc/RobotFTCstemOS +- https://github.com/stormbots-9415/UltimateGoal - https://github.com/suchirchikkava/FTC-2022-2023-Season - https://github.com/suchirchikkava/FTC-2023-2024-CenterStage-Season - https://github.com/sundar-krishnan/BotzNBolts-FTC-2020-2021 @@ -4103,6 +4105,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/yuhsb-lionotics/UltimateGoal13475 - https://github.com/yuhsb-lionotics/UltimateGoal5361 - https://github.com/yuhwanlee/TinyRobot +- https://github.com/yummy-licorice/RobotCode - https://github.com/yuvvan/GForce_Base - https://github.com/yyhJohn/FTC-2022 - https://github.com/yyhJohn/FTC-2022-1 diff --git a/2019/CVE-2019-14234.md b/2019/CVE-2019-14234.md index edfddd41b..ebb7bbd01 100644 --- a/2019/CVE-2019-14234.md +++ b/2019/CVE-2019-14234.md @@ -27,6 +27,7 @@ No PoCs from references. - https://github.com/kvesta/vesta - https://github.com/lnick2023/nicenice - https://github.com/malvika-thakur/CVE-2019-14234 +- https://github.com/q99266/saury-vulnhub - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/reph0r/Poc-Exp-Tools - https://github.com/reph0r/Shooting-Range diff --git a/2019/CVE-2019-14287.md b/2019/CVE-2019-14287.md index 95907d0ff..1eede5619 100644 --- a/2019/CVE-2019-14287.md +++ b/2019/CVE-2019-14287.md @@ -51,6 +51,7 @@ In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can - https://github.com/R0seSecurity/Linux_Priviledge_Escalation - https://github.com/RoqueNight/Linux-Privilege-Escalation-Basics - https://github.com/SachinthaDeSilva-cmd/Exploit-CVE-2019-14287 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SexyBeast233/SecBooks - https://github.com/ShianTrish/sudo-Security-Bypass-vulnerability-CVE-2019-14287 - https://github.com/Sindadziy/cve-2019-14287 diff --git a/2019/CVE-2019-15107.md b/2019/CVE-2019-15107.md index 682d1957e..0fdf27520 100644 --- a/2019/CVE-2019-15107.md +++ b/2019/CVE-2019-15107.md @@ -119,6 +119,7 @@ An issue was discovered in Webmin <=1.920. The parameter old in password_change. - https://github.com/password520/RedTeamer - https://github.com/psw01/CVE-2019-15107_webminRCE - https://github.com/puckiestyle/CVE-2019-15107 +- https://github.com/q99266/saury-vulnhub - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/ruthvikvegunta/CVE-2019-15107 - https://github.com/seeu-inspace/easyg diff --git a/2019/CVE-2019-16869.md b/2019/CVE-2019-16869.md index e38425df3..cf4e7894c 100644 --- a/2019/CVE-2019-16869.md +++ b/2019/CVE-2019-16869.md @@ -18,4 +18,5 @@ No PoCs from references. - https://github.com/CGCL-codes/PHunter - https://github.com/LibHunter/LibHunter - https://github.com/cezapata/appconfiguration-sample +- https://github.com/ytono/gcp-arcade diff --git a/2019/CVE-2019-16884.md b/2019/CVE-2019-16884.md index d7fff1172..0922db339 100644 --- a/2019/CVE-2019-16884.md +++ b/2019/CVE-2019-16884.md @@ -25,6 +25,7 @@ runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, - https://github.com/h4ckm310n/Container-Vulnerability-Exploit - https://github.com/hacking-kubernetes/hacking-kubernetes.info - https://github.com/iridium-soda/container-escape-exploits +- https://github.com/openSUSE/libpathrs - https://github.com/phoenixvlabs/core-nexus - https://github.com/phxvlabsio/core-nexus - https://github.com/sivahpe/trivy-test diff --git a/2019/CVE-2019-18634.md b/2019/CVE-2019-18634.md index 5b9b93937..571685ee2 100644 --- a/2019/CVE-2019-18634.md +++ b/2019/CVE-2019-18634.md @@ -36,6 +36,7 @@ In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigg - https://github.com/Retr0-ll/2023-littleTerm - https://github.com/Retr0-ll/littleterm - https://github.com/RoqueNight/Linux-Privilege-Escalation-Basics +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/Srinunaik000/Srinunaik000 - https://github.com/TCM-Course-Resources/Linux-Privilege-Escalation-Resources @@ -66,6 +67,7 @@ In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigg - https://github.com/nitishbadole/oscp-note-3 - https://github.com/notnue/Linux-Privilege-Escalation - https://github.com/oscpname/OSCP_cheat +- https://github.com/paras1te-x/CVE-2019-18634 - https://github.com/pmihsan/Sudo-PwdFeedback-Buffer-Overflow - https://github.com/ptef/CVE-2019-18634 - https://github.com/retr0-13/Linux-Privilege-Escalation-Basics diff --git a/2019/CVE-2019-18845.md b/2019/CVE-2019-18845.md index 8f2b5d2ab..1a0cedc24 100644 --- a/2019/CVE-2019-18845.md +++ b/2019/CVE-2019-18845.md @@ -19,6 +19,7 @@ The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 allow loca - https://github.com/ARPSyndicate/cvemon - https://github.com/FULLSHADE/WindowsExploitationResources - https://github.com/FuzzySecurity/Sharp-Suite +- https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources - https://github.com/NitroA/windowsexpoitationresources - https://github.com/NullArray/WinKernel-Resources - https://github.com/Ondrik8/exploit diff --git a/2019/CVE-2019-19921.md b/2019/CVE-2019-19921.md index 9fbaf2c14..c40fb2d4a 100644 --- a/2019/CVE-2019-19921.md +++ b/2019/CVE-2019-19921.md @@ -16,6 +16,7 @@ runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Pri - https://github.com/43622283/awesome-cloud-native-security - https://github.com/Metarget/awesome-cloud-native-security - https://github.com/atesemre/awesome-cloud-native-security +- https://github.com/openSUSE/libpathrs - https://github.com/shakyaraj9569/Documentation - https://github.com/sivahpe/trivy-test diff --git a/2019/CVE-2019-2222.md b/2019/CVE-2019-2222.md new file mode 100644 index 000000000..130911609 --- /dev/null +++ b/2019/CVE-2019-2222.md @@ -0,0 +1,17 @@ +### [CVE-2019-2222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2222) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Remote%20code%20execution&color=brighgreen) + +### Description + +n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/qianxiao996/BurpSuite-FrameScan + diff --git a/2019/CVE-2019-25078.md b/2019/CVE-2019-25078.md new file mode 100644 index 000000000..9224b0722 --- /dev/null +++ b/2019/CVE-2019-25078.md @@ -0,0 +1,17 @@ +### [CVE-2019-25078](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25078) +![](https://img.shields.io/static/v1?label=Product&message=pacparser&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Memory%20Corruption%20-%3E%20CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiRaltvein/memory-corruption-examples + diff --git a/2019/CVE-2019-2618.md b/2019/CVE-2019-2618.md index c6d13362b..5f2e155f1 100644 --- a/2019/CVE-2019-2618.md +++ b/2019/CVE-2019-2618.md @@ -37,6 +37,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP - https://github.com/hktalent/bug-bounty +- https://github.com/huan-cdm/secure_tools_link - https://github.com/ianxtianxt/cve-2019-2618 - https://github.com/iceberg-N/WL_Scan_GO - https://github.com/jas502n/cve-2019-2618 diff --git a/2019/CVE-2019-2725.md b/2019/CVE-2019-2725.md index 0eed8fdbb..134693ed1 100644 --- a/2019/CVE-2019-2725.md +++ b/2019/CVE-2019-2725.md @@ -126,6 +126,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/hktalent/TOP - https://github.com/hktalent/bug-bounty - https://github.com/hmoytx/weblogicscan +- https://github.com/huan-cdm/secure_tools_link - https://github.com/huike007/penetration_poc - https://github.com/huike007/poc - https://github.com/ianxtianxt/CVE-2019-2725 diff --git a/2019/CVE-2019-2729.md b/2019/CVE-2019-2729.md index a8196a34c..b4eaa542a 100644 --- a/2019/CVE-2019-2729.md +++ b/2019/CVE-2019-2729.md @@ -57,6 +57,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP - https://github.com/hmoytx/weblogicscan +- https://github.com/huan-cdm/secure_tools_link - https://github.com/jbmihoub/all-poc - https://github.com/jiangsir404/POC-S - https://github.com/jweny/pocassistdb diff --git a/2019/CVE-2019-2890.md b/2019/CVE-2019-2890.md index 3a9aae994..9109fddc2 100644 --- a/2019/CVE-2019-2890.md +++ b/2019/CVE-2019-2890.md @@ -53,6 +53,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/hanc00l/some_pocsuite - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP +- https://github.com/huan-cdm/secure_tools_link - https://github.com/ianxtianxt/CVE-2019-2890 - https://github.com/iceberg-N/WL_Scan_GO - https://github.com/jared1981/More-Pentest-Tools diff --git a/2019/CVE-2019-5736.md b/2019/CVE-2019-5736.md index d3fd782ce..159a15a28 100644 --- a/2019/CVE-2019-5736.md +++ b/2019/CVE-2019-5736.md @@ -73,6 +73,7 @@ runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allow - https://github.com/Retr0-ll/littleterm - https://github.com/RyanNgWH/CVE-2019-5736-POC - https://github.com/SamP10/BetDocker +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SexyBeast233/SecBooks - https://github.com/ShadowFl0w/Cloud-Native-Security-Test - https://github.com/SirElmard/ethical_hacking diff --git a/2019/CVE-2019-5755.md b/2019/CVE-2019-5755.md index 982bb075f..f863ce911 100644 --- a/2019/CVE-2019-5755.md +++ b/2019/CVE-2019-5755.md @@ -15,5 +15,6 @@ No PoCs from references. #### Github - https://github.com/Kiprey/Skr_Learning - https://github.com/Self-Study-Committee/Skr_Learning +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2019/CVE-2019-5782.md b/2019/CVE-2019-5782.md index 1a1a2a7d5..739043459 100644 --- a/2019/CVE-2019-5782.md +++ b/2019/CVE-2019-5782.md @@ -22,6 +22,7 @@ No PoCs from references. - https://github.com/i0gan/cve - https://github.com/m1ghtym0/browser-pwn - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/seal9055/cyber_attack_simulation - https://github.com/tianstcht/v8-exploit - https://github.com/tunz/js-vuln-db diff --git a/2019/CVE-2019-5784.md b/2019/CVE-2019-5784.md index 8ff64b4f1..21c7fe490 100644 --- a/2019/CVE-2019-5784.md +++ b/2019/CVE-2019-5784.md @@ -13,5 +13,6 @@ Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 No PoCs from references. #### Github +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2019/CVE-2019-6215.md b/2019/CVE-2019-6215.md index 86576e953..4b45c9bbf 100644 --- a/2019/CVE-2019-6215.md +++ b/2019/CVE-2019-6215.md @@ -21,5 +21,6 @@ A type confusion issue was addressed with improved memory handling. This issue i - https://www.exploit-db.com/exploits/46448/ #### Github +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2019/CVE-2019-6447.md b/2019/CVE-2019-6447.md index 67a1c1747..4c50c7e2c 100644 --- a/2019/CVE-2019-6447.md +++ b/2019/CVE-2019-6447.md @@ -30,6 +30,7 @@ The ES File Explorer File Manager application through 4.1.9.7.4 for Android allo - https://github.com/Nehal-Zaman/CVE-2019-6447 - https://github.com/Osuni-99/CVE-2019-6447 - https://github.com/SandaRuFdo/ES-File-Explorer-Open-Port-Vulnerability---CVE-2019-6447 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/VinuKalana/CVE-2019-6447-Android-Vulnerability-in-ES-File-Explorer - https://github.com/amjadkhan345/esfile diff --git a/2019/CVE-2019-7304.md b/2019/CVE-2019-7304.md index d35bc906e..3eae2bc6b 100644 --- a/2019/CVE-2019-7304.md +++ b/2019/CVE-2019-7304.md @@ -26,6 +26,7 @@ Canonical snapd before version 2.37.1 incorrectly performed socket owner validat - https://github.com/Ly0nt4r/OSCP - https://github.com/Mr-Tree-S/POC_EXP - https://github.com/SecuritySi/CVE-2019-7304_DirtySock +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/VieVaWaldi/DirtySock diff --git a/2019/CVE-2019-7314.md b/2019/CVE-2019-7314.md index c637169f7..5582ca35d 100644 --- a/2019/CVE-2019-7314.md +++ b/2019/CVE-2019-7314.md @@ -24,6 +24,7 @@ No PoCs from references. - https://github.com/LeeHun9/AFLNeTrans - https://github.com/Speciale-Projekt/legening - https://github.com/aflnet/aflnet +- https://github.com/amonnymouse/aflnet - https://github.com/calmxkk/aflnet - https://github.com/cozy131/aflnet - https://github.com/dnagarju/Aflnet diff --git a/2019/CVE-2019-8506.md b/2019/CVE-2019-8506.md index 4972058e1..0cf8e00f7 100644 --- a/2019/CVE-2019-8506.md +++ b/2019/CVE-2019-8506.md @@ -26,5 +26,6 @@ No PoCs from references. - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/hwiwonl/dayone +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db diff --git a/2019/CVE-2019-8518.md b/2019/CVE-2019-8518.md index cd319f3a9..635604ccc 100644 --- a/2019/CVE-2019-8518.md +++ b/2019/CVE-2019-8518.md @@ -28,6 +28,7 @@ No PoCs from references. - https://github.com/alphaSeclab/sec-daily-2019 - https://github.com/googleprojectzero/fuzzilli - https://github.com/lnick2023/nicenice +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/tunz/js-vuln-db - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2019/CVE-2019-8558.md b/2019/CVE-2019-8558.md index 1db1ac661..cc3051fa0 100644 --- a/2019/CVE-2019-8558.md +++ b/2019/CVE-2019-8558.md @@ -25,6 +25,7 @@ No PoCs from references. #### Github - https://github.com/RUB-SysSec/JIT-Picker - https://github.com/googleprojectzero/fuzzilli +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db - https://github.com/zhangjiahui-buaa/MasterThesis diff --git a/2019/CVE-2019-9193.md b/2019/CVE-2019-9193.md index d994f23bb..79569c708 100644 --- a/2019/CVE-2019-9193.md +++ b/2019/CVE-2019-9193.md @@ -43,6 +43,7 @@ - https://github.com/paulotrindadec/CVE-2019-9193 - https://github.com/petitfleur/prov_navigator - https://github.com/provnavigator/prov_navigator +- https://github.com/q99266/saury-vulnhub - https://github.com/superfish9/pt - https://github.com/trganda/dockerv - https://github.com/w181496/Web-CTF-Cheatsheet diff --git a/2019/CVE-2019-9791.md b/2019/CVE-2019-9791.md index 9aaee2a3e..c7474dc96 100644 --- a/2019/CVE-2019-9791.md +++ b/2019/CVE-2019-9791.md @@ -20,6 +20,7 @@ The type inference system allows the compilation of functions that can cause typ - https://github.com/Sp0pielar/CVE-2019-9791 - https://github.com/ZihanYe/web-browser-vulnerabilities - https://github.com/googleprojectzero/fuzzilli +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db - https://github.com/ulexec/Exploits - https://github.com/zhangjiahui-buaa/MasterThesis diff --git a/2019/CVE-2019-9813.md b/2019/CVE-2019-9813.md index 5c1cbe219..6ba153556 100644 --- a/2019/CVE-2019-9813.md +++ b/2019/CVE-2019-9813.md @@ -20,6 +20,7 @@ Incorrect handling of __proto__ mutations may lead to type confusion in IonMonke - https://github.com/RUB-SysSec/JIT-Picker - https://github.com/ZihanYe/web-browser-vulnerabilities - https://github.com/googleprojectzero/fuzzilli +- https://github.com/otravidaahora2t/js-vuln-db - https://github.com/tunz/js-vuln-db - https://github.com/zhangjiahui-buaa/MasterThesis diff --git a/2020/CVE-2020-0796.md b/2020/CVE-2020-0796.md index 40e664102..0639a19a3 100644 --- a/2020/CVE-2020-0796.md +++ b/2020/CVE-2020-0796.md @@ -26,6 +26,7 @@ A remote code execution vulnerability exists in the way that the Microsoft Serve #### Github - https://github.com/0day404/vulnerability-poc +- https://github.com/0x25bit/CVE-2020-0796-PoC - https://github.com/0xMarcio/cve - https://github.com/0xT11/CVE-POC - https://github.com/0xcyberpj/windows-exploitation @@ -120,6 +121,7 @@ A remote code execution vulnerability exists in the way that the Microsoft Serve - https://github.com/MizaruIT/PENTADAY_TOOLKIT - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/Murasame-nc/CVE-2020-0796-LPE-POC +- https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources - https://github.com/NetW0rK1le3r/awesome-hacking-lists - https://github.com/NitroA/windowsexpoitationresources - https://github.com/NoTsPepino/Shodan-Dorking @@ -139,6 +141,7 @@ A remote code execution vulnerability exists in the way that the Microsoft Serve - https://github.com/S3cur3Th1sSh1t/WinPwn - https://github.com/SEHandler/CVE-2020-0796 - https://github.com/SecWiki/windows-kernel-exploits +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SexurityAnalyst/WinPwn - https://github.com/SexyBeast233/SecBooks - https://github.com/SirElmard/ethical_hacking diff --git a/2020/CVE-2020-1054.md b/2020/CVE-2020-1054.md index c9c35151e..be43265f1 100644 --- a/2020/CVE-2020-1054.md +++ b/2020/CVE-2020-1054.md @@ -40,6 +40,7 @@ An elevation of privilege vulnerability exists in Windows when the Windows kerne - https://github.com/KaLendsi/CVE-2020-1054 - https://github.com/LegendSaber/exp_x64 - https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources - https://github.com/NitroA/windowsexpoitationresources - https://github.com/NullArray/WinKernel-Resources - https://github.com/Ostorlab/KEV diff --git a/2020/CVE-2020-11651.md b/2020/CVE-2020-11651.md index aaf15f1ab..53ada2dae 100644 --- a/2020/CVE-2020-11651.md +++ b/2020/CVE-2020-11651.md @@ -85,6 +85,7 @@ An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2 - https://github.com/lovelyjuice/cve-2020-11651-exp-plus - https://github.com/merlinxcy/ToolBox - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/orgTestCodacy11KRepos110MB/repo-1492-Dork-Admin - https://github.com/password520/Penetration_PoC - https://github.com/puckiestyle/cve-2020-11651 - https://github.com/rapyuta-robotics/clean-script diff --git a/2020/CVE-2020-11652.md b/2020/CVE-2020-11652.md index 1bcbd7acf..0ba5b0753 100644 --- a/2020/CVE-2020-11652.md +++ b/2020/CVE-2020-11652.md @@ -67,6 +67,7 @@ An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2 - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection - https://github.com/n3masyst/n3masyst - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/orgTestCodacy11KRepos110MB/repo-1492-Dork-Admin - https://github.com/password520/Penetration_PoC - https://github.com/rapyuta-robotics/clean-script - https://github.com/rossengeorgiev/salt-security-backports diff --git a/2020/CVE-2020-12138.md b/2020/CVE-2020-12138.md index 32f2b92d7..ad52c24e7 100644 --- a/2020/CVE-2020-12138.md +++ b/2020/CVE-2020-12138.md @@ -17,6 +17,7 @@ AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly w - https://github.com/0xcyberpj/windows-exploitation - https://github.com/0xpetros/windows-privilage-escalation - https://github.com/FULLSHADE/WindowsExploitationResources +- https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources - https://github.com/NitroA/windowsexpoitationresources - https://github.com/NullArray/WinKernel-Resources - https://github.com/Ondrik8/exploit diff --git a/2020/CVE-2020-1472.md b/2020/CVE-2020-1472.md index 39ef38c14..28cdfc6b9 100644 --- a/2020/CVE-2020-1472.md +++ b/2020/CVE-2020-1472.md @@ -29,6 +29,7 @@ An elevation of privilege vulnerability exists when an attacker establishes a vu #### Reference - http://packetstormsecurity.com/files/159190/Zerologon-Proof-Of-Concept.html - http://packetstormsecurity.com/files/160127/Zerologon-Netlogon-Privilege-Escalation.html +- https://usn.ubuntu.com/4510-2/ - https://usn.ubuntu.com/4559-1/ - https://www.kb.cert.org/vuls/id/490028 - https://www.oracle.com/security-alerts/cpuApr2021.html @@ -142,6 +143,7 @@ An elevation of privilege vulnerability exists when an attacker establishes a vu - https://github.com/SaharAttackit/CVE-2020-1472 - https://github.com/Saidul-M-Khan/PENTESTING-BIBLE - https://github.com/SecuraBV/CVE-2020-1472 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SexurityAnalyst/WinPwn - https://github.com/SexyBeast233/SecBooks - https://github.com/Shiva108/ADBasher @@ -278,6 +280,7 @@ An elevation of privilege vulnerability exists when an attacker establishes a vu - https://github.com/m1ddl3w4r3/SharpCollection - https://github.com/maikelnight/zerologon - https://github.com/merlinepedra25/AM0N-Eye +- https://github.com/michaelpoznecki/zerologon - https://github.com/midpipps/CVE-2020-1472-Easy - https://github.com/mingchen-script/CVE-2020-1472-visualizer - https://github.com/mishmashclone/Flangvik-SharpCollection diff --git a/2020/CVE-2020-14750.md b/2020/CVE-2020-14750.md index 699f9f148..135fbaa1d 100644 --- a/2020/CVE-2020-14750.md +++ b/2020/CVE-2020-14750.md @@ -36,6 +36,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP +- https://github.com/huan-cdm/secure_tools_link - https://github.com/jas502n/CVE-2020-14882 - https://github.com/jbmihoub/all-poc - https://github.com/kkhacklabs/CVE-2020-14750 diff --git a/2020/CVE-2020-14882.md b/2020/CVE-2020-14882.md index b5bd2101b..df94c73c6 100644 --- a/2020/CVE-2020-14882.md +++ b/2020/CVE-2020-14882.md @@ -114,6 +114,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP - https://github.com/hktalent/bug-bounty +- https://github.com/huan-cdm/secure_tools_link - https://github.com/huike007/penetration_poc - https://github.com/iceberg-N/WL_Scan_GO - https://github.com/ihebski/A-Red-Teamer-diaries diff --git a/2020/CVE-2020-14883.md b/2020/CVE-2020-14883.md index 4e9c89876..f2447637b 100644 --- a/2020/CVE-2020-14883.md +++ b/2020/CVE-2020-14883.md @@ -63,6 +63,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP - https://github.com/hktalent/bug-bounty +- https://github.com/huan-cdm/secure_tools_link - https://github.com/jas502n/CVE-2020-14882 - https://github.com/jbmihoub/all-poc - https://github.com/langu-xyz/JavaVulnMap diff --git a/2020/CVE-2020-15999.md b/2020/CVE-2020-15999.md index ea5be28d2..099ee3336 100644 --- a/2020/CVE-2020-15999.md +++ b/2020/CVE-2020-15999.md @@ -32,6 +32,7 @@ Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed - https://github.com/maarlo/CVE-2020-15999 - https://github.com/marcinguy/CVE-2020-15999 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/oxfemale/CVE-2020-15999 - https://github.com/readloud/Awesome-Stars - https://github.com/seifrajhi/Docker-Image-Building-Best-Practices - https://github.com/soosmile/POC diff --git a/2020/CVE-2020-17519.md b/2020/CVE-2020-17519.md index 783cfd0fc..702bdf8e8 100644 --- a/2020/CVE-2020-17519.md +++ b/2020/CVE-2020-17519.md @@ -42,6 +42,7 @@ A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/Osyanina/westone-CVE-2020-17519-scanner - https://github.com/QmF0c3UK/CVE-2020-17519 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SexyBeast233/SecBooks - https://github.com/SirElmard/ethical_hacking - https://github.com/StarCrossPortal/scalpel diff --git a/2020/CVE-2020-1938.md b/2020/CVE-2020-1938.md index bc84c687e..4727f1103 100644 --- a/2020/CVE-2020-1938.md +++ b/2020/CVE-2020-1938.md @@ -169,6 +169,7 @@ When using the Apache JServ Protocol (AJP), care must be taken when trusting inc - https://github.com/pathakabhi24/Pentest-Tools - https://github.com/pinkieli/GitHub-Chinese-Top-Charts - https://github.com/pjgmonteiro/Pentest-tools +- https://github.com/q99266/saury-vulnhub - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/qingyuanfeiniao/Chinese-Top-Charts - https://github.com/readloud/Awesome-Stars diff --git a/2020/CVE-2020-2034.md b/2020/CVE-2020-2034.md index f895f6dbe..9ad646d5f 100644 --- a/2020/CVE-2020-2034.md +++ b/2020/CVE-2020-2034.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/blackhatethicalhacking/CVE-2020-2034-POC - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/hectorgie/PoC-in-GitHub +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/noperator/panos-scanner - https://github.com/r0eXpeR/supplier diff --git a/2020/CVE-2020-2551.md b/2020/CVE-2020-2551.md index 07692da0a..151b32c97 100644 --- a/2020/CVE-2020-2551.md +++ b/2020/CVE-2020-2551.md @@ -107,6 +107,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/hktalent/CreateOneMinJar - https://github.com/hktalent/TOP - https://github.com/hktalent/bug-bounty +- https://github.com/huan-cdm/secure_tools_link - https://github.com/huike007/penetration_poc - https://github.com/huike007/poc - https://github.com/hungslab/awd-tools diff --git a/2020/CVE-2020-26048.md b/2020/CVE-2020-26048.md index b43fe44d7..2c273eb28 100644 --- a/2020/CVE-2020-26048.md +++ b/2020/CVE-2020-26048.md @@ -15,4 +15,5 @@ The file manager option in CuppaCMS before 2019-11-12 allows an authenticated at #### Github - https://github.com/hxysaury/The-Road-to-Safety - https://github.com/hxysaury/saury-vulnhub +- https://github.com/q99266/saury-vulnhub diff --git a/2020/CVE-2020-5410.md b/2020/CVE-2020-5410.md index 2c597a522..8239c52fb 100644 --- a/2020/CVE-2020-5410.md +++ b/2020/CVE-2020-5410.md @@ -47,6 +47,7 @@ No PoCs from references. - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/dead5nd/config-demo - https://github.com/developer3000S/PoC-in-GitHub +- https://github.com/drwiiche/resource - https://github.com/dudek-marcin/Poc-Exp - https://github.com/enomothem/PenTestNote - https://github.com/hasee2018/Penetration_Testing_POC diff --git a/2020/CVE-2020-6514.md b/2020/CVE-2020-6514.md index 463adc18c..c4e7bdda5 100644 --- a/2020/CVE-2020-6514.md +++ b/2020/CVE-2020-6514.md @@ -18,6 +18,7 @@ Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 al - https://github.com/HassanAzze/CVE-2020-6514 - https://github.com/R0jhack/CVE-2020-6514 - https://github.com/developer3000S/PoC-in-GitHub +- https://github.com/hasan-khalil/CVE-2020-6514 - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/rojhack/CVE-2020-6514 diff --git a/2020/CVE-2020-8808.md b/2020/CVE-2020-8808.md index 524187723..08b24d9cd 100644 --- a/2020/CVE-2020-8808.md +++ b/2020/CVE-2020-8808.md @@ -16,6 +16,7 @@ The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE befo - https://github.com/0xcyberpj/windows-exploitation - https://github.com/0xpetros/windows-privilage-escalation - https://github.com/FULLSHADE/WindowsExploitationResources +- https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources - https://github.com/NitroA/windowsexpoitationresources - https://github.com/NullArray/WinKernel-Resources - https://github.com/Ondrik8/exploit diff --git a/2021/CVE-2021-1675.md b/2021/CVE-2021-1675.md index d37ef9eb5..e70767d95 100644 --- a/2021/CVE-2021-1675.md +++ b/2021/CVE-2021-1675.md @@ -124,6 +124,7 @@ Windows Print Spooler Remote Code Execution Vulnerability - https://github.com/SYRTI/POC_to_review - https://github.com/SaintsConnor/Exploits - https://github.com/SecuProject/NetworkInfoGather +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SexurityAnalyst/WinPwn - https://github.com/SexyBeast233/SecBooks - https://github.com/SirElmard/ethical_hacking @@ -271,6 +272,7 @@ Windows Print Spooler Remote Code Execution Vulnerability - https://github.com/retr0-13/Active-Directory-Exploitation-Cheat-Sheet - https://github.com/retr0-13/PrintNightmare - https://github.com/retr0-13/WinPwn +- https://github.com/rettbl/Useful - https://github.com/revanmalang/OSCP - https://github.com/rnbochsr/atlas - https://github.com/rodrigosilvaluz/JUST_WALKING_DOG diff --git a/2021/CVE-2021-2086.md b/2021/CVE-2021-2086.md index 3ebcb51da..a8afcab56 100644 --- a/2021/CVE-2021-2086.md +++ b/2021/CVE-2021-2086.md @@ -17,4 +17,6 @@ Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp - https://github.com/dlehgus1023/VirtualBox_IO-Fuzz - https://github.com/dlehgus1023/dlehgus1023 - https://github.com/erepspinos/CVE +- https://github.com/l33d0hyun/CVE +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2021/CVE-2021-21972.md b/2021/CVE-2021-21972.md index aa0f8f249..5c17d57d0 100644 --- a/2021/CVE-2021-21972.md +++ b/2021/CVE-2021-21972.md @@ -60,6 +60,7 @@ The vSphere Client (HTML5) contains a remote code execution vulnerability in a v - https://github.com/Ratlesv/LadonGo - https://github.com/SYRTI/POC_to_review - https://github.com/Schira4396/VcenterKiller +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SexyBeast233/SecBooks - https://github.com/SirElmard/ethical_hacking - https://github.com/SofianeHamlaoui/Conti-Clear diff --git a/2021/CVE-2021-22204.md b/2021/CVE-2021-22204.md index 4cf610f84..9ad99a4dd 100644 --- a/2021/CVE-2021-22204.md +++ b/2021/CVE-2021-22204.md @@ -41,6 +41,7 @@ Improper neutralization of user data in the DjVu file format in ExifTool version - https://github.com/PolGs/htb-meta - https://github.com/PwnAwan/MindMaps2 - https://github.com/SYRTI/POC_to_review +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SexyBeast233/SecBooks - https://github.com/SirElmard/ethical_hacking - https://github.com/Sm4rty-1/awesome-blogs diff --git a/2021/CVE-2021-22986.md b/2021/CVE-2021-22986.md index 288aea050..fef2c243a 100644 --- a/2021/CVE-2021-22986.md +++ b/2021/CVE-2021-22986.md @@ -77,6 +77,7 @@ On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection - https://github.com/luck-ying/Library-POC - https://github.com/manas3c/CVE-POC +- https://github.com/microvorld/CVE-2021-22986 - https://github.com/n1sh1th/CVE-POC - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/openx-org/BLEN diff --git a/2021/CVE-2021-26085.md b/2021/CVE-2021-26085.md index dd31d54f8..d470f7741 100644 --- a/2021/CVE-2021-26085.md +++ b/2021/CVE-2021-26085.md @@ -25,6 +25,7 @@ Affected versions of Atlassian Confluence Server allow remote attackers to view - https://github.com/Ly0nt4r/OSCP - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/Threekiii/Awesome-POC - https://github.com/d4n-sec/d4n-sec.github.io diff --git a/2021/CVE-2021-26706.md b/2021/CVE-2021-26706.md new file mode 100644 index 000000000..42e38702d --- /dev/null +++ b/2021/CVE-2021-26706.md @@ -0,0 +1,17 @@ +### [CVE-2021-26706](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26706) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x and 1.39.00. The following memory allocation functions do not check for integer overflow when allocating a pool whose size exceeds the address space: Mem_PoolCreate, Mem_DynPoolCreate, and Mem_DynPoolCreateHW. Because these functions use multiplication to calculate the pool sizes, the operation may cause an integer overflow if the arguments are large enough. The resulting memory pool will be smaller than expected and may be exploited by an attacker. + +### POC + +#### Reference +- https://micrium.atlassian.net/wiki/spaces/libdoc138/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2021/CVE-2021-27550.md b/2021/CVE-2021-27550.md index a33a1ce10..1c5bacae2 100644 --- a/2021/CVE-2021-27550.md +++ b/2021/CVE-2021-27550.md @@ -17,4 +17,5 @@ Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice. - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/CVE - https://github.com/erepspinos/CVE +- https://github.com/l33d0hyun/CVE diff --git a/2021/CVE-2021-27928.md b/2021/CVE-2021-27928.md index 9e5082c47..7e495ea33 100644 --- a/2021/CVE-2021-27928.md +++ b/2021/CVE-2021-27928.md @@ -28,6 +28,7 @@ A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10. - https://github.com/Ly0nt4r/OSCP - https://github.com/NaInSec/CVE-PoC-in-GitHub - https://github.com/SYRTI/POC_to_review +- https://github.com/SenukDias/OSCP_cheat - https://github.com/Shenkongyin/CUC-2023 - https://github.com/SirElmard/ethical_hacking - https://github.com/WhooAmii/POC_to_review diff --git a/2021/CVE-2021-28169.md b/2021/CVE-2021-28169.md index 983bd2664..eb38ab9ad 100644 --- a/2021/CVE-2021-28169.md +++ b/2021/CVE-2021-28169.md @@ -16,6 +16,7 @@ For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for r #### Github - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Awrrays/FrameVul diff --git a/2021/CVE-2021-29425.md b/2021/CVE-2021-29425.md index 762d31613..fc69642c2 100644 --- a/2021/CVE-2021-29425.md +++ b/2021/CVE-2021-29425.md @@ -33,4 +33,5 @@ In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normaliz - https://github.com/raner/projo - https://github.com/scordero1234/java_sec_demo-main - https://github.com/seal-community/patches +- https://github.com/ytono/gcp-arcade diff --git a/2021/CVE-2021-31207.md b/2021/CVE-2021-31207.md index feeafa9e9..349ea533a 100644 --- a/2021/CVE-2021-31207.md +++ b/2021/CVE-2021-31207.md @@ -51,6 +51,7 @@ Microsoft Exchange Server Security Feature Bypass Vulnerability - https://github.com/merlinepedra/RedTeam_toolkit - https://github.com/merlinepedra25/RedTeam_toolkit - https://github.com/mithridates1313/ProxyShell_POC +- https://github.com/nitish778191/fitness_app - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research - https://github.com/pen4uin/vulnerability-research-list diff --git a/2021/CVE-2021-3129.md b/2021/CVE-2021-3129.md index e8acb7622..64459022c 100644 --- a/2021/CVE-2021-3129.md +++ b/2021/CVE-2021-3129.md @@ -57,6 +57,7 @@ Ignition before 2.5.2, as used in Laravel and other products, allows unauthentic - https://github.com/SNCKER/CVE-2021-3129 - https://github.com/SYRTI/POC_to_review - https://github.com/SecPros-Team/laravel-CVE-2021-3129-EXP +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SexyBeast233/SecBooks - https://github.com/SirElmard/ethical_hacking - https://github.com/Threekiii/Awesome-POC diff --git a/2021/CVE-2021-3156.md b/2021/CVE-2021-3156.md index c744f62a4..10d0f858f 100644 --- a/2021/CVE-2021-3156.md +++ b/2021/CVE-2021-3156.md @@ -109,6 +109,7 @@ Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based - https://github.com/SamTruss/LMU-CVE-2021-3156 - https://github.com/SantiagoSerrao/ScannerCVE-2021-3156 - https://github.com/Self-Study-Committee/Skr_Learning +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SexyBeast233/SecBooks - https://github.com/SirElmard/ethical_hacking - https://github.com/Spektrainfiniti/MP diff --git a/2021/CVE-2021-32292.md b/2021/CVE-2021-32292.md index be9c186d7..f1ed2957e 100644 --- a/2021/CVE-2021-32292.md +++ b/2021/CVE-2021-32292.md @@ -13,5 +13,5 @@ An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) thro - https://github.com/json-c/json-c/issues/654 #### Github -No PoCs found on GitHub currently. +- https://github.com/DiRaltvein/memory-corruption-examples diff --git a/2021/CVE-2021-32495.md b/2021/CVE-2021-32495.md index 3979dacd6..0df2ab5a1 100644 --- a/2021/CVE-2021-32495.md +++ b/2021/CVE-2021-32495.md @@ -13,5 +13,6 @@ Radare2 has a use-after-free vulnerability in pyc parser's get_none_object funct No PoCs from references. #### Github +- https://github.com/DiRaltvein/memory-corruption-examples - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2021/CVE-2021-32845.md b/2021/CVE-2021-32845.md index 64578c9fd..62196be11 100644 --- a/2021/CVE-2021-32845.md +++ b/2021/CVE-2021-32845.md @@ -13,5 +13,5 @@ HyperKit is a toolkit for embedding hypervisor capabilities in an application. I - https://securitylab.github.com/advisories/GHSL-2021-054_057-moby-hyperkit/ #### Github -No PoCs found on GitHub currently. +- https://github.com/DiRaltvein/memory-corruption-examples diff --git a/2021/CVE-2021-32846.md b/2021/CVE-2021-32846.md index 030ad0493..b7461c2ef 100644 --- a/2021/CVE-2021-32846.md +++ b/2021/CVE-2021-32846.md @@ -13,5 +13,5 @@ HyperKit is a toolkit for embedding hypervisor capabilities in an application. I - https://securitylab.github.com/advisories/GHSL-2021-054_057-moby-hyperkit/ #### Github -No PoCs found on GitHub currently. +- https://github.com/DiRaltvein/memory-corruption-examples diff --git a/2021/CVE-2021-33304.md b/2021/CVE-2021-33304.md new file mode 100644 index 000000000..ac50fb361 --- /dev/null +++ b/2021/CVE-2021-33304.md @@ -0,0 +1,17 @@ +### [CVE-2021-33304](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33304) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiRaltvein/memory-corruption-examples + diff --git a/2021/CVE-2021-33797.md b/2021/CVE-2021-33797.md index 28d55d3da..59d7ff6c6 100644 --- a/2021/CVE-2021-33797.md +++ b/2021/CVE-2021-33797.md @@ -13,5 +13,5 @@ Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integ - https://github.com/ccxvii/mujs/issues/148 #### Github -No PoCs found on GitHub currently. +- https://github.com/DiRaltvein/memory-corruption-examples diff --git a/2021/CVE-2021-34119.md b/2021/CVE-2021-34119.md index b30a40b58..9d5c62d8e 100644 --- a/2021/CVE-2021-34119.md +++ b/2021/CVE-2021-34119.md @@ -13,5 +13,5 @@ A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cx - https://github.com/michaelrsweet/htmldoc/issues/431 #### Github -No PoCs found on GitHub currently. +- https://github.com/DiRaltvein/memory-corruption-examples diff --git a/2021/CVE-2021-34280.md b/2021/CVE-2021-34280.md index 53326c16d..69e9b9e57 100644 --- a/2021/CVE-2021-34280.md +++ b/2021/CVE-2021-34280.md @@ -18,4 +18,6 @@ No PoCs from references. - https://github.com/dlehgus1023/CVE - https://github.com/dlehgus1023/dlehgus1023 - https://github.com/erepspinos/CVE +- https://github.com/l33d0hyun/CVE +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2021/CVE-2021-34473.md b/2021/CVE-2021-34473.md index cf4db9c30..0a3195b1b 100644 --- a/2021/CVE-2021-34473.md +++ b/2021/CVE-2021-34473.md @@ -83,6 +83,7 @@ Microsoft Exchange Server Remote Code Execution Vulnerability - https://github.com/merlinepedra/RedTeam_toolkit - https://github.com/merlinepedra25/RedTeam_toolkit - https://github.com/mithridates1313/ProxyShell_POC +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/osogi/NTO_2022 - https://github.com/p2-98/CVE-2021-34473 diff --git a/2021/CVE-2021-34523.md b/2021/CVE-2021-34523.md index b2e35b3f1..1e179e394 100644 --- a/2021/CVE-2021-34523.md +++ b/2021/CVE-2021-34523.md @@ -52,6 +52,7 @@ Microsoft Exchange Server Elevation of Privilege Vulnerability - https://github.com/merlinepedra/RedTeam_toolkit - https://github.com/merlinepedra25/RedTeam_toolkit - https://github.com/mithridates1313/ProxyShell_POC +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research diff --git a/2021/CVE-2021-34527.md b/2021/CVE-2021-34527.md index 7c2263047..00483c6e2 100644 --- a/2021/CVE-2021-34527.md +++ b/2021/CVE-2021-34527.md @@ -121,6 +121,7 @@ - https://github.com/SSBhaumik/Printnightmare-safetool - https://github.com/SYRTI/POC_to_review - https://github.com/SecuProject/NetworkInfoGather +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SexurityAnalyst/WinPwn - https://github.com/Shadowven/Vulnerability_Reproduction - https://github.com/SirElmard/ethical_hacking diff --git a/2021/CVE-2021-3493.md b/2021/CVE-2021-3493.md index a22532bfe..c1a7bf949 100644 --- a/2021/CVE-2021-3493.md +++ b/2021/CVE-2021-3493.md @@ -50,6 +50,7 @@ The overlayfs implementation in the linux kernel did not properly validate with - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/ProbiusOfficial/Awsome-Sec.CTF-Videomaker - https://github.com/SYRTI/POC_to_review +- https://github.com/SenukDias/OSCP_cheat - https://github.com/Senz4wa/CVE-2021-3493 - https://github.com/SexyBeast233/SecBooks - https://github.com/SirElmard/ethical_hacking diff --git a/2021/CVE-2021-34973.md b/2021/CVE-2021-34973.md index 80ec894ce..0ef27edb6 100644 --- a/2021/CVE-2021-34973.md +++ b/2021/CVE-2021-34973.md @@ -15,4 +15,6 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/CVE - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/CVE +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2021/CVE-2021-35540.md b/2021/CVE-2021-35540.md index 2aa7ee987..8dbd2a744 100644 --- a/2021/CVE-2021-35540.md +++ b/2021/CVE-2021-35540.md @@ -17,4 +17,6 @@ Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp - https://github.com/dlehgus1023/CVE - https://github.com/dlehgus1023/VirtualBox_IO-Fuzz - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/CVE +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2021/CVE-2021-3560.md b/2021/CVE-2021-3560.md index d7dfd149a..5f0c6e007 100644 --- a/2021/CVE-2021-3560.md +++ b/2021/CVE-2021-3560.md @@ -53,6 +53,7 @@ It was found that polkit could be tricked into bypassing the credential checks f - https://github.com/RicterZ/CVE-2021-3560-Authentication-Agent - https://github.com/STEALTH-Z/CVE-2021-3560 - https://github.com/SYRTI/POC_to_review +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/TieuLong21Prosper/CVE-2021-3560 diff --git a/2021/CVE-2021-36934.md b/2021/CVE-2021-36934.md index d3395626d..9100affa6 100644 --- a/2021/CVE-2021-36934.md +++ b/2021/CVE-2021-36934.md @@ -56,6 +56,7 @@ - https://github.com/RP01XXX/internalpentesting - https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet - https://github.com/SYRTI/POC_to_review +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SexyBeast233/SecBooks - https://github.com/SirElmard/ethical_hacking - https://github.com/Sp00p64/PyNightmare diff --git a/2021/CVE-2021-36942.md b/2021/CVE-2021-36942.md index c73343ca6..a0910bf6d 100644 --- a/2021/CVE-2021-36942.md +++ b/2021/CVE-2021-36942.md @@ -44,6 +44,7 @@ Windows LSA Spoofing Vulnerability - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/Royalboy2000/codeRDPbreaker +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/XiaoliChan/PetitPotam-V2 - https://github.com/cfalta/MicrosoftWontFixList diff --git a/2021/CVE-2021-37778.md b/2021/CVE-2021-37778.md index 8e4f6977e..61b585172 100644 --- a/2021/CVE-2021-37778.md +++ b/2021/CVE-2021-37778.md @@ -13,5 +13,6 @@ There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line pa No PoCs from references. #### Github +- https://github.com/DiRaltvein/memory-corruption-examples - https://github.com/firmianay/security-issues diff --git a/2021/CVE-2021-4034.md b/2021/CVE-2021-4034.md index 1507a65d6..821c8f8a3 100644 --- a/2021/CVE-2021-4034.md +++ b/2021/CVE-2021-4034.md @@ -148,6 +148,7 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility. - https://github.com/Rijha/pwnkitt - https://github.com/Rvn0xsy/CVE-2021-4034 - https://github.com/Sakura-nee/CVE-2021-4034 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/Senz4wa/CVE-2021-4034 - https://github.com/Silencecyber/cve-2021-4034 - https://github.com/SirElmard/ethical_hacking @@ -328,6 +329,7 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility. - https://github.com/promise2k/OSCP - https://github.com/ps-interactive/lab_cve-2021-4034-polkit-emulation-and-detection - https://github.com/pyhrr0/pwnkit +- https://github.com/q99266/saury-vulnhub - https://github.com/raigoj/local - https://github.com/revanmalang/OSCP - https://github.com/rhysmcneill/CVE-2021-403 diff --git a/2021/CVE-2021-41379.md b/2021/CVE-2021-41379.md index 68853a10a..19fee4c33 100644 --- a/2021/CVE-2021-41379.md +++ b/2021/CVE-2021-41379.md @@ -63,6 +63,7 @@ No PoCs from references. - https://github.com/Octoberfest7/Tools - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/cyb3rpeace/InstallerFileTakeOver - https://github.com/devopscoder331/CVE_InstallerFileTakeOver diff --git a/2021/CVE-2021-41773.md b/2021/CVE-2021-41773.md index cfe27f02a..86d3c2a8c 100644 --- a/2021/CVE-2021-41773.md +++ b/2021/CVE-2021-41773.md @@ -113,6 +113,7 @@ A flaw was found in a change made to path normalization in Apache HTTP Server 2. - https://github.com/RyouYoo/CVE-2021-41773 - https://github.com/SYRTI/POC_to_review - https://github.com/Sakura-nee/CVE-2021-41773 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/Shadow-warrior0/Apache_path_traversal - https://github.com/Shadowven/Vulnerability_Reproduction - https://github.com/SirElmard/ethical_hacking @@ -259,6 +260,7 @@ A flaw was found in a change made to path normalization in Apache HTTP Server 2. - https://github.com/provnavigator/prov_navigator - https://github.com/puckiestyle/CVE-2021-41773 - https://github.com/pwn3z/CVE-2021-41773-Apache-RCE +- https://github.com/q99266/saury-vulnhub - https://github.com/qwutony/CVE-2021-41773 - https://github.com/r00tVen0m/CVE-2021-41773 - https://github.com/randomAnalyst/PoC-Fetcher diff --git a/2021/CVE-2021-42013.md b/2021/CVE-2021-42013.md index 393bfa72a..213f80f7e 100644 --- a/2021/CVE-2021-42013.md +++ b/2021/CVE-2021-42013.md @@ -74,6 +74,7 @@ It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was in - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/Rubikcuv5/cve-2021-42013 - https://github.com/SYRTI/POC_to_review +- https://github.com/SenukDias/OSCP_cheat - https://github.com/Shadow-warrior0/Apache_path_traversal - https://github.com/Shadowven/Vulnerability_Reproduction - https://github.com/SirElmard/ethical_hacking @@ -146,6 +147,7 @@ It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was in - https://github.com/pen4uin/vulnerability-research-list - https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-41773-and-CVE-2021-42013-exploitation-attempt - https://github.com/pwn3z/CVE-2021-41773-Apache-RCE +- https://github.com/q99266/saury-vulnhub - https://github.com/quentin33980/ToolBox-qgt - https://github.com/ralvares/security-demos - https://github.com/randomAnalyst/PoC-Fetcher diff --git a/2021/CVE-2021-42278.md b/2021/CVE-2021-42278.md index bc39ab7a4..cf6fc29d6 100644 --- a/2021/CVE-2021-42278.md +++ b/2021/CVE-2021-42278.md @@ -82,6 +82,7 @@ No PoCs from references. - https://github.com/Ridter/noPac - https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet - https://github.com/SYRTI/POC_to_review +- https://github.com/SenukDias/OSCP_cheat - https://github.com/Singhsanjeev617/A-Red-Teamer-diaries - https://github.com/SirElmard/ethical_hacking - https://github.com/Threekiii/Awesome-Redteam diff --git a/2021/CVE-2021-42287.md b/2021/CVE-2021-42287.md index 6a6b15f22..dfeaf03a5 100644 --- a/2021/CVE-2021-42287.md +++ b/2021/CVE-2021-42287.md @@ -79,6 +79,7 @@ No PoCs from references. - https://github.com/RkDx/MyRuby - https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet - https://github.com/SYRTI/POC_to_review +- https://github.com/SenukDias/OSCP_cheat - https://github.com/Singhsanjeev617/A-Red-Teamer-diaries - https://github.com/SirElmard/ethical_hacking - https://github.com/Strokekilla/Rubeus diff --git a/2021/CVE-2021-42321.md b/2021/CVE-2021-42321.md index 8c7c490a6..d5dc1e85a 100644 --- a/2021/CVE-2021-42321.md +++ b/2021/CVE-2021-42321.md @@ -37,6 +37,7 @@ Microsoft Exchange Server Remote Code Execution Vulnerability - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/SYRTI/POC_to_review +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/SohelParashar/.Net-Deserialization-Cheat-Sheet - https://github.com/TrojanAZhen/Self_Back diff --git a/2021/CVE-2021-42550.md b/2021/CVE-2021-42550.md index 9deba937e..342fea055 100644 --- a/2021/CVE-2021-42550.md +++ b/2021/CVE-2021-42550.md @@ -41,4 +41,5 @@ In logback version 1.2.7 and prior versions, an attacker with the required privi - https://github.com/thl-cmk/CVE-log4j-check_mk-plugin - https://github.com/trhacknon/CVE-2021-44228-Scanner - https://github.com/trhacknon/log4shell-finder +- https://github.com/ytono/gcp-arcade diff --git a/2021/CVE-2021-44228.md b/2021/CVE-2021-44228.md index 7b5fcf477..54bd7e877 100644 --- a/2021/CVE-2021-44228.md +++ b/2021/CVE-2021-44228.md @@ -438,6 +438,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12 - https://github.com/Saravana-Infosec/log4j - https://github.com/Schira4396/VcenterKiller - https://github.com/Sennovate-Inc/GluuLog4jScanner +- https://github.com/SenukDias/OSCP_cheat - https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs - https://github.com/Shakilll/nulcei-templates-collection - https://github.com/ShaneKingBlog/org.shaneking.demo.cve.y2021.s44228 @@ -1220,6 +1221,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12 - https://github.com/pwnlog/PAD - https://github.com/pwnlog/PuroAD - https://github.com/pwnlog/PurpAD +- https://github.com/q99266/saury-vulnhub - https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch - https://github.com/qingtengyun/cve-2021-44228-qingteng-patch - https://github.com/quoll/mulgara diff --git a/2021/CVE-2021-45978.md b/2021/CVE-2021-45978.md index e4ce7c56f..8d2cc1b47 100644 --- a/2021/CVE-2021-45978.md +++ b/2021/CVE-2021-45978.md @@ -16,4 +16,6 @@ Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to e - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/CVE - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/CVE +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2021/CVE-2021-45979.md b/2021/CVE-2021-45979.md index 1ab130854..049cd754d 100644 --- a/2021/CVE-2021-45979.md +++ b/2021/CVE-2021-45979.md @@ -16,4 +16,6 @@ Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to e - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/CVE - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/CVE +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2021/CVE-2021-45980.md b/2021/CVE-2021-45980.md index 5d9845404..3e969e154 100644 --- a/2021/CVE-2021-45980.md +++ b/2021/CVE-2021-45980.md @@ -16,4 +16,6 @@ Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to e - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/CVE - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/CVE +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-0129.md b/2022/CVE-2022-0129.md index e4d660579..968bb345b 100644 --- a/2022/CVE-2022-0129.md +++ b/2022/CVE-2022-0129.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-0517.md b/2022/CVE-2022-0517.md index af3c0694f..952a0d355 100644 --- a/2022/CVE-2022-0517.md +++ b/2022/CVE-2022-0517.md @@ -16,4 +16,5 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/chnzzh/OpenSSL-CVE-lib - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-0847.md b/2022/CVE-2022-0847.md index 92cd02854..60b0b7bec 100644 --- a/2022/CVE-2022-0847.md +++ b/2022/CVE-2022-0847.md @@ -116,6 +116,7 @@ A flaw was found in the way the "flags" member of the new pipe buffer structure - https://github.com/Qwertozavr/PR1_TRPP - https://github.com/RACHO-PRG/Linux_Escalada_Privilegios - https://github.com/SYRTI/POC_to_review +- https://github.com/SenukDias/OSCP_cheat - https://github.com/Shadowven/Vulnerability_Reproduction - https://github.com/Shotokhan/cve_2022_0847_shellcode - https://github.com/SirElmard/ethical_hacking @@ -297,6 +298,7 @@ A flaw was found in the way the "flags" member of the new pipe buffer structure - https://github.com/rexpository/linux-privilege-escalation - https://github.com/s3mPr1linux/CVE_2022_0847 - https://github.com/sa-infinity8888/Dirty-Pipe-CVE-2022-0847 +- https://github.com/sarthakpriyadarshi/Obsidian-OSCP-Notes - https://github.com/sarutobi12/sarutobi12 - https://github.com/scopion/dirty-pipe - https://github.com/si1ent-le/CVE-2022-0847 diff --git a/2022/CVE-2022-1638.md b/2022/CVE-2022-1638.md index 45910c0a3..080a8d824 100644 --- a/2022/CVE-2022-1638.md +++ b/2022/CVE-2022-1638.md @@ -16,4 +16,5 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/davidboukari/yum-rpm-dnf - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-21999.md b/2022/CVE-2022-21999.md index 97473a126..e086d870c 100644 --- a/2022/CVE-2022-21999.md +++ b/2022/CVE-2022-21999.md @@ -62,6 +62,7 @@ Windows Print Spooler Elevation of Privilege Vulnerability - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/SYRTI/POC_to_review +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/WhooAmii/POC_to_review - https://github.com/ahmetfurkans/CVE-2022-22718 diff --git a/2022/CVE-2022-22004.md b/2022/CVE-2022-22004.md index 716544f44..9d0d13e44 100644 --- a/2022/CVE-2022-22004.md +++ b/2022/CVE-2022-22004.md @@ -17,4 +17,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-22947.md b/2022/CVE-2022-22947.md index 48550e06c..7d8e512fd 100644 --- a/2022/CVE-2022-22947.md +++ b/2022/CVE-2022-22947.md @@ -165,6 +165,7 @@ In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are v - https://github.com/open-source-agenda/new-open-source-projects - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main - https://github.com/pen4uin/java-memshell-generator-release +- https://github.com/q99266/saury-vulnhub - https://github.com/qq87234770/CVE-2022-22947 - https://github.com/reph0r/poc-exp - https://github.com/reph0r/poc-exp-tools diff --git a/2022/CVE-2022-22963.md b/2022/CVE-2022-22963.md index fc7efab59..6d7dea0a8 100644 --- a/2022/CVE-2022-22963.md +++ b/2022/CVE-2022-22963.md @@ -65,6 +65,7 @@ In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, w - https://github.com/RanDengShiFu/CVE-2022-22963 - https://github.com/SYRTI/POC_to_review - https://github.com/SealPaPaPa/SpringCloudFunction-Research +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/SnailDev/github-hot-hub - https://github.com/SourM1lk/CVE-2022-22963-Exploit diff --git a/2022/CVE-2022-22965.md b/2022/CVE-2022-22965.md index 13c60a898..927506de4 100644 --- a/2022/CVE-2022-22965.md +++ b/2022/CVE-2022-22965.md @@ -259,6 +259,7 @@ A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable t - https://github.com/netcode/Spring4shell-CVE-2022-22965-POC - https://github.com/netlas-io/netlas-cookbook - https://github.com/netsentriesdev/spring4Shell-Safe-Exploit +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/nu0l/CVE-2022-22965 - https://github.com/nu1r/yak-module-Nu diff --git a/2022/CVE-2022-23119.md b/2022/CVE-2022-23119.md index adb8bbc3b..aeeed7802 100644 --- a/2022/CVE-2022-23119.md +++ b/2022/CVE-2022-23119.md @@ -19,6 +19,7 @@ A directory traversal vulnerability in Trend Micro Deep Security and Cloud One - - https://github.com/0xsyr0/OSCP - https://github.com/ARPSyndicate/cvemon - https://github.com/Ly0nt4r/OSCP +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/e-hakson/OSCP - https://github.com/eljosep/OSCP-Guide diff --git a/2022/CVE-2022-23120.md b/2022/CVE-2022-23120.md index b971b3993..23da11754 100644 --- a/2022/CVE-2022-23120.md +++ b/2022/CVE-2022-23120.md @@ -19,6 +19,7 @@ A code injection vulnerability in Trend Micro Deep Security and Cloud One - Work - https://github.com/0xsyr0/OSCP - https://github.com/ARPSyndicate/cvemon - https://github.com/Ly0nt4r/OSCP +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/e-hakson/OSCP - https://github.com/eljosep/OSCP-Guide diff --git a/2022/CVE-2022-23202.md b/2022/CVE-2022-23202.md index 942fc56de..2565f493b 100644 --- a/2022/CVE-2022-23202.md +++ b/2022/CVE-2022-23202.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-24356.md b/2022/CVE-2022-24356.md index 11b4083bb..2671cd405 100644 --- a/2022/CVE-2022-24356.md +++ b/2022/CVE-2022-24356.md @@ -15,4 +15,5 @@ This vulnerability allows remote attackers to execute arbitrary code on affected #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-24370.md b/2022/CVE-2022-24370.md index b90d05239..a55a96d54 100644 --- a/2022/CVE-2022-24370.md +++ b/2022/CVE-2022-24370.md @@ -15,4 +15,5 @@ This vulnerability allows remote attackers to disclose sensitive information on #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-24543.md b/2022/CVE-2022-24543.md index f18bc6d20..8eb6d9da5 100644 --- a/2022/CVE-2022-24543.md +++ b/2022/CVE-2022-24543.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-24715.md b/2022/CVE-2022-24715.md index c63630734..7f7708d6d 100644 --- a/2022/CVE-2022-24715.md +++ b/2022/CVE-2022-24715.md @@ -16,6 +16,7 @@ Icinga Web 2 is an open source monitoring web interface, framework and command-l - https://github.com/0xsyr0/OSCP - https://github.com/ARPSyndicate/cvemon - https://github.com/JacobEbben/CVE-2022-24715 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/cxdxnt/CVE-2022-24715 - https://github.com/d4rkb0n3/CVE-2022-24715-go diff --git a/2022/CVE-2022-24954.md b/2022/CVE-2022-24954.md index 63e9620a1..1b48ea24f 100644 --- a/2022/CVE-2022-24954.md +++ b/2022/CVE-2022-24954.md @@ -15,4 +15,5 @@ Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have a Stack-B #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-24955.md b/2022/CVE-2022-24955.md index 0b77f4087..be2c04203 100644 --- a/2022/CVE-2022-24955.md +++ b/2022/CVE-2022-24955.md @@ -15,4 +15,5 @@ Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncont #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-26134.md b/2022/CVE-2022-26134.md index 7117b704c..78c0eee88 100644 --- a/2022/CVE-2022-26134.md +++ b/2022/CVE-2022-26134.md @@ -88,6 +88,7 @@ In affected versions of Confluence Server and Data Center, an OGNL injection vul - https://github.com/SNCKER/CVE-2022-26134 - https://github.com/SYRTI/POC_to_review - https://github.com/Sakura-nee/CVE-2022-26134 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/StarCrossPortal/scalpel - https://github.com/SummerSec/SpringExploit @@ -129,6 +130,7 @@ In affected versions of Confluence Server and Data Center, an OGNL injection vul - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/dabaibuai/dabai - https://github.com/demining/Log4j-Vulnerability +- https://github.com/domsum03/Researched-Top-APT-Groups - https://github.com/e-hakson/OSCP - https://github.com/eljosep/OSCP-Guide - https://github.com/enomothem/PenTestNote @@ -141,6 +143,7 @@ In affected versions of Confluence Server and Data Center, an OGNL injection vul - https://github.com/hev0x/CVE-2022-26134 - https://github.com/hktalent/TOP - https://github.com/hktalent/bug-bounty +- https://github.com/huan-cdm/secure_tools_link - https://github.com/huimzjty/vulwiki - https://github.com/iluaster/getdrive_PoC - https://github.com/incogbyte/CVE_2022_26134-detect diff --git a/2022/CVE-2022-26319.md b/2022/CVE-2022-26319.md index 096814181..f06896b77 100644 --- a/2022/CVE-2022-26319.md +++ b/2022/CVE-2022-26319.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-26337.md b/2022/CVE-2022-26337.md index 5e0d90a5d..062c9d58c 100644 --- a/2022/CVE-2022-26337.md +++ b/2022/CVE-2022-26337.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-27842.md b/2022/CVE-2022-27842.md index daa4edc87..1dfe9087d 100644 --- a/2022/CVE-2022-27842.md +++ b/2022/CVE-2022-27842.md @@ -17,4 +17,5 @@ No PoCs from references. - https://github.com/DNSLab-Advisories/Security-Issue - https://github.com/dlehgus1023/dlehgus1023 - https://github.com/karimhabush/cyberowl +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-27843.md b/2022/CVE-2022-27843.md index 607f1d7e6..36c8d745f 100644 --- a/2022/CVE-2022-27843.md +++ b/2022/CVE-2022-27843.md @@ -17,4 +17,5 @@ No PoCs from references. - https://github.com/DNSLab-Advisories/Security-Issue - https://github.com/dlehgus1023/dlehgus1023 - https://github.com/karimhabush/cyberowl +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-28541.md b/2022/CVE-2022-28541.md index ecff6e7ea..1d1c17052 100644 --- a/2022/CVE-2022-28541.md +++ b/2022/CVE-2022-28541.md @@ -17,4 +17,5 @@ No PoCs from references. - https://github.com/DNSLab-Advisories/Security-Issue - https://github.com/dlehgus1023/dlehgus1023 - https://github.com/karimhabush/cyberowl +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-28550.md b/2022/CVE-2022-28550.md index e94ecb29a..f7b96987b 100644 --- a/2022/CVE-2022-28550.md +++ b/2022/CVE-2022-28550.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/DiRaltvein/memory-corruption-examples - https://github.com/Marsman1996/pocs diff --git a/2022/CVE-2022-28779.md b/2022/CVE-2022-28779.md index 2852bccda..4dfdaa158 100644 --- a/2022/CVE-2022-28779.md +++ b/2022/CVE-2022-28779.md @@ -16,4 +16,5 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/DNSLab-Advisories/Security-Issue - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-29021.md b/2022/CVE-2022-29021.md index c3cd662be..0014fc12d 100644 --- a/2022/CVE-2022-29021.md +++ b/2022/CVE-2022-29021.md @@ -13,5 +13,5 @@ A buffer overflow vulnerability exists in the razerkbd driver of OpenRazer up to - https://www.cyberark.com/resources/threat-research-blog/colorful-vulnerabilities #### Github -No PoCs found on GitHub currently. +- https://github.com/DiRaltvein/memory-corruption-examples diff --git a/2022/CVE-2022-30557.md b/2022/CVE-2022-30557.md index aa8ef94ab..b2e1da246 100644 --- a/2022/CVE-2022-30557.md +++ b/2022/CVE-2022-30557.md @@ -14,4 +14,5 @@ Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that c #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-30744.md b/2022/CVE-2022-30744.md index b75ed9e01..cf85619d8 100644 --- a/2022/CVE-2022-30744.md +++ b/2022/CVE-2022-30744.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-31003.md b/2022/CVE-2022-31003.md new file mode 100644 index 000000000..d050bcd99 --- /dev/null +++ b/2022/CVE-2022-31003.md @@ -0,0 +1,18 @@ +### [CVE-2022-31003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31003) +![](https://img.shields.io/static/v1?label=Product&message=sofia-sip&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%3A%20Heap-based%20Buffer%20Overflow&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%3A%20Out-of-bounds%20Write&color=brighgreen) + +### Description + +Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiRaltvein/memory-corruption-examples + diff --git a/2022/CVE-2022-31214.md b/2022/CVE-2022-31214.md index 5a83eb3d7..27eaba889 100644 --- a/2022/CVE-2022-31214.md +++ b/2022/CVE-2022-31214.md @@ -14,6 +14,7 @@ A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. #### Github - https://github.com/0xsyr0/OSCP +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/kgwanjala/oscp-cheatsheet - https://github.com/linuskoester/writeups diff --git a/2022/CVE-2022-32787.md b/2022/CVE-2022-32787.md index c2a7a5be9..c80f369ca 100644 --- a/2022/CVE-2022-32787.md +++ b/2022/CVE-2022-32787.md @@ -22,4 +22,5 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/dlehgus1023 - https://github.com/houjingyi233/macOS-iOS-system-security +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-32816.md b/2022/CVE-2022-32816.md index 772a9ff8c..678031e73 100644 --- a/2022/CVE-2022-32816.md +++ b/2022/CVE-2022-32816.md @@ -20,4 +20,5 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/dlehgus1023 - https://github.com/houjingyi233/macOS-iOS-system-security +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-33711.md b/2022/CVE-2022-33711.md index 9ad57cbd8..8e13df147 100644 --- a/2022/CVE-2022-33711.md +++ b/2022/CVE-2022-33711.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-34918.md b/2022/CVE-2022-34918.md index 0d8506eeb..c17c228ad 100644 --- a/2022/CVE-2022-34918.md +++ b/2022/CVE-2022-34918.md @@ -32,6 +32,7 @@ An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug - https://github.com/NaInSec/CVE-PoC-in-GitHub - https://github.com/SYRTI/POC_to_review - https://github.com/Sechack06/CVE-2022-34918 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/WhooAmii/POC_to_review diff --git a/2022/CVE-2022-36840.md b/2022/CVE-2022-36840.md index 56e407c33..25806753b 100644 --- a/2022/CVE-2022-36840.md +++ b/2022/CVE-2022-36840.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-37376.md b/2022/CVE-2022-37376.md index 64009daeb..316f42307 100644 --- a/2022/CVE-2022-37376.md +++ b/2022/CVE-2022-37376.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-37377.md b/2022/CVE-2022-37377.md index cb7bc6186..2ec0199ad 100644 --- a/2022/CVE-2022-37377.md +++ b/2022/CVE-2022-37377.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-37378.md b/2022/CVE-2022-37378.md index 0a5946f55..0997ceb81 100644 --- a/2022/CVE-2022-37378.md +++ b/2022/CVE-2022-37378.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-39227.md b/2022/CVE-2022-39227.md index b2b4e30e3..e54c95b71 100644 --- a/2022/CVE-2022-39227.md +++ b/2022/CVE-2022-39227.md @@ -10,7 +10,7 @@ python-jwt is a module for generating and verifying JSON Web Tokens. Versions pr ### POC #### Reference -No PoCs from references. +- https://www.vicarius.io/vsociety/posts/authentication-bypass-in-python-jwt #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2022/CVE-2022-39421.md b/2022/CVE-2022-39421.md index 4dc378ca3..f58ce61b1 100644 --- a/2022/CVE-2022-39421.md +++ b/2022/CVE-2022-39421.md @@ -14,4 +14,5 @@ Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (comp #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-39845.md b/2022/CVE-2022-39845.md index 6800c1888..7432913dc 100644 --- a/2022/CVE-2022-39845.md +++ b/2022/CVE-2022-39845.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-40684.md b/2022/CVE-2022-40684.md index b604e4af2..e2c74d2ab 100644 --- a/2022/CVE-2022-40684.md +++ b/2022/CVE-2022-40684.md @@ -71,6 +71,7 @@ An authentication bypass using an alternate path or channel [CWE-288] in Fortine - https://github.com/mjutsu/Bug-bounty - https://github.com/mohamedbenchikh/CVE-2022-40684 - https://github.com/murchie85/twitterCyberMonitor +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/notareaperbutDR34P3r/CVE-2022-40684-Rust - https://github.com/oxmanasse/Bug-bounty diff --git a/2022/CVE-2022-41040.md b/2022/CVE-2022-41040.md index cb3a5c0bd..9a34ca80a 100644 --- a/2022/CVE-2022-41040.md +++ b/2022/CVE-2022-41040.md @@ -58,6 +58,7 @@ Microsoft Exchange Server Elevation of Privilege Vulnerability - https://github.com/manas3c/CVE-POC - https://github.com/michelderooij/michelderooij - https://github.com/mjutsu/Bug-bounty +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/numanturle/CVE-2022-41040 - https://github.com/oxmanasse/Bug-bounty diff --git a/2022/CVE-2022-41082.md b/2022/CVE-2022-41082.md index b4a5bb615..8f7a27c38 100644 --- a/2022/CVE-2022-41082.md +++ b/2022/CVE-2022-41082.md @@ -51,6 +51,7 @@ Microsoft Exchange Server Remote Code Execution Vulnerability - https://github.com/manas3c/CVE-POC - https://github.com/michelderooij/michelderooij - https://github.com/mr-r3b00t/NotProxyShellHunter +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/notareaperbutDR34P3r/http-vuln-CVE-2022-41082 - https://github.com/notareaperbutDR34P3r/vuln-CVE-2022-41082 diff --git a/2022/CVE-2022-4202.md b/2022/CVE-2022-4202.md index 414c9a058..c11651d05 100644 --- a/2022/CVE-2022-4202.md +++ b/2022/CVE-2022-4202.md @@ -13,5 +13,5 @@ A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV- - https://github.com/gpac/gpac/issues/2333 #### Github -No PoCs found on GitHub currently. +- https://github.com/DiRaltvein/memory-corruption-examples diff --git a/2022/CVE-2022-42799.md b/2022/CVE-2022-42799.md index bf2dec29a..30001114f 100644 --- a/2022/CVE-2022-42799.md +++ b/2022/CVE-2022-42799.md @@ -19,4 +19,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-42823.md b/2022/CVE-2022-42823.md index 637c96b31..67bda95a0 100644 --- a/2022/CVE-2022-42823.md +++ b/2022/CVE-2022-42823.md @@ -18,4 +18,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-42824.md b/2022/CVE-2022-42824.md index ce389f80a..8d93bc876 100644 --- a/2022/CVE-2022-42824.md +++ b/2022/CVE-2022-42824.md @@ -18,4 +18,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-44010.md b/2022/CVE-2022-44010.md new file mode 100644 index 000000000..20fb8e038 --- /dev/null +++ b/2022/CVE-2022-44010.md @@ -0,0 +1,17 @@ +### [CVE-2022-44010](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44010) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19. + +### POC + +#### Reference +- https://clickhouse.com/docs/en/whats-new/security-changelog + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-4568.md b/2022/CVE-2022-4568.md new file mode 100644 index 000000000..39a8c1be9 --- /dev/null +++ b/2022/CVE-2022-4568.md @@ -0,0 +1,17 @@ +### [CVE-2022-4568](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4568) +![](https://img.shields.io/static/v1?label=Product&message=Lenovo%20System%20Update&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20prior%20to%205.08.01.0005%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-276%20Incorrect%20Default%20Permissions&color=brighgreen) + +### Description + +A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ytono/gcp-arcade + diff --git a/2022/CVE-2022-4603.md b/2022/CVE-2022-4603.md new file mode 100644 index 000000000..551d48dd1 --- /dev/null +++ b/2022/CVE-2022-4603.md @@ -0,0 +1,17 @@ +### [CVE-2022-4603](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4603) +![](https://img.shields.io/static/v1?label=Product&message=ppp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Memory%20Corruption%20-%3E%20CWE-129%20Improper%20Validation%20of%20Array%20Index&color=brighgreen) + +### Description + +** DISPUTED ** A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiRaltvein/memory-corruption-examples + diff --git a/2022/CVE-2022-46169.md b/2022/CVE-2022-46169.md index db53d4ba1..e00ac935e 100644 --- a/2022/CVE-2022-46169.md +++ b/2022/CVE-2022-46169.md @@ -40,6 +40,7 @@ No PoCs from references. - https://github.com/Rickster5555/EH2-PoC - https://github.com/Safarchand/CVE-2022-46169 - https://github.com/Safe3/CVS +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/TasosY2K/camera-exploit-tool - https://github.com/Threekiii/Awesome-POC diff --git a/2022/CVE-2022-46698.md b/2022/CVE-2022-46698.md index ce3a7e748..0c6d43d24 100644 --- a/2022/CVE-2022-46698.md +++ b/2022/CVE-2022-46698.md @@ -23,4 +23,5 @@ A logic issue was addressed with improved checks. This issue is fixed in Safari #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-46875.md b/2022/CVE-2022-46875.md index 97ab003cb..68f098ee4 100644 --- a/2022/CVE-2022-46875.md +++ b/2022/CVE-2022-46875.md @@ -17,4 +17,5 @@ The executable file warning was not presented when downloading .atloc and .ftplo #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2022/CVE-2022-47445.md b/2022/CVE-2022-47445.md new file mode 100644 index 000000000..8fc5bc1bf --- /dev/null +++ b/2022/CVE-2022-47445.md @@ -0,0 +1,17 @@ +### [CVE-2022-47445](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47445) +![](https://img.shields.io/static/v1?label=Product&message=Be%20POPIA%20Compliant&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a through 1.2.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/me2nuk/me2nuk + diff --git a/2022/CVE-2022-47589.md b/2022/CVE-2022-47589.md new file mode 100644 index 000000000..127c7725c --- /dev/null +++ b/2022/CVE-2022-47589.md @@ -0,0 +1,17 @@ +### [CVE-2022-47589](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47589) +![](https://img.shields.io/static/v1?label=Product&message=CTT%20Expresso%20para%20WooCommerce&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this.Functional CTT Expresso para WooCommerce plugin <= 3.2.11 versions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/me2nuk/me2nuk + diff --git a/2022/CVE-2022-48666.md b/2022/CVE-2022-48666.md index 512a7626a..c1b707ecd 100644 --- a/2022/CVE-2022-48666.md +++ b/2022/CVE-2022-48666.md @@ -1,6 +1,6 @@ ### [CVE-2022-48666](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48666) ![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=65ca846a5314%3C%202e7eb4c1e8af%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=65ca846a5314%3C%205ce8fad94123%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) ### Description diff --git a/2023/CVE-2023-1829.md b/2023/CVE-2023-1829.md index 0c4db7fa2..ab5d93a79 100644 --- a/2023/CVE-2023-1829.md +++ b/2023/CVE-2023-1829.md @@ -16,6 +16,7 @@ A use-after-free vulnerability in the Linux Kernel traffic control index filter - https://github.com/EGI-Federation/SVG-advisories - https://github.com/N1ghtu/RWCTF6th-RIPTC - https://github.com/Threekiii/CVE +- https://github.com/cvestone/CtfCollections - https://github.com/lanleft/CVE-2023-1829 - https://github.com/lanleft/CVE2023-1829 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-2033.md b/2023/CVE-2023-2033.md index 018a1f5e9..8c0008b45 100644 --- a/2023/CVE-2023-2033.md +++ b/2023/CVE-2023-2033.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/NexovaDev/UpdateHub - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/RENANZG/My-Debian-GNU-Linux - https://github.com/RENANZG/My-Forensics - https://github.com/Threekiii/CVE - https://github.com/WalccDev/CVE-2023-2033 diff --git a/2023/CVE-2023-2052.md b/2023/CVE-2023-2052.md new file mode 100644 index 000000000..c17e65609 --- /dev/null +++ b/2023/CVE-2023-2052.md @@ -0,0 +1,17 @@ +### [CVE-2023-2052](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2052) +![](https://img.shields.io/static/v1?label=Product&message=Advanced%20Online%20Voting%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Campcodes Advanced Online Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ballot_down.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225937 was assigned to this vulnerability. + +### POC + +#### Reference +- https://vuldb.com/?id.225937 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2097.md b/2023/CVE-2023-2097.md index 881122725..1fb94d920 100644 --- a/2023/CVE-2023-2097.md +++ b/2023/CVE-2023-2097.md @@ -11,6 +11,7 @@ A vulnerability was found in SourceCodester Vehicle Service Management System 1. #### Reference - https://github.com/E1CHO/cve_hub/blob/main/Vehicle%20Service%20Management%20System/Vehicle%20Service%20Management%20System%20-%20vuln%206.pdf +- https://vuldb.com/?id.226105 #### Github - https://github.com/1-tong/vehicle_cves diff --git a/2023/CVE-2023-2136.md b/2023/CVE-2023-2136.md index e5b5e0612..7184e5f43 100644 --- a/2023/CVE-2023-2136.md +++ b/2023/CVE-2023-2136.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/RENANZG/My-Debian-GNU-Linux - https://github.com/RENANZG/My-Forensics - https://github.com/Threekiii/CVE - https://github.com/ayman-m/rosetta diff --git a/2023/CVE-2023-21746.md b/2023/CVE-2023-21746.md index 84cd376c0..c713a83a0 100644 --- a/2023/CVE-2023-21746.md +++ b/2023/CVE-2023-21746.md @@ -51,6 +51,7 @@ No PoCs from references. - https://github.com/Etoile1024/Pentest-Common-Knowledge - https://github.com/MarikalAbhijeet/Localpotatoexploit - https://github.com/Muhammad-Ali007/LocalPotato_CVE-2023-21746 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/blu3ming/LocalPotato - https://github.com/chudamax/LocalPotatoExamples diff --git a/2023/CVE-2023-21768.md b/2023/CVE-2023-21768.md index f71bccfcb..a65eda6aa 100644 --- a/2023/CVE-2023-21768.md +++ b/2023/CVE-2023-21768.md @@ -41,6 +41,7 @@ Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerabili - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/Rosayxy/Recreate-cve-2023-21768 - https://github.com/SamuelTulach/nullmap +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/TayoG/44con2023-resources - https://github.com/Threekiii/CVE diff --git a/2023/CVE-2023-21817.md b/2023/CVE-2023-21817.md index b50891e4c..c7fece4d1 100644 --- a/2023/CVE-2023-21817.md +++ b/2023/CVE-2023-21817.md @@ -49,6 +49,7 @@ No PoCs from references. #### Github - https://github.com/0xsyr0/OSCP - https://github.com/ARPSyndicate/cvemon +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/kgwanjala/oscp-cheatsheet - https://github.com/oscpname/OSCP_cheat diff --git a/2023/CVE-2023-22518.md b/2023/CVE-2023-22518.md index cde3217e4..9fb2bebc6 100644 --- a/2023/CVE-2023-22518.md +++ b/2023/CVE-2023-22518.md @@ -30,6 +30,7 @@ All versions of Confluence Data Center and Server are affected by this unexploit - https://github.com/davidfortytwo/CVE-2023-22518 - https://github.com/ditekshen/ansible-cve-2023-22518 - https://github.com/duggytuxy/malicious_ip_addresses +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/sanjai-AK47/CVE-2023-22518 - https://github.com/securitycipher/daily-bugbounty-writeups diff --git a/2023/CVE-2023-22622.md b/2023/CVE-2023-22622.md index 816695cb9..10d172dff 100644 --- a/2023/CVE-2023-22622.md +++ b/2023/CVE-2023-22622.md @@ -17,4 +17,5 @@ WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron. - https://github.com/alopresto/epss_api_demo - https://github.com/alopresto6m/epss_api_demo - https://github.com/michael-david-fry/wp-cron-smash +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-22809.md b/2023/CVE-2023-22809.md index e7ef24e67..a9edc8b28 100644 --- a/2023/CVE-2023-22809.md +++ b/2023/CVE-2023-22809.md @@ -28,6 +28,7 @@ In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra argument - https://github.com/Chan9Yan9/CVE-2023-22809 - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/M4fiaB0y/CVE-2023-22809 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/CVE diff --git a/2023/CVE-2023-23517.md b/2023/CVE-2023-23517.md index f7cc02663..933f396ee 100644 --- a/2023/CVE-2023-23517.md +++ b/2023/CVE-2023-23517.md @@ -20,4 +20,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2023/CVE-2023-23518.md b/2023/CVE-2023-23518.md index 3e2ed4c5a..1a4513856 100644 --- a/2023/CVE-2023-23518.md +++ b/2023/CVE-2023-23518.md @@ -20,4 +20,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2023/CVE-2023-23609.md b/2023/CVE-2023-23609.md new file mode 100644 index 000000000..e63b61d9c --- /dev/null +++ b/2023/CVE-2023-23609.md @@ -0,0 +1,17 @@ +### [CVE-2023-23609](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23609) +![](https://img.shields.io/static/v1?label=Product&message=contiki-ng&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%204.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%3A%20Out-of-bounds%20Write&color=brighgreen) + +### Description + +Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy - Logical Link Control and Adaptation Layer Protocol (BLE-L2CAP) module handles fragmentation of packets up the configured MTU size. When fragments are reassembled, they are stored in a packet buffer of a configurable size, but there is no check to verify that the packet buffer is large enough to hold the reassembled packet. In Contiki-NG's default configuration, it is possible that an out-of-bounds write of up to 1152 bytes occurs. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. The problem can be fixed by applying the patch in Contiki-NG pull request #2254 prior to the release of version 4.9. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiRaltvein/memory-corruption-examples + diff --git a/2023/CVE-2023-23752.md b/2023/CVE-2023-23752.md index d6a95c2d4..4e5297ed8 100644 --- a/2023/CVE-2023-23752.md +++ b/2023/CVE-2023-23752.md @@ -61,6 +61,7 @@ No PoCs from references. - https://github.com/Rival420/CVE-2023-23752 - https://github.com/RootKRD/CVE-2023 - https://github.com/Saboor-Hakimi/CVE-2023-23752 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SrcVme50/Devvortex - https://github.com/Sweelg/CVE-2023-23752 - https://github.com/ThatNotEasy/CVE-2023-23752 diff --git a/2023/CVE-2023-25076.md b/2023/CVE-2023-25076.md index 6b27216f6..eea5228ab 100644 --- a/2023/CVE-2023-25076.md +++ b/2023/CVE-2023-25076.md @@ -13,5 +13,6 @@ A buffer overflow vulnerability exists in the handling of wildcard backend hosts - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1731 #### Github +- https://github.com/DiRaltvein/memory-corruption-examples - https://github.com/dlundquist/sniproxy diff --git a/2023/CVE-2023-25143.md b/2023/CVE-2023-25143.md index 9919f0764..a544aa81b 100644 --- a/2023/CVE-2023-25143.md +++ b/2023/CVE-2023-25143.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2023/CVE-2023-25564.md b/2023/CVE-2023-25564.md new file mode 100644 index 000000000..41f76676a --- /dev/null +++ b/2023/CVE-2023-25564.md @@ -0,0 +1,17 @@ +### [CVE-2023-25564](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25564) +![](https://img.shields.io/static/v1?label=Product&message=gss-ntlmssp&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%3A%20Out-of-bounds%20Write&color=brighgreen) + +### Description + +GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable `outlen` was not initialized and could cause writing a zero to an arbitrary place in memory if `ntlm_str_convert()` were to fail, which would leave `outlen` uninitialized. This can lead to a denial of service if the write hits unmapped memory or randomly corrupts a byte in the application memory space. This vulnerability can trigger an out-of-bounds write, leading to memory corruption. This vulnerability can be triggered via the main `gss_accept_sec_context` entry point. This issue is fixed in version 1.2.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiRaltvein/memory-corruption-examples + diff --git a/2023/CVE-2023-25690.md b/2023/CVE-2023-25690.md index dc1ed2b37..71180614c 100644 --- a/2023/CVE-2023-25690.md +++ b/2023/CVE-2023-25690.md @@ -23,6 +23,7 @@ Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.5 - https://github.com/GhostTroops/TOP - https://github.com/H4lo/awesome-IoT-security-article - https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/bioly230/THM_Skynet - https://github.com/dhmosfunk/CVE-2023-25690-POC diff --git a/2023/CVE-2023-25741.md b/2023/CVE-2023-25741.md index 81be56569..ee42bde98 100644 --- a/2023/CVE-2023-25741.md +++ b/2023/CVE-2023-25741.md @@ -14,4 +14,5 @@ When dragging and dropping an image cross-origin, the image's size could potenti #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2023/CVE-2023-2598.md b/2023/CVE-2023-2598.md index 224e7f901..d4f408e85 100644 --- a/2023/CVE-2023-2598.md +++ b/2023/CVE-2023-2598.md @@ -15,6 +15,8 @@ A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buff #### Github - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/aneasystone/github-trending +- https://github.com/bsauce/kernel-exploit-factory +- https://github.com/bsauce/kernel-security-learning - https://github.com/johe123qwe/github-trending - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/sampsonv/github-trending diff --git a/2023/CVE-2023-26048.md b/2023/CVE-2023-26048.md index d00d31209..b48f3c689 100644 --- a/2023/CVE-2023-26048.md +++ b/2023/CVE-2023-26048.md @@ -18,4 +18,5 @@ No PoCs from references. - https://github.com/hshivhare67/Jetty-v9.4.31_CVE-2023-26048 - https://github.com/muneebaashiq/MBProjects - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/ytono/gcp-arcade diff --git a/2023/CVE-2023-26049.md b/2023/CVE-2023-26049.md index 2313f01d8..b44feaa5f 100644 --- a/2023/CVE-2023-26049.md +++ b/2023/CVE-2023-26049.md @@ -17,4 +17,5 @@ No PoCs from references. - https://github.com/muneebaashiq/MBProjects - https://github.com/nidhi7598/jetty-9.4.31_CVE-2023-26049 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/ytono/gcp-arcade diff --git a/2023/CVE-2023-2640.md b/2023/CVE-2023-2640.md index 35ce8c38e..f4df097ce 100644 --- a/2023/CVE-2023-2640.md +++ b/2023/CVE-2023-2640.md @@ -24,6 +24,7 @@ No PoCs from references. - https://github.com/PuguhDy/CVE-Root-Ubuntu - https://github.com/SanjayRagavendar/Ubuntu-GameOver-Lay - https://github.com/SanjayRagavendar/UbuntuPrivilegeEscalationV1 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation diff --git a/2023/CVE-2023-27103.md b/2023/CVE-2023-27103.md index 10d3c8813..9e1c7c525 100644 --- a/2023/CVE-2023-27103.md +++ b/2023/CVE-2023-27103.md @@ -13,5 +13,5 @@ Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the functi - https://github.com/strukturag/libde265/issues/394 #### Github -No PoCs found on GitHub currently. +- https://github.com/DiRaltvein/memory-corruption-examples diff --git a/2023/CVE-2023-27429.md b/2023/CVE-2023-27429.md new file mode 100644 index 000000000..37215bd83 --- /dev/null +++ b/2023/CVE-2023-27429.md @@ -0,0 +1,17 @@ +### [CVE-2023-27429](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27429) +![](https://img.shields.io/static/v1?label=Product&message=Jetpack%20CRM&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/me2nuk/me2nuk + diff --git a/2023/CVE-2023-28201.md b/2023/CVE-2023-28201.md index baf5e2512..ce62780e3 100644 --- a/2023/CVE-2023-28201.md +++ b/2023/CVE-2023-28201.md @@ -18,4 +18,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2023/CVE-2023-2865.md b/2023/CVE-2023-2865.md new file mode 100644 index 000000000..db266396e --- /dev/null +++ b/2023/CVE-2023-2865.md @@ -0,0 +1,17 @@ +### [CVE-2023-2865](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2865) +![](https://img.shields.io/static/v1?label=Product&message=Theme%20Park%20Ticketing%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Theme Park Ticketing System 1.0. It has been classified as critical. This affects an unknown part of the file print_ticket.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229821 was assigned to this vulnerability. + +### POC + +#### Reference +- https://vuldb.com/?id.229821 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-28879.md b/2023/CVE-2023-28879.md index 085876758..1840e9728 100644 --- a/2023/CVE-2023-28879.md +++ b/2023/CVE-2023-28879.md @@ -16,6 +16,7 @@ In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to po #### Github - https://github.com/0xsyr0/OSCP - https://github.com/ARPSyndicate/cvemon +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/fardeen-ahmed/Bug-bounty-Writeups - https://github.com/kgwanjala/oscp-cheatsheet diff --git a/2023/CVE-2023-2905.md b/2023/CVE-2023-2905.md index b3d91886c..820527a63 100644 --- a/2023/CVE-2023-2905.md +++ b/2023/CVE-2023-2905.md @@ -13,5 +13,5 @@ Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed - https://takeonme.org/cves/CVE-2023-2905.html #### Github -No PoCs found on GitHub currently. +- https://github.com/DiRaltvein/memory-corruption-examples diff --git a/2023/CVE-2023-29531.md b/2023/CVE-2023-29531.md index 4e13d42b4..5a4fb2900 100644 --- a/2023/CVE-2023-29531.md +++ b/2023/CVE-2023-29531.md @@ -17,4 +17,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2023/CVE-2023-29539.md b/2023/CVE-2023-29539.md index bc29a71cb..35ce41be9 100644 --- a/2023/CVE-2023-29539.md +++ b/2023/CVE-2023-29539.md @@ -18,5 +18,6 @@ When handling the filename directive in the Content-Disposition header, the file No PoCs from references. #### Github +- https://github.com/RENANZG/My-Debian-GNU-Linux - https://github.com/em1ga3l/cve-msrc-extractor diff --git a/2023/CVE-2023-29546.md b/2023/CVE-2023-29546.md new file mode 100644 index 000000000..6cb0a76fd --- /dev/null +++ b/2023/CVE-2023-29546.md @@ -0,0 +1,18 @@ +### [CVE-2023-29546](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29546) +![](https://img.shields.io/static/v1?label=Product&message=Firefox%20for%20Android&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Focus%20for%20Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%20112%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Screen%20recording%20in%20Private%20Browsing%20included%20address%20bar%20on%20Android&color=brighgreen) + +### Description + +When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RENANZG/My-Debian-GNU-Linux + diff --git a/2023/CVE-2023-30078.md b/2023/CVE-2023-30078.md new file mode 100644 index 000000000..84e41d6f1 --- /dev/null +++ b/2023/CVE-2023-30078.md @@ -0,0 +1,17 @@ +### [CVE-2023-30078](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30078) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) + +### Description + +** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-32181. Reason: This record is a duplicate of CVE-2023-32181. Notes: All CVE users should reference CVE-2023-32181 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiRaltvein/memory-corruption-examples + diff --git a/2023/CVE-2023-30746.md b/2023/CVE-2023-30746.md new file mode 100644 index 000000000..2c350d1cd --- /dev/null +++ b/2023/CVE-2023-30746.md @@ -0,0 +1,17 @@ +### [CVE-2023-30746](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30746) +![](https://img.shields.io/static/v1?label=Product&message=Booqable%20Rental%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booqable Rental Software Booqable Rental plugin <= 2.4.15 versions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/me2nuk/me2nuk + diff --git a/2023/CVE-2023-3079.md b/2023/CVE-2023-3079.md index a884ff53c..aa38835f3 100644 --- a/2023/CVE-2023-3079.md +++ b/2023/CVE-2023-3079.md @@ -16,6 +16,7 @@ Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote a #### Github - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/RENANZG/My-Debian-GNU-Linux - https://github.com/RENANZG/My-Forensics - https://github.com/Threekiii/CVE - https://github.com/Uniguri/CVE-1day diff --git a/2023/CVE-2023-31568.md b/2023/CVE-2023-31568.md index 1ae3c5a83..379ee0a7a 100644 --- a/2023/CVE-2023-31568.md +++ b/2023/CVE-2023-31568.md @@ -13,5 +13,5 @@ Podofo v0.10.0 was discovered to contain a heap buffer overflow via the componen - https://github.com/podofo/podofo/issues/72 #### Github -No PoCs found on GitHub currently. +- https://github.com/DiRaltvein/memory-corruption-examples diff --git a/2023/CVE-2023-32233.md b/2023/CVE-2023-32233.md index e5fc42edc..17c8e39f8 100644 --- a/2023/CVE-2023-32233.md +++ b/2023/CVE-2023-32233.md @@ -25,6 +25,7 @@ In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/PIDAN-HEIDASHUAI/CVE-2023-32233 - https://github.com/RogelioPumajulca/TEST-CVE-2023-32233 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/Threekiii/CVE - https://github.com/djki5s/tools diff --git a/2023/CVE-2023-32236.md b/2023/CVE-2023-32236.md new file mode 100644 index 000000000..ca339b1d1 --- /dev/null +++ b/2023/CVE-2023-32236.md @@ -0,0 +1,17 @@ +### [CVE-2023-32236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32236) +![](https://img.shields.io/static/v1?label=Product&message=Booking%20Ultra%20Pro%20Appointments%20Booking%20Calendar%20Plugin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin <= 1.1.8 versions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/me2nuk/me2nuk + diff --git a/2023/CVE-2023-32409.md b/2023/CVE-2023-32409.md index 75257561a..fdff07d50 100644 --- a/2023/CVE-2023-32409.md +++ b/2023/CVE-2023-32409.md @@ -22,5 +22,6 @@ No PoCs from references. #### Github - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/RENANZG/My-Debian-GNU-Linux - https://github.com/RENANZG/My-Forensics diff --git a/2023/CVE-2023-32629.md b/2023/CVE-2023-32629.md index dbb89ffd4..e3a3be0b8 100644 --- a/2023/CVE-2023-32629.md +++ b/2023/CVE-2023-32629.md @@ -24,6 +24,7 @@ Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up - https://github.com/PuguhDy/CVE-Root-Ubuntu - https://github.com/SanjayRagavendar/Ubuntu-GameOver-Lay - https://github.com/SanjayRagavendar/UbuntuPrivilegeEscalationV1 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation diff --git a/2023/CVE-2023-33246.md b/2023/CVE-2023-33246.md index bc84a9af3..8f4788301 100644 --- a/2023/CVE-2023-33246.md +++ b/2023/CVE-2023-33246.md @@ -55,6 +55,7 @@ For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk - https://github.com/luelueking/Java-CVE-Lists - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/p4d0rn/Java_Zoo +- https://github.com/q99266/saury-vulnhub - https://github.com/r3volved/CVEAggregate - https://github.com/sponkmonk/Ladon_english_update - https://github.com/v0ita/rocketMq_RCE diff --git a/2023/CVE-2023-34127.md b/2023/CVE-2023-34127.md index 0b80d5a89..733613b5a 100644 --- a/2023/CVE-2023-34127.md +++ b/2023/CVE-2023-34127.md @@ -15,5 +15,5 @@ Improper Neutralization of Special Elements used in an OS Command ('OS Command I - http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.html #### Github -No PoCs found on GitHub currently. +- https://github.com/nitish778191/fitness_app diff --git a/2023/CVE-2023-34133.md b/2023/CVE-2023-34133.md index 06e4b871c..8c0633604 100644 --- a/2023/CVE-2023-34133.md +++ b/2023/CVE-2023-34133.md @@ -15,5 +15,5 @@ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti - http://packetstormsecurity.com/files/174571/Sonicwall-GMS-9.9.9320-Remote-Code-Execution.html #### Github -No PoCs found on GitHub currently. +- https://github.com/nitish778191/fitness_app diff --git a/2023/CVE-2023-34362.md b/2023/CVE-2023-34362.md index df6e6f505..ff1461a06 100644 --- a/2023/CVE-2023-34362.md +++ b/2023/CVE-2023-34362.md @@ -48,6 +48,7 @@ In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0. - https://github.com/liam-ng/fluffy-computing-machine - https://github.com/lithuanian-g/cve-2023-34362-iocs - https://github.com/most-e/Capstone +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/optiv/nvdsearch - https://github.com/sfewer-r7/CVE-2023-34362 diff --git a/2023/CVE-2023-34462.md b/2023/CVE-2023-34462.md new file mode 100644 index 000000000..6445a98ea --- /dev/null +++ b/2023/CVE-2023-34462.md @@ -0,0 +1,17 @@ +### [CVE-2023-34462](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34462) +![](https://img.shields.io/static/v1?label=Product&message=netty&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.1.94.Final%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ytono/gcp-arcade + diff --git a/2023/CVE-2023-36478.md b/2023/CVE-2023-36478.md new file mode 100644 index 000000000..379b57a50 --- /dev/null +++ b/2023/CVE-2023-36478.md @@ -0,0 +1,18 @@ +### [CVE-2023-36478](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36478) +![](https://img.shields.io/static/v1?label=Product&message=jetty.project&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%2010.0.0%2C%20%3C%2010.0.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values toexceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ytono/gcp-arcade + diff --git a/2023/CVE-2023-36479.md b/2023/CVE-2023-36479.md new file mode 100644 index 000000000..501aaade0 --- /dev/null +++ b/2023/CVE-2023-36479.md @@ -0,0 +1,17 @@ +### [CVE-2023-36479](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479) +![](https://img.shields.io/static/v1?label=Product&message=jetty.project&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%209.0.0%2C%20%3C%3D%209.4.51%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-149%3A%20Improper%20Neutralization%20of%20Quoting%20Syntax&color=brighgreen) + +### Description + +Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ytono/gcp-arcade + diff --git a/2023/CVE-2023-36874.md b/2023/CVE-2023-36874.md index 551d614a1..ed45bfd1a 100644 --- a/2023/CVE-2023-36874.md +++ b/2023/CVE-2023-36874.md @@ -53,6 +53,7 @@ Windows Error Reporting Service Elevation of Privilege Vulnerability - https://github.com/Octoberfest7/CVE-2023-36874_BOF - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/Threekiii/CVE - https://github.com/Wh04m1001/CVE-2023-36874 diff --git a/2023/CVE-2023-3776.md b/2023/CVE-2023-3776.md index 1580b1f49..4c652ba8b 100644 --- a/2023/CVE-2023-3776.md +++ b/2023/CVE-2023-3776.md @@ -15,4 +15,5 @@ A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component #### Github - https://github.com/N1ghtu/RWCTF6th-RIPTC +- https://github.com/cvestone/CtfCollections diff --git a/2023/CVE-2023-39434.md b/2023/CVE-2023-39434.md index 1b71b8b91..dce5c0550 100644 --- a/2023/CVE-2023-39434.md +++ b/2023/CVE-2023-39434.md @@ -18,4 +18,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2023/CVE-2023-39848.md b/2023/CVE-2023-39848.md index 1e4ca8dab..e70be724f 100644 --- a/2023/CVE-2023-39848.md +++ b/2023/CVE-2023-39848.md @@ -71,6 +71,7 @@ No PoCs from references. - https://github.com/gauravsec/dvwa - https://github.com/gonzalomamanig/DVWA - https://github.com/hanvu9998/dvwa1 +- https://github.com/haysamqq/Damn-Vulnerable-Web-Application-DVWA- - https://github.com/https-github-com-Sambit-rgb/DVWA - https://github.com/imayou123/DVWA - https://github.com/imtiyazhack/DVWA diff --git a/2023/CVE-2023-40167.md b/2023/CVE-2023-40167.md new file mode 100644 index 000000000..015ceb2c9 --- /dev/null +++ b/2023/CVE-2023-40167.md @@ -0,0 +1,17 @@ +### [CVE-2023-40167](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167) +![](https://img.shields.io/static/v1?label=Product&message=jetty.project&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%209.0.0%2C%20%3C%3D%209.4.51%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-130%3A%20Improper%20Handling%20of%20Length%20Parameter%20Inconsistency&color=brighgreen) + +### Description + +Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ytono/gcp-arcade + diff --git a/2023/CVE-2023-40284.md b/2023/CVE-2023-40284.md new file mode 100644 index 000000000..ad7bddc45 --- /dev/null +++ b/2023/CVE-2023-40284.md @@ -0,0 +1,17 @@ +### [CVE-2023-40284](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40284) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-40287.md b/2023/CVE-2023-40287.md new file mode 100644 index 000000000..fc17547f8 --- /dev/null +++ b/2023/CVE-2023-40287.md @@ -0,0 +1,17 @@ +### [CVE-2023-40287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40287) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-40288.md b/2023/CVE-2023-40288.md new file mode 100644 index 000000000..8e07b4fa2 --- /dev/null +++ b/2023/CVE-2023-40288.md @@ -0,0 +1,17 @@ +### [CVE-2023-40288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40288) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-40403.md b/2023/CVE-2023-40403.md index 9bcd24eb7..b92ba1fa2 100644 --- a/2023/CVE-2023-40403.md +++ b/2023/CVE-2023-40403.md @@ -19,4 +19,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2023/CVE-2023-41061.md b/2023/CVE-2023-41061.md index 2cbbd47df..eec7971c4 100644 --- a/2023/CVE-2023-41061.md +++ b/2023/CVE-2023-41061.md @@ -17,6 +17,7 @@ No PoCs from references. #### Github - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/RENANZG/My-Debian-GNU-Linux - https://github.com/RENANZG/My-Forensics - https://github.com/houjingyi233/macOS-iOS-system-security diff --git a/2023/CVE-2023-41064.md b/2023/CVE-2023-41064.md index a1b7bd898..013e8661b 100644 --- a/2023/CVE-2023-41064.md +++ b/2023/CVE-2023-41064.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/MrR0b0t19/vulnerabilidad-LibWebP-CVE-2023-41064 - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/RENANZG/My-Debian-GNU-Linux - https://github.com/RENANZG/My-Forensics - https://github.com/alsaeroth/CVE-2023-41064-POC - https://github.com/apt0factury/CVE-2023-41064 diff --git a/2023/CVE-2023-41361.md b/2023/CVE-2023-41361.md new file mode 100644 index 000000000..52b7b170d --- /dev/null +++ b/2023/CVE-2023-41361.md @@ -0,0 +1,17 @@ +### [CVE-2023-41361](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41361) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/DiRaltvein/memory-corruption-examples + diff --git a/2023/CVE-2023-41504.md b/2023/CVE-2023-41504.md index fc0398d3a..a87086011 100644 --- a/2023/CVE-2023-41504.md +++ b/2023/CVE-2023-41504.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/ASR511-OO7/CVE-2023-41504 +- https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-41991.md b/2023/CVE-2023-41991.md index 618c93116..0d6263f56 100644 --- a/2023/CVE-2023-41991.md +++ b/2023/CVE-2023-41991.md @@ -17,6 +17,7 @@ No PoCs from references. #### Github - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/RENANZG/My-Debian-GNU-Linux - https://github.com/RENANZG/My-Forensics - https://github.com/XLsn0w/Cydia - https://github.com/XLsn0w/Cydiapps diff --git a/2023/CVE-2023-41992.md b/2023/CVE-2023-41992.md index 1e2a66cfe..d18beb13b 100644 --- a/2023/CVE-2023-41992.md +++ b/2023/CVE-2023-41992.md @@ -17,5 +17,6 @@ No PoCs from references. #### Github - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/RENANZG/My-Debian-GNU-Linux - https://github.com/RENANZG/My-Forensics diff --git a/2023/CVE-2023-41993.md b/2023/CVE-2023-41993.md index aba54e413..74d82d75d 100644 --- a/2023/CVE-2023-41993.md +++ b/2023/CVE-2023-41993.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/J3Ss0u/CVE-2023-41993 - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/RENANZG/My-Debian-GNU-Linux - https://github.com/RENANZG/My-Forensics - https://github.com/ZonghaoLi777/githubTrending - https://github.com/aneasystone/github-trending diff --git a/2023/CVE-2023-4206.md b/2023/CVE-2023-4206.md index 8c158a875..05d88415f 100644 --- a/2023/CVE-2023-4206.md +++ b/2023/CVE-2023-4206.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/EGI-Federation/SVG-advisories +- https://github.com/cvestone/CtfCollections - https://github.com/hshivhare67/Kernel_4.1.15_CVE-2023-4206_CVE-2023-4207_CVE-2023-4208 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-4260.md b/2023/CVE-2023-4260.md index b1e1d4483..5a63df9c0 100644 --- a/2023/CVE-2023-4260.md +++ b/2023/CVE-2023-4260.md @@ -16,5 +16,6 @@ Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file syste #### Github - https://github.com/0xdea/advisories +- https://github.com/DiRaltvein/memory-corruption-examples - https://github.com/hnsecurity/vulns diff --git a/2023/CVE-2023-4262.md b/2023/CVE-2023-4262.md index 90b7ca9ff..949ed840d 100644 --- a/2023/CVE-2023-4262.md +++ b/2023/CVE-2023-4262.md @@ -1,11 +1,11 @@ ### [CVE-2023-4262](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4262) -![](https://img.shields.io/static/v1?label=Product&message=Zephyr&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=2.3%3C%3D%203.4%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Copy%20without%20Checking%20Size%20of%20Input%20('Classic%20Buffer%20Overflow')&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) ### Description -Possible buffer overflow  in Zephyr mgmt subsystem when asserts are disabled +** REJECT ** User data field is not attacker controlled ### POC diff --git a/2023/CVE-2023-42793.md b/2023/CVE-2023-42793.md index 54cfbe8de..b1d1638e9 100644 --- a/2023/CVE-2023-42793.md +++ b/2023/CVE-2023-42793.md @@ -39,6 +39,7 @@ In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on T - https://github.com/johnossawy/CVE-2023-42793_POC - https://github.com/junnythemarksman/CVE-2023-42793 - https://github.com/netlas-io/netlas-dorks +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/whitfieldsdad/cisa_kev diff --git a/2023/CVE-2023-42916.md b/2023/CVE-2023-42916.md index 7051e6a53..73b025029 100644 --- a/2023/CVE-2023-42916.md +++ b/2023/CVE-2023-42916.md @@ -18,5 +18,6 @@ No PoCs from references. #### Github - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/RENANZG/My-Debian-GNU-Linux - https://github.com/RENANZG/My-Forensics diff --git a/2023/CVE-2023-42917.md b/2023/CVE-2023-42917.md index 4be349f6b..cb0054796 100644 --- a/2023/CVE-2023-42917.md +++ b/2023/CVE-2023-42917.md @@ -18,5 +18,6 @@ No PoCs from references. #### Github - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/RENANZG/My-Debian-GNU-Linux - https://github.com/RENANZG/My-Forensics diff --git a/2023/CVE-2023-43177.md b/2023/CVE-2023-43177.md index 49028ed21..c9408fb32 100644 --- a/2023/CVE-2023-43177.md +++ b/2023/CVE-2023-43177.md @@ -16,6 +16,7 @@ CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of - https://github.com/Mohammaddvd/CVE-2024-4040 - https://github.com/Ostorlab/KEV - https://github.com/Y4tacker/JavaSec +- https://github.com/entroychang/CVE-2024-4040 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile - https://github.com/the-emmons/CVE-2023-43177 diff --git a/2023/CVE-2023-43641.md b/2023/CVE-2023-43641.md index 1bf26c4b2..f9aa4f62f 100644 --- a/2023/CVE-2023-43641.md +++ b/2023/CVE-2023-43641.md @@ -18,6 +18,7 @@ libcue provides an API for parsing and extracting data from CUE sheets. Versions - https://github.com/0xKilty/RE-learning-resources - https://github.com/0xlino/0xlino - https://github.com/CraigTeelFugro/CraigTeelFugro +- https://github.com/DiRaltvein/memory-corruption-examples - https://github.com/goupadhy/UK-Digital-AppInnovation-NewsLetter - https://github.com/kherrick/hacker-news - https://github.com/kherrick/lobsters diff --git a/2023/CVE-2023-43768.md b/2023/CVE-2023-43768.md new file mode 100644 index 000000000..800742fb2 --- /dev/null +++ b/2023/CVE-2023-43768.md @@ -0,0 +1,17 @@ +### [CVE-2023-43768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43768) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-44483.md b/2023/CVE-2023-44483.md index c09f3b904..065a27682 100644 --- a/2023/CVE-2023-44483.md +++ b/2023/CVE-2023-44483.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/phax/ph-xmldsig +- https://github.com/ytono/gcp-arcade diff --git a/2023/CVE-2023-44487.md b/2023/CVE-2023-44487.md index 4aa189d56..7e3c4aaf9 100644 --- a/2023/CVE-2023-44487.md +++ b/2023/CVE-2023-44487.md @@ -103,6 +103,7 @@ The HTTP/2 protocol allows a denial of service (server resource consumption) bec - https://github.com/terrorist/HTTP-2-Rapid-Reset-Client - https://github.com/testing-felickz/docker-scout-demo - https://github.com/wolfc/snakeinmyboot +- https://github.com/ytono/gcp-arcade - https://github.com/zengzzzzz/golang-trending-archive - https://github.com/zhaohuabing/cve-agent - https://github.com/zhaoolee/garss diff --git a/2023/CVE-2023-4450.md b/2023/CVE-2023-4450.md index 7e8873e55..119199210 100644 --- a/2023/CVE-2023-4450.md +++ b/2023/CVE-2023-4450.md @@ -19,5 +19,6 @@ No PoCs from references. - https://github.com/hxysaury/saury-vulnhub - https://github.com/ilikeoyt/CVE-2023-4450-Attack - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/q99266/saury-vulnhub - https://github.com/tanjiti/sec_profile diff --git a/2023/CVE-2023-4582.md b/2023/CVE-2023-4582.md index 11efd5091..2de009a50 100644 --- a/2023/CVE-2023-4582.md +++ b/2023/CVE-2023-4582.md @@ -17,4 +17,5 @@ Due to large allocation checks in Angle for glsl shaders being too lenient a buf #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2023/CVE-2023-46602.md b/2023/CVE-2023-46602.md index f2831a517..16d9a35e9 100644 --- a/2023/CVE-2023-46602.md +++ b/2023/CVE-2023-46602.md @@ -13,6 +13,7 @@ In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buf - https://github.com/InternationalColorConsortium/DemoIccMAX/pull/53 #### Github +- https://github.com/DiRaltvein/memory-corruption-examples - https://github.com/xsscx/DemoIccMAX - https://github.com/xsscx/xnuimagefuzzer diff --git a/2023/CVE-2023-46747.md b/2023/CVE-2023-46747.md index 8ba473a12..048b71d64 100644 --- a/2023/CVE-2023-46747.md +++ b/2023/CVE-2023-46747.md @@ -36,6 +36,7 @@ Undisclosed requests may bypass configuration utility authentication, allowing a - https://github.com/hktalent/TOP - https://github.com/irgoncalves/awesome-security-articles - https://github.com/maniak-academy/Mitigate-CVE-2023-46747 +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/nvansluis/test_cve-2023-46747 - https://github.com/sanjai-AK47/CVE-2023-22518 diff --git a/2023/CVE-2023-48106.md b/2023/CVE-2023-48106.md index c34cdc54d..3a4f79a7c 100644 --- a/2023/CVE-2023-48106.md +++ b/2023/CVE-2023-48106.md @@ -13,5 +13,6 @@ Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker t - https://github.com/zlib-ng/minizip-ng/issues/740 #### Github +- https://github.com/DiRaltvein/memory-corruption-examples - https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-48107.md b/2023/CVE-2023-48107.md index db67599cd..9cc2caa77 100644 --- a/2023/CVE-2023-48107.md +++ b/2023/CVE-2023-48107.md @@ -13,5 +13,6 @@ Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker t - https://github.com/zlib-ng/minizip-ng/issues/739 #### Github +- https://github.com/DiRaltvein/memory-corruption-examples - https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-48903.md b/2023/CVE-2023-48903.md index 36a8f469f..62541ea9f 100644 --- a/2023/CVE-2023-48903.md +++ b/2023/CVE-2023-48903.md @@ -14,4 +14,5 @@ Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-49070.md b/2023/CVE-2023-49070.md index 073672c11..c0161f76d 100644 --- a/2023/CVE-2023-49070.md +++ b/2023/CVE-2023-49070.md @@ -22,6 +22,7 @@ Pre-auth RCE in Apache Ofbiz 18.12.09.It's due to XML-RPC no longer maintained - https://github.com/Ostorlab/KEV - https://github.com/Praison001/Apache-OFBiz-Auth-Bypass-and-RCE-Exploit-CVE-2023-49070-CVE-2023-51467 - https://github.com/Rishi-45/Bizness-Machine-htb +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SrcVme50/Bizness - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/CVE diff --git a/2023/CVE-2023-4911.md b/2023/CVE-2023-4911.md index e7da8f491..7f90c473d 100644 --- a/2023/CVE-2023-4911.md +++ b/2023/CVE-2023-4911.md @@ -43,6 +43,7 @@ A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so whi - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/RickdeJager/CVE-2023-4911 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/SirElmard/ethical_hacking - https://github.com/ZonghaoLi777/githubTrending - https://github.com/abylinjohnson/linux-kernel-exploits @@ -71,6 +72,7 @@ A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so whi - https://github.com/richardjennings/scand - https://github.com/ruycr4ft/CVE-2023-4911 - https://github.com/samokat-oss/pisc +- https://github.com/sarthakpriyadarshi/Obsidian-OSCP-Notes - https://github.com/silent6trinity/looney-tuneables - https://github.com/silentEAG/awesome-stars - https://github.com/snurkeburk/Looney-Tunables diff --git a/2023/CVE-2023-4966.md b/2023/CVE-2023-4966.md index 2a9ab5b2d..8f4c08831 100644 --- a/2023/CVE-2023-4966.md +++ b/2023/CVE-2023-4966.md @@ -39,6 +39,7 @@ Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when co - https://github.com/mlynchcogent/CVE-2023-4966-POC - https://github.com/morganwdavis/overread - https://github.com/nanoRoot1/Herramientas-de-Seguridad-Digital +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/s-bt/CVE-2023-4966 - https://github.com/sanjai-AK47/CVE-2023-4966 diff --git a/2023/CVE-2023-4967.md b/2023/CVE-2023-4967.md new file mode 100644 index 000000000..2f832e312 --- /dev/null +++ b/2023/CVE-2023-4967.md @@ -0,0 +1,18 @@ +### [CVE-2023-4967](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4967) +![](https://img.shields.io/static/v1?label=Product&message=NetScaler%20ADC&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=NetScaler%20Gateway&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=14.1%3C%208.50%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-119%20Improper%20Restriction%20of%20Operations%20within%20the%20Bounds%20of%20a%20Memory%20Buffer&color=brighgreen) + +### Description + +Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nitish778191/fitness_app + diff --git a/2023/CVE-2023-49984.md b/2023/CVE-2023-49984.md index f0cc470b8..98ed2eea1 100644 --- a/2023/CVE-2023-49984.md +++ b/2023/CVE-2023-49984.md @@ -13,6 +13,7 @@ A cross-site scripting (XSS) vulnerability in the component /management/settings No PoCs from references. #### Github +- https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/geraldoalcantara/CVE-2023-49984 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-5072.md b/2023/CVE-2023-5072.md index 7641de00c..a9bd9f629 100644 --- a/2023/CVE-2023-5072.md +++ b/2023/CVE-2023-5072.md @@ -27,4 +27,5 @@ Denial of Service in JSON-Java versions up to and including 20230618.  A bug i - https://github.com/hinat0y/Dataset8 - https://github.com/hinat0y/Dataset9 - https://github.com/vaikas/pombump +- https://github.com/ytono/gcp-arcade diff --git a/2023/CVE-2023-50965.md b/2023/CVE-2023-50965.md index c8e38da22..60b509282 100644 --- a/2023/CVE-2023-50965.md +++ b/2023/CVE-2023-50965.md @@ -13,6 +13,7 @@ In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStaticFiles in - https://github.com/starnight/MicroHttpServer/issues/5 #### Github +- https://github.com/DiRaltvein/memory-corruption-examples - https://github.com/Halcy0nic/Trophies - https://github.com/skinnyrad/Trophies diff --git a/2023/CVE-2023-51467.md b/2023/CVE-2023-51467.md index e391e8732..4680a3759 100644 --- a/2023/CVE-2023-51467.md +++ b/2023/CVE-2023-51467.md @@ -28,6 +28,7 @@ No PoCs from references. - https://github.com/Ostorlab/KEV - https://github.com/Praison001/Apache-OFBiz-Auth-Bypass-and-RCE-Exploit-CVE-2023-49070-CVE-2023-51467 - https://github.com/Rishi-45/Bizness-Machine-htb +- https://github.com/SenukDias/OSCP_cheat - https://github.com/Subha-BOO7/Exploit_CVE-2023-51467 - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/CVE diff --git a/2023/CVE-2023-51775.md b/2023/CVE-2023-51775.md index 3a5dfb2c6..9070984b9 100644 --- a/2023/CVE-2023-51775.md +++ b/2023/CVE-2023-51775.md @@ -13,5 +13,5 @@ The jose4j component before 0.9.4 for Java allows attackers to cause a denial of - https://bitbucket.org/b_c/jose4j/issues/212 #### Github -No PoCs found on GitHub currently. +- https://github.com/ytono/gcp-arcade diff --git a/2023/CVE-2023-5217.md b/2023/CVE-2023-5217.md index beb81394f..8c90dd84f 100644 --- a/2023/CVE-2023-5217.md +++ b/2023/CVE-2023-5217.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/Keeper-Security/gitbook-release-notes - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/RENANZG/My-Debian-GNU-Linux - https://github.com/RENANZG/My-Forensics - https://github.com/Threekiii/CVE - https://github.com/Trinadh465/platform_external_libvpx_v1.4.0_CVE-2023-5217 diff --git a/2023/CVE-2023-52428.md b/2023/CVE-2023-52428.md index af0661638..5feb9c484 100644 --- a/2023/CVE-2023-52428.md +++ b/2023/CVE-2023-52428.md @@ -15,4 +15,5 @@ In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of s #### Github - https://github.com/Azure/kafka-sink-azure-kusto +- https://github.com/ytono/gcp-arcade diff --git a/2023/CVE-2023-52430.md b/2023/CVE-2023-52430.md index 00fdcb2ed..1a035d006 100644 --- a/2023/CVE-2023-52430.md +++ b/2023/CVE-2023-52430.md @@ -13,5 +13,5 @@ The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET reques - https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ #### Github -No PoCs found on GitHub currently. +- https://github.com/trailofbits/publications diff --git a/2023/CVE-2023-6267.md b/2023/CVE-2023-6267.md index fdc8b2aae..1b017073a 100644 --- a/2023/CVE-2023-6267.md +++ b/2023/CVE-2023-6267.md @@ -6,7 +6,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus%202.13.9.Final&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus%203.2.9.Final&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Handling%20of%20Insufficient%20Permissions%20or%20Privileges%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Handling%20of%20Insufficient%20Permissions%20or%20Privileges&color=brighgreen) ### Description diff --git a/2023/CVE-2023-6378.md b/2023/CVE-2023-6378.md index 455b9e26f..cc90e116a 100644 --- a/2023/CVE-2023-6378.md +++ b/2023/CVE-2023-6378.md @@ -28,4 +28,5 @@ No PoCs from references. - https://github.com/hinat0y/Dataset8 - https://github.com/hinat0y/Dataset9 - https://github.com/vaikas/pombump +- https://github.com/ytono/gcp-arcade diff --git a/2023/CVE-2023-6394.md b/2023/CVE-2023-6394.md index deef62674..cf7fc3c91 100644 --- a/2023/CVE-2023-6394.md +++ b/2023/CVE-2023-6394.md @@ -1,6 +1,6 @@ ### [CVE-2023-6394](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6394) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus%202.13.9.Final&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus%203.2.9.Final&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Missing%20Authorization&color=brighgreen) diff --git a/2023/CVE-2023-6856.md b/2023/CVE-2023-6856.md index 5c47ddee9..8a60339be 100644 --- a/2023/CVE-2023-6856.md +++ b/2023/CVE-2023-6856.md @@ -17,4 +17,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2023/CVE-2023-7023.md b/2023/CVE-2023-7023.md new file mode 100644 index 000000000..bc8d2b0a7 --- /dev/null +++ b/2023/CVE-2023-7023.md @@ -0,0 +1,17 @@ +### [CVE-2023-7023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7023) +![](https://img.shields.io/static/v1?label=Product&message=OA%202017&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Tongda OA 2017 up to 11.9. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/vehicle/query/delete.php. The manipulation of the argument VU_ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-248570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/xiatiandeyu123/cve/blob/main/sql.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-7024.md b/2023/CVE-2023-7024.md index 62cc3e901..9fa426abc 100644 --- a/2023/CVE-2023-7024.md +++ b/2023/CVE-2023-7024.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/Ostorlab/KEV +- https://github.com/RENANZG/My-Debian-GNU-Linux - https://github.com/RENANZG/My-Forensics diff --git a/2023/CVE-2023-7028.md b/2023/CVE-2023-7028.md index 8f5f79258..5884a012f 100644 --- a/2023/CVE-2023-7028.md +++ b/2023/CVE-2023-7028.md @@ -27,6 +27,7 @@ No PoCs from references. - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/Ostorlab/KEV - https://github.com/RandomRobbieBF/CVE-2023-7028 +- https://github.com/SenukDias/OSCP_cheat - https://github.com/Shimon03/CVE-2023-7028-Account-Take-Over-Gitlab - https://github.com/TheRedDevil1/CVE-2023-7028 - https://github.com/Trackflaw/CVE-2023-7028-Docker diff --git a/2024/CVE-2024-0023.md b/2024/CVE-2024-0023.md index d25502f83..693060fcf 100644 --- a/2024/CVE-2024-0023.md +++ b/2024/CVE-2024-0023.md @@ -13,5 +13,5 @@ In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bo - https://android.googlesource.com/platform/frameworks/av/+/30b1b34cfd5abfcfee759e7d13167d368ac6c268 #### Github -No PoCs found on GitHub currently. +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-0040.md b/2024/CVE-2024-0040.md index ca811ce94..4f4779428 100644 --- a/2024/CVE-2024-0040.md +++ b/2024/CVE-2024-0040.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-0044.md b/2024/CVE-2024-0044.md index 4f581510c..6b0ae03be 100644 --- a/2024/CVE-2024-0044.md +++ b/2024/CVE-2024-0044.md @@ -14,6 +14,7 @@ In createSessionInternal of PackageInstallerService.java, there is a possible ru - https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html #### Github +- https://github.com/0xMarcio/cve - https://github.com/GhostTroops/TOP - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-0049.md b/2024/CVE-2024-0049.md index 3374081f9..49554319d 100644 --- a/2024/CVE-2024-0049.md +++ b/2024/CVE-2024-0049.md @@ -13,5 +13,5 @@ In multiple locations, there is a possible out of bounds write due to a heap buf - https://android.googlesource.com/platform/frameworks/av/+/462689f06fd5e72ac63cd87b43ee52554ddf953e #### Github -No PoCs found on GitHub currently. +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-0321.md b/2024/CVE-2024-0321.md index a45980c8e..68c52f636 100644 --- a/2024/CVE-2024-0321.md +++ b/2024/CVE-2024-0321.md @@ -13,5 +13,6 @@ Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. - https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769 #### Github +- https://github.com/DiRaltvein/memory-corruption-examples - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-0560.md b/2024/CVE-2024-0560.md index ba9f92c0c..219daabd9 100644 --- a/2024/CVE-2024-0560.md +++ b/2024/CVE-2024-0560.md @@ -1,7 +1,7 @@ ### [CVE-2024-0560](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0560) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%203scale%20API%20Management%20Platform%202&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) -![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Handling%20of%20Insufficient%20Permissions%20or%20Privileges%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Handling%20of%20Insufficient%20Permissions%20or%20Privileges&color=brighgreen) ### Description diff --git a/2024/CVE-2024-0769.md b/2024/CVE-2024-0769.md index a6c362dd7..7073b00ad 100644 --- a/2024/CVE-2024-0769.md +++ b/2024/CVE-2024-0769.md @@ -11,6 +11,7 @@ #### Reference - https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0769/CVE-2024-0769.md +- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-0874.md b/2024/CVE-2024-0874.md index d1f82dfb4..beb2fcaf8 100644 --- a/2024/CVE-2024-0874.md +++ b/2024/CVE-2024-0874.md @@ -1,6 +1,7 @@ ### [CVE-2024-0874](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0874) ![](https://img.shields.io/static/v1?label=Product&message=Logging%20Subsystem%20for%20Red%20Hat%20OpenShift&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Management%20for%20Kubernetes%202&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.15&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.16&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20Cache%20Containing%20Sensitive%20Information&color=brighgreen) diff --git a/2024/CVE-2024-1023.md b/2024/CVE-2024-1023.md index e31a66dd4..7a667de89 100644 --- a/2024/CVE-2024-1023.md +++ b/2024/CVE-2024-1023.md @@ -18,7 +18,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%20Expansion%20Pack&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Process%20Automation%207&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%204.0%20for%20Spring%20Boot&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%204.4.1%20for%20Spring%20Boot&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Spring%20Boot&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20OptaPlanner%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus%203.2.11.Final&color=blue) diff --git a/2024/CVE-2024-1086.md b/2024/CVE-2024-1086.md index 1853670d8..3a204ecc3 100644 --- a/2024/CVE-2024-1086.md +++ b/2024/CVE-2024-1086.md @@ -26,6 +26,7 @@ A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables compon - https://github.com/Notselwyn/CVE-2024-1086 - https://github.com/Notselwyn/exploits - https://github.com/Notselwyn/notselwyn +- https://github.com/SenukDias/OSCP_cheat - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/TigerIsMyPet/KernelExploit - https://github.com/YgorAlberto/ygoralberto.github.io diff --git a/2024/CVE-2024-1112.md b/2024/CVE-2024-1112.md index 23b876a8c..9d63eb8a0 100644 --- a/2024/CVE-2024-1112.md +++ b/2024/CVE-2024-1112.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-1286.md b/2024/CVE-2024-1286.md new file mode 100644 index 000000000..3e53f9c4c --- /dev/null +++ b/2024/CVE-2024-1286.md @@ -0,0 +1,17 @@ +### [CVE-2024-1286](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1286) +![](https://img.shields.io/static/v1?label=Product&message=pmpro-membership-maps&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%200.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) + +### Description + +The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/49dc9ca3-d0ef-4a75-8b51-307e3e44e91b/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1287.md b/2024/CVE-2024-1287.md new file mode 100644 index 000000000..4480ea0fd --- /dev/null +++ b/2024/CVE-2024-1287.md @@ -0,0 +1,17 @@ +### [CVE-2024-1287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1287) +![](https://img.shields.io/static/v1?label=Product&message=pmpro-member-directory&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) + +### Description + +The pmpro-member-directory WordPress plugin before 1.2.6 does not prevent users with at least the contributor role from leaking other users' sensitive information, including password hashes. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/169e5756-4e12-4add-82e9-47471c30f08c/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1300.md b/2024/CVE-2024-1300.md index ed192fcb6..57b47d53d 100644 --- a/2024/CVE-2024-1300.md +++ b/2024/CVE-2024-1300.md @@ -18,7 +18,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%20Expansion%20Pack&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Process%20Automation%207&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%204.0%20for%20Spring%20Boot&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%204.4.1%20for%20Spring%20Boot&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Spring%20Boot&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20OptaPlanner%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus%203.2.11.Final&color=blue) diff --git a/2024/CVE-2024-1635.md b/2024/CVE-2024-1635.md index 4668bd40f..0ccb2e414 100644 --- a/2024/CVE-2024-1635.md +++ b/2024/CVE-2024-1635.md @@ -18,7 +18,6 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207.6%20for%20RHEL%209&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%204.0%20for%20Spring%20Boot&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Quarkus&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Spring%20Boot&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apicurio%20Registry&color=blue) diff --git a/2024/CVE-2024-1708.md b/2024/CVE-2024-1708.md index d295c8fc6..f3bffe96c 100644 --- a/2024/CVE-2024-1708.md +++ b/2024/CVE-2024-1708.md @@ -17,6 +17,7 @@ ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulner - https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/netlas-io/netlas-dorks +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tr1pl3ight/POCv2.0-for-CVE-2024-1709 - https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc diff --git a/2024/CVE-2024-1709.md b/2024/CVE-2024-1709.md index 367e0c367..e3fe110b0 100644 --- a/2024/CVE-2024-1709.md +++ b/2024/CVE-2024-1709.md @@ -30,6 +30,7 @@ ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Byp - https://github.com/codeb0ss/CVE-2024-1709-PoC - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/myseq/vcheck-cli +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/securitycipher/daily-bugbounty-writeups - https://github.com/sxyrxyy/CVE-2024-1709-ConnectWise-ScreenConnect-Authentication-Bypass diff --git a/2024/CVE-2024-1724.md b/2024/CVE-2024-1724.md new file mode 100644 index 000000000..e38c99455 --- /dev/null +++ b/2024/CVE-2024-1724.md @@ -0,0 +1,17 @@ +### [CVE-2024-1724](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1724) +![](https://img.shields.io/static/v1?label=Product&message=snap&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.62%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-732%20Incorrect%20Permission%20Assignment%20for%20Critical%20Resource&color=brighgreen) + +### Description + +In snapd versions prior to 2.62, when using AppArmor for enforcement of sandbox permissions, snapd failed to restrict writes to the $HOME/binpath. In Ubuntu, when this path exists, it is automatically added tothe users PATH. An attacker who could convince a user to install amalicious snap which used the 'home' plug could use this vulnerabilityto install arbitrary scripts into the users PATH which may then be runby the user outside of the expected snap sandbox and hence allow themto escape confinement. + +### POC + +#### Reference +- https://gld.mcphail.uk/posts/explaining-cve-2024-1724/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1747.md b/2024/CVE-2024-1747.md new file mode 100644 index 000000000..3ce2eeb26 --- /dev/null +++ b/2024/CVE-2024-1747.md @@ -0,0 +1,18 @@ +### [CVE-2024-1747](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1747) +![](https://img.shields.io/static/v1?label=Product&message=WooCommerce%20Customers%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2030.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WooCommerce Customers Manager WordPress plugin before 30.2 does not have authorisation and CSRF in various AJAX actions, allowing any authenticated users, such as subscriber, to call them and update/delete/create customer metadata, also leading to Stored Cross-Site Scripting due to the lack of escaping of said metadata values. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/17e45d4d-0ee1-4863-a8a4-df8587f448ec/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-20666.md b/2024/CVE-2024-20666.md index 5fee43c60..6789b1c6a 100644 --- a/2024/CVE-2024-20666.md +++ b/2024/CVE-2024-20666.md @@ -36,6 +36,7 @@ BitLocker Security Feature Bypass Vulnerability No PoCs from references. #### Github +- https://github.com/HYZ3K/CVE-2024-20666 - https://github.com/MHimken/WinRE-Customization - https://github.com/NaInSec/CVE-LIST - https://github.com/invaderslabs/CVE-2024-20666 diff --git a/2024/CVE-2024-20861.md b/2024/CVE-2024-20861.md index d2f7de77c..9c498be6a 100644 --- a/2024/CVE-2024-20861.md +++ b/2024/CVE-2024-20861.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2024/CVE-2024-20862.md b/2024/CVE-2024-20862.md index 1d5123bac..7c55049b1 100644 --- a/2024/CVE-2024-20862.md +++ b/2024/CVE-2024-20862.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2024/CVE-2024-21006.md b/2024/CVE-2024-21006.md index 8b3c247e9..679c793a8 100644 --- a/2024/CVE-2024-21006.md +++ b/2024/CVE-2024-21006.md @@ -13,6 +13,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://www.oracle.com/security-alerts/cpuapr2024.html #### Github +- https://github.com/20142995/sectool - https://github.com/momika233/CVE-2024-21006 - https://github.com/netlas-io/netlas-dorks - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-21338.md b/2024/CVE-2024-21338.md index 5cf608769..da7498aee 100644 --- a/2024/CVE-2024-21338.md +++ b/2024/CVE-2024-21338.md @@ -43,5 +43,6 @@ Windows Kernel Elevation of Privilege Vulnerability - https://github.com/hakaioffsec/CVE-2024-21338 - https://github.com/johe123qwe/github-trending - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/tanjiti/sec_profile - https://github.com/varwara/CVE-2024-21338 diff --git a/2024/CVE-2024-2149.md b/2024/CVE-2024-2149.md index 337f6bb29..a9e683575 100644 --- a/2024/CVE-2024-2149.md +++ b/2024/CVE-2024-2149.md @@ -13,5 +13,5 @@ A vulnerability classified as critical was found in CodeAstro Membership Managem - https://github.com/JiaDongGao1/CVE_Hunter/blob/main/SQLi-2.md #### Github -No PoCs found on GitHub currently. +- https://github.com/trailofbits/publications diff --git a/2024/CVE-2024-21492.md b/2024/CVE-2024-21492.md index 277794dab..1e858f640 100644 --- a/2024/CVE-2024-21492.md +++ b/2024/CVE-2024-21492.md @@ -14,4 +14,5 @@ All versions of the package github.com/greenpau/caddy-security are vulnerable to #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/trailofbits/publications diff --git a/2024/CVE-2024-21493.md b/2024/CVE-2024-21493.md index f7cc7ae56..5cfb661c9 100644 --- a/2024/CVE-2024-21493.md +++ b/2024/CVE-2024-21493.md @@ -15,4 +15,5 @@ All versions of the package github.com/greenpau/caddy-security are vulnerable to #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/trailofbits/publications diff --git a/2024/CVE-2024-21494.md b/2024/CVE-2024-21494.md index b51b787be..2d48c4e9f 100644 --- a/2024/CVE-2024-21494.md +++ b/2024/CVE-2024-21494.md @@ -15,4 +15,5 @@ All versions of the package github.com/greenpau/caddy-security are vulnerable to #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/trailofbits/publications diff --git a/2024/CVE-2024-21495.md b/2024/CVE-2024-21495.md index a481c7d9e..13600f63b 100644 --- a/2024/CVE-2024-21495.md +++ b/2024/CVE-2024-21495.md @@ -15,4 +15,5 @@ Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vul #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/trailofbits/publications diff --git a/2024/CVE-2024-21496.md b/2024/CVE-2024-21496.md index 28715770a..6c0530cee 100644 --- a/2024/CVE-2024-21496.md +++ b/2024/CVE-2024-21496.md @@ -15,4 +15,5 @@ All versions of the package github.com/greenpau/caddy-security are vulnerable to #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/trailofbits/publications diff --git a/2024/CVE-2024-21497.md b/2024/CVE-2024-21497.md index 039267b3c..3232b6425 100644 --- a/2024/CVE-2024-21497.md +++ b/2024/CVE-2024-21497.md @@ -15,4 +15,5 @@ All versions of the package github.com/greenpau/caddy-security are vulnerable to #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/trailofbits/publications diff --git a/2024/CVE-2024-21498.md b/2024/CVE-2024-21498.md index 750ab70c5..0c1046db1 100644 --- a/2024/CVE-2024-21498.md +++ b/2024/CVE-2024-21498.md @@ -15,4 +15,5 @@ All versions of the package github.com/greenpau/caddy-security are vulnerable to #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/trailofbits/publications diff --git a/2024/CVE-2024-21499.md b/2024/CVE-2024-21499.md index 17e63cdf0..1011640b8 100644 --- a/2024/CVE-2024-21499.md +++ b/2024/CVE-2024-21499.md @@ -15,4 +15,5 @@ All versions of the package github.com/greenpau/caddy-security are vulnerable to #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/trailofbits/publications diff --git a/2024/CVE-2024-21500.md b/2024/CVE-2024-21500.md index c09af7e08..b8efe7db0 100644 --- a/2024/CVE-2024-21500.md +++ b/2024/CVE-2024-21500.md @@ -14,4 +14,5 @@ All versions of the package github.com/greenpau/caddy-security are vulnerable to #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/trailofbits/publications diff --git a/2024/CVE-2024-21521.md b/2024/CVE-2024-21521.md index dc2867c86..6e0c83596 100644 --- a/2024/CVE-2024-21521.md +++ b/2024/CVE-2024-21521.md @@ -10,6 +10,7 @@ All versions of the package @discordjs/opus are vulnerable to Denial of Service ### POC #### Reference +- https://gist.github.com/dellalibera/98c48fd74bb240adbd7841a5c02aba9e - https://security.snyk.io/vuln/SNYK-JS-DISCORDJSOPUS-6370643 #### Github diff --git a/2024/CVE-2024-21522.md b/2024/CVE-2024-21522.md index 5ea2ea3ee..94637679b 100644 --- a/2024/CVE-2024-21522.md +++ b/2024/CVE-2024-21522.md @@ -10,6 +10,7 @@ All versions of the package audify are vulnerable to Improper Validation of Arra ### POC #### Reference +- https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e - https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700 #### Github diff --git a/2024/CVE-2024-21523.md b/2024/CVE-2024-21523.md index 03d9f2158..743105cd7 100644 --- a/2024/CVE-2024-21523.md +++ b/2024/CVE-2024-21523.md @@ -10,6 +10,7 @@ All versions of the package images are vulnerable to Denial of Service (DoS) due ### POC #### Reference +- https://gist.github.com/dellalibera/8b4ea6b4db84cba212e6e6e39a6933d1 - https://security.snyk.io/vuln/SNYK-JS-IMAGES-6421826 #### Github diff --git a/2024/CVE-2024-21524.md b/2024/CVE-2024-21524.md index 5cfb082ee..8fb51c626 100644 --- a/2024/CVE-2024-21524.md +++ b/2024/CVE-2024-21524.md @@ -10,6 +10,7 @@ All versions of the package node-stringbuilder are vulnerable to Out-of-bounds R ### POC #### Reference +- https://gist.github.com/dellalibera/0bb022811224f81d998fa61c3175ee67 - https://security.snyk.io/vuln/SNYK-JS-NODESTRINGBUILDER-6421617 #### Github diff --git a/2024/CVE-2024-21525.md b/2024/CVE-2024-21525.md index 161bda273..3ca17c419 100644 --- a/2024/CVE-2024-21525.md +++ b/2024/CVE-2024-21525.md @@ -10,6 +10,7 @@ All versions of the package node-twain are vulnerable to Improper Check or Handl ### POC #### Reference +- https://gist.github.com/dellalibera/55b87634a6c360e5be22a715f0566c99 - https://security.snyk.io/vuln/SNYK-JS-NODETWAIN-6421153 #### Github diff --git a/2024/CVE-2024-21583.md b/2024/CVE-2024-21583.md index 8a7347010..be24e2659 100644 --- a/2024/CVE-2024-21583.md +++ b/2024/CVE-2024-21583.md @@ -17,6 +17,10 @@ Versions of the package github.com/gitpod-io/gitpod/components/server/go/pkg/lib #### Reference - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODCOMPONENTSSERVERGOPKGLIB-7452074 +- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODCOMPONENTSWSPROXYPKGPROXY-7452075 +- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSAUTH-7452076 +- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSPUBLICAPISERVER-7452077 +- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSSERVER-7452078 - https://security.snyk.io/vuln/SNYK-JS-GITPODGITPODPROTOCOL-7452079 #### Github diff --git a/2024/CVE-2024-2191.md b/2024/CVE-2024-2191.md new file mode 100644 index 000000000..512d54d12 --- /dev/null +++ b/2024/CVE-2024-2191.md @@ -0,0 +1,17 @@ +### [CVE-2024-2191](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2191) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=16.9%3C%2016.11.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) + +### Description + +An issue was discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows merge request title to be visible publicly despite being set as project members only. + +### POC + +#### Reference +- https://gitlab.com/gitlab-org/gitlab/-/issues/444655 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-22201.md b/2024/CVE-2024-22201.md new file mode 100644 index 000000000..5997a6869 --- /dev/null +++ b/2024/CVE-2024-22201.md @@ -0,0 +1,17 @@ +### [CVE-2024-22201](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22201) +![](https://img.shields.io/static/v1?label=Product&message=jetty.project&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%209.3.0%2C%20%3C%3D%209.4.53%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ytono/gcp-arcade + diff --git a/2024/CVE-2024-2232.md b/2024/CVE-2024-2232.md new file mode 100644 index 000000000..6d12b8517 --- /dev/null +++ b/2024/CVE-2024-2232.md @@ -0,0 +1,17 @@ +### [CVE-2024-2232](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2232) +![](https://img.shields.io/static/v1?label=Product&message=Himer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The lacks CSRF checks allowing a user to invite any user to any group (including private groups) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a2df28d3-bf03-4fd3-b231-86e062739899/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-23079.md b/2024/CVE-2024-23079.md new file mode 100644 index 000000000..ab9237e63 --- /dev/null +++ b/2024/CVE-2024-23079.md @@ -0,0 +1,17 @@ +### [CVE-2024-23079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23079) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-23282.md b/2024/CVE-2024-23282.md index fd7295925..7c6a94247 100644 --- a/2024/CVE-2024-23282.md +++ b/2024/CVE-2024-23282.md @@ -18,4 +18,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2024/CVE-2024-23286.md b/2024/CVE-2024-23286.md index 3690becb9..7210f8adf 100644 --- a/2024/CVE-2024-23286.md +++ b/2024/CVE-2024-23286.md @@ -22,4 +22,5 @@ No PoCs from references. #### Github - https://github.com/dlehgus1023/dlehgus1023 - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/l33d0hyun/l33d0hyun diff --git a/2024/CVE-2024-23334.md b/2024/CVE-2024-23334.md index bca8d8132..a120afe85 100644 --- a/2024/CVE-2024-23334.md +++ b/2024/CVE-2024-23334.md @@ -14,6 +14,7 @@ aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. #### Github - https://github.com/Ostorlab/KEV +- https://github.com/SecureDoughnut/Tinkoff-CTF-2024-lohness - https://github.com/brian-edgar-re/poc-cve-2024-23334 - https://github.com/ggPonchik/Tinkoff-CTF-2024-lohness - https://github.com/jhonnybonny/CVE-2024-23334 diff --git a/2024/CVE-2024-24092.md b/2024/CVE-2024-24092.md index 687a875e0..2a7e98947 100644 --- a/2024/CVE-2024-24092.md +++ b/2024/CVE-2024-24092.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/ASR511-OO7/CVE-2024-24092 +- https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-24110.md b/2024/CVE-2024-24110.md new file mode 100644 index 000000000..06d01861f --- /dev/null +++ b/2024/CVE-2024-24110.md @@ -0,0 +1,17 @@ +### [CVE-2024-24110](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24110) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-24549.md b/2024/CVE-2024-24549.md index af758cefc..59c8a0c61 100644 --- a/2024/CVE-2024-24549.md +++ b/2024/CVE-2024-24549.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-24786.md b/2024/CVE-2024-24786.md index b3f3b31ea..f7e8ec7e0 100644 --- a/2024/CVE-2024-24786.md +++ b/2024/CVE-2024-24786.md @@ -17,4 +17,5 @@ No PoCs from references. - https://github.com/DanielePeruzzi97/rancher-k3s-docker - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-2479.md b/2024/CVE-2024-2479.md index aa8c3d26b..d72b6c303 100644 --- a/2024/CVE-2024-2479.md +++ b/2024/CVE-2024-2479.md @@ -13,6 +13,7 @@ A vulnerability classified as problematic has been found in MHA Sistemas arMHAze No PoCs from references. #### Github +- https://github.com/Johnermac/Johnermac - https://github.com/NaInSec/CVE-LIST - https://github.com/SQU4NCH/SQU4NCH diff --git a/2024/CVE-2024-2480.md b/2024/CVE-2024-2480.md index 1d2295199..8a0cbbf38 100644 --- a/2024/CVE-2024-2480.md +++ b/2024/CVE-2024-2480.md @@ -13,6 +13,7 @@ A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0 No PoCs from references. #### Github +- https://github.com/Johnermac/Johnermac - https://github.com/NaInSec/CVE-LIST - https://github.com/SQU4NCH/SQU4NCH diff --git a/2024/CVE-2024-24919.md b/2024/CVE-2024-24919.md index e0ae2b593..bc333bcc8 100644 --- a/2024/CVE-2024-24919.md +++ b/2024/CVE-2024-24919.md @@ -54,6 +54,7 @@ No PoCs from references. - https://github.com/mr-kasim-mehar/CVE-2024-24919-Exploit - https://github.com/netlas-io/netlas-dorks - https://github.com/nexblade12/CVE-2024-24919 +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/nullcult/CVE-2024-24919-Exploit - https://github.com/numencyber/Vulnerability_PoC diff --git a/2024/CVE-2024-25331.md b/2024/CVE-2024-25331.md new file mode 100644 index 000000000..0276115cf --- /dev/null +++ b/2024/CVE-2024-25331.md @@ -0,0 +1,17 @@ +### [CVE-2024-25331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25331) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.03WWb01 suffer from a LAN-Side Unauthenticated Remote Code Execution (RCE) vulnerability elevated from HNAP Stack-Based Buffer Overflow. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-25638.md b/2024/CVE-2024-25638.md index af7244df2..8a64a0541 100644 --- a/2024/CVE-2024-25638.md +++ b/2024/CVE-2024-25638.md @@ -11,7 +11,7 @@ dnsjava is an implementation of DNS in Java. Records in DNS replies are not chec ### POC #### Reference -No PoCs from references. +- https://github.com/dnsjava/dnsjava/commit/bc51df1c455e6c9fb7cbd42fcb6d62d16047818d #### Github - https://github.com/phax/peppol-commons diff --git a/2024/CVE-2024-25639.md b/2024/CVE-2024-25639.md new file mode 100644 index 000000000..f71450481 --- /dev/null +++ b/2024/CVE-2024-25639.md @@ -0,0 +1,17 @@ +### [CVE-2024-25639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25639) +![](https://img.shields.io/static/v1?label=Product&message=khoj&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.13.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-80%3A%20Improper%20Neutralization%20of%20Script-Related%20HTML%20Tags%20in%20a%20Web%20Page%20(Basic%20XSS)&color=brighgreen) + +### Description + +Khoj is an application that creates personal AI agents. The Khoj Obsidian, Desktop and Web clients inadequately sanitize the AI model's response and user inputs. This can trigger Cross Site Scripting (XSS) via Prompt Injection from untrusted documents either indexed by the user on Khoj or read by Khoj from the internet when the user invokes the /online command. This vulnerability is fixed in 1.13.0. + +### POC + +#### Reference +- https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-25710.md b/2024/CVE-2024-25710.md index ac7e2982f..0493335af 100644 --- a/2024/CVE-2024-25710.md +++ b/2024/CVE-2024-25710.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-25947.md b/2024/CVE-2024-25947.md new file mode 100644 index 000000000..bc63b48bb --- /dev/null +++ b/2024/CVE-2024-25947.md @@ -0,0 +1,17 @@ +### [CVE-2024-25947](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25947) +![](https://img.shields.io/static/v1?label=Product&message=iDRAC%20Service%20Module%20(iSM)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=N%2FA%3C%3D%205.3.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%3A%20Out-of-bounds%20Write&color=brighgreen) + +### Description + +Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/chnzzh/iDRAC-CVE-lib + diff --git a/2024/CVE-2024-25948.md b/2024/CVE-2024-25948.md new file mode 100644 index 000000000..76aa1596e --- /dev/null +++ b/2024/CVE-2024-25948.md @@ -0,0 +1,17 @@ +### [CVE-2024-25948](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25948) +![](https://img.shields.io/static/v1?label=Product&message=iDRAC%20Service%20Module%20(iSM)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=N%2FA%3C%3D%205.3.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%3A%20Out-of-bounds%20Write&color=brighgreen) + +### Description + +Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/chnzzh/iDRAC-CVE-lib + diff --git a/2024/CVE-2024-26308.md b/2024/CVE-2024-26308.md index e4a9ae4f8..6af5a0a46 100644 --- a/2024/CVE-2024-26308.md +++ b/2024/CVE-2024-26308.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-2700.md b/2024/CVE-2024-2700.md index 52ed80a09..1240bb5eb 100644 --- a/2024/CVE-2024-2700.md +++ b/2024/CVE-2024-2700.md @@ -6,7 +6,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20Quarkus&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20-%20HawtIO&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Quarkus&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apicurio%20Registry&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apicurio%20Registry%202.6.1%20GA&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20OptaPlanner%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus%203.2.12.Final&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus%203.8.4.redhat&color=blue) diff --git a/2024/CVE-2024-27198.md b/2024/CVE-2024-27198.md index 2efa79366..7ec6713ed 100644 --- a/2024/CVE-2024-27198.md +++ b/2024/CVE-2024-27198.md @@ -39,6 +39,7 @@ No PoCs from references. - https://github.com/labesterOct/CVE-2024-27198 - https://github.com/marl-ot/DevSecOps-2024 - https://github.com/netlas-io/netlas-dorks +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/passwa11/CVE-2024-27198-RCE - https://github.com/rampantspark/CVE-2024-27198 diff --git a/2024/CVE-2024-27199.md b/2024/CVE-2024-27199.md index 47450414f..83f793870 100644 --- a/2024/CVE-2024-27199.md +++ b/2024/CVE-2024-27199.md @@ -29,6 +29,7 @@ No PoCs from references. - https://github.com/johe123qwe/github-trending - https://github.com/juev/links - https://github.com/marl-ot/DevSecOps-2024 +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/passwa11/CVE-2024-27198-RCE - https://github.com/rampantspark/CVE-2024-27198 diff --git a/2024/CVE-2024-27211.md b/2024/CVE-2024-27211.md index 7669ad4bd..c7ea6bc7d 100644 --- a/2024/CVE-2024-27211.md +++ b/2024/CVE-2024-27211.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-27357.md b/2024/CVE-2024-27357.md new file mode 100644 index 000000000..b4ac54634 --- /dev/null +++ b/2024/CVE-2024-27357.md @@ -0,0 +1,17 @@ +### [CVE-2024-27357](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27357) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by admins. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/p4yl0ad/p4yl0ad + diff --git a/2024/CVE-2024-27358.md b/2024/CVE-2024-27358.md new file mode 100644 index 000000000..7050d83e7 --- /dev/null +++ b/2024/CVE-2024-27358.md @@ -0,0 +1,17 @@ +### [CVE-2024-27358](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27358) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in WithSecure Elements Agent through 23.x for macOS and WithSecure Elements Client Security through 23.x for macOS. Local users can block an admin from completing an installation, aka a Denial-of-Service (DoS). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/p4yl0ad/p4yl0ad + diff --git a/2024/CVE-2024-27440.md b/2024/CVE-2024-27440.md new file mode 100644 index 000000000..a4929a851 --- /dev/null +++ b/2024/CVE-2024-27440.md @@ -0,0 +1,19 @@ +### [CVE-2024-27440](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27440) +![](https://img.shields.io/static/v1?label=Product&message=Toyoko%20Inn%20official%20App%20for%20Android&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Toyoko%20Inn%20official%20App%20for%20iOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20prior%201.3.14%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20prior%20to%201.13.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20server%20certificate%20verification&color=brighgreen) + +### Description + +The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-27489.md b/2024/CVE-2024-27489.md new file mode 100644 index 000000000..010ca26c5 --- /dev/null +++ b/2024/CVE-2024-27489.md @@ -0,0 +1,17 @@ +### [CVE-2024-27489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27489) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request. + +### POC + +#### Reference +- https://gist.github.com/yyyyy7777777/a36541cb60d9e55628f78f2a68968212 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-27626.md b/2024/CVE-2024-27626.md index 6ff4b6a79..1274dbfc6 100644 --- a/2024/CVE-2024-27626.md +++ b/2024/CVE-2024-27626.md @@ -14,4 +14,5 @@ A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotc #### Github - https://github.com/capture0x/My-CVE +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-28093.md b/2024/CVE-2024-28093.md index d7c4e97ce..0980035dc 100644 --- a/2024/CVE-2024-28093.md +++ b/2024/CVE-2024-28093.md @@ -5,7 +5,7 @@ ### Description -The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account. +**UNSUPPORTED WHEN ASSIGNED** The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account. ### POC diff --git a/2024/CVE-2024-2843.md b/2024/CVE-2024-2843.md new file mode 100644 index 000000000..2550970a3 --- /dev/null +++ b/2024/CVE-2024-2843.md @@ -0,0 +1,17 @@ +### [CVE-2024-2843](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2843) +![](https://img.shields.io/static/v1?label=Product&message=WooCommerce%20Customers%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2030.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/fec4e077-4c4e-4618-bfe8-61fdba59b696/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-2872.md b/2024/CVE-2024-2872.md new file mode 100644 index 000000000..8e50585fc --- /dev/null +++ b/2024/CVE-2024-2872.md @@ -0,0 +1,17 @@ +### [CVE-2024-2872](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2872) +![](https://img.shields.io/static/v1?label=Product&message=socialdriver-framework&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202024.04.30%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/15d3150c-673c-4c36-ac5e-85767d78b9eb/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28752.md b/2024/CVE-2024-28752.md index af324f6eb..55e0b2389 100644 --- a/2024/CVE-2024-28752.md +++ b/2024/CVE-2024-28752.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/tanjiti/sec_profile +- https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-28804.md b/2024/CVE-2024-28804.md new file mode 100644 index 000000000..c1c7dd07b --- /dev/null +++ b/2024/CVE-2024-28804.md @@ -0,0 +1,17 @@ +### [CVE-2024-28804](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28804) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Stored Cross-site scripting (XSS) can occur via POST. + +### POC + +#### Reference +- https://www.gruppotim.it/it/footer/red-team.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28805.md b/2024/CVE-2024-28805.md new file mode 100644 index 000000000..e82aadd28 --- /dev/null +++ b/2024/CVE-2024-28805.md @@ -0,0 +1,17 @@ +### [CVE-2024-28805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28805) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control. + +### POC + +#### Reference +- https://www.gruppotim.it/it/footer/red-team.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-28806.md b/2024/CVE-2024-28806.md new file mode 100644 index 000000000..11a9434b1 --- /dev/null +++ b/2024/CVE-2024-28806.md @@ -0,0 +1,17 @@ +### [CVE-2024-28806](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28806) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path. + +### POC + +#### Reference +- https://www.gruppotim.it/it/footer/red-team.html + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-28835.md b/2024/CVE-2024-28835.md index 0bacf592b..83114dc41 100644 --- a/2024/CVE-2024-28835.md +++ b/2024/CVE-2024-28835.md @@ -20,4 +20,5 @@ No PoCs from references. - https://github.com/GitHubForSnap/ssmtp-gael - https://github.com/GrigGM/05-virt-04-docker-hw - https://github.com/NaInSec/CVE-LIST +- https://github.com/trailofbits/publications diff --git a/2024/CVE-2024-29025.md b/2024/CVE-2024-29025.md index cd1e05201..17d6ba0fe 100644 --- a/2024/CVE-2024-29025.md +++ b/2024/CVE-2024-29025.md @@ -15,4 +15,5 @@ Netty is an asynchronous event-driven network application framework for rapid de #### Github - https://github.com/Azure/kafka-sink-azure-kusto - https://github.com/th2-net/th2-bom +- https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-29029.md b/2024/CVE-2024-29029.md index 068608c55..3ca6f8bec 100644 --- a/2024/CVE-2024-29029.md +++ b/2024/CVE-2024-29029.md @@ -1,12 +1,12 @@ ### [CVE-2024-29029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29029) ![](https://img.shields.io/static/v1?label=Product&message=memos&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%200.13.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.22.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) ### Description -memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. +memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /o/get/image that allows unauthenticated users to enumerate the internal network and retrieve images. The response from the image request is then copied into the response of the current server request, causing a reflected XSS vulnerability. Version 0.22.0 of memos removes the vulnerable file. ### POC diff --git a/2024/CVE-2024-29030.md b/2024/CVE-2024-29030.md index 15c2bdafe..afef9dc94 100644 --- a/2024/CVE-2024-29030.md +++ b/2024/CVE-2024-29030.md @@ -1,11 +1,11 @@ ### [CVE-2024-29030](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29030) ![](https://img.shields.io/static/v1?label=Product&message=memos&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%200.13.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.22.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) ### Description -memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. +memos is a privacy-first, lightweight note-taking service. In memos 0.13.2, an SSRF vulnerability exists at the /api/resource that allows authenticated users to enumerate the internal network. Version 0.22.0 of memos removes the vulnerable file. ### POC diff --git a/2024/CVE-2024-29193.md b/2024/CVE-2024-29193.md index a4bbbc812..d8232affd 100644 --- a/2024/CVE-2024-29193.md +++ b/2024/CVE-2024-29193.md @@ -5,7 +5,7 @@ ### Description -gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page (`index.html`) shows the available streams by fetching the API (`[0]`) in the client side. Then, it uses `Object.entries` to iterate over the result (`[1]`) whose first item (`name`) gets appended using `innerHTML` (`[2]`). In the event of a victim visiting the server in question, their browser will execute the request against the go2rtc instance. After the request, the browser will be redirected to go2rtc, in which the XSS would be executed in the context of go2rtc’s origin. As of time of publication, no patch is available. +gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page (`index.html`) shows the available streams by fetching the API in the client side. Then, it uses `Object.entries` to iterate over the result whose first item (`name`) gets appended using `innerHTML`. In the event of a victim visiting the server in question, their browser will execute the request against the go2rtc instance. After the request, the browser will be redirected to go2rtc, in which the XSS would be executed in the context of go2rtc’s origin. As of time of publication, no patch is available. ### POC diff --git a/2024/CVE-2024-29301.md b/2024/CVE-2024-29301.md index 82d09043b..3623202d1 100644 --- a/2024/CVE-2024-29301.md +++ b/2024/CVE-2024-29301.md @@ -13,5 +13,5 @@ SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via - https://packetstormsecurity.com/files/177737/Task-Management-System-1.0-SQL-Injection.html #### Github -No PoCs found on GitHub currently. +- https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-29857.md b/2024/CVE-2024-29857.md index b8abac8fb..82174f4c9 100644 --- a/2024/CVE-2024-29857.md +++ b/2024/CVE-2024-29857.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/cdupuis/aspnetapp +- https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-29944.md b/2024/CVE-2024-29944.md index b3dca48cf..ebb1ef120 100644 --- a/2024/CVE-2024-29944.md +++ b/2024/CVE-2024-29944.md @@ -16,4 +16,5 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/RENANZG/My-Debian-GNU-Linux diff --git a/2024/CVE-2024-2997.md b/2024/CVE-2024-2997.md index f8b726a8f..116f8dfb6 100644 --- a/2024/CVE-2024-2997.md +++ b/2024/CVE-2024-2997.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-30171.md b/2024/CVE-2024-30171.md index 56b2a4240..932a59171 100644 --- a/2024/CVE-2024-30171.md +++ b/2024/CVE-2024-30171.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/cdupuis/aspnetapp +- https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-30172.md b/2024/CVE-2024-30172.md index 184d9ac9f..8c928a3b7 100644 --- a/2024/CVE-2024-30172.md +++ b/2024/CVE-2024-30172.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/cdupuis/aspnetapp +- https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-30284.md b/2024/CVE-2024-30284.md new file mode 100644 index 000000000..c88ae1721 --- /dev/null +++ b/2024/CVE-2024-30284.md @@ -0,0 +1,17 @@ +### [CVE-2024-30284](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30284) +![](https://img.shields.io/static/v1?label=Product&message=Acrobat%20Reader&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free%20(CWE-416)&color=brighgreen) + +### Description + +Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/markyason/markyason.github.io + diff --git a/2024/CVE-2024-3113.md b/2024/CVE-2024-3113.md new file mode 100644 index 000000000..c87a1593b --- /dev/null +++ b/2024/CVE-2024-3113.md @@ -0,0 +1,17 @@ +### [CVE-2024-3113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3113) +![](https://img.shields.io/static/v1?label=Product&message=FormFlow%3A%20WhatsApp%20Social%20and%20Advanced%20Form%20Builder%20with%20Easy%20Lead%20Collection&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.12.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ad85c5c7-f4d1-4374-b3b7-8ee022d27d34/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-31211.md b/2024/CVE-2024-31211.md new file mode 100644 index 000000000..464c91cb8 --- /dev/null +++ b/2024/CVE-2024-31211.md @@ -0,0 +1,17 @@ +### [CVE-2024-31211](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31211) +![](https://img.shields.io/static/v1?label=Product&message=wordpress-develop&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%206.4.0%20%3C%206.4.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%3A%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) + +### Description + +WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions prior to 6.4.0 are not affected. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-31223.md b/2024/CVE-2024-31223.md new file mode 100644 index 000000000..9f8f27c8e --- /dev/null +++ b/2024/CVE-2024-31223.md @@ -0,0 +1,17 @@ +### [CVE-2024-31223](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31223) +![](https://img.shields.io/static/v1?label=Product&message=fides&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%202.19.0%2C%20%3C%202.39.2rc0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-497%3A%20Exposure%20of%20Sensitive%20System%20Information%20to%20an%20Unauthorized%20Control%20Sphere&color=brighgreen) + +### Description + +Fides is an open-source privacy engineering platform, and `SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. A vulnerability present starting in version 2.19.0 and prior to version 2.39.2rc0 allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that discloses the value of this server-side URL. This could result in disclosure of server-side configuration giving an attacker information on server-side ports, private IP addresses, and/or private domain names. The vulnerability has been patched in Fides version 2.39.2rc0. No known workarounds are available. + +### POC + +#### Reference +- https://github.com/ethyca/fides/security/advisories/GHSA-53q7-4874-24qg + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-31971.md b/2024/CVE-2024-31971.md index 40d4e7265..c4829b5ec 100644 --- a/2024/CVE-2024-31971.md +++ b/2024/CVE-2024-31971.md @@ -5,7 +5,7 @@ ### Description -Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html. +**UNSUPPORTED WHEN ASSIGNED** Multiple stored cross-site scripting (XSS) vulnerabilities on AdTran NetVanta 3120 18.01.01.00.E devices allow remote attackers to inject arbitrary JavaScript, as demonstrated by /mainPassword.html, /processIdentity.html, /public.html, /dhcp.html, /private.html, /hostname.html, /connectivity.html, /NetworkMonitor.html, /trafficMonitoringConfig.html, and /wizardMain.html. ### POC diff --git a/2024/CVE-2024-32030.md b/2024/CVE-2024-32030.md index 3012c4782..11baf5781 100644 --- a/2024/CVE-2024-32030.md +++ b/2024/CVE-2024-32030.md @@ -11,7 +11,7 @@ Kafka UI is an Open-Source Web UI for Apache Kafka Management. Kafka UI API allo ### POC #### Reference -No PoCs from references. +- https://securitylab.github.com/advisories/GHSL-2023-229_GHSL-2023-230_kafka-ui/ #### Github - https://github.com/Mr-xn/Penetration_Testing_POC diff --git a/2024/CVE-2024-32104.md b/2024/CVE-2024-32104.md new file mode 100644 index 000000000..deaec83a3 --- /dev/null +++ b/2024/CVE-2024-32104.md @@ -0,0 +1,17 @@ +### [CVE-2024-32104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32104) +![](https://img.shields.io/static/v1?label=Product&message=NextMove%20Lite&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +Cross-Site Request Forgery (CSRF) vulnerability in XLPlugins NextMove Lite.This issue affects NextMove Lite: from n/a through 2.18.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-32113.md b/2024/CVE-2024-32113.md index 834133246..59a28e76e 100644 --- a/2024/CVE-2024-32113.md +++ b/2024/CVE-2024-32113.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/Mr-xn/CVE-2024-32113 - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/Ostorlab/KEV +- https://github.com/RacerZ-fighting/RacerZ-fighting - https://github.com/Threekiii/CVE - https://github.com/absholi7ly/Apache-OFBiz-Directory-Traversal-exploit - https://github.com/enomothem/PenTestNote diff --git a/2024/CVE-2024-3219.md b/2024/CVE-2024-3219.md new file mode 100644 index 000000000..36b62b2d8 --- /dev/null +++ b/2024/CVE-2024-3219.md @@ -0,0 +1,17 @@ +### [CVE-2024-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3219) +![](https://img.shields.io/static/v1?label=Product&message=CPython&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.13.0rc1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +There is a MEDIUM severity vulnerability affecting CPython.The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer.Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-32700.md b/2024/CVE-2024-32700.md new file mode 100644 index 000000000..cb8f29cc5 --- /dev/null +++ b/2024/CVE-2024-32700.md @@ -0,0 +1,17 @@ +### [CVE-2024-32700](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32700) +![](https://img.shields.io/static/v1?label=Product&message=Kognetiks%20Chatbot%20for%20WordPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +Unrestricted Upload of File with Dangerous Type vulnerability in Kognetiks Kognetiks Chatbot for WordPress.This issue affects Kognetiks Chatbot for WordPress: from n/a through 2.0.0. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-33365.md b/2024/CVE-2024-33365.md new file mode 100644 index 000000000..96adaea60 --- /dev/null +++ b/2024/CVE-2024-33365.md @@ -0,0 +1,18 @@ +### [CVE-2024-33365](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33365) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer Overflow vulnerability in Tenda AC10 v4 US_AC10V4.0si_V16.03.10.20_cn allows a remote attacker to execute arbitrary code via the Virtual_Data_Check function in the bin/httpd component. + +### POC + +#### Reference +- https://github.com/johnathanhuutri/CVE_report/blob/master/CVE-2024-33365/README.md +- https://hackmd.io/@JohnathanHuuTri/rJNbEItJC + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-33373.md b/2024/CVE-2024-33373.md index 67b07c5cb..7bd3a097c 100644 --- a/2024/CVE-2024-33373.md +++ b/2024/CVE-2024-33373.md @@ -11,6 +11,7 @@ An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass passwor #### Reference - https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Password-Policy-Bypass--%7C--Inconsistent-Password-Policy-(CVE%E2%80%902024%E2%80%9033373) +- https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/ #### Github No PoCs found on GitHub currently. diff --git a/2024/CVE-2024-33374.md b/2024/CVE-2024-33374.md index fbfcd43cb..16158a78b 100644 --- a/2024/CVE-2024-33374.md +++ b/2024/CVE-2024-33374.md @@ -11,6 +11,7 @@ Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v #### Reference - https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Incorrect-Access-Control-(CVE%E2%80%902024%E2%80%9033374) +- https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/ #### Github No PoCs found on GitHub currently. diff --git a/2024/CVE-2024-33375.md b/2024/CVE-2024-33375.md new file mode 100644 index 000000000..0d9a2dd72 --- /dev/null +++ b/2024/CVE-2024-33375.md @@ -0,0 +1,17 @@ +### [CVE-2024-33375](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33375) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's firmware. + +### POC + +#### Reference +- https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-33377.md b/2024/CVE-2024-33377.md index 7c0d171ff..0fc095ca4 100644 --- a/2024/CVE-2024-33377.md +++ b/2024/CVE-2024-33377.md @@ -11,6 +11,7 @@ LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability vi #### Reference - https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Clickjacking-(CVE%E2%80%902024%E2%80%9033377) +- https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/ #### Github No PoCs found on GitHub currently. diff --git a/2024/CVE-2024-33544.md b/2024/CVE-2024-33544.md new file mode 100644 index 000000000..56f14aac5 --- /dev/null +++ b/2024/CVE-2024-33544.md @@ -0,0 +1,17 @@ +### [CVE-2024-33544](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33544) +![](https://img.shields.io/static/v1?label=Product&message=WZone&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%2014.0.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team WZone allows SQL Injection.This issue affects WZone: from n/a through 14.0.10. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Ostorlab/KEV + diff --git a/2024/CVE-2024-3400.md b/2024/CVE-2024-3400.md index 0bdf7f2a6..50022a8d6 100644 --- a/2024/CVE-2024-3400.md +++ b/2024/CVE-2024-3400.md @@ -61,6 +61,7 @@ A command injection as a result of arbitrary file creation vulnerability in the - https://github.com/marconesler/CVE-2024-3400 - https://github.com/momika233/CVE-2024-3400 - https://github.com/netlas-io/netlas-dorks +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/phantomradar/cve-2024-3400-poc - https://github.com/pwnj0hn/CVE-2024-3400 diff --git a/2024/CVE-2024-34094.md b/2024/CVE-2024-34094.md new file mode 100644 index 000000000..5520b0488 --- /dev/null +++ b/2024/CVE-2024-34094.md @@ -0,0 +1,17 @@ +### [CVE-2024-34094](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34094) +![](https://img.shields.io/static/v1?label=Product&message=Acrobat%20Reader&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free%20(CWE-416)&color=brighgreen) + +### Description + +Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/markyason/markyason.github.io + diff --git a/2024/CVE-2024-34095.md b/2024/CVE-2024-34095.md new file mode 100644 index 000000000..688693710 --- /dev/null +++ b/2024/CVE-2024-34095.md @@ -0,0 +1,17 @@ +### [CVE-2024-34095](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34095) +![](https://img.shields.io/static/v1?label=Product&message=Acrobat%20Reader&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free%20(CWE-416)&color=brighgreen) + +### Description + +Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/markyason/markyason.github.io + diff --git a/2024/CVE-2024-34096.md b/2024/CVE-2024-34096.md new file mode 100644 index 000000000..33c71500c --- /dev/null +++ b/2024/CVE-2024-34096.md @@ -0,0 +1,17 @@ +### [CVE-2024-34096](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34096) +![](https://img.shields.io/static/v1?label=Product&message=Acrobat%20Reader&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free%20(CWE-416)&color=brighgreen) + +### Description + +Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/markyason/markyason.github.io + diff --git a/2024/CVE-2024-34097.md b/2024/CVE-2024-34097.md new file mode 100644 index 000000000..1be774943 --- /dev/null +++ b/2024/CVE-2024-34097.md @@ -0,0 +1,17 @@ +### [CVE-2024-34097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34097) +![](https://img.shields.io/static/v1?label=Product&message=Acrobat%20Reader&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free%20(CWE-416)&color=brighgreen) + +### Description + +Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/markyason/markyason.github.io + diff --git a/2024/CVE-2024-34144.md b/2024/CVE-2024-34144.md index 0cd289281..92733c053 100644 --- a/2024/CVE-2024-34144.md +++ b/2024/CVE-2024-34144.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-34447.md b/2024/CVE-2024-34447.md index 93aea7ff6..540596e82 100644 --- a/2024/CVE-2024-34447.md +++ b/2024/CVE-2024-34447.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/ytono/gcp-arcade diff --git a/2024/CVE-2024-34693.md b/2024/CVE-2024-34693.md new file mode 100644 index 000000000..c21c6dd37 --- /dev/null +++ b/2024/CVE-2024-34693.md @@ -0,0 +1,17 @@ +### [CVE-2024-34693](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34693) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20Superset&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.This issue affects Apache Superset: before 3.1.3 and version 4.0.0Users are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-35526.md b/2024/CVE-2024-35526.md new file mode 100644 index 000000000..6e01a2586 --- /dev/null +++ b/2024/CVE-2024-35526.md @@ -0,0 +1,17 @@ +### [CVE-2024-35526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35526) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to access sensitive information in the /facade directory. + +### POC + +#### Reference +- https://bastionsecurity.co.nz/advisories/farcry-core-multiple.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-35527.md b/2024/CVE-2024-35527.md new file mode 100644 index 000000000..94988704c --- /dev/null +++ b/2024/CVE-2024-35527.md @@ -0,0 +1,17 @@ +### [CVE-2024-35527](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35527) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to execute arbitrary code via uploading a crafted .cfm file. + +### POC + +#### Reference +- https://bastionsecurity.co.nz/advisories/farcry-core-multiple.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-36111.md b/2024/CVE-2024-36111.md new file mode 100644 index 000000000..51c11136a --- /dev/null +++ b/2024/CVE-2024-36111.md @@ -0,0 +1,18 @@ +### [CVE-2024-36111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36111) +![](https://img.shields.io/static/v1?label=Product&message=KubePi&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%201.6.3%2C%20%3C%201.8.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1259%3A%20Improper%20Restriction%20of%20Security%20Token%20Assignment&color=brighgreen) + +### Description + +KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the key is detected to be empty in the configuration file reading logic, the key is empty during actual verification. Using an empty key to generate a JWT token can bypass the login verification and directly take over the back end. Version 1.8.0 contains a patch for this issue. + +### POC + +#### Reference +- https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-8q5r-cvcw-4wx7 + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/wy876/POC + diff --git a/2024/CVE-2024-3636.md b/2024/CVE-2024-3636.md new file mode 100644 index 000000000..cc0cbbc8b --- /dev/null +++ b/2024/CVE-2024-3636.md @@ -0,0 +1,17 @@ +### [CVE-2024-3636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3636) +![](https://img.shields.io/static/v1?label=Product&message=Pinpoint%20Booking%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.9.9.4.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/bab46c28-71aa-4610-9683-361e7b008d37/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-36401.md b/2024/CVE-2024-36401.md index 6d19283bc..5d5db7410 100644 --- a/2024/CVE-2024-36401.md +++ b/2024/CVE-2024-36401.md @@ -26,4 +26,5 @@ GeoServer is an open source server that allows users to share and edit geospatia - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main - https://github.com/tanjiti/sec_profile - https://github.com/wy876/POC +- https://github.com/zgimszhd61/CVE-2024-36401 diff --git a/2024/CVE-2024-36448.md b/2024/CVE-2024-36448.md new file mode 100644 index 000000000..ab9a45f1d --- /dev/null +++ b/2024/CVE-2024-36448.md @@ -0,0 +1,17 @@ +### [CVE-2024-36448](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36448) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20IoTDB%20Workbench&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.13.0%3C%3D%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Server-Side Request Forgery (SSRF) vulnerability in Apache IoTDB Workbench.This issue affects Apache IoTDB Workbench: from 0.13.0.As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.NOTE: This vulnerability only affects products that are no longer supported by the maintainer. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-36539.md b/2024/CVE-2024-36539.md index 09471d6a9..f7fae0bb8 100644 --- a/2024/CVE-2024-36539.md +++ b/2024/CVE-2024-36539.md @@ -13,5 +13,5 @@ Insecure permissions in contour v1.28.3 allows attackers to access sensitive dat - https://gist.github.com/HouqiyuA/c92f9ec979653dceeea947afd0b47a80 #### Github -No PoCs found on GitHub currently. +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-36542.md b/2024/CVE-2024-36542.md new file mode 100644 index 000000000..e538e4d72 --- /dev/null +++ b/2024/CVE-2024-36542.md @@ -0,0 +1,17 @@ +### [CVE-2024-36542](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36542) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. + +### POC + +#### Reference +- https://gist.github.com/HouqiyuA/e1685843b6f42b47dbf97e2e92e63428 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-36572.md b/2024/CVE-2024-36572.md new file mode 100644 index 000000000..f2cf7f343 --- /dev/null +++ b/2024/CVE-2024-36572.md @@ -0,0 +1,18 @@ +### [CVE-2024-36572](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36572) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Prototype pollution in allpro form-manager 0.7.4 allows attackers to run arbitrary code and cause other impacts via the functions setDefaults, mergeBranch, and Object.setObjectValue. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/1771ab4fba733ca898b6e2463dc6ed19 +- https://github.com/allpro/form-manager/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-3669.md b/2024/CVE-2024-3669.md new file mode 100644 index 000000000..3a3bbc1b8 --- /dev/null +++ b/2024/CVE-2024-3669.md @@ -0,0 +1,17 @@ +### [CVE-2024-3669](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3669) +![](https://img.shields.io/static/v1?label=Product&message=Web%20Directory%20Free&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.7.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3c37c9a9-1424-427a-adc7-c2336a47e9cf/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37085.md b/2024/CVE-2024-37085.md new file mode 100644 index 000000000..4c67dc8dc --- /dev/null +++ b/2024/CVE-2024-37085.md @@ -0,0 +1,21 @@ +### [CVE-2024-37085](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37085) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20Cloud%20Foundation&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20ESXi&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%205.x%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=8.0%3C%20ESXi80U3-24022510%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Authentication%20bypass%20vulnerability&color=brighgreen) + +### Description + +VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/gokupwn/pushMyResources +- https://github.com/h0bbel/h0bbel +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-37161.md b/2024/CVE-2024-37161.md new file mode 100644 index 000000000..bf882dffc --- /dev/null +++ b/2024/CVE-2024-37161.md @@ -0,0 +1,17 @@ +### [CVE-2024-37161](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37161) +![](https://img.shields.io/static/v1?label=Product&message=metersphere&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.10.1-lts%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue. + +### POC + +#### Reference +- https://github.com/metersphere/metersphere/security/advisories/GHSA-6h7v-q5rp-h6q9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-3727.md b/2024/CVE-2024-3727.md index c9df9ba2a..ce2b7feed 100644 --- a/2024/CVE-2024-3727.md +++ b/2024/CVE-2024-3727.md @@ -15,6 +15,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%203.11&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.15&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.16&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%20Assisted%20Installer&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Dev%20Spaces&color=blue) diff --git a/2024/CVE-2024-37298.md b/2024/CVE-2024-37298.md new file mode 100644 index 000000000..7ab807d86 --- /dev/null +++ b/2024/CVE-2024-37298.md @@ -0,0 +1,17 @@ +### [CVE-2024-37298](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37298) +![](https://img.shields.io/static/v1?label=Product&message=schema&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.4.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-770%3A%20Allocation%20of%20Resources%20Without%20Limits%20or%20Throttling&color=brighgreen) + +### Description + +gorilla/schema converts structs to and from form values. Prior to version 1.4.1 Running `schema.Decoder.Decode()` on a struct that has a field of type `[]struct{...}` opens it up to malicious attacks regarding memory allocations, taking advantage of the sparse slice functionality. Any use of `schema.Decoder.Decode()` on a struct with arrays of other structs could be vulnerable to this memory exhaustion vulnerability. Version 1.4.1 contains a patch for the issue. + +### POC + +#### Reference +- https://github.com/gorilla/schema/security/advisories/GHSA-3669-72x9-r9p3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37310.md b/2024/CVE-2024-37310.md new file mode 100644 index 000000000..4553f15c4 --- /dev/null +++ b/2024/CVE-2024-37310.md @@ -0,0 +1,18 @@ +### [CVE-2024-37310](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37310) +![](https://img.shields.io/static/v1?label=Product&message=everest-core&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202024.3.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-122%3A%20Heap-based%20Buffer%20Overflow&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +EVerest is an EV charging software stack. An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process' heap. This vulnerability is fixed in 2024.3.1 and 2024.6.0. + +### POC + +#### Reference +- https://github.com/EVerest/everest-core/security/advisories/GHSA-8g9q-7qr9-vc96 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37631.md b/2024/CVE-2024-37631.md new file mode 100644 index 000000000..ff94bb577 --- /dev/null +++ b/2024/CVE-2024-37631.md @@ -0,0 +1,17 @@ +### [CVE-2024-37631](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37631) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via the File parameter in function UploadCustomModule. + +### POC + +#### Reference +- https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK/A3700R/UploadCustomModule/README.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37639.md b/2024/CVE-2024-37639.md new file mode 100644 index 000000000..c5fdfa743 --- /dev/null +++ b/2024/CVE-2024-37639.md @@ -0,0 +1,17 @@ +### [CVE-2024-37639](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37639) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via eport in the function setIpPortFilterRules. + +### POC + +#### Reference +- https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK/A3700R/setIpPortFilterRules/README.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37640.md b/2024/CVE-2024-37640.md new file mode 100644 index 000000000..4f7fe51ea --- /dev/null +++ b/2024/CVE-2024-37640.md @@ -0,0 +1,17 @@ +### [CVE-2024-37640](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37640) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TOTOLINK A3700R V9.1.2u.6165_20211012 was discovered to contain a stack overflow via ssid5g in the function setWiFiEasyGuestCfg. + +### POC + +#### Reference +- https://github.com/s4ndw1ch136/IOT-vuln-reports/tree/main/TOTOLINK/A3700R/setWiFiEasyGuestCfg + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37641.md b/2024/CVE-2024-37641.md new file mode 100644 index 000000000..4e94cd84a --- /dev/null +++ b/2024/CVE-2024-37641.md @@ -0,0 +1,17 @@ +### [CVE-2024-37641](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37641) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow via the submit-url parameter at /formNewSchedule + +### POC + +#### Reference +- https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TRENDnet/TEW-814DAP/formNewSchedule/README.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37645.md b/2024/CVE-2024-37645.md new file mode 100644 index 000000000..e1c167de4 --- /dev/null +++ b/2024/CVE-2024-37645.md @@ -0,0 +1,17 @@ +### [CVE-2024-37645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37645) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TRENDnet TEW-814DAP v1_(FW1.01B01) was discovered to contain a stack overflow vulnerability via the submit-url parameter at /formSysLog . + +### POC + +#### Reference +- https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TRENDnet/TEW-814DAP/formSysLog/README.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-3768.md b/2024/CVE-2024-3768.md index 72c0f8339..2fbd485f8 100644 --- a/2024/CVE-2024-3768.md +++ b/2024/CVE-2024-3768.md @@ -5,7 +5,7 @@ ### Description -A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260615. +A vulnerability, which was classified as critical, has been found in PHPGurukul/itsourcecode News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260615. ### POC diff --git a/2024/CVE-2024-37726.md b/2024/CVE-2024-37726.md index e4c5fb1a4..c7bf0f7f6 100644 --- a/2024/CVE-2024-37726.md +++ b/2024/CVE-2024-37726.md @@ -10,7 +10,7 @@ Insecure Permissions vulnerability in Micro-Star International Co., Ltd MSI Cent ### POC #### Reference -No PoCs from references. +- https://github.com/carsonchan12345/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation #### Github - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-37742.md b/2024/CVE-2024-37742.md index f4cd4b510..2082e0740 100644 --- a/2024/CVE-2024-37742.md +++ b/2024/CVE-2024-37742.md @@ -10,7 +10,7 @@ Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on Windows. The vulne ### POC #### Reference -No PoCs from references. +- https://github.com/Eteblue/CVE-2024-37742 #### Github - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-37800.md b/2024/CVE-2024-37800.md new file mode 100644 index 000000000..8987e8348 --- /dev/null +++ b/2024/CVE-2024-37800.md @@ -0,0 +1,17 @@ +### [CVE-2024-37800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37800) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +CodeProjects Restaurant Reservation System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Date parameter at index.php. + +### POC + +#### Reference +- https://github.com/SandeepRajauriya/CVEs/blob/main/CVE-2024-37800 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37829.md b/2024/CVE-2024-37829.md new file mode 100644 index 000000000..644eca6c1 --- /dev/null +++ b/2024/CVE-2024-37829.md @@ -0,0 +1,17 @@ +### [CVE-2024-37829](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37829) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Outline <= v0.76.1 allows attackers to execute a session hijacking attack via user interaction with a crafted magic sign-in link. + +### POC + +#### Reference +- https://github.com/sysentr0py/CVEs/tree/main/CVE-2024-37829 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37830.md b/2024/CVE-2024-37830.md new file mode 100644 index 000000000..b782b0040 --- /dev/null +++ b/2024/CVE-2024-37830.md @@ -0,0 +1,17 @@ +### [CVE-2024-37830](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37830) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie. + +### POC + +#### Reference +- https://github.com/sysentr0py/CVEs/tree/main/CVE-2024-37830 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37856.md b/2024/CVE-2024-37856.md new file mode 100644 index 000000000..2b1b0d69b --- /dev/null +++ b/2024/CVE-2024-37856.md @@ -0,0 +1,17 @@ +### [CVE-2024-37856](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37856) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page. + +### POC + +#### Reference +- https://packetstormsecurity.com/files/179078/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37857.md b/2024/CVE-2024-37857.md new file mode 100644 index 000000000..423909426 --- /dev/null +++ b/2024/CVE-2024-37857.md @@ -0,0 +1,17 @@ +### [CVE-2024-37857](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37857) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php. + +### POC + +#### Reference +- https://packetstormsecurity.com/files/179080/Lost-And-Found-Information-System-1.0-SQL-Injection.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37858.md b/2024/CVE-2024-37858.md new file mode 100644 index 000000000..35c98cb6f --- /dev/null +++ b/2024/CVE-2024-37858.md @@ -0,0 +1,17 @@ +### [CVE-2024-37858](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37858) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php. + +### POC + +#### Reference +- https://packetstormsecurity.com/files/179079/Lost-And-Found-Information-System-1.0-SQL-Injection.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37859.md b/2024/CVE-2024-37859.md new file mode 100644 index 000000000..910550cae --- /dev/null +++ b/2024/CVE-2024-37859.md @@ -0,0 +1,17 @@ +### [CVE-2024-37859](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37859) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. + +### POC + +#### Reference +- https://packetstormsecurity.com/files/179081/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37895.md b/2024/CVE-2024-37895.md new file mode 100644 index 000000000..aa8fe02a3 --- /dev/null +++ b/2024/CVE-2024-37895.md @@ -0,0 +1,17 @@ +### [CVE-2024-37895](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37895) +![](https://img.shields.io/static/v1?label=Product&message=lobe-chat&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.162.25%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. This issue has been addressed in version 0.162.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/lobehub/lobe-chat/security/advisories/GHSA-p36r-qxgx-jq2v + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-37906.md b/2024/CVE-2024-37906.md new file mode 100644 index 000000000..ac1e3d7a1 --- /dev/null +++ b/2024/CVE-2024-37906.md @@ -0,0 +1,17 @@ +### [CVE-2024-37906](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37906) +![](https://img.shields.io/static/v1?label=Product&message=admidio&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.3.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.9, there is an SQL Injection in the `/adm_program/modules/ecards/ecard_send.php` source file of the Admidio Application. The SQL Injection results in a compromise of the application's database. The value of `ecard_recipients `POST parameter is being directly concatenated with the SQL query in the source code causing the SQL Injection. The SQL Injection can be exploited by a member user, using blind condition-based, time-based, and Out of band interaction SQL Injection payloads. This vulnerability is fixed in 4.3.9. + +### POC + +#### Reference +- https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38288.md b/2024/CVE-2024-38288.md new file mode 100644 index 000000000..d8dbeabef --- /dev/null +++ b/2024/CVE-2024-38288.md @@ -0,0 +1,17 @@ +### [CVE-2024-38288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38288) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root. + +### POC + +#### Reference +- https://github.com/google/security-research/security/advisories/GHSA-gx6g-8mvx-3q5c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38289.md b/2024/CVE-2024-38289.md new file mode 100644 index 000000000..ac33043c9 --- /dev/null +++ b/2024/CVE-2024-38289.md @@ -0,0 +1,17 @@ +### [CVE-2024-38289](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38289) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A boolean-based SQL injection issue in the Virtual Meeting Password (VMP) endpoint in R-HUB TurboMeeting through 8.x allows unauthenticated remote attackers to extract hashed passwords from the database, and authenticate to the application, via crafted SQL input. + +### POC + +#### Reference +- https://github.com/google/security-research/security/advisories/GHSA-vx5j-8pgx-v42v + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38353.md b/2024/CVE-2024-38353.md new file mode 100644 index 000000000..b6c738c69 --- /dev/null +++ b/2024/CVE-2024-38353.md @@ -0,0 +1,18 @@ +### [CVE-2024-38353](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38353) +![](https://img.shields.io/static/v1?label=Product&message=codimd&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.5.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-338%3A%20Use%20of%20Cryptographically%20Weak%20Pseudo-Random%20Number%20Generator%20(PRNG)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%3A%20Missing%20Authorization&color=brighgreen) + +### Description + +CodiMD allows realtime collaborative markdown notes on all platforms. CodiMD before 2.5.4 is missing authentication and access control vulnerability allowing an unauthenticated attacker to gain unauthorised access to image data uploaded to CodiMD. CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an attacker can determine the filenames for previously uploaded images and the likelihood of this issue being exploited is increased. This vulnerability is fixed in 2.5.4. + +### POC + +#### Reference +- https://github.com/hackmdio/codimd/security/advisories/GHSA-2764-jppc-p2hm + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38354.md b/2024/CVE-2024-38354.md new file mode 100644 index 000000000..ef8418c47 --- /dev/null +++ b/2024/CVE-2024-38354.md @@ -0,0 +1,17 @@ +### [CVE-2024-38354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38354) +![](https://img.shields.io/static/v1?label=Product&message=codimd&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.5.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +CodiMD allows realtime collaborative markdown notes on all platforms. The notebook feature of Hackmd.io permits the rendering of iframe `HTML` tags with an improperly sanitized `name` attribute. This vulnerability enables attackers to perform cross-site scripting (XSS) attacks via DOM clobbering. This vulnerability is fixed in 2.5.4. + +### POC + +#### Reference +- https://github.com/hackmdio/codimd/security/advisories/GHSA-22jv-vch8-2vp9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38359.md b/2024/CVE-2024-38359.md new file mode 100644 index 000000000..5d6ed09e2 --- /dev/null +++ b/2024/CVE-2024-38359.md @@ -0,0 +1,17 @@ +### [CVE-2024-38359](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38359) +![](https://img.shields.io/static/v1?label=Product&message=lnd&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.17.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +The Lightning Network Daemon (lnd) - is a complete implementation of a Lightning Network node. A parsing vulnerability in lnd's onion processing logic and lead to a DoS vector due to excessive memory allocation. The issue was patched in lnd v0.17.0. Users should update to a version > v0.17.0 to be protected. Users unable to upgrade may set the `--rejecthtlc` CLI flag and also disable forwarding on channels via the `UpdateChanPolicyCommand`, or disable listening on a public network interface via the `--nolisten` flag as a mitigation. + +### POC + +#### Reference +- https://delvingbitcoin.org/t/dos-disclosure-lnd-onion-bomb/979 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38472.md b/2024/CVE-2024-38472.md new file mode 100644 index 000000000..20d74c051 --- /dev/null +++ b/2024/CVE-2024-38472.md @@ -0,0 +1,17 @@ +### [CVE-2024-38472](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38472) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20HTTP%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2.4.0%3C%3D%202.4.59%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue.  Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-38473.md b/2024/CVE-2024-38473.md new file mode 100644 index 000000000..52cc6c82b --- /dev/null +++ b/2024/CVE-2024-38473.md @@ -0,0 +1,17 @@ +### [CVE-2024-38473](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38473) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20HTTP%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2.4.0%3C%3D%202.4.59%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-116%20Improper%20Encoding%20or%20Escaping%20of%20Output&color=brighgreen) + +### Description + +Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests.Users are recommended to upgrade to version 2.4.60, which fixes this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-38481.md b/2024/CVE-2024-38481.md new file mode 100644 index 000000000..1037f0e8c --- /dev/null +++ b/2024/CVE-2024-38481.md @@ -0,0 +1,17 @@ +### [CVE-2024-38481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38481) +![](https://img.shields.io/static/v1?label=Product&message=iDRAC%20Service%20Module%20(iSM)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=N%2FA%3C%3D%205.3.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%3A%20Out-of-bounds%20Read&color=brighgreen) + +### Description + +Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/chnzzh/iDRAC-CVE-lib + diff --git a/2024/CVE-2024-38489.md b/2024/CVE-2024-38489.md new file mode 100644 index 000000000..1f13b1853 --- /dev/null +++ b/2024/CVE-2024-38489.md @@ -0,0 +1,17 @@ +### [CVE-2024-38489](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38489) +![](https://img.shields.io/static/v1?label=Product&message=iDRAC%20Service%20Module%20(iSM)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=N%2FA%3C%3D%205.3.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%3A%20Out-of-bounds%20Write&color=brighgreen) + +### Description + +Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/chnzzh/iDRAC-CVE-lib + diff --git a/2024/CVE-2024-38490.md b/2024/CVE-2024-38490.md new file mode 100644 index 000000000..7ad9c5871 --- /dev/null +++ b/2024/CVE-2024-38490.md @@ -0,0 +1,17 @@ +### [CVE-2024-38490](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38490) +![](https://img.shields.io/static/v1?label=Product&message=iDRAC%20Service%20Module%20(iSM)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=N%2FA%3C%3D%205.3.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%3A%20Out-of-bounds%20Write&color=brighgreen) + +### Description + +Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/chnzzh/iDRAC-CVE-lib + diff --git a/2024/CVE-2024-3850.md b/2024/CVE-2024-3850.md new file mode 100644 index 000000000..79f141d8e --- /dev/null +++ b/2024/CVE-2024-3850.md @@ -0,0 +1,17 @@ +### [CVE-2024-3850](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3850) +![](https://img.shields.io/static/v1?label=Product&message=NVR301-04S2-P4&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20NVR-B3801.20.17.240507%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting&color=brighgreen) + +### Description + +Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained. + +### POC + +#### Reference +- https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38514.md b/2024/CVE-2024-38514.md new file mode 100644 index 000000000..07f53111d --- /dev/null +++ b/2024/CVE-2024-38514.md @@ -0,0 +1,17 @@ +### [CVE-2024-38514](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38514) +![](https://img.shields.io/static/v1?label=Product&message=ChatGPT-Next-Web&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.12.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the `endpoint` GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance (MKCOL, PUT and GET methods supported), or to target NextChat users and make them execute arbitrary JavaScript code in their browser. This vulnerability has been patched in version 2.12.4. + +### POC + +#### Reference +- https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web/security/advisories/GHSA-gph5-rx77-3pjg + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38520.md b/2024/CVE-2024-38520.md new file mode 100644 index 000000000..b1e35be5e --- /dev/null +++ b/2024/CVE-2024-38520.md @@ -0,0 +1,17 @@ +### [CVE-2024-38520](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38520) +![](https://img.shields.io/static/v1?label=Product&message=SoftEtherVPN&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%205.02.5183%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response packets that are larger than the request packet size. These sorts of techniques are used by external actors who generate spoofed source IPs to target a destination on the internet. This vulnerability has been patched in version 5.02.5185. + +### POC + +#### Reference +- https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38521.md b/2024/CVE-2024-38521.md new file mode 100644 index 000000000..8f1b29f80 --- /dev/null +++ b/2024/CVE-2024-38521.md @@ -0,0 +1,17 @@ +### [CVE-2024-38521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38521) +![](https://img.shields.io/static/v1?label=Product&message=hushline&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. There is a stored XSS in the Inbox. The input is displayed using the `safe` Jinja2 attribute, and thus not sanitized upon display. This issue has been patched in version 0.1.0. + +### POC + +#### Reference +- https://github.com/scidsg/hushline/security/advisories/GHSA-4v8c-r6h2-fhh3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38522.md b/2024/CVE-2024-38522.md new file mode 100644 index 000000000..b1a87ce48 --- /dev/null +++ b/2024/CVE-2024-38522.md @@ -0,0 +1,17 @@ +### [CVE-2024-38522](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38522) +![](https://img.shields.io/static/v1?label=Product&message=hushline&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-183%3A%20Permissive%20List%20of%20Allowed%20Inputs&color=brighgreen) + +### Description + +Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the `tips.hushline.app` website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version 0.1.0. + +### POC + +#### Reference +- https://github.com/scidsg/hushline/security/advisories/GHSA-r85c-95x7-4h7q + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38523.md b/2024/CVE-2024-38523.md new file mode 100644 index 000000000..0ce13717b --- /dev/null +++ b/2024/CVE-2024-38523.md @@ -0,0 +1,17 @@ +### [CVE-2024-38523](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38523) +![](https://img.shields.io/static/v1?label=Product&message=hushline&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%3A%20Improper%20Authentication&color=brighgreen) + +### Description + +Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to change such settings without user interaction and credentials are required. This vulnerability has been patched in version 0.10. + +### POC + +#### Reference +- https://github.com/scidsg/hushline/security/advisories/GHSA-4c38-hhxx-9mhx + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38529.md b/2024/CVE-2024-38529.md new file mode 100644 index 000000000..8adc930da --- /dev/null +++ b/2024/CVE-2024-38529.md @@ -0,0 +1,17 @@ +### [CVE-2024-38529](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38529) +![](https://img.shields.io/static/v1?label=Product&message=admidio&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.3.10%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%3A%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.3.10, there is a Remote Code Execution Vulnerability in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL `{admidio_base_url}/adm_my_files/messages_attachments/{file_name}`. The vulnerability is caused due to the lack of file extension verification, allowing malicious files to be uploaded to the server and public availability of the uploaded file. This vulnerability is fixed in 4.3.10. + +### POC + +#### Reference +- https://github.com/Admidio/admidio/security/advisories/GHSA-g872-jwwr-vggm + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38856.md b/2024/CVE-2024-38856.md new file mode 100644 index 000000000..9e140dfd0 --- /dev/null +++ b/2024/CVE-2024-38856.md @@ -0,0 +1,19 @@ +### [CVE-2024-38856](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38856) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20OFBiz&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%2018.12.14%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%20Incorrect%20Authorization&color=brighgreen) + +### Description + +Incorrect Authorization vulnerability in Apache OFBiz.This issue affects Apache OFBiz: through 18.12.14.Users are recommended to upgrade to version 18.12.15, which fixes the issue.Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don't explicitly check user's permissions because they rely on the configuration of their endpoints). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/RacerZ-fighting/RacerZ-fighting +- https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-38892.md b/2024/CVE-2024-38892.md new file mode 100644 index 000000000..95d781857 --- /dev/null +++ b/2024/CVE-2024-38892.md @@ -0,0 +1,17 @@ +### [CVE-2024-38892](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38892) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component. + +### POC + +#### Reference +- https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/Wavlink/WN551K1/ExportLogs.sh/README.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38894.md b/2024/CVE-2024-38894.md new file mode 100644 index 000000000..406aa367e --- /dev/null +++ b/2024/CVE-2024-38894.md @@ -0,0 +1,17 @@ +### [CVE-2024-38894](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38894) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi. + +### POC + +#### Reference +- https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/Wavlink/WN551K1/touchlist_sync.cgi/README.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38895.md b/2024/CVE-2024-38895.md new file mode 100644 index 000000000..5f49a412f --- /dev/null +++ b/2024/CVE-2024-38895.md @@ -0,0 +1,17 @@ +### [CVE-2024-38895](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38895) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information. + +### POC + +#### Reference +- https://github.com/s4ndw1ch136/IOT-vuln-reports/tree/main/Wavlink/WN551K1/live_mfg.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38897.md b/2024/CVE-2024-38897.md new file mode 100644 index 000000000..96334c38b --- /dev/null +++ b/2024/CVE-2024-38897.md @@ -0,0 +1,17 @@ +### [CVE-2024-38897](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38897) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information. + +### POC + +#### Reference +- https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/Wavlink/WN551K1/live_check.shtml/README.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38903.md b/2024/CVE-2024-38903.md new file mode 100644 index 000000000..d5b70f32d --- /dev/null +++ b/2024/CVE-2024-38903.md @@ -0,0 +1,17 @@ +### [CVE-2024-38903](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38903) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands. + +### POC + +#### Reference +- https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/UDPserver_97F/README.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38949.md b/2024/CVE-2024-38949.md new file mode 100644 index 000000000..8e57e96ea --- /dev/null +++ b/2024/CVE-2024-38949.md @@ -0,0 +1,17 @@ +### [CVE-2024-38949](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38949) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc + +### POC + +#### Reference +- https://github.com/strukturag/libde265/issues/460 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38950.md b/2024/CVE-2024-38950.md new file mode 100644 index 000000000..8c9c24257 --- /dev/null +++ b/2024/CVE-2024-38950.md @@ -0,0 +1,17 @@ +### [CVE-2024-38950](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38950) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function. + +### POC + +#### Reference +- https://github.com/strukturag/libde265/issues/460 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38972.md b/2024/CVE-2024-38972.md new file mode 100644 index 000000000..af269c847 --- /dev/null +++ b/2024/CVE-2024-38972.md @@ -0,0 +1,17 @@ +### [CVE-2024-38972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38972) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38983.md b/2024/CVE-2024-38983.md new file mode 100644 index 000000000..11280da76 --- /dev/null +++ b/2024/CVE-2024-38983.md @@ -0,0 +1,17 @@ +### [CVE-2024-38983](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38983) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the _assign() method at (/lib/index.js:91) + +### POC + +#### Reference +- https://gist.github.com/mestrtee/f82d0c3a8fe3a125f06425caef5d22ed + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38984.md b/2024/CVE-2024-38984.md new file mode 100644 index 000000000..3efd1b367 --- /dev/null +++ b/2024/CVE-2024-38984.md @@ -0,0 +1,17 @@ +### [CVE-2024-38984](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38984) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Prototype Pollution in lukebond json-override 0.2.0 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via the __proto__ property. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/97a9a7d73fc8b38fcf01322239dd5fb1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38986.md b/2024/CVE-2024-38986.md new file mode 100644 index 000000000..9213dc975 --- /dev/null +++ b/2024/CVE-2024-38986.md @@ -0,0 +1,17 @@ +### [CVE-2024-38986](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38986) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Prototype Pollution in 75lb deep-merge 1.1.1 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via merge methods of lodash to merge objects. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/b20c3aee8bea16e1863933778da6e4cb + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38987.md b/2024/CVE-2024-38987.md new file mode 100644 index 000000000..f508c66d8 --- /dev/null +++ b/2024/CVE-2024-38987.md @@ -0,0 +1,18 @@ +### [CVE-2024-38987](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38987) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/29636943e6989e67f38251580cbcea73 +- https://github.com/AgeOfLearning/aofl/issues/35 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38990.md b/2024/CVE-2024-38990.md new file mode 100644 index 000000000..7876323ce --- /dev/null +++ b/2024/CVE-2024-38990.md @@ -0,0 +1,17 @@ +### [CVE-2024-38990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38990) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function mergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/ae5f6b0d8f5d7de716e6af6d189b2169 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38991.md b/2024/CVE-2024-38991.md new file mode 100644 index 000000000..290fc8c83 --- /dev/null +++ b/2024/CVE-2024-38991.md @@ -0,0 +1,17 @@ +### [CVE-2024-38991](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38991) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +akbr patch-into v1.0.1 was discovered to contain a prototype pollution via the function patchInto. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/8851413e3b33a96f191f0e9c81706532 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38992.md b/2024/CVE-2024-38992.md new file mode 100644 index 000000000..6f146488e --- /dev/null +++ b/2024/CVE-2024-38992.md @@ -0,0 +1,17 @@ +### [CVE-2024-38992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38992) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function registerView. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/10c88b9069229979ac7e52e0efc98055 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38993.md b/2024/CVE-2024-38993.md new file mode 100644 index 000000000..731664867 --- /dev/null +++ b/2024/CVE-2024-38993.md @@ -0,0 +1,17 @@ +### [CVE-2024-38993](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38993) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function empty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/9a2b522d59c53f31f45c1edb96459693 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38994.md b/2024/CVE-2024-38994.md new file mode 100644 index 000000000..1bfefa261 --- /dev/null +++ b/2024/CVE-2024-38994.md @@ -0,0 +1,17 @@ +### [CVE-2024-38994](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38994) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/02091aa86c6c14c29b9703642439dd03 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38996.md b/2024/CVE-2024-38996.md new file mode 100644 index 000000000..15ea1cb59 --- /dev/null +++ b/2024/CVE-2024-38996.md @@ -0,0 +1,19 @@ +### [CVE-2024-38996](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38996) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa +- https://gist.github.com/mestrtee/c1590660750744f25e86ba1bf240844b +- https://gist.github.com/mestrtee/f8037d492dab0d77bca719e05d31c08b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38997.md b/2024/CVE-2024-38997.md new file mode 100644 index 000000000..a11f80483 --- /dev/null +++ b/2024/CVE-2024-38997.md @@ -0,0 +1,17 @@ +### [CVE-2024-38997](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38997) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/840f5d160aab4151bd0451cfb822e6b5 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38998.md b/2024/CVE-2024-38998.md new file mode 100644 index 000000000..5131def56 --- /dev/null +++ b/2024/CVE-2024-38998.md @@ -0,0 +1,17 @@ +### [CVE-2024-38998](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38998) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function config. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-38999.md b/2024/CVE-2024-38999.md new file mode 100644 index 000000000..8b77d9e6c --- /dev/null +++ b/2024/CVE-2024-38999.md @@ -0,0 +1,17 @@ +### [CVE-2024-38999](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38999) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39000.md b/2024/CVE-2024-39000.md new file mode 100644 index 000000000..4e17316fc --- /dev/null +++ b/2024/CVE-2024-39000.md @@ -0,0 +1,17 @@ +### [CVE-2024-39000](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39000) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/840f5d160aab4151bd0451cfb822e6b5 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39001.md b/2024/CVE-2024-39001.md new file mode 100644 index 000000000..a3a3f75d0 --- /dev/null +++ b/2024/CVE-2024-39001.md @@ -0,0 +1,19 @@ +### [CVE-2024-39001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39001) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa +- https://gist.github.com/mestrtee/c1590660750744f25e86ba1bf240844b +- https://gist.github.com/mestrtee/f8037d492dab0d77bca719e05d31c08b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39002.md b/2024/CVE-2024-39002.md new file mode 100644 index 000000000..1165e095a --- /dev/null +++ b/2024/CVE-2024-39002.md @@ -0,0 +1,17 @@ +### [CVE-2024-39002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39002) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/9a2b522d59c53f31f45c1edb96459693 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39003.md b/2024/CVE-2024-39003.md new file mode 100644 index 000000000..843c73ace --- /dev/null +++ b/2024/CVE-2024-39003.md @@ -0,0 +1,17 @@ +### [CVE-2024-39003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39003) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function setValue. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/02091aa86c6c14c29b9703642439dd03 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39008.md b/2024/CVE-2024-39008.md new file mode 100644 index 000000000..cd97a9496 --- /dev/null +++ b/2024/CVE-2024-39008.md @@ -0,0 +1,17 @@ +### [CVE-2024-39008](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39008) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function objectMergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/f09a507c8d59fbbb7fd40880cd9b87ed + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39010.md b/2024/CVE-2024-39010.md new file mode 100644 index 000000000..7ba8eb3f5 --- /dev/null +++ b/2024/CVE-2024-39010.md @@ -0,0 +1,17 @@ +### [CVE-2024-39010](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39010) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +chase-moskal snapstate v0.0.9 was discovered to contain a prototype pollution via the function attemptNestedProperty. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/af7a746df91ab5e944bd7a186816c262 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39011.md b/2024/CVE-2024-39011.md new file mode 100644 index 000000000..5040b65c8 --- /dev/null +++ b/2024/CVE-2024-39011.md @@ -0,0 +1,17 @@ +### [CVE-2024-39011](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39011) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Prototype Pollution in chargeover redoc v2.0.9-rc.69 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the function mergeObjects. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/693ef1c8b0a5ff1ae19f253381711f3e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39012.md b/2024/CVE-2024-39012.md new file mode 100644 index 000000000..8333db11d --- /dev/null +++ b/2024/CVE-2024-39012.md @@ -0,0 +1,17 @@ +### [CVE-2024-39012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39012) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +ais-ltd strategyen v0.4.0 was discovered to contain a prototype pollution via the function mergeObjects. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/acfbd724a4b73bfb5d030575b653453c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39013.md b/2024/CVE-2024-39013.md new file mode 100644 index 000000000..49f918026 --- /dev/null +++ b/2024/CVE-2024-39013.md @@ -0,0 +1,17 @@ +### [CVE-2024-39013](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39013) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +2o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/a2be744675af5ece3240c19fd04fc5e1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39014.md b/2024/CVE-2024-39014.md new file mode 100644 index 000000000..822b0d7d2 --- /dev/null +++ b/2024/CVE-2024-39014.md @@ -0,0 +1,17 @@ +### [CVE-2024-39014](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39014) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pollution via the function set. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/0501db31c1a6864a169e47097f26ac57 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39015.md b/2024/CVE-2024-39015.md new file mode 100644 index 000000000..5900ba26d --- /dev/null +++ b/2024/CVE-2024-39015.md @@ -0,0 +1,17 @@ +### [CVE-2024-39015](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39015) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/7ab061d9eb901cc89652e7666ca3ef52 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39016.md b/2024/CVE-2024-39016.md new file mode 100644 index 000000000..ea1bb459f --- /dev/null +++ b/2024/CVE-2024-39016.md @@ -0,0 +1,17 @@ +### [CVE-2024-39016](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39016) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function assign. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/865a957857a096221fe6f8b258b282ac + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39017.md b/2024/CVE-2024-39017.md new file mode 100644 index 000000000..865d4fbb6 --- /dev/null +++ b/2024/CVE-2024-39017.md @@ -0,0 +1,17 @@ +### [CVE-2024-39017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39017) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternalComponents. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/039e3e337642e6bb7f36aeddfde41b8b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39018.md b/2024/CVE-2024-39018.md new file mode 100644 index 000000000..900f9256d --- /dev/null +++ b/2024/CVE-2024-39018.md @@ -0,0 +1,17 @@ +### [CVE-2024-39018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39018) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function "query". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/be75c60307b2292884cc03cebd361f3f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39019.md b/2024/CVE-2024-39019.md new file mode 100644 index 000000000..9ceff26b6 --- /dev/null +++ b/2024/CVE-2024-39019.md @@ -0,0 +1,17 @@ +### [CVE-2024-39019](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39019) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/idcProData_deal.php?mudi=del + +### POC + +#### Reference +- https://github.com/da271133/cms2/blob/main/44/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39020.md b/2024/CVE-2024-39020.md new file mode 100644 index 000000000..baf3423d4 --- /dev/null +++ b/2024/CVE-2024-39020.md @@ -0,0 +1,17 @@ +### [CVE-2024-39020](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39020) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/vpsApiData_deal.php?mudi=rev&nohrefStr=close + +### POC + +#### Reference +- https://github.com/da271133/cms2/blob/main/46/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39021.md b/2024/CVE-2024-39021.md new file mode 100644 index 000000000..016a71d1c --- /dev/null +++ b/2024/CVE-2024-39021.md @@ -0,0 +1,17 @@ +### [CVE-2024-39021](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39021) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApiData_deal.php?mudi=del + +### POC + +#### Reference +- https://github.com/da271133/cms2/blob/main/45/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39022.md b/2024/CVE-2024-39022.md new file mode 100644 index 000000000..0f23c229d --- /dev/null +++ b/2024/CVE-2024-39022.md @@ -0,0 +1,17 @@ +### [CVE-2024-39022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39022) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=deal + +### POC + +#### Reference +- https://github.com/da271133/cms2/blob/main/47/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39023.md b/2024/CVE-2024-39023.md new file mode 100644 index 000000000..ee17c3df4 --- /dev/null +++ b/2024/CVE-2024-39023.md @@ -0,0 +1,17 @@ +### [CVE-2024-39023](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39023) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=close + +### POC + +#### Reference +- https://github.com/da271133/cms2/blob/main/48/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39027.md b/2024/CVE-2024-39027.md new file mode 100644 index 000000000..5452b8e3e --- /dev/null +++ b/2024/CVE-2024-39027.md @@ -0,0 +1,17 @@ +### [CVE-2024-39027](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39027) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SeaCMS v12.9 has an unauthorized SQL injection vulnerability. The vulnerability is caused by the SQL injection through the cid parameter at /js/player/dmplayer/dmku/index.php?ac=edit, which can cause sensitive database information to be leaked. + +### POC + +#### Reference +- https://github.com/seacms-net/CMS/issues/17 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39031.md b/2024/CVE-2024-39031.md index 8fa501891..41777a915 100644 --- a/2024/CVE-2024-39031.md +++ b/2024/CVE-2024-39031.md @@ -5,12 +5,12 @@ ### Description -In Silverpeas Core <= 6.3.5, inside of mes agendas a user can create a new event and add it to his calendar. The user can also add other users to the event from the same domain, including administrator. A normal user can create an event with XSS payload inside “Titre” and “Description” parameters and add the administrator or any user to the event. When the other user (victim) visits his own profile (even without clicking on the event) the payload will be executed on the victim side. +In Silverpeas Core <= 6.3.5, in Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including administrators, to these events. A standard user can inject an XSS payload into the "Titre" and "Description" fields when creating an event and then add the administrator or any user to the event. When the invited user (victim) views their own profile, the payload will be executed on their side, even if they do not click on the event. ### POC #### Reference -No PoCs from references. +- https://github.com/toneemarqus/CVE-2024-39031 #### Github - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-39036.md b/2024/CVE-2024-39036.md new file mode 100644 index 000000000..786b2ee88 --- /dev/null +++ b/2024/CVE-2024-39036.md @@ -0,0 +1,17 @@ +### [CVE-2024-39036](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39036) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php. + +### POC + +#### Reference +- https://github.com/seacms-net/CMS/issues/18 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39063.md b/2024/CVE-2024-39063.md new file mode 100644 index 000000000..2014a516c --- /dev/null +++ b/2024/CVE-2024-39063.md @@ -0,0 +1,17 @@ +### [CVE-2024-39063](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39063) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). The YII_CSRF_TOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests. + +### POC + +#### Reference +- https://github.com/sysentr0py/CVEs/tree/main/CVE-2024-39063 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39069.md b/2024/CVE-2024-39069.md index 82e0cb889..917aa2e56 100644 --- a/2024/CVE-2024-39069.md +++ b/2024/CVE-2024-39069.md @@ -10,6 +10,7 @@ An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows attackers ### POC #### Reference +- https://github.com/AungSoePaing/CVE-2024-39069 - https://youtu.be/oMIobV2M0T8 #### Github diff --git a/2024/CVE-2024-39090.md b/2024/CVE-2024-39090.md index 353d50e15..fa657c3e7 100644 --- a/2024/CVE-2024-39090.md +++ b/2024/CVE-2024-39090.md @@ -10,7 +10,7 @@ The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerabili ### POC #### Reference -No PoCs from references. +- https://github.com/arijitdirghanji/My-CVEs/blob/main/CVE-2024-39090.md #### Github - https://github.com/arijitdirghangi/arijitdirghangi diff --git a/2024/CVE-2024-39119.md b/2024/CVE-2024-39119.md new file mode 100644 index 000000000..cc28c76f2 --- /dev/null +++ b/2024/CVE-2024-39119.md @@ -0,0 +1,17 @@ +### [CVE-2024-39119](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39119) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close. + +### POC + +#### Reference +- https://github.com/2477231995/cms/blob/main/1.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39123.md b/2024/CVE-2024-39123.md new file mode 100644 index 000000000..05085ff55 --- /dev/null +++ b/2024/CVE-2024-39123.md @@ -0,0 +1,17 @@ +### [CVE-2024-39123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39123) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization. + +### POC + +#### Reference +- https://github.com/pentesttoolscom/vulnerability-research/tree/master/CVE-2024-39123 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39129.md b/2024/CVE-2024-39129.md new file mode 100644 index 000000000..cd95a7bae --- /dev/null +++ b/2024/CVE-2024-39129.md @@ -0,0 +1,17 @@ +### [CVE-2024-39129](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39129) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Heap Buffer Overflow vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function PushTSBuf() at /src/PayloadBuf.cpp. + +### POC + +#### Reference +- https://github.com/wangf1978/DumpTS/issues/19 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39130.md b/2024/CVE-2024-39130.md new file mode 100644 index 000000000..6d501c43e --- /dev/null +++ b/2024/CVE-2024-39130.md @@ -0,0 +1,17 @@ +### [CVE-2024-39130](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39130) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function DumpOneStream() at /src/DumpStream.cpp. + +### POC + +#### Reference +- https://github.com/wangf1978/DumpTS/issues/20 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39132.md b/2024/CVE-2024-39132.md new file mode 100644 index 000000000..ab9c11e18 --- /dev/null +++ b/2024/CVE-2024-39132.md @@ -0,0 +1,17 @@ +### [CVE-2024-39132](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39132) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function VerifyCommandLine() at /src/DumpTS.cpp. + +### POC + +#### Reference +- https://github.com/wangf1978/DumpTS/issues/22 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39153.md b/2024/CVE-2024-39153.md new file mode 100644 index 000000000..46d6c4377 --- /dev/null +++ b/2024/CVE-2024-39153.md @@ -0,0 +1,17 @@ +### [CVE-2024-39153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39153) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN. + +### POC + +#### Reference +- https://github.com/Thirtypenny77/cms2/blob/main/50/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39154.md b/2024/CVE-2024-39154.md new file mode 100644 index 000000000..0659c743d --- /dev/null +++ b/2024/CVE-2024-39154.md @@ -0,0 +1,17 @@ +### [CVE-2024-39154](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39154) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN. + +### POC + +#### Reference +- https://github.com/Thirtypenny77/cms2/blob/main/54/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39155.md b/2024/CVE-2024-39155.md new file mode 100644 index 000000000..5cf97ff46 --- /dev/null +++ b/2024/CVE-2024-39155.md @@ -0,0 +1,17 @@ +### [CVE-2024-39155](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39155) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add. + +### POC + +#### Reference +- https://github.com/Thirtypenny77/cms2/blob/main/56/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39156.md b/2024/CVE-2024-39156.md new file mode 100644 index 000000000..f97d1192e --- /dev/null +++ b/2024/CVE-2024-39156.md @@ -0,0 +1,17 @@ +### [CVE-2024-39156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39156) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add. + +### POC + +#### Reference +- https://github.com/Thirtypenny77/cms2/blob/main/55/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39157.md b/2024/CVE-2024-39157.md new file mode 100644 index 000000000..cc6c94ef7 --- /dev/null +++ b/2024/CVE-2024-39157.md @@ -0,0 +1,17 @@ +### [CVE-2024-39157](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39157) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1. + +### POC + +#### Reference +- https://github.com/Thirtypenny77/cms2/blob/main/57/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39158.md b/2024/CVE-2024-39158.md new file mode 100644 index 000000000..c3141c9b7 --- /dev/null +++ b/2024/CVE-2024-39158.md @@ -0,0 +1,17 @@ +### [CVE-2024-39158](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39158) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet. + +### POC + +#### Reference +- https://github.com/Thirtypenny77/cms2/blob/main/58/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39171.md b/2024/CVE-2024-39171.md new file mode 100644 index 000000000..5d7c28911 --- /dev/null +++ b/2024/CVE-2024-39171.md @@ -0,0 +1,17 @@ +### [CVE-2024-39171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39171) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix. + +### POC + +#### Reference +- https://github.com/751897386/PHPVibe_vulnerability_Directory-Traversal + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39202.md b/2024/CVE-2024-39202.md new file mode 100644 index 000000000..e08fd4ed5 --- /dev/null +++ b/2024/CVE-2024-39202.md @@ -0,0 +1,17 @@ +### [CVE-2024-39202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39202) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +D-Link DIR-823X firmware - 240126 was discovered to contain a remote command execution (RCE) vulnerability via the dhcpd_startip parameter at /goform/set_lan_settings. + +### POC + +#### Reference +- https://gist.github.com/Swind1er/40c33f1b1549028677cb4e2e5ef69109 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39236.md b/2024/CVE-2024-39236.md new file mode 100644 index 000000000..4527c1837 --- /dev/null +++ b/2024/CVE-2024-39236.md @@ -0,0 +1,18 @@ +### [CVE-2024-39236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39236) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +** DISPUTED ** Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself. + +### POC + +#### Reference +- https://github.com/Aaron911/PoC/blob/main/Gradio.md +- https://github.com/advisories/GHSA-9v2f-6vcg-3hgv + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39248.md b/2024/CVE-2024-39248.md index 5d238bdc5..0e4f2507f 100644 --- a/2024/CVE-2024-39248.md +++ b/2024/CVE-2024-39248.md @@ -10,6 +10,7 @@ A cross-site scripting (XSS) vulnerability in SimpCMS v0.1 allows attackers to e ### POC #### Reference +- https://github.com/jasonthename/CVE-2024-39248 - https://packetstormsecurity.com/files/179219 #### Github diff --git a/2024/CVE-2024-39249.md b/2024/CVE-2024-39249.md index bdeaa1945..c80f93b52 100644 --- a/2024/CVE-2024-39249.md +++ b/2024/CVE-2024-39249.md @@ -10,7 +10,8 @@ ### POC #### Reference -No PoCs from references. +- https://github.com/zunak/CVE-2024-39249 +- https://github.com/zunak/CVE-2024-39249/issues/1 #### Github - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-39250.md b/2024/CVE-2024-39250.md index a9115682f..9bd765acb 100644 --- a/2024/CVE-2024-39250.md +++ b/2024/CVE-2024-39250.md @@ -10,7 +10,7 @@ EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injectio ### POC #### Reference -No PoCs from references. +- https://github.com/efrann/CVE-2024-39250 #### Github - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-39251.md b/2024/CVE-2024-39251.md new file mode 100644 index 000000000..c6a87f2e5 --- /dev/null +++ b/2024/CVE-2024-39251.md @@ -0,0 +1,17 @@ +### [CVE-2024-39251](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39251) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in the component ControlCenter.sys/ControlCenter64.sys of ThundeRobot Control Center v2.0.0.10 allows attackers to access sensitive information, execute arbitrary code, or escalate privileges via sending crafted IOCTL requests. + +### POC + +#### Reference +- https://github.com/Souhardya/Exploit-PoCs/tree/main/ThundeRobot_Control_center + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39304.md b/2024/CVE-2024-39304.md new file mode 100644 index 000000000..706564814 --- /dev/null +++ b/2024/CVE-2024-39304.md @@ -0,0 +1,17 @@ +### [CVE-2024-39304](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39304) +![](https://img.shields.io/static/v1?label=Product&message=CRM&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%205.9.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authentication is required, but no elevated privileges are necessary. This allows attackers to inject SQL statements directly into the database query due to inadequate sanitization of the EID parameter in in a GET request to `/GetText.php`. Version 5.9.2 patches the issue. + +### POC + +#### Reference +- https://github.com/ChurchCRM/CRM/security/advisories/GHSA-2rh6-gr3h-83j9 + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-39307.md b/2024/CVE-2024-39307.md new file mode 100644 index 000000000..0e457616c --- /dev/null +++ b/2024/CVE-2024-39307.md @@ -0,0 +1,17 @@ +### [CVE-2024-39307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39307) +![](https://img.shields.io/static/v1?label=Product&message=Kavita&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%200.8.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version 0.8.1. + +### POC + +#### Reference +- https://github.com/Kareadita/Kavita/security/advisories/GHSA-r4qc-3w52-2v84 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39321.md b/2024/CVE-2024-39321.md new file mode 100644 index 000000000..de0cd81ed --- /dev/null +++ b/2024/CVE-2024-39321.md @@ -0,0 +1,17 @@ +### [CVE-2024-39321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39321) +![](https://img.shields.io/static/v1?label=Product&message=traefik&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.11.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-639%3A%20Authorization%20Bypass%20Through%20User-Controlled%20Key&color=brighgreen) + +### Description + +Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available. + +### POC + +#### Reference +- https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39326.md b/2024/CVE-2024-39326.md new file mode 100644 index 000000000..beb85f387 --- /dev/null +++ b/2024/CVE-2024-39326.md @@ -0,0 +1,17 @@ +### [CVE-2024-39326](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39326) +![](https://img.shields.io/static/v1?label=Product&message=skills-service&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.12.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%3A%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +SkillTree is a micro-learning gamification platform. Prior to version 2.12.6, the endpoint `/admin/projects/{projectname}/skills/{skillname}/video` (and probably others) is open to a cross-site request forgery (CSRF) vulnerability. Due to the endpoint being CSRFable e.g POST request, supports a content type that can be exploited (multipart file upload), makes a state change and has no CSRF mitigations in place (samesite flag, CSRF token). It is possible to perform a CSRF attack against a logged in admin account, allowing an attacker that can target a logged in admin of Skills Service to modify the videos, captions, and text of the skill. Version 2.12.6 contains a patch for this issue. + +### POC + +#### Reference +- https://github.com/NationalSecurityAgency/skills-service/security/advisories/GHSA-9624-qwxr-jr4j + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39614.md b/2024/CVE-2024-39614.md new file mode 100644 index 000000000..acb1400e3 --- /dev/null +++ b/2024/CVE-2024-39614.md @@ -0,0 +1,17 @@ +### [CVE-2024-39614](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39614) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-39678.md b/2024/CVE-2024-39678.md new file mode 100644 index 000000000..1c56da480 --- /dev/null +++ b/2024/CVE-2024-39678.md @@ -0,0 +1,17 @@ +### [CVE-2024-39678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39678) +![](https://img.shields.io/static/v1?label=Product&message=Cooked&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.8.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%3A%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +Cooked is a recipe plugin for WordPress. The Cooked plugin is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/XjSv/Cooked/security/advisories/GHSA-pp3h-ghxf-r9pc + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39679.md b/2024/CVE-2024-39679.md new file mode 100644 index 000000000..6214d522c --- /dev/null +++ b/2024/CVE-2024-39679.md @@ -0,0 +1,17 @@ +### [CVE-2024-39679](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39679) +![](https://img.shields.io/static/v1?label=Product&message=Cooked&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.8.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%3A%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/XjSv/Cooked/security/advisories/GHSA-2jh3-9939-c4rc + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39680.md b/2024/CVE-2024-39680.md new file mode 100644 index 000000000..0aaa9e35b --- /dev/null +++ b/2024/CVE-2024-39680.md @@ -0,0 +1,17 @@ +### [CVE-2024-39680](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39680) +![](https://img.shields.io/static/v1?label=Product&message=Cooked&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.8.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%3A%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/XjSv/Cooked/security/advisories/GHSA-f2mc-hcp9-6xgr + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39681.md b/2024/CVE-2024-39681.md new file mode 100644 index 000000000..01cf0cf7a --- /dev/null +++ b/2024/CVE-2024-39681.md @@ -0,0 +1,17 @@ +### [CVE-2024-39681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39681) +![](https://img.shields.io/static/v1?label=Product&message=Cooked&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.8.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%3A%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, 1.7.15.4 due to missing or incorrect nonce validation on the AJAX action handler. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/XjSv/Cooked/security/advisories/GHSA-q7p9-2x5h-vxm7 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39682.md b/2024/CVE-2024-39682.md new file mode 100644 index 000000000..0505b5f6f --- /dev/null +++ b/2024/CVE-2024-39682.md @@ -0,0 +1,17 @@ +### [CVE-2024-39682](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39682) +![](https://img.shields.io/static/v1?label=Product&message=Cooked&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.8.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-116%3A%20Improper%20Encoding%20or%20Escaping%20of%20Output&color=brighgreen) + +### Description + +Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to HTML Injection in versions up to, and including, 1.7.15.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary HTML in pages that will be shown whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/XjSv/Cooked/security/advisories/GHSA-fx69-f77x-84gr + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39687.md b/2024/CVE-2024-39687.md new file mode 100644 index 000000000..51287b265 --- /dev/null +++ b/2024/CVE-2024-39687.md @@ -0,0 +1,17 @@ +### [CVE-2024-39687](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39687) +![](https://img.shields.io/static/v1?label=Product&message=fedify&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.9.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. At present, when Fedify needs to retrieve an object or activity from a remote activitypub server, it makes a HTTP request to the `@id` or other resources present within the activity it has received from the web. This activity could reference an `@id` that points to an internal IP address, allowing an attacker to send request to resources internal to the fedify server's network. This applies to not just resolution of documents containing activities or objects, but also to media URLs as well. Specifically this is a Server Side Request Forgery attack. Users should upgrade to Fedify version 0.9.2, 0.10.1, or 0.11.1 to receive a patch for this issue. + +### POC + +#### Reference +- https://github.com/dahlia/fedify/security/advisories/GHSA-p9cg-vqcc-grcx + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39694.md b/2024/CVE-2024-39694.md new file mode 100644 index 000000000..2333b05b5 --- /dev/null +++ b/2024/CVE-2024-39694.md @@ -0,0 +1,17 @@ +### [CVE-2024-39694](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39694) +![](https://img.shields.io/static/v1?label=Product&message=IdentityServer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%206.0.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%3A%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen) + +### Description + +Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it to a third-party, untrusted site. Note: by itself, this vulnerability does **not** allow an attacker to obtain user credentials, authorization codes, access tokens, refresh tokens, or identity tokens. An attacker could however exploit this vulnerability as part of a phishing attack designed to steal user credentials. This vulnerability is fixed in 7.0.6, 6.3.10, 6.2.5, 6.1.8, and 6.0.5. Duende.IdentityServer 5.1 and earlier and all versions of IdentityServer4 are no longer supported and will not be receiving updates. If upgrading is not possible, use `IUrlHelper.IsLocalUrl` from ASP.NET Core to validate return Urls in user interface code in the IdentityServer host. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/IdentityServer/IdentityServer4 + diff --git a/2024/CVE-2024-39699.md b/2024/CVE-2024-39699.md new file mode 100644 index 000000000..0e3302a17 --- /dev/null +++ b/2024/CVE-2024-39699.md @@ -0,0 +1,17 @@ +### [CVE-2024-39699](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39699) +![](https://img.shields.io/static/v1?label=Product&message=directus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2010.9.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +Directus is a real-time API and App dashboard for managing SQL database content. There was already a reported SSRF vulnerability via file import. It was fixed by resolving all DNS names and checking if the requested IP is an internal IP address. However it is possible to bypass this security measure and execute a SSRF using redirects. Directus allows redirects when importing file from the URL and does not check the result URL. Thus, it is possible to execute a request to an internal IP, for example to 127.0.0.1. However, it is blind SSRF, because Directus also uses response interception technique to get the information about the connect from the socket directly and it does not show a response if the IP address is internal. This vulnerability is fixed in 10.9.3. + +### POC + +#### Reference +- https://github.com/directus/directus/security/advisories/GHSA-8p72-rcq4-h6pw + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39700.md b/2024/CVE-2024-39700.md new file mode 100644 index 000000000..b65972567 --- /dev/null +++ b/2024/CVE-2024-39700.md @@ -0,0 +1,17 @@ +### [CVE-2024-39700](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39700) +![](https://img.shields.io/static/v1?label=Product&message=extension-template&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%204.3.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%3A%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +JupyterLab extension template is a `copier` template for JupyterLab extensions. Repositories created using this template with `test` option include `update-integration-tests.yml` workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to the latest version. Users who made changes to `update-integration-tests.yml`, accept overwriting of this file and re-apply your changes later. Users may wish to temporarily disable GitHub Actions while working on the upgrade. We recommend rebasing all open pull requests from untrusted users as actions may run using the version from the `main` branch at the time when the pull request was created. Users who are upgrading from template version prior to 4.3.0 may wish to leave out proposed changes to the release workflow for now as it requires additional configuration. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-39701.md b/2024/CVE-2024-39701.md new file mode 100644 index 000000000..face9b5b6 --- /dev/null +++ b/2024/CVE-2024-39701.md @@ -0,0 +1,17 @@ +### [CVE-2024-39701](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39701) +![](https://img.shields.io/static/v1?label=Product&message=directus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%209.23.0%2C%20%3C%2010.6.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) + +### Description + +Directus is a real-time API and App dashboard for managing SQL database content. Directus >=9.23.0, <=v10.5.3 improperly handles _in, _nin operators. It evaluates empty arrays as valid so expressions like {"role": {"_in": $CURRENT_USER.some_field}} would evaluate to true allowing the request to pass. This results in Broken Access Control because the rule fails to do what it was intended to do: Pass rule if **field** matches any of the **values**. This vulnerability is fixed in 10.6.0. + +### POC + +#### Reference +- https://github.com/directus/directus/security/advisories/GHSA-hxgm-ghmv-xjjm + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39705.md b/2024/CVE-2024-39705.md new file mode 100644 index 000000000..0b798dded --- /dev/null +++ b/2024/CVE-2024-39705.md @@ -0,0 +1,17 @@ +### [CVE-2024-39705](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39705) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +NLTK through 3.8.1 allows remote code execution if untrusted packages have pickled Python code, and the integrated data package download functionality is used. This affects, for example, averaged_perceptron_tagger and punkt. + +### POC + +#### Reference +- https://github.com/nltk/nltk/issues/3266 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39828.md b/2024/CVE-2024-39828.md new file mode 100644 index 000000000..d2e82e1fe --- /dev/null +++ b/2024/CVE-2024-39828.md @@ -0,0 +1,18 @@ +### [CVE-2024-39828](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39828) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +R74n Sandboxels 1.9 through 1.9.5 allows XSS via a message in a modified saved-game file. This was fixed in a hotfix to 1.9.5 on 2024-06-29. + +### POC + +#### Reference +- https://github.com/ggod2/sandboxels_xss_test +- https://github.com/ggod2/sandboxels_xss_test/blob/main/README.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-3983.md b/2024/CVE-2024-3983.md new file mode 100644 index 000000000..d97c23a08 --- /dev/null +++ b/2024/CVE-2024-3983.md @@ -0,0 +1,17 @@ +### [CVE-2024-3983](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3983) +![](https://img.shields.io/static/v1?label=Product&message=WooCommerce%20Customers%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2030.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting customers via CSRF attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e4059d66-07b9-4f1a-a461-d6e8f0e98eec/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39853.md b/2024/CVE-2024-39853.md new file mode 100644 index 000000000..106c6c78f --- /dev/null +++ b/2024/CVE-2024-39853.md @@ -0,0 +1,17 @@ +### [CVE-2024-39853](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39853) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +adolph_dudu ratio-swiper 0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. + +### POC + +#### Reference +- https://gist.github.com/mestrtee/840f5d160aab4151bd0451cfb822e6b5 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-3986.md b/2024/CVE-2024-3986.md new file mode 100644 index 000000000..19859c563 --- /dev/null +++ b/2024/CVE-2024-3986.md @@ -0,0 +1,17 @@ +### [CVE-2024-3986](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3986) +![](https://img.shields.io/static/v1?label=Product&message=SportsPress&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.7.22%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/76c78f8e-e3da-47d9-9bf4-70e9dd125b82/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39863.md b/2024/CVE-2024-39863.md new file mode 100644 index 000000000..9a8b21cc1 --- /dev/null +++ b/2024/CVE-2024-39863.md @@ -0,0 +1,17 @@ +### [CVE-2024-39863](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39863) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20Airflow&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.9.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ch4n3-yoon/ch4n3-yoon + diff --git a/2024/CVE-2024-39877.md b/2024/CVE-2024-39877.md new file mode 100644 index 000000000..cfd66e7f9 --- /dev/null +++ b/2024/CVE-2024-39877.md @@ -0,0 +1,17 @@ +### [CVE-2024-39877](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39877) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20Airflow&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=2.4.0%3C%202.9.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ch4n3-yoon/ch4n3-yoon + diff --git a/2024/CVE-2024-39895.md b/2024/CVE-2024-39895.md new file mode 100644 index 000000000..a371765e5 --- /dev/null +++ b/2024/CVE-2024-39895.md @@ -0,0 +1,17 @@ +### [CVE-2024-39895](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39895) +![](https://img.shields.io/static/v1?label=Product&message=directus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2010.12.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +Directus is a real-time API and App dashboard for managing SQL database content. A denial of service (DoS) attack by field duplication in GraphQL is a type of attack where an attacker exploits the flexibility of GraphQL to overwhelm a server by requesting the same field multiple times in a single query. This can cause the server to perform redundant computations and consume excessive resources, leading to a denial of service for legitimate users. Request to the endpoint /graphql are sent when visualizing graphs generated at a dashboard. By modifying the data sent and duplicating many times the fields a DoS attack is possible. This vulnerability is fixed in 10.12.0. + +### POC + +#### Reference +- https://github.com/directus/directus/security/advisories/GHSA-7hmh-pfrp-vcx4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39899.md b/2024/CVE-2024-39899.md index 246210d4a..55a642f7b 100644 --- a/2024/CVE-2024-39899.md +++ b/2024/CVE-2024-39899.md @@ -11,7 +11,7 @@ PrivateBin is an online pastebin where the server has zero knowledge of pasted d ### POC #### Reference -No PoCs from references. +- https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-mqqj-fx8h-437j #### Github - https://github.com/nbxiglk0/nbxiglk0 diff --git a/2024/CVE-2024-39904.md b/2024/CVE-2024-39904.md new file mode 100644 index 000000000..0669af5ab --- /dev/null +++ b/2024/CVE-2024-39904.md @@ -0,0 +1,17 @@ +### [CVE-2024-39904](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39904) +![](https://img.shields.io/static/v1?label=Product&message=vnote&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%203.18.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-73%3A%20External%20Control%20of%20File%20Name%20or%20Path&color=brighgreen) + +### Description + +VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example, file:///C:/WINDOWS/system32/cmd.exe. This allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as file:///C:/WINDOWS/system32/cmd.exe and file:///C:/WINDOWS/system32/calc.exe. This vulnerability can be exploited by creating and sharing specially crafted notes. An attacker could send a crafted note file and perform further attacks. This vulnerability is fixed in 3.18.1. + +### POC + +#### Reference +- https://github.com/vnotex/vnote/security/advisories/GHSA-vhh5-8wcv-68gj + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39907.md b/2024/CVE-2024-39907.md new file mode 100644 index 000000000..6465d5bc2 --- /dev/null +++ b/2024/CVE-2024-39907.md @@ -0,0 +1,17 @@ +### [CVE-2024-39907](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39907) +![](https://img.shields.io/static/v1?label=Product&message=1Panel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%201.10.9-tls%2C%20%3C%201.10.12-tls%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues. + +### POC + +#### Reference +- https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39909.md b/2024/CVE-2024-39909.md new file mode 100644 index 000000000..32d6a04f6 --- /dev/null +++ b/2024/CVE-2024-39909.md @@ -0,0 +1,17 @@ +### [CVE-2024-39909](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39909) +![](https://img.shields.io/static/v1?label=Product&message=kubeclarity&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.23.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +KubeClarity is a tool for detection and management of Software Bill Of Materials (SBOM) and vulnerabilities of container images and filesystems. A time/boolean SQL Injection is present in the following resource `/api/applicationResources` via the following parameter `packageID`. As it can be seen in backend/pkg/database/id_view.go, while building the SQL Query the `fmt.Sprintf` function is used to build the query string without the input having first been subjected to any validation. This vulnerability is fixed in 2.23.1. + +### POC + +#### Reference +- https://github.com/openclarity/kubeclarity/security/advisories/GHSA-5248-h45p-9pgw + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39912.md b/2024/CVE-2024-39912.md new file mode 100644 index 000000000..698579d0f --- /dev/null +++ b/2024/CVE-2024-39912.md @@ -0,0 +1,17 @@ +### [CVE-2024-39912](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39912) +![](https://img.shields.io/static/v1?label=Product&message=webauthn-framework&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%204.5.0%2C%20%3C%204.9.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-204%3A%20Observable%20Response%20Discrepancy&color=brighgreen) + +### Description + +web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found. When WebAuthn is used as the first or only authentication method, an attacker can enumerate usernames based on the absence of the `allowedCredentials` property in the assertion options response. This allows enumeration of valid or invalid usernames. By knowing which usernames are valid, attackers can focus their efforts on a smaller set of potential targets, increasing the efficiency and likelihood of successful attacks. This issue has been addressed in version 4.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/web-auth/webauthn-framework/security/advisories/GHSA-875x-g8p7-5w27 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39914.md b/2024/CVE-2024-39914.md index 9ade62c21..aa91668f1 100644 --- a/2024/CVE-2024-39914.md +++ b/2024/CVE-2024-39914.md @@ -10,7 +10,7 @@ FOG is a cloning/imaging/rescue suite/inventory management system. Prior to 1.5. ### POC #### Reference -No PoCs from references. +- https://github.com/FOGProject/fogproject/security/advisories/GHSA-7h44-6vq6-cq8j #### Github - https://github.com/wy876/POC diff --git a/2024/CVE-2024-39915.md b/2024/CVE-2024-39915.md new file mode 100644 index 000000000..29e9f7e96 --- /dev/null +++ b/2024/CVE-2024-39915.md @@ -0,0 +1,17 @@ +### [CVE-2024-39915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39915) +![](https://img.shields.io/static/v1?label=Product&message=Thruk&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%203.16%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%3A%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +Thruk is a multibackend monitoring webinterface for Naemon, Nagios, Icinga and Shinken using the Livestatus API. This authenticated RCE in Thruk allows authorized users with network access to inject arbitrary commands via the URL parameter during PDF report generation. The Thruk web application does not properly process the url parameter when generating a PDF report. An authorized attacker with access to the reporting functionality could inject arbitrary commands that would be executed when the script /script/html2pdf.sh is called. The vulnerability can be exploited by an authorized user with network access. This issue has been addressed in version 3.16. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/sni/Thruk/security/advisories/GHSA-r7gx-h738-4w6f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39916.md b/2024/CVE-2024-39916.md new file mode 100644 index 000000000..b9454dcbb --- /dev/null +++ b/2024/CVE-2024-39916.md @@ -0,0 +1,17 @@ +### [CVE-2024-39916](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39916) +![](https://img.shields.io/static/v1?label=Product&message=fogproject&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.5.10.30%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-453%3A%20Insecure%20Default%20Variable%20Initialization&color=brighgreen) + +### Description + +FOG is a free open-source cloning/imaging/rescue suite/inventory management system. There is a security issue with the NFS configuration in /etc/exports generated by the installer that allows an attacker to modify files outside the export in the default installation. The exports have the no_subtree_check option. The no_subtree_check option means that if a client performs a file operation, the server will only check if the requested file is on the correct filesystem, not if it is in the correct directory. This enables modifying files in /images, accessing other files on the same filesystem, and accessing files on other filesystems. This vulnerability is fixed in 1.5.10.30. + +### POC + +#### Reference +- https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39918.md b/2024/CVE-2024-39918.md new file mode 100644 index 000000000..b63c63bb9 --- /dev/null +++ b/2024/CVE-2024-39918.md @@ -0,0 +1,17 @@ +### [CVE-2024-39918](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39918) +![](https://img.shields.io/static/v1?label=Product&message=url-to-png&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.1.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%3A%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. Input of the `ImageId` in the code is not sanitized and may lead to path traversal. This allows an attacker to store an image in an arbitrary location that the server has permission to access. This issue has been addressed in version 2.1.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-vvmv-wrvp-9gjr + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39919.md b/2024/CVE-2024-39919.md new file mode 100644 index 000000000..f873fa71d --- /dev/null +++ b/2024/CVE-2024-39919.md @@ -0,0 +1,17 @@ +### [CVE-2024-39919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39919) +![](https://img.shields.io/static/v1?label=Product&message=url-to-png&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) + +### Description + +@jmondi/url-to-png is an open source URL to PNG utility featuring parallel rendering using Playwright for screenshots and with storage caching via Local, S3, or CouchDB. The package includes an `ALLOW_LIST` where the host can specify which services the user is permitted to capture screenshots of. By default, capturing screenshots of web services running on localhost, 127.0.0.1, or the [::] is allowed. If someone hosts this project on a server, users could then capture screenshots of other web services running locally. This issue has been addressed in version 2.1.1 with the addition of a blocklist. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-342q-2mc2-5gmp + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39929.md b/2024/CVE-2024-39929.md index 3611c7a50..e852716b6 100644 --- a/2024/CVE-2024-39929.md +++ b/2024/CVE-2024-39929.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/rxerium/stars diff --git a/2024/CVE-2024-39962.md b/2024/CVE-2024-39962.md new file mode 100644 index 000000000..053851a35 --- /dev/null +++ b/2024/CVE-2024-39962.md @@ -0,0 +1,17 @@ +### [CVE-2024-39962](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39962) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +D-Link DIR-823X AX3000 Dual-Band Gigabit Wireless Router v21_D240126 was discovered to contain a remote code execution (RCE) vulnerability in the ntp_zone_val parameter at /goform/set_ntp. This vulnerability is exploited via a crafted HTTP request. + +### POC + +#### Reference +- https://gist.github.com/Swind1er/40c33f1b1549028677cb4e2e5ef69109 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-39963.md b/2024/CVE-2024-39963.md new file mode 100644 index 000000000..ea76fe88d --- /dev/null +++ b/2024/CVE-2024-39963.md @@ -0,0 +1,17 @@ +### [CVE-2024-39963](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39963) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX9 V22.03.01.46 and AX3000 Dual-Band Gigabit Wi-Fi 6 Router AX12 V1.0 V22.03.01.46 were discovered to contain an authenticated remote command execution (RCE) vulnerability via the macFilterType parameter at /goform/setMacFilterCfg. + +### POC + +#### Reference +- https://gist.github.com/Swind1er/c8e4369c7fdfd750c8ad01a276105c57 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40035.md b/2024/CVE-2024-40035.md new file mode 100644 index 000000000..3034bd91e --- /dev/null +++ b/2024/CVE-2024-40035.md @@ -0,0 +1,17 @@ +### [CVE-2024-40035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40035) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add. + +### POC + +#### Reference +- https://github.com/pangchunyuhack/cms/blob/main/60/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40036.md b/2024/CVE-2024-40036.md new file mode 100644 index 000000000..fd0e95515 --- /dev/null +++ b/2024/CVE-2024-40036.md @@ -0,0 +1,17 @@ +### [CVE-2024-40036](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40036) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=add&nohrefStr=close + +### POC + +#### Reference +- https://github.com/pangchunyuhack/cms/blob/main/61/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40039.md b/2024/CVE-2024-40039.md new file mode 100644 index 000000000..ec007a7f9 --- /dev/null +++ b/2024/CVE-2024-40039.md @@ -0,0 +1,17 @@ +### [CVE-2024-40039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40039) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del + +### POC + +#### Reference +- https://github.com/pangchunyuhack/cms/blob/main/62/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40060.md b/2024/CVE-2024-40060.md new file mode 100644 index 000000000..12bc4b88c --- /dev/null +++ b/2024/CVE-2024-40060.md @@ -0,0 +1,17 @@ +### [CVE-2024-40060](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40060) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +go-chart v2.1.1 was discovered to contain an infinite loop via the drawCanvas() function. + +### POC + +#### Reference +- https://gist.github.com/F3iG0n9/4d0d7c863eea6874eeeb26a3073aa5f8 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40096.md b/2024/CVE-2024-40096.md new file mode 100644 index 000000000..06241fafd --- /dev/null +++ b/2024/CVE-2024-40096.md @@ -0,0 +1,17 @@ +### [CVE-2024-40096](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40096) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The com.cascadialabs.who (aka Who - Caller ID, Spam Block) application 15.0 for Android places sensitive information in the system log. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-40110.md b/2024/CVE-2024-40110.md new file mode 100644 index 000000000..22c3043eb --- /dev/null +++ b/2024/CVE-2024-40110.md @@ -0,0 +1,17 @@ +### [CVE-2024-40110](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40110) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php. + +### POC + +#### Reference +- https://github.com/w3bn00b3r/Unauthenticated-Remote-Code-Execution-RCE---Poultry-Farm-Management-System-v1.0/ + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-40116.md b/2024/CVE-2024-40116.md new file mode 100644 index 000000000..954daea22 --- /dev/null +++ b/2024/CVE-2024-40116.md @@ -0,0 +1,17 @@ +### [CVE-2024-40116](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40116) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue in Solar-Log 1000 before v2.8.2 and build 52-23.04.2013 was discovered to store plaintext passwords in the export.html, email.html, and sms.html files. + +### POC + +#### Reference +- https://github.com/nepenthe0320/cve_poc/blob/master/Solar-Log%201000%20-%20Unprotected%20Storage%20of%20Credentials + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40318.md b/2024/CVE-2024-40318.md new file mode 100644 index 000000000..1427b680a --- /dev/null +++ b/2024/CVE-2024-40318.md @@ -0,0 +1,17 @@ +### [CVE-2024-40318](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40318) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 allows attackers to execute arbitrary code via uploading a crafted file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-4032.md b/2024/CVE-2024-4032.md new file mode 100644 index 000000000..b60f35aa1 --- /dev/null +++ b/2024/CVE-2024-4032.md @@ -0,0 +1,17 @@ +### [CVE-2024-4032](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4032) +![](https://img.shields.io/static/v1?label=Product&message=CPython&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.12.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/GitHubForSnap/matrix-commander-gael + diff --git a/2024/CVE-2024-40322.md b/2024/CVE-2024-40322.md new file mode 100644 index 000000000..81e5e7615 --- /dev/null +++ b/2024/CVE-2024-40322.md @@ -0,0 +1,17 @@ +### [CVE-2024-40322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40322) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in JFinalCMS v.5.0.0. There is a SQL injection vulnerablity via /admin/div_data/data + +### POC + +#### Reference +- https://github.com/KakeruJ/CVE/blob/main/JFinalCMS_SQL.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40324.md b/2024/CVE-2024-40324.md new file mode 100644 index 000000000..bfd8a2a4a --- /dev/null +++ b/2024/CVE-2024-40324.md @@ -0,0 +1,17 @@ +### [CVE-2024-40324](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40324) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A CRLF injection vulnerability in E-Staff v5.1 allows attackers to insert Carriage Return (CR) and Line Feed (LF) characters into input fields, leading to HTTP response splitting and header manipulation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-40328.md b/2024/CVE-2024-40328.md new file mode 100644 index 000000000..b87263d68 --- /dev/null +++ b/2024/CVE-2024-40328.md @@ -0,0 +1,17 @@ +### [CVE-2024-40328](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40328) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6 + +### POC + +#### Reference +- https://github.com/Tank992/cms/blob/main/70/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40329.md b/2024/CVE-2024-40329.md new file mode 100644 index 000000000..ef0ba5036 --- /dev/null +++ b/2024/CVE-2024-40329.md @@ -0,0 +1,17 @@ +### [CVE-2024-40329](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40329) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup + +### POC + +#### Reference +- https://github.com/Tank992/cms/blob/main/67/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40331.md b/2024/CVE-2024-40331.md new file mode 100644 index 000000000..beebaf635 --- /dev/null +++ b/2024/CVE-2024-40331.md @@ -0,0 +1,17 @@ +### [CVE-2024-40331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40331) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup + +### POC + +#### Reference +- https://github.com/Tank992/cms/blob/main/66/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40332.md b/2024/CVE-2024-40332.md new file mode 100644 index 000000000..1a6db6547 --- /dev/null +++ b/2024/CVE-2024-40332.md @@ -0,0 +1,17 @@ +### [CVE-2024-40332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40332) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord + +### POC + +#### Reference +- https://github.com/Tank992/cms/blob/main/65/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40334.md b/2024/CVE-2024-40334.md new file mode 100644 index 000000000..2fbbae488 --- /dev/null +++ b/2024/CVE-2024-40334.md @@ -0,0 +1,17 @@ +### [CVE-2024-40334](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40334) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3 + +### POC + +#### Reference +- https://github.com/Tank992/cms/blob/main/69/csrf.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40348.md b/2024/CVE-2024-40348.md index a722478ab..74b46c0c0 100644 --- a/2024/CVE-2024-40348.md +++ b/2024/CVE-2024-40348.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-40392.md b/2024/CVE-2024-40392.md new file mode 100644 index 000000000..d2fd92e1a --- /dev/null +++ b/2024/CVE-2024-40392.md @@ -0,0 +1,17 @@ +### [CVE-2024-40392](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40392) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework with Source Code 1.0 was discovered to contain a SQL injection vulnerability via the name parameter under addnew.php. + +### POC + +#### Reference +- https://github.com/CveSecLook/cve/issues/46 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40393.md b/2024/CVE-2024-40393.md new file mode 100644 index 000000000..4ba905b0d --- /dev/null +++ b/2024/CVE-2024-40393.md @@ -0,0 +1,17 @@ +### [CVE-2024-40393](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40393) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Online Clinic Management System In PHP With Free Source code v1.0 was discovered to contain a SQL injection vulnerability via the user parameter at login.php. + +### POC + +#### Reference +- https://github.com/CveSecLook/cve/issues/47 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40394.md b/2024/CVE-2024-40394.md new file mode 100644 index 000000000..2c4c9bfe2 --- /dev/null +++ b/2024/CVE-2024-40394.md @@ -0,0 +1,17 @@ +### [CVE-2024-40394](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40394) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Simple Library Management System Project Using PHP/MySQL v1.0 was discovered to contain an arbitrary file upload vulnerability via the component ajax.php. + +### POC + +#### Reference +- https://github.com/CveSecLook/cve/issues/48 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4040.md b/2024/CVE-2024-4040.md index 28e550381..9f0e71859 100644 --- a/2024/CVE-2024-4040.md +++ b/2024/CVE-2024-4040.md @@ -25,10 +25,12 @@ A server side template injection vulnerability in CrushFTP in all versions befor - https://github.com/absholi7ly/absholi7ly - https://github.com/airbus-cert/CVE-2024-4040 - https://github.com/enomothem/PenTestNote +- https://github.com/entroychang/CVE-2024-4040 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/getdrive/PoC - https://github.com/gotr00t0day/CVE-2024-4040 - https://github.com/jakabakos/CVE-2024-4040-CrushFTP-File-Read-vulnerability +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/qt2a23/CVE-2024-4040 - https://github.com/rbih-boulanouar/CVE-2024-4040 diff --git a/2024/CVE-2024-40400.md b/2024/CVE-2024-40400.md new file mode 100644 index 000000000..8ab4f35d9 --- /dev/null +++ b/2024/CVE-2024-40400.md @@ -0,0 +1,17 @@ +### [CVE-2024-40400](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40400) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file. + +### POC + +#### Reference +- https://github.com/marcantondahmen/automad/issues/106 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40402.md b/2024/CVE-2024-40402.md new file mode 100644 index 000000000..0f724b059 --- /dev/null +++ b/2024/CVE-2024-40402.md @@ -0,0 +1,17 @@ +### [CVE-2024-40402](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40402) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A SQL injection vulnerability was found in 'ajax.php' of Sourcecodester Simple Library Management System 1.0. This vulnerability stems from insufficient user input validation of the 'username' parameter, allowing attackers to inject malicious SQL queries. + +### POC + +#### Reference +- https://github.com/CveSecLook/cve/issues/49 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40420.md b/2024/CVE-2024-40420.md new file mode 100644 index 000000000..7dd0f0851 --- /dev/null +++ b/2024/CVE-2024-40420.md @@ -0,0 +1,17 @@ +### [CVE-2024-40420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40420) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A Server-Side Template Injection (SSTI) vulnerability in the edit theme function of openCart project v4.0.2.3 allows attackers to execute arbitrary code via injecting a crafted payload. + +### POC + +#### Reference +- https://github.com/A3h1nt/CVEs/blob/main/OpenCart/Readme.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40430.md b/2024/CVE-2024-40430.md index fc3d7fba1..64e4207d5 100644 --- a/2024/CVE-2024-40430.md +++ b/2024/CVE-2024-40430.md @@ -5,12 +5,13 @@ ### Description -In SFTPGO 2.6.2, the JWT implementation lacks cerrtain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms. +** DISPUTED ** In SFTPGO 2.6.2, the JWT implementation lacks certain security measures, such as using JWT ID (JTI) claims, nonces, and proper expiration and invalidation mechanisms. NOTE: The vendor argues that the prerequisite for this exploit is to be able to steal another user's cookie. Additionally, it is argued that SFTPGo validates cookies being used by the IP address it was issued to, so stolen cookies from different IP addresses will not work. ### POC #### Reference - https://alexsecurity.rocks/posts/cve-2024-40430/ +- https://github.com/github/advisory-database/pull/4645 #### Github No PoCs found on GitHub currently. diff --git a/2024/CVE-2024-40492.md b/2024/CVE-2024-40492.md index 941b98228..573ba14fd 100644 --- a/2024/CVE-2024-40492.md +++ b/2024/CVE-2024-40492.md @@ -10,7 +10,7 @@ Cross Site Scripting vulnerability in Heartbeat Chat v.15.2.1 allows a remote at ### POC #### Reference -No PoCs from references. +- https://github.com/minendie/POC_CVE-2024-40492 #### Github - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-40576.md b/2024/CVE-2024-40576.md new file mode 100644 index 000000000..5ea31132b --- /dev/null +++ b/2024/CVE-2024-40576.md @@ -0,0 +1,18 @@ +### [CVE-2024-40576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40576) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attacker to execute arbitrary code via the "House No" and "Description" parameters in the houses page at the index.php component. + +### POC + +#### Reference +- https://github.com/jubilianite/CVEs/blob/main/CVE-2024-40576.md +- https://github.com/jubilianite/CVEs/security/advisories/GHSA-674x-j9wj-qvpp + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40617.md b/2024/CVE-2024-40617.md new file mode 100644 index 000000000..d0cbdd010 --- /dev/null +++ b/2024/CVE-2024-40617.md @@ -0,0 +1,18 @@ +### [CVE-2024-40617](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40617) +![](https://img.shields.io/static/v1?label=Product&message=FUJITSU%20Network%20Edgiot%20GW1500%20(M2M-GW%20for%20FENICS)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20prior%20to%20V02L19C01%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Path%20traversal&color=brighgreen) + +### Description + +Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). If a remote authenticated attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensitive information may be accessed. As a result, Administrator Class privileges of the product may be hijacked. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/H4lo/awesome-IoT-security-article +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-40626.md b/2024/CVE-2024-40626.md new file mode 100644 index 000000000..702d8db3b --- /dev/null +++ b/2024/CVE-2024-40626.md @@ -0,0 +1,17 @@ +### [CVE-2024-40626](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40626) +![](https://img.shields.io/static/v1?label=Product&message=outline&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%200.77.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Outline is an open source, collaborative document editor. A type confusion issue was found in ProseMirror’s rendering process that leads to a Stored Cross-Site Scripting (XSS) vulnerability in Outline. An authenticated user can create a document containing a malicious JavaScript payload. When other users view this document, the malicious Javascript can execute in the origin of Outline. Outline includes CSP rules to prevent third-party code execution, however in the case of self-hosting and having your file storage on the same domain as Outline a malicious payload can be uploaded as a file attachment and bypass those CSP restrictions. This issue has been addressed in release version 0.77.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/outline/outline/security/advisories/GHSA-888c-mvg8-v6wh + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40627.md b/2024/CVE-2024-40627.md new file mode 100644 index 000000000..6323f8083 --- /dev/null +++ b/2024/CVE-2024-40627.md @@ -0,0 +1,17 @@ +### [CVE-2024-40627](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40627) +![](https://img.shields.io/static/v1?label=Product&message=fastapi-opa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%202.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-204%3A%20Observable%20Response%20Discrepancy&color=brighgreen) + +### Description + +Fastapi OPA is an opensource fastapi middleware which includes auth flow. HTTP `OPTIONS` requests are always allowed by `OpaMiddleware`, even when they lack authentication, and are passed through directly to the application. `OpaMiddleware` allows all HTTP `OPTIONS` requests without evaluating it against any policy. If an application provides different responses to HTTP `OPTIONS` requests based on an entity existing (such as to indicate whether an entity is writable on a system level), an unauthenticated attacker could discover which entities exist within an application. This issue has been addressed in release version 2.0.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/busykoala/fastapi-opa/security/advisories/GHSA-5f5c-8rvc-j8wf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40632.md b/2024/CVE-2024-40632.md new file mode 100644 index 000000000..3d9a3187f --- /dev/null +++ b/2024/CVE-2024-40632.md @@ -0,0 +1,17 @@ +### [CVE-2024-40632](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40632) +![](https://img.shields.io/static/v1?label=Product&message=linkerd2&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%20edge-24.6.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. In affected versions when the application being run by linkerd is susceptible to SSRF, an attacker could potentially trigger a denial-of-service (DoS) attack by making requests to localhost:4191/shutdown. Linkerd could introduce an optional environment variable to control a token that must be passed as a header. Linkerd should reject shutdown requests that do not include this header. This issue has been addressed in release version edge-24.6.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/linkerd/linkerd2/security/advisories/GHSA-6v94-gj6x-jqj7 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40634.md b/2024/CVE-2024-40634.md new file mode 100644 index 000000000..c6b4c4262 --- /dev/null +++ b/2024/CVE-2024-40634.md @@ -0,0 +1,17 @@ +### [CVE-2024-40634](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40634) +![](https://img.shields.io/static/v1?label=Product&message=argo-cd&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%201.0.0%2C%20%3C%202.9.20%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. This report details a security vulnerability in Argo CD, where an unauthenticated attacker can send a specially crafted large JSON payload to the /api/webhook endpoint, causing excessive memory allocation that leads to service disruption by triggering an Out Of Memory (OOM) kill. The issue poses a high risk to the availability of Argo CD deployments. This vulnerability is fixed in 2.11.6, 2.10.15, and 2.9.20. + +### POC + +#### Reference +- https://github.com/argoproj/argo-cd/security/advisories/GHSA-jmvp-698c-4x3w + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40636.md b/2024/CVE-2024-40636.md new file mode 100644 index 000000000..044ac8395 --- /dev/null +++ b/2024/CVE-2024-40636.md @@ -0,0 +1,17 @@ +### [CVE-2024-40636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40636) +![](https://img.shields.io/static/v1?label=Product&message=security-advisories&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%203.2.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-532%3A%20Insertion%20of%20Sensitive%20Information%20into%20Log%20File&color=brighgreen) + +### Description + +Steeltoe is an open source project that provides a collection of libraries that helps users build production-grade cloud-native applications using externalized configuration, service discovery, distributed tracing, application management, and more. When utilizing multiple Eureka server service URLs with basic auth and encountering an issue with fetching the service registry, an error is logged with the Eureka server service URLs but only the first URL is masked. The code in question is `_logger.LogError(e, "FetchRegistry Failed for Eureka service urls: {EurekaServerServiceUrls}", new Uri(ClientConfig.EurekaServerServiceUrls).ToMaskedString());` in the `DiscoveryClient.cs` file which may leak credentials into logs. This issue has been addressed in version 3.2.8 of the Steeltoe.Discovery.Eureka nuget package. + +### POC + +#### Reference +- https://github.com/SteeltoeOSS/security-advisories/security/advisories/GHSA-vmcp-66r5-3pcp + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40641.md b/2024/CVE-2024-40641.md new file mode 100644 index 000000000..03f27e0c6 --- /dev/null +++ b/2024/CVE-2024-40641.md @@ -0,0 +1,17 @@ +### [CVE-2024-40641](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40641) +![](https://img.shields.io/static/v1?label=Product&message=nuclei&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%203.0.0%2C%20%3C%203.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. In affected versions it a way to execute code template without -code option and signature has been discovered. Some web applications inherit from Nuclei and allow users to edit and execute workflow files. In this case, users can execute arbitrary commands. (Although, as far as I know, most web applications use -t to execute). This issue has been addressed in version 3.3.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. + +### POC + +#### Reference +- https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-c3q9-c27p-cw9h + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40645.md b/2024/CVE-2024-40645.md new file mode 100644 index 000000000..9bc01b993 --- /dev/null +++ b/2024/CVE-2024-40645.md @@ -0,0 +1,17 @@ +### [CVE-2024-40645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40645) +![](https://img.shields.io/static/v1?label=Product&message=fogproject&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.5.10.41%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%3A%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +FOG is a cloning/imaging/rescue suite/inventory management system. An improperly restricted file upload feature allows authenticated users to execute arbitrary code on the fogproject server. The Rebranding feature has a check on the client banner image requiring it to be 650 pixels wide and 120 pixels high. Apart from that, there are no checks on things like file extensions. This can be abused by appending a PHP webshell to the end of the image and changing the extension to anything the PHP web server will parse. This vulnerability is fixed in 1.5.10.41. + +### POC + +#### Reference +- https://github.com/FOGProject/fogproject/security/advisories/GHSA-59mq-q8g5-2f4f + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40726.md b/2024/CVE-2024-40726.md new file mode 100644 index 000000000..3e1cd4614 --- /dev/null +++ b/2024/CVE-2024-40726.md @@ -0,0 +1,17 @@ +### [CVE-2024-40726](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40726) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40727.md b/2024/CVE-2024-40727.md new file mode 100644 index 000000000..1663a0bbd --- /dev/null +++ b/2024/CVE-2024-40727.md @@ -0,0 +1,17 @@ +### [CVE-2024-40727](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40727) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/add/. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40728.md b/2024/CVE-2024-40728.md new file mode 100644 index 000000000..3beb6d218 --- /dev/null +++ b/2024/CVE-2024-40728.md @@ -0,0 +1,17 @@ +### [CVE-2024-40728](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40728) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/{id}/edit/. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40729.md b/2024/CVE-2024-40729.md new file mode 100644 index 000000000..b724047b0 --- /dev/null +++ b/2024/CVE-2024-40729.md @@ -0,0 +1,17 @@ +### [CVE-2024-40729](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40729) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40730.md b/2024/CVE-2024-40730.md new file mode 100644 index 000000000..126f1e9a3 --- /dev/null +++ b/2024/CVE-2024-40730.md @@ -0,0 +1,17 @@ +### [CVE-2024-40730](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40730) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/{id}/edit/. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40731.md b/2024/CVE-2024-40731.md new file mode 100644 index 000000000..8bd203409 --- /dev/null +++ b/2024/CVE-2024-40731.md @@ -0,0 +1,17 @@ +### [CVE-2024-40731](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40731) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/{id}/edit/. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40732.md b/2024/CVE-2024-40732.md new file mode 100644 index 000000000..9be958db0 --- /dev/null +++ b/2024/CVE-2024-40732.md @@ -0,0 +1,17 @@ +### [CVE-2024-40732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40732) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40733.md b/2024/CVE-2024-40733.md new file mode 100644 index 000000000..c9d19b053 --- /dev/null +++ b/2024/CVE-2024-40733.md @@ -0,0 +1,17 @@ +### [CVE-2024-40733](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40733) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/{id}/edit/. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40734.md b/2024/CVE-2024-40734.md new file mode 100644 index 000000000..6d71c3114 --- /dev/null +++ b/2024/CVE-2024-40734.md @@ -0,0 +1,17 @@ +### [CVE-2024-40734](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40734) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40735.md b/2024/CVE-2024-40735.md new file mode 100644 index 000000000..48e0f9cde --- /dev/null +++ b/2024/CVE-2024-40735.md @@ -0,0 +1,17 @@ +### [CVE-2024-40735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40735) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/{id}/edit/. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40736.md b/2024/CVE-2024-40736.md new file mode 100644 index 000000000..f6ba97f26 --- /dev/null +++ b/2024/CVE-2024-40736.md @@ -0,0 +1,17 @@ +### [CVE-2024-40736](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40736) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40737.md b/2024/CVE-2024-40737.md new file mode 100644 index 000000000..736fa288c --- /dev/null +++ b/2024/CVE-2024-40737.md @@ -0,0 +1,17 @@ +### [CVE-2024-40737](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40737) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40738.md b/2024/CVE-2024-40738.md new file mode 100644 index 000000000..304974835 --- /dev/null +++ b/2024/CVE-2024-40738.md @@ -0,0 +1,17 @@ +### [CVE-2024-40738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40738) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40739.md b/2024/CVE-2024-40739.md new file mode 100644 index 000000000..7b93c13af --- /dev/null +++ b/2024/CVE-2024-40739.md @@ -0,0 +1,17 @@ +### [CVE-2024-40739](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40739) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40740.md b/2024/CVE-2024-40740.md new file mode 100644 index 000000000..bfffb8c8e --- /dev/null +++ b/2024/CVE-2024-40740.md @@ -0,0 +1,17 @@ +### [CVE-2024-40740](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40740) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/{id}/edit/. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40741.md b/2024/CVE-2024-40741.md new file mode 100644 index 000000000..8fc43b9b4 --- /dev/null +++ b/2024/CVE-2024-40741.md @@ -0,0 +1,17 @@ +### [CVE-2024-40741](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40741) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/{id}/edit/. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40742.md b/2024/CVE-2024-40742.md new file mode 100644 index 000000000..c961c5348 --- /dev/null +++ b/2024/CVE-2024-40742.md @@ -0,0 +1,17 @@ +### [CVE-2024-40742](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40742) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add. + +### POC + +#### Reference +- https://github.com/minhquan202/Vuln-Netbox + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-40784.md b/2024/CVE-2024-40784.md new file mode 100644 index 000000000..bbadb4a7a --- /dev/null +++ b/2024/CVE-2024-40784.md @@ -0,0 +1,24 @@ +### [CVE-2024-40784](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40784) +![](https://img.shields.io/static/v1?label=Product&message=iOS%20and%20iPadOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=tvOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=visionOS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=watchOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%201.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2010.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2013.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%2017.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Processing%20a%20maliciously%20crafted%20file%20may%20lead%20to%20unexpected%20app%20termination&color=brighgreen) + +### Description + +An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 and iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Processing a maliciously crafted file may lead to unexpected app termination. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/gandalf4a/crash_report + diff --git a/2024/CVE-2024-4090.md b/2024/CVE-2024-4090.md new file mode 100644 index 000000000..e5eeee75b --- /dev/null +++ b/2024/CVE-2024-4090.md @@ -0,0 +1,17 @@ +### [CVE-2024-4090](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4090) +![](https://img.shields.io/static/v1?label=Product&message=Floating%20Notification%20Bar%2C%20Sticky%20Menu%20on%20Scroll%2C%20Announcement%20Banner%2C%20and%20Sticky%20Header%20for%20Any%20Theme&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.7.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Floating Notification Bar, Sticky Menu on Scroll, Announcement Banner, and Sticky Header for Any WordPress plugin before 2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed + +### POC + +#### Reference +- https://wpscan.com/vulnerability/aedcb986-0f2b-4852-baf1-6cb61e83e109/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4096.md b/2024/CVE-2024-4096.md new file mode 100644 index 000000000..71651aa8d --- /dev/null +++ b/2024/CVE-2024-4096.md @@ -0,0 +1,17 @@ +### [CVE-2024-4096](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4096) +![](https://img.shields.io/static/v1?label=Product&message=Responsive%20Tabs&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4dba5e9e-24be-458a-9150-7c7a958e66cb/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41107.md b/2024/CVE-2024-41107.md index 2771bb521..e6837507a 100644 --- a/2024/CVE-2024-41107.md +++ b/2024/CVE-2024-41107.md @@ -16,4 +16,5 @@ No PoCs from references. - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile - https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-41110.md b/2024/CVE-2024-41110.md index ae654a0a4..765a73b16 100644 --- a/2024/CVE-2024-41110.md +++ b/2024/CVE-2024-41110.md @@ -1,13 +1,13 @@ ### [CVE-2024-41110](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110) ![](https://img.shields.io/static/v1?label=Product&message=moby&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%2019.0.0%2C%20%3C%3D%2019.03.15%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%2019.03.0%2C%20%3C%3D%2019.03.15%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-187%3A%20Partial%20String%20Comparison&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-444%3A%20Inconsistent%20Interpretation%20of%20HTTP%20Requests%20('HTTP%20Request%2FResponse%20Smuggling')&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-863%3A%20Incorrect%20Authorization&color=brighgreen) ### Description -Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.0, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege. +Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege. ### POC diff --git a/2024/CVE-2024-41112.md b/2024/CVE-2024-41112.md new file mode 100644 index 000000000..1a02e464b --- /dev/null +++ b/2024/CVE-2024-41112.md @@ -0,0 +1,17 @@ +### [CVE-2024-41112](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41112) +![](https://img.shields.io/static/v1?label=Product&message=streamlit-geospatial&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%20c4f81d9616d40c60584e36abb15300853a66e489%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 380, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. + +### POC + +#### Reference +- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41113.md b/2024/CVE-2024-41113.md new file mode 100644 index 000000000..23cb14012 --- /dev/null +++ b/2024/CVE-2024-41113.md @@ -0,0 +1,17 @@ +### [CVE-2024-41113](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41113) +![](https://img.shields.io/static/v1?label=Product&message=streamlit-geospatial&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%20c4f81d9616d40c60584e36abb15300853a66e489%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 383 or line 390 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 395, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. + +### POC + +#### Reference +- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41114.md b/2024/CVE-2024-41114.md new file mode 100644 index 000000000..00ece5920 --- /dev/null +++ b/2024/CVE-2024-41114.md @@ -0,0 +1,17 @@ +### [CVE-2024-41114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41114) +![](https://img.shields.io/static/v1?label=Product&message=streamlit-geospatial&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%20c4f81d9616d40c60584e36abb15300853a66e489%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 430 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 435, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. + +### POC + +#### Reference +- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41115.md b/2024/CVE-2024-41115.md new file mode 100644 index 000000000..bbe016d20 --- /dev/null +++ b/2024/CVE-2024-41115.md @@ -0,0 +1,17 @@ +### [CVE-2024-41115](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41115) +![](https://img.shields.io/static/v1?label=Product&message=streamlit-geospatial&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%20c4f81d9616d40c60584e36abb15300853a66e489%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `palette` variable on line 488 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 493, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. + +### POC + +#### Reference +- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41116.md b/2024/CVE-2024-41116.md new file mode 100644 index 000000000..3bd4da7f3 --- /dev/null +++ b/2024/CVE-2024-41116.md @@ -0,0 +1,17 @@ +### [CVE-2024-41116](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41116) +![](https://img.shields.io/static/v1?label=Product&message=streamlit-geospatial&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%20c4f81d9616d40c60584e36abb15300853a66e489%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 1254 in `pages/1_📷_Timelapse.py` takes user input, which is later used in the `eval()` function on line 1345, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. + +### POC + +#### Reference +- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41117.md b/2024/CVE-2024-41117.md new file mode 100644 index 000000000..53d88a03b --- /dev/null +++ b/2024/CVE-2024-41117.md @@ -0,0 +1,17 @@ +### [CVE-2024-41117](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41117) +![](https://img.shields.io/static/v1?label=Product&message=streamlit-geospatial&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%20c4f81d9616d40c60584e36abb15300853a66e489%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 115 in `pages/10_🌍_Earth_Engine_Datasets.py` takes user input, which is later used in the `eval()` function on line 126, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. + +### POC + +#### Reference +- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41118.md b/2024/CVE-2024-41118.md new file mode 100644 index 000000000..b7d82bb5d --- /dev/null +++ b/2024/CVE-2024-41118.md @@ -0,0 +1,17 @@ +### [CVE-2024-41118](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41118) +![](https://img.shields.io/static/v1?label=Product&message=streamlit-geospatial&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%20c4f81d9616d40c60584e36abb15300853a66e489%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%3A%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 47 of `pages/7_📦_Web_Map_Service.py` takes user input, which is passed to `get_layers` function, in which `url` is used with `get_wms_layer` method. `get_wms_layer` method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. + +### POC + +#### Reference +- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41119.md b/2024/CVE-2024-41119.md new file mode 100644 index 000000000..04a9eb33b --- /dev/null +++ b/2024/CVE-2024-41119.md @@ -0,0 +1,17 @@ +### [CVE-2024-41119](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41119) +![](https://img.shields.io/static/v1?label=Product&message=streamlit-geospatial&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%20c4f81d9616d40c60584e36abb15300853a66e489%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `vis_params` variable on line 80 in `8_🏜️_Raster_Data_Visualization.py` takes user input, which is later used in the `eval()` function on line 86, leading to remote code execution. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. + +### POC + +#### Reference +- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41120.md b/2024/CVE-2024-41120.md new file mode 100644 index 000000000..c3e711871 --- /dev/null +++ b/2024/CVE-2024-41120.md @@ -0,0 +1,17 @@ +### [CVE-2024-41120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41120) +![](https://img.shields.io/static/v1?label=Product&message=streamlit-geospatial&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%20c4f81d9616d40c60584e36abb15300853a66e489%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) + +### Description + +streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the `url` variable on line 63 of `pages/9_🔲_Vector_Data_Visualization.py` takes user input, which is later passed to the `gpd.read_file` method. `gpd.read_file` method creates a request to arbitrary destinations, leading to blind server-side request forgery. Commit c4f81d9616d40c60584e36abb15300853a66e489 fixes this issue. + +### POC + +#### Reference +- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41123.md b/2024/CVE-2024-41123.md new file mode 100644 index 000000000..b3a66d8fe --- /dev/null +++ b/2024/CVE-2024-41123.md @@ -0,0 +1,17 @@ +### [CVE-2024-41123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41123) +![](https://img.shields.io/static/v1?label=Product&message=rexml&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%203.3.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/lifeparticle/Ruby-Cheatsheet + diff --git a/2024/CVE-2024-41127.md b/2024/CVE-2024-41127.md new file mode 100644 index 000000000..19bb564f9 --- /dev/null +++ b/2024/CVE-2024-41127.md @@ -0,0 +1,17 @@ +### [CVE-2024-41127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41127) +![](https://img.shields.io/static/v1?label=Product&message=monkeytype&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2024.30.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-74%3A%20Improper%20Neutralization%20of%20Special%20Elements%20in%20Output%20Used%20by%20a%20Downstream%20Component%20('Injection')&color=brighgreen) + +### Description + +Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the Monkey CI workflow completes. When it runs, it will download an artifact uploaded by the triggering workflow and assign the contents of ./pr_num/pr_num.txt artifact to the steps.pr_num_reader.outputs.content WorkFlow variable. It is not validated that the variable is actually a number and later it is interpolated into a JS script allowing an attacker to change the code to be executed. This issue leads to pull-requests write access. This vulnerability is fixed in 24.30.0. + +### POC + +#### Reference +- https://securitylab.github.com/advisories/GHSL-2024-167_monkeytype + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41468.md b/2024/CVE-2024-41468.md new file mode 100644 index 000000000..e21ee7fc1 --- /dev/null +++ b/2024/CVE-2024-41468.md @@ -0,0 +1,17 @@ +### [CVE-2024-41468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41468) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the cmdinput parameter at /goform/exeCommand + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/wy876/POC + diff --git a/2024/CVE-2024-41473.md b/2024/CVE-2024-41473.md new file mode 100644 index 000000000..80a4d609c --- /dev/null +++ b/2024/CVE-2024-41473.md @@ -0,0 +1,17 @@ +### [CVE-2024-41473](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41473) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Tenda FH1201 v1.2.0.14 was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/wy876/POC + diff --git a/2024/CVE-2024-41597.md b/2024/CVE-2024-41597.md new file mode 100644 index 000000000..15309a19e --- /dev/null +++ b/2024/CVE-2024-41597.md @@ -0,0 +1,17 @@ +### [CVE-2024-41597](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41597) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality. + +### POC + +#### Reference +- https://gist.github.com/DefensiumDevelopers/608be4d10b016dce0566925368a8b08c#file-cve-2024-41597-md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41628.md b/2024/CVE-2024-41628.md new file mode 100644 index 000000000..866b9cb1c --- /dev/null +++ b/2024/CVE-2024-41628.md @@ -0,0 +1,17 @@ +### [CVE-2024-41628](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41628) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-41637.md b/2024/CVE-2024-41637.md new file mode 100644 index 000000000..1f2c74860 --- /dev/null +++ b/2024/CVE-2024-41637.md @@ -0,0 +1,17 @@ +### [CVE-2024-41637](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41637) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +RaspAP before 3.1.5 allows an attacker to escalate privileges: the www-data user has write access to the restapi.service file and also possesses Sudo privileges to execute several critical commands without a password. + +### POC + +#### Reference +- https://blog.0xzon.dev/2024-07-27-CVE-2024-41637/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-41640.md b/2024/CVE-2024-41640.md new file mode 100644 index 000000000..ca2c473ed --- /dev/null +++ b/2024/CVE-2024-41640.md @@ -0,0 +1,17 @@ +### [CVE-2024-41640](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41640) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross Site Scripting (XSS) vulnerability in AML Surety Eco up to 3.5 allows an attacker to run arbitrary code via crafted GET request using the id parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-41806.md b/2024/CVE-2024-41806.md new file mode 100644 index 000000000..d61b6c733 --- /dev/null +++ b/2024/CVE-2024-41806.md @@ -0,0 +1,17 @@ +### [CVE-2024-41806](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41806) +![](https://img.shields.io/static/v1?label=Product&message=edx-platform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%20cb729a3ced0404736dfa0ae768526c82b608657b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) + +### Description + +The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available when the uploader uses versions master, palm, olive, nutmeg, maple, lilac, koa, or juniper. The patch in commit cb729a3ced0404736dfa0ae768526c82b608657b ensures that cohorts data uploaded to AWS S3 buckets is written with a private ACL. Beyond patching, deployers should also ensure that existing cohorts uploads have a private ACL, or that other precautions are taken to avoid public access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-41819.md b/2024/CVE-2024-41819.md new file mode 100644 index 000000000..d7f1d9c75 --- /dev/null +++ b/2024/CVE-2024-41819.md @@ -0,0 +1,18 @@ +### [CVE-2024-41819](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41819) +![](https://img.shields.io/static/v1?label=Product&message=note-mark&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%3D%200.13.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +Note Mark is a web-based Markdown notes app. A stored cross-site scripting (XSS) vulnerability in Note Mark allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. This vulnerability is fixed in 0.13.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/alessio-romano/Sfoffo-Pentesting-Notes +- https://github.com/alessio-romano/alessio-romano + diff --git a/2024/CVE-2024-41943.md b/2024/CVE-2024-41943.md new file mode 100644 index 000000000..e260ed154 --- /dev/null +++ b/2024/CVE-2024-41943.md @@ -0,0 +1,18 @@ +### [CVE-2024-41943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41943) +![](https://img.shields.io/static/v1?label=Product&message=i-librarian-free&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%205.11.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +I, Librarian is an open-source version of a PDF managing SaaS. PDF notes are displayed on the Item Summary page without any form of validation or sanitation. An attacker can exploit this vulnerability by inserting a payload in the PDF notes that contains malicious code or script. This code will then be executed when the page is loaded in the browser. The vulnerability was fixed in version 5.11.1. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/alessio-romano/Sfoffo-Pentesting-Notes +- https://github.com/alessio-romano/alessio-romano + diff --git a/2024/CVE-2024-41946.md b/2024/CVE-2024-41946.md new file mode 100644 index 000000000..7002f750c --- /dev/null +++ b/2024/CVE-2024-41946.md @@ -0,0 +1,17 @@ +### [CVE-2024-41946](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41946) +![](https://img.shields.io/static/v1?label=Product&message=rexml&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%203.3.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/lifeparticle/Ruby-Cheatsheet + diff --git a/2024/CVE-2024-42029.md b/2024/CVE-2024-42029.md new file mode 100644 index 000000000..517e53a14 --- /dev/null +++ b/2024/CVE-2024-42029.md @@ -0,0 +1,17 @@ +### [CVE-2024-42029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42029) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyprland) before 1.3.3 allows OS command execution, e.g., because single quotes are not used when sending a list of app IDs and titles via the environment. + +### POC + +#### Reference +- https://github.com/hyprwm/xdg-desktop-portal-hyprland/issues/242 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42054.md b/2024/CVE-2024-42054.md new file mode 100644 index 000000000..13099fe51 --- /dev/null +++ b/2024/CVE-2024-42054.md @@ -0,0 +1,17 @@ +### [CVE-2024-42054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42054) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cervantes through 0.5-alpha accepts insecure file uploads. + +### POC + +#### Reference +- https://github.com/CervantesSec/cervantes/commit/78631a034d0fb3323a53fb7428b2022b29a0d2cd + +#### Github +- https://github.com/jinsonvarghese/jinsonvarghese + diff --git a/2024/CVE-2024-42055.md b/2024/CVE-2024-42055.md new file mode 100644 index 000000000..dbdbc3bf2 --- /dev/null +++ b/2024/CVE-2024-42055.md @@ -0,0 +1,17 @@ +### [CVE-2024-42055](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42055) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cervantes through 0.5-alpha allows stored XSS. + +### POC + +#### Reference +- https://github.com/CervantesSec/cervantes/commit/78631a034d0fb3323a53fb7428b2022b29a0d2cd + +#### Github +- https://github.com/jinsonvarghese/jinsonvarghese + diff --git a/2024/CVE-2024-42348.md b/2024/CVE-2024-42348.md new file mode 100644 index 000000000..72f5e7bb0 --- /dev/null +++ b/2024/CVE-2024-42348.md @@ -0,0 +1,17 @@ +### [CVE-2024-42348](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42348) +![](https://img.shields.io/static/v1?label=Product&message=fogproject&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.5.10.41.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) + +### Description + +FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.2 can leak AD username and password when registering a computer. This vulnerability is fixed in 1.5.10.41.3 and 1.6.0-beta.1395. + +### POC + +#### Reference +- https://github.com/FOGProject/fogproject/security/advisories/GHSA-456c-4gw3-c9xw + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-42349.md b/2024/CVE-2024-42349.md new file mode 100644 index 000000000..ea828ea7d --- /dev/null +++ b/2024/CVE-2024-42349.md @@ -0,0 +1,17 @@ +### [CVE-2024-42349](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42349) +![](https://img.shields.io/static/v1?label=Product&message=fogproject&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%201.5.10.47%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-532%3A%20Insertion%20of%20Sensitive%20Information%20into%20Log%20File&color=brighgreen) + +### Description + +FOG is a cloning/imaging/rescue suite/inventory management system. FOG Server 1.5.10.41.4 and earlier can leak authorized and rejected logins via logs stored directly on the root of the web server. FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log and fog_login_failed.log), exposing the name of the user account used to manage FOG, the IP address of the computer used to login and the User-Agent. This vulnerability is fixed in 1.5.10.47. + +### POC + +#### Reference +- https://github.com/FOGProject/fogproject/security/advisories/GHSA-697m-3c4p-g29h + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4320.md b/2024/CVE-2024-4320.md new file mode 100644 index 000000000..006510129 --- /dev/null +++ b/2024/CVE-2024-4320.md @@ -0,0 +1,17 @@ +### [CVE-2024-4320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4320) +![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%3D%20latest%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-29%20Path%20Traversal%3A%20'%5C..%5Cfilename'&color=brighgreen) + +### Description + +A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post("/install_extension")` route handler. The vulnerability arises due to improper handling of the `name` parameter in the `ExtensionBuilder().build_extension()` method, which allows for local file inclusion (LFI) leading to arbitrary code execution. An attacker can exploit this vulnerability by crafting a malicious `name` parameter that causes the server to load and execute a `__init__.py` file from an arbitrary location, such as the upload directory for discussions. This vulnerability affects the latest version of parisneo/lollms-webui and can lead to remote code execution without requiring user interaction, especially when the application is exposed to an external endpoint or operated in headless mode. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-4483.md b/2024/CVE-2024-4483.md new file mode 100644 index 000000000..710475999 --- /dev/null +++ b/2024/CVE-2024-4483.md @@ -0,0 +1,17 @@ +### [CVE-2024-4483](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4483) +![](https://img.shields.io/static/v1?label=Product&message=Email%20Encoder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.2.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Email Encoder WordPress plugin before 2.2.2 does not escape the WP_Email_Encoder_Bundle_options[protection_text] parameter before outputting it back in an attribute in an admin page, leading to a Stored Cross-Site Scripting + +### POC + +#### Reference +- https://wpscan.com/vulnerability/8f2ac76c-f3f8-41f9-a32a-f414825cf6f1/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-4577.md b/2024/CVE-2024-4577.md index 34278ee64..eaf105b9a 100644 --- a/2024/CVE-2024-4577.md +++ b/2024/CVE-2024-4577.md @@ -49,6 +49,7 @@ In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, w - https://github.com/huseyinstif/CVE-2024-4577-Nuclei-Template - https://github.com/it-t4mpan/check_cve_2024_4577.sh - https://github.com/manuelinfosec/CVE-2024-4577 +- https://github.com/nitish778191/fitness_app - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/ohhhh693/CVE-2024-4577 - https://github.com/princew88/CVE-2024-4577 diff --git a/2024/CVE-2024-4879.md b/2024/CVE-2024-4879.md index c28a69752..4a73f055c 100644 --- a/2024/CVE-2024-4879.md +++ b/2024/CVE-2024-4879.md @@ -10,7 +10,7 @@ ServiceNow has addressed an input validation vulnerability that was identified i ### POC #### Reference -No PoCs from references. +- https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit #### Github - https://github.com/Ostorlab/KEV diff --git a/2024/CVE-2024-4950.md b/2024/CVE-2024-4950.md new file mode 100644 index 000000000..de0bbc139 --- /dev/null +++ b/2024/CVE-2024-4950.md @@ -0,0 +1,17 @@ +### [CVE-2024-4950](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4950) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=125.0.6422.60%3C%20125.0.6422.60%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Inappropriate%20implementation&color=brighgreen) + +### Description + +Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) + +### POC + +#### Reference +- https://issues.chromium.org/issues/40065403 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-5081.md b/2024/CVE-2024-5081.md new file mode 100644 index 000000000..eb6d7759f --- /dev/null +++ b/2024/CVE-2024-5081.md @@ -0,0 +1,18 @@ +### [CVE-2024-5081](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5081) +![](https://img.shields.io/static/v1?label=Product&message=wp-eMember&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20v10.7.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The wp-eMember WordPress plugin before v10.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4f02bdb5-5cf6-4519-9586-fd4fb3d45dea/ + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-5217.md b/2024/CVE-2024-5217.md new file mode 100644 index 000000000..1b98d9c4b --- /dev/null +++ b/2024/CVE-2024-5217.md @@ -0,0 +1,18 @@ +### [CVE-2024-5217](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5217) +![](https://img.shields.io/static/v1?label=Product&message=Now%20Platform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20Utah%20Patch%2010%20Hot%20Fix%203%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-184%20Incomplete%20List%20of%20Disallowed%20Inputs&color=brighgreen) + +### Description + +ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. + +### POC + +#### Reference +- https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit + +#### Github +- https://github.com/Ostorlab/KEV +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-5246.md b/2024/CVE-2024-5246.md new file mode 100644 index 000000000..b2fdc5be5 --- /dev/null +++ b/2024/CVE-2024-5246.md @@ -0,0 +1,17 @@ +### [CVE-2024-5246](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5246) +![](https://img.shields.io/static/v1?label=Product&message=ProSAFE%20Network%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.7.0.34%20x64%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1395%3A%20Dependency%20on%20Vulnerable%20Third-Party%20Component&color=brighgreen) + +### Description + +NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22868. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-5285.md b/2024/CVE-2024-5285.md new file mode 100644 index 000000000..e61df5c3a --- /dev/null +++ b/2024/CVE-2024-5285.md @@ -0,0 +1,17 @@ +### [CVE-2024-5285](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5285) +![](https://img.shields.io/static/v1?label=Product&message=wp-affiliate-platform&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%206.5.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/792f3904-88bd-47d1-9049-afccdd74853a/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-5595.md b/2024/CVE-2024-5595.md new file mode 100644 index 000000000..ae20478e6 --- /dev/null +++ b/2024/CVE-2024-5595.md @@ -0,0 +1,17 @@ +### [CVE-2024-5595](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5595) +![](https://img.shields.io/static/v1?label=Product&message=Essential%20Blocks&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.7.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Essential Blocks WordPress plugin before 4.7.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/f2b8f092-4fc0-4edc-ba0f-d4312c2e5dec/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-5670.md b/2024/CVE-2024-5670.md new file mode 100644 index 000000000..2474bc536 --- /dev/null +++ b/2024/CVE-2024-5670.md @@ -0,0 +1,20 @@ +### [CVE-2024-5670](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5670) +![](https://img.shields.io/static/v1?label=Product&message=SN%20OS%2010.3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SN%20OS%2012.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SN%20OS%2012.3&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20230631%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20230922%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +The web services of Softnext's products, Mail SQR Expert and Mail Archiving Expert do not properly validate user input, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the remote server. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tanjiti/sec_profile + diff --git a/2024/CVE-2024-5678.md b/2024/CVE-2024-5678.md new file mode 100644 index 000000000..d603c1744 --- /dev/null +++ b/2024/CVE-2024-5678.md @@ -0,0 +1,19 @@ +### [CVE-2024-5678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5678) +![](https://img.shields.io/static/v1?label=Product&message=Applications%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20170900%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) + +### Description + +Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/0x41424142/qualyspy +- https://github.com/Dashrath158/CVE-Management-App-using-Flask +- https://github.com/bergel07/FinalProject + diff --git a/2024/CVE-2024-5737.md b/2024/CVE-2024-5737.md index 6ad3a99ec..4ec41319d 100644 --- a/2024/CVE-2024-5737.md +++ b/2024/CVE-2024-5737.md @@ -10,7 +10,8 @@ Script afGdStream.php in AdmirorFrames Joomla! extension doesn’t specify a co ### POC #### Reference -No PoCs from references. +- https://github.com/afine-com/CVE-2024-5737 +- https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5737 #### Github - https://github.com/afine-com/research diff --git a/2024/CVE-2024-5765.md b/2024/CVE-2024-5765.md new file mode 100644 index 000000000..d07f7e656 --- /dev/null +++ b/2024/CVE-2024-5765.md @@ -0,0 +1,17 @@ +### [CVE-2024-5765](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5765) +![](https://img.shields.io/static/v1?label=Product&message=WpStickyBar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0b73f84c-611e-4681-b362-35e721478ba4/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-5807.md b/2024/CVE-2024-5807.md new file mode 100644 index 000000000..d8139c323 --- /dev/null +++ b/2024/CVE-2024-5807.md @@ -0,0 +1,17 @@ +### [CVE-2024-5807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5807) +![](https://img.shields.io/static/v1?label=Product&message=Business%20Card&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload%20of%20File%20with%20Dangerous%20Type&color=brighgreen) + +### Description + +The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/badb16b5-8c06-4170-b605-ea7af8982c1f/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-5808.md b/2024/CVE-2024-5808.md new file mode 100644 index 000000000..0cb59b4df --- /dev/null +++ b/2024/CVE-2024-5808.md @@ -0,0 +1,17 @@ +### [CVE-2024-5808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5808) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Ajax%20Contact%20Form&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1783bbce-3cc3-4a7e-a491-b713cee8278b/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-5809.md b/2024/CVE-2024-5809.md new file mode 100644 index 000000000..aa5857ed1 --- /dev/null +++ b/2024/CVE-2024-5809.md @@ -0,0 +1,17 @@ +### [CVE-2024-5809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5809) +![](https://img.shields.io/static/v1?label=Product&message=WP%20Ajax%20Contact%20Form&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WP Ajax Contact Form WordPress plugin through 2.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin users + +### POC + +#### Reference +- https://wpscan.com/vulnerability/0af9fbcf-5f0e-4f7f-ae60-b46e704cf0a5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-5882.md b/2024/CVE-2024-5882.md new file mode 100644 index 000000000..8bdbd1916 --- /dev/null +++ b/2024/CVE-2024-5882.md @@ -0,0 +1,17 @@ +### [CVE-2024-5882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5882) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Classified%20Listings&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the `ucl_page` and `layout` parameters allowing unauthenticated users to access PHP files on the server from the listings page + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5e8d7808-8f3e-4fc9-a1e7-e108da031ca7/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-5883.md b/2024/CVE-2024-5883.md new file mode 100644 index 000000000..43e0bb332 --- /dev/null +++ b/2024/CVE-2024-5883.md @@ -0,0 +1,17 @@ +### [CVE-2024-5883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5883) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Classified%20Listings&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ultimate Classified Listings WordPress plugin before 1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a1894884-c739-4ef4-8d9c-392171ab3d68/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-5975.md b/2024/CVE-2024-5975.md new file mode 100644 index 000000000..2e7aa0e0d --- /dev/null +++ b/2024/CVE-2024-5975.md @@ -0,0 +1,17 @@ +### [CVE-2024-5975](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5975) +![](https://img.shields.io/static/v1?label=Product&message=CZ%20Loan%20Management&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +The CZ Loan Management WordPress plugin through 1.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection + +### POC + +#### Reference +- https://wpscan.com/vulnerability/68f81943-b007-49c8-be9c-d0405b2ba4cf/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6021.md b/2024/CVE-2024-6021.md new file mode 100644 index 000000000..36aa3617c --- /dev/null +++ b/2024/CVE-2024-6021.md @@ -0,0 +1,17 @@ +### [CVE-2024-6021](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6021) +![](https://img.shields.io/static/v1?label=Product&message=Donation%20Block%20For%20PayPal&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Donation Block For PayPal WordPress plugin through 2.1.0 does not sanitise and escape form submissions, leading to a stored cross-site scripting vulnerability + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9d83cffd-7dcd-4301-8d4d-3043b14e05b5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6127.md b/2024/CVE-2024-6127.md new file mode 100644 index 000000000..3fa3b0b40 --- /dev/null +++ b/2024/CVE-2024-6127.md @@ -0,0 +1,17 @@ +### [CVE-2024-6127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6127) +![](https://img.shields.io/static/v1?label=Product&message=Empire&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.9.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path. + +### POC + +#### Reference +- https://vulncheck.com/advisories/empire-unauth-rce + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6162.md b/2024/CVE-2024-6162.md index 5bbe08054..e2cf46c58 100644 --- a/2024/CVE-2024-6162.md +++ b/2024/CVE-2024-6162.md @@ -10,7 +10,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Process%20Automation%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20-%20HawtIO&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%204.0%20for%20Spring%20Boot&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%204.4.1%20for%20Spring%20Boot&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Spring%20Boot&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Uncontrolled%20Resource%20Consumption&color=brighgreen) diff --git a/2024/CVE-2024-6165.md b/2024/CVE-2024-6165.md new file mode 100644 index 000000000..568de2b03 --- /dev/null +++ b/2024/CVE-2024-6165.md @@ -0,0 +1,17 @@ +### [CVE-2024-6165](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6165) +![](https://img.shields.io/static/v1?label=Product&message=WANotifier&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.6.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WANotifier WordPress plugin before 2.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/b9e6648a-9d19-4e73-ad6c-f727802d8dd5/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6196.md b/2024/CVE-2024-6196.md new file mode 100644 index 000000000..c83fc48ac --- /dev/null +++ b/2024/CVE-2024-6196.md @@ -0,0 +1,17 @@ +### [CVE-2024-6196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6196) +![](https://img.shields.io/static/v1?label=Product&message=Banking%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in itsourcecode Banking Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269168. + +### POC + +#### Reference +- https://github.com/2768210355/cve/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6223.md b/2024/CVE-2024-6223.md new file mode 100644 index 000000000..540530018 --- /dev/null +++ b/2024/CVE-2024-6223.md @@ -0,0 +1,17 @@ +### [CVE-2024-6223](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6223) +![](https://img.shields.io/static/v1?label=Product&message=Send%20email%20only%20on%20Reply%20to%20My%20Comment&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/cf7d1cea-0bf4-4b9e-bab4-71d5719a7c30/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6224.md b/2024/CVE-2024-6224.md new file mode 100644 index 000000000..c349dcf9b --- /dev/null +++ b/2024/CVE-2024-6224.md @@ -0,0 +1,18 @@ +### [CVE-2024-6224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6224) +![](https://img.shields.io/static/v1?label=Product&message=Send%20email%20only%20on%20Reply%20to%20My%20Comment&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/54457f1b-6572-4de0-9100-3433c715c5ce/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6226.md b/2024/CVE-2024-6226.md new file mode 100644 index 000000000..fd0824cd0 --- /dev/null +++ b/2024/CVE-2024-6226.md @@ -0,0 +1,17 @@ +### [CVE-2024-6226](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6226) +![](https://img.shields.io/static/v1?label=Product&message=WpStickyBar&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The WpStickyBar WordPress plugin through 2.1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/e42ce8dc-51d4-471d-b3bb-ad2a6b735d02/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6230.md b/2024/CVE-2024-6230.md new file mode 100644 index 000000000..4855f7a13 --- /dev/null +++ b/2024/CVE-2024-6230.md @@ -0,0 +1,17 @@ +### [CVE-2024-6230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6230) +![](https://img.shields.io/static/v1?label=Product&message=%D9%BE%D9%84%D8%A7%DA%AF%DB%8C%D9%86%20%D9%BE%D8%B1%D8%AF%D8%A7%D8%AE%D8%AA%20%D8%AF%D9%84%D8%AE%D9%88%D8%A7%D9%87&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The پلاگین پرداخت دلخواه WordPress plugin through 2.9.8 does not have CSRF check in place when resetting its form fields, which could allow attackers to make a logged in admin perform such action via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/311e3c15-0f58-4f3b-91f8-0c62c0eea55e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6270.md b/2024/CVE-2024-6270.md new file mode 100644 index 000000000..80623d05a --- /dev/null +++ b/2024/CVE-2024-6270.md @@ -0,0 +1,17 @@ +### [CVE-2024-6270](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6270) +![](https://img.shields.io/static/v1?label=Product&message=Community%20Events&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/3d0a6edc-61e8-42fb-8b93-ef083146bd9c/ + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6272.md b/2024/CVE-2024-6272.md new file mode 100644 index 000000000..3699e133f --- /dev/null +++ b/2024/CVE-2024-6272.md @@ -0,0 +1,17 @@ +### [CVE-2024-6272](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6272) +![](https://img.shields.io/static/v1?label=Product&message=SpiderContacts&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The SpiderContacts WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/146b94df-7fc6-4da3-9ef1-d2875ae3fa9e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6273.md b/2024/CVE-2024-6273.md index 2a71b3496..03d14fea7 100644 --- a/2024/CVE-2024-6273.md +++ b/2024/CVE-2024-6273.md @@ -11,6 +11,7 @@ A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has be #### Reference - https://docs.google.com/document/d/14ExrgXqPQlgvjw2poqNzYzAOi-C5tda-XBJF513yzag/edit?usp=sharing +- https://github.com/sgr-xd/CVEs/blob/main/CVE-2024-6273.md #### Github No PoCs found on GitHub currently. diff --git a/2024/CVE-2024-6308.md b/2024/CVE-2024-6308.md new file mode 100644 index 000000000..6b8162d6b --- /dev/null +++ b/2024/CVE-2024-6308.md @@ -0,0 +1,17 @@ +### [CVE-2024-6308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6308) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Online%20Hotel%20Reservation%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269620. + +### POC + +#### Reference +- https://github.com/L1OudFd8cl09/CVE/blob/main/25_06_2024_a.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6362.md b/2024/CVE-2024-6362.md new file mode 100644 index 000000000..787c214f3 --- /dev/null +++ b/2024/CVE-2024-6362.md @@ -0,0 +1,17 @@ +### [CVE-2024-6362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6362) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Blocks&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ultimate Blocks WordPress plugin before 3.2.0 does not validate and escape some of its post-grid block attributes before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d2e2d06b-0f07-40b9-9b87-3373f62ae1a9/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6366.md b/2024/CVE-2024-6366.md new file mode 100644 index 000000000..340d39ec3 --- /dev/null +++ b/2024/CVE-2024-6366.md @@ -0,0 +1,17 @@ +### [CVE-2024-6366](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6366) +![](https://img.shields.io/static/v1?label=Product&message=User%20Profile%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.11.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5b90cbdd-52cc-4e7b-bf39-bea0dd59e19e/ + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-6373.md b/2024/CVE-2024-6373.md new file mode 100644 index 000000000..32a94796c --- /dev/null +++ b/2024/CVE-2024-6373.md @@ -0,0 +1,17 @@ +### [CVE-2024-6373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6373) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Food%20Ordering%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability has been found in itsourcecode Online Food Ordering System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269806 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/Abyssun/abyssun-/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6387.md b/2024/CVE-2024-6387.md index 50a886335..1d1e4c43c 100644 --- a/2024/CVE-2024-6387.md +++ b/2024/CVE-2024-6387.md @@ -1,5 +1,7 @@ ### [CVE-2024-6387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6387) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ceph%20Storage%205&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ceph%20Storage%206&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ceph%20Storage%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) @@ -21,10 +23,14 @@ A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). #### Reference - http://www.openwall.com/lists/oss-security/2024/07/03/5 +- http://www.openwall.com/lists/oss-security/2024/07/28/2 - https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server +- https://santandersecurityresearch.github.io/blog/sshing_the_masses.html - https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html #### Github +- https://github.com/0xMarcio/cve +- https://github.com/CVEDB/awesome-cve-repo - https://github.com/David-M-Berry/openssh-cve-discovery - https://github.com/GhostTroops/TOP - https://github.com/GitHubForSnap/openssh-server-gael @@ -39,9 +45,11 @@ A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). - https://github.com/enomothem/PenTestNote - https://github.com/giterlizzi/secdb-feeds - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- +- https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion - https://github.com/lukibahr/stars - https://github.com/maycon/stars - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/rxerium/stars - https://github.com/sardine-web/CVE-2024-6387_Check - https://github.com/tanjiti/sec_profile - https://github.com/teamos-hub/regreSSHion diff --git a/2024/CVE-2024-6390.md b/2024/CVE-2024-6390.md new file mode 100644 index 000000000..1b17b372c --- /dev/null +++ b/2024/CVE-2024-6390.md @@ -0,0 +1,17 @@ +### [CVE-2024-6390](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6390) +![](https://img.shields.io/static/v1?label=Product&message=Quiz%20and%20Survey%20Master%20(QSM)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%209.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Quiz and Survey Master (QSM) WordPress plugin before 9.1.0 does not properly sanitise and escape some of its Quizz settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/00586687-33c7-4d84-b606-0478b1063d24/ + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-6408.md b/2024/CVE-2024-6408.md new file mode 100644 index 000000000..2e0b40d1e --- /dev/null +++ b/2024/CVE-2024-6408.md @@ -0,0 +1,17 @@ +### [CVE-2024-6408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6408) +![](https://img.shields.io/static/v1?label=Product&message=Slider%20by%2010Web&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.57%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed + +### POC + +#### Reference +- https://wpscan.com/vulnerability/31aaeffb-a752-4941-9d0f-1b374fbc7abb/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6412.md b/2024/CVE-2024-6412.md new file mode 100644 index 000000000..5a9723a66 --- /dev/null +++ b/2024/CVE-2024-6412.md @@ -0,0 +1,17 @@ +### [CVE-2024-6412](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6412) +![](https://img.shields.io/static/v1?label=Product&message=HTML%20Forms&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3.34%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The HTML Forms WordPress plugin before 1.3.34 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9eb0dad6-3c19-4fe4-a20d-d45b51410444/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6417.md b/2024/CVE-2024-6417.md new file mode 100644 index 000000000..22922b0f1 --- /dev/null +++ b/2024/CVE-2024-6417.md @@ -0,0 +1,17 @@ +### [CVE-2024-6417](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6417) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Online%20Bidding%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=delete_user. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270008. + +### POC + +#### Reference +- https://github.com/xyj123a/cve/blob/main/sql.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6477.md b/2024/CVE-2024-6477.md new file mode 100644 index 000000000..9e34e7f86 --- /dev/null +++ b/2024/CVE-2024-6477.md @@ -0,0 +1,17 @@ +### [CVE-2024-6477](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6477) +![](https://img.shields.io/static/v1?label=Product&message=UsersWP&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.2.12%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive information such as IP, username, and email address + +### POC + +#### Reference +- https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6487.md b/2024/CVE-2024-6487.md new file mode 100644 index 000000000..0c27e7284 --- /dev/null +++ b/2024/CVE-2024-6487.md @@ -0,0 +1,17 @@ +### [CVE-2024-6487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6487) +![](https://img.shields.io/static/v1?label=Product&message=Inline%20Related%20Posts&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.8.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/eeec9608-a7b2-4926-bac2-4c81a65dd473/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6490.md b/2024/CVE-2024-6490.md new file mode 100644 index 000000000..23699ca39 --- /dev/null +++ b/2024/CVE-2024-6490.md @@ -0,0 +1,17 @@ +### [CVE-2024-6490](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6490) +![](https://img.shields.io/static/v1?label=Product&message=Master%20Slider&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPress plugin through 3.9.10. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/5a56e5aa-841d-4be5-84da-4c3b7602f053/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6496.md b/2024/CVE-2024-6496.md new file mode 100644 index 000000000..967982007 --- /dev/null +++ b/2024/CVE-2024-6496.md @@ -0,0 +1,17 @@ +### [CVE-2024-6496](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6496) +![](https://img.shields.io/static/v1?label=Product&message=Light%20Poll&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Light Poll WordPress plugin through 1.0.0 does not have CSRF checks when deleting polls, which could allow attackers to make logged in users perform such action via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/d598eabd-a87a-4e3e-be46-a5c5cc3f130e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6498.md b/2024/CVE-2024-6498.md new file mode 100644 index 000000000..9d7ccafd4 --- /dev/null +++ b/2024/CVE-2024-6498.md @@ -0,0 +1,17 @@ +### [CVE-2024-6498](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6498) +![](https://img.shields.io/static/v1?label=Product&message=Chatbot%20for%20WordPress%20by%20Collect.chat%20%E2%9A%A1%EF%B8%8F&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.4.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Chatbot for WordPress by Collect.chat ⚡️ WordPress plugin before 2.4.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed + +### POC + +#### Reference +- https://wpscan.com/vulnerability/eed58889-4be8-48df-9ef6-269df451e79e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6518.md b/2024/CVE-2024-6518.md new file mode 100644 index 000000000..c935389cc --- /dev/null +++ b/2024/CVE-2024-6518.md @@ -0,0 +1,17 @@ +### [CVE-2024-6518](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6518) +![](https://img.shields.io/static/v1?label=Product&message=Contact%20Form%20Plugin%20by%20Fluent%20Forms%20for%20Quiz%2C%20Survey%2C%20and%20Drag%20%26%20Drop%20WP%20Form%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%205.1.19%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fluentform/fluentform + diff --git a/2024/CVE-2024-6520.md b/2024/CVE-2024-6520.md new file mode 100644 index 000000000..3ab1d3ebd --- /dev/null +++ b/2024/CVE-2024-6520.md @@ -0,0 +1,17 @@ +### [CVE-2024-6520](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6520) +![](https://img.shields.io/static/v1?label=Product&message=Contact%20Form%20Plugin%20by%20Fluent%20Forms%20for%20Quiz%2C%20Survey%2C%20and%20Drag%20%26%20Drop%20WP%20Form%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%205.1.19%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fluentform/fluentform + diff --git a/2024/CVE-2024-6521.md b/2024/CVE-2024-6521.md new file mode 100644 index 000000000..21512608d --- /dev/null +++ b/2024/CVE-2024-6521.md @@ -0,0 +1,17 @@ +### [CVE-2024-6521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6521) +![](https://img.shields.io/static/v1?label=Product&message=Contact%20Form%20Plugin%20by%20Fluent%20Forms%20for%20Quiz%2C%20Survey%2C%20and%20Drag%20%26%20Drop%20WP%20Form%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%205.1.19%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fluentform/fluentform + diff --git a/2024/CVE-2024-6523.md b/2024/CVE-2024-6523.md index f8b034163..f6a40b6c7 100644 --- a/2024/CVE-2024-6523.md +++ b/2024/CVE-2024-6523.md @@ -10,6 +10,7 @@ A vulnerability was found in ZKTeco BioTime up to 9.5.2. It has been classified ### POC #### Reference +- https://gist.github.com/whiteman007/c8bf92b0294cd2f0cda6bfaca36f8f28 - https://vuldb.com/?submit.364104 #### Github diff --git a/2024/CVE-2024-6526.md b/2024/CVE-2024-6526.md new file mode 100644 index 000000000..bbcf3123b --- /dev/null +++ b/2024/CVE-2024-6526.md @@ -0,0 +1,18 @@ +### [CVE-2024-6526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6526) +![](https://img.shields.io/static/v1?label=Product&message=Ecommerce-CodeIgniter-Bootstrap&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201998845073cf433bc6c250b0354461fbd84d0e03%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03. This affects an unknown part. The manipulation of the argument search_title/catName/sub/name/categorie leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 1b3da45308bb6c3f55247d0e99620b600bd85277. It is recommended to apply a patch to fix this issue. The identifier VDB-270369 was assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/263 +- https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/263#issuecomment-2199387443 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6529.md b/2024/CVE-2024-6529.md new file mode 100644 index 000000000..2437b9524 --- /dev/null +++ b/2024/CVE-2024-6529.md @@ -0,0 +1,17 @@ +### [CVE-2024-6529](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6529) +![](https://img.shields.io/static/v1?label=Product&message=Ultimate%20Classified%20Listings&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ultimate Classified Listings WordPress plugin before 1.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1a346c9a-cc1a-46b1-b27a-a77a38449933/ + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-6536.md b/2024/CVE-2024-6536.md new file mode 100644 index 000000000..b365b82a1 --- /dev/null +++ b/2024/CVE-2024-6536.md @@ -0,0 +1,17 @@ +### [CVE-2024-6536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6536) +![](https://img.shields.io/static/v1?label=Product&message=Zephyr%20Project%20Manager&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.3.99%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Zephyr Project Manager WordPress plugin before 3.3.99 does not sanitise and escape some of its settings, which could allow high privilege users such as editors and admins to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/ee40c1c6-4186-4b97-866c-fb0e76cedeb8/ + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-6652.md b/2024/CVE-2024-6652.md new file mode 100644 index 000000000..2fad40c35 --- /dev/null +++ b/2024/CVE-2024-6652.md @@ -0,0 +1,17 @@ +### [CVE-2024-6652](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6652) +![](https://img.shields.io/static/v1?label=Product&message=Gym%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file manage_member.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271059. + +### POC + +#### Reference +- https://github.com/littletree7/cve/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6695.md b/2024/CVE-2024-6695.md new file mode 100644 index 000000000..f00549b59 --- /dev/null +++ b/2024/CVE-2024-6695.md @@ -0,0 +1,17 @@ +### [CVE-2024-6695](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6695) +![](https://img.shields.io/static/v1?label=Product&message=User%20Profile%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.11.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) + +### Description + +it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/4afa5c85-ce27-4ca7-bba2-61fb39c53a5b/ + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-6703.md b/2024/CVE-2024-6703.md new file mode 100644 index 000000000..f753062d0 --- /dev/null +++ b/2024/CVE-2024-6703.md @@ -0,0 +1,17 @@ +### [CVE-2024-6703](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6703) +![](https://img.shields.io/static/v1?label=Product&message=Contact%20Form%20Plugin%20by%20Fluent%20Forms%20for%20Quiz%2C%20Survey%2C%20and%20Drag%20%26%20Drop%20WP%20Form%20Builder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%205.1.19%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btn_txt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for attackers with the Form Manager permissions and Subscriber+ user role, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fluentform/fluentform + diff --git a/2024/CVE-2024-6710.md b/2024/CVE-2024-6710.md new file mode 100644 index 000000000..f101ded47 --- /dev/null +++ b/2024/CVE-2024-6710.md @@ -0,0 +1,17 @@ +### [CVE-2024-6710](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6710) +![](https://img.shields.io/static/v1?label=Product&message=Ditty&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.1.45%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1afcf9d4-c2f9-4d47-8d9e-d7fa6ae2358d/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6716.md b/2024/CVE-2024-6716.md new file mode 100644 index 000000000..ba16edf8a --- /dev/null +++ b/2024/CVE-2024-6716.md @@ -0,0 +1,20 @@ +### [CVE-2024-6716](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6716) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +A flaw was found in the libtiff library. An out-of-memory issue in the TIFFReadEncodedStrip function can be triggered when processing a crafted TIFF file, allowing attackers to perform memory allocation of arbitrary sizes, resulting in a denial of service. + +### POC + +#### Reference +- https://gitlab.com/libtiff/libtiff/-/issues/620 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6738.md b/2024/CVE-2024-6738.md new file mode 100644 index 000000000..c86980f3e --- /dev/null +++ b/2024/CVE-2024-6738.md @@ -0,0 +1,17 @@ +### [CVE-2024-6738](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6738) +![](https://img.shields.io/static/v1?label=Product&message=Tronclass&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=all%3C%201.69.61976%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%3A%20Improper%20Access%20Control&color=brighgreen) + +### Description + +The tumbnail API of Tronclass from WisdomGarden lacks proper access control, allowing unauthenticated remote attackers to obtain certain specific files by modifying the URL. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-6745.md b/2024/CVE-2024-6745.md new file mode 100644 index 000000000..25cad3a5c --- /dev/null +++ b/2024/CVE-2024-6745.md @@ -0,0 +1,17 @@ +### [CVE-2024-6745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6745) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Ticket%20Booking&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in code-projects Simple Ticket Booking 1.0. Affected is an unknown function of the file adminauthenticate.php of the component Login. The manipulation of the argument email/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271476. + +### POC + +#### Reference +- https://github.com/xzyxiaohaha/cve/issues/2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6808.md b/2024/CVE-2024-6808.md new file mode 100644 index 000000000..2e6c583eb --- /dev/null +++ b/2024/CVE-2024-6808.md @@ -0,0 +1,17 @@ +### [CVE-2024-6808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6808) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Task%20List&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271707. + +### POC + +#### Reference +- https://github.com/qianqiusujiu/cve/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6932.md b/2024/CVE-2024-6932.md new file mode 100644 index 000000000..574dd01a2 --- /dev/null +++ b/2024/CVE-2024-6932.md @@ -0,0 +1,17 @@ +### [CVE-2024-6932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6932) +![](https://img.shields.io/static/v1?label=Product&message=ClassCMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in ClassCMS 4.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/?action=home&do=shop:index&keyword=&kind=all. The manipulation of the argument order leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271987. + +### POC + +#### Reference +- https://github.com/Hebing123/cve/issues/42 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6934.md b/2024/CVE-2024-6934.md new file mode 100644 index 000000000..1e61f14b2 --- /dev/null +++ b/2024/CVE-2024-6934.md @@ -0,0 +1,17 @@ +### [CVE-2024-6934](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6934) +![](https://img.shields.io/static/v1?label=Product&message=Form%20Tools&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability classified as problematic has been found in formtools.org Form Tools 3.1.1. This affects an unknown part of the file /admin/forms/add/step2.php?submission_type=direct. The manipulation of the argument Form URL leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271989 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE-2.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6938.md b/2024/CVE-2024-6938.md new file mode 100644 index 000000000..c413cb64f --- /dev/null +++ b/2024/CVE-2024-6938.md @@ -0,0 +1,18 @@ +### [CVE-2024-6938](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6938) +![](https://img.shields.io/static/v1?label=Product&message=SiYuan&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability has been found in SiYuan 3.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PDF.js of the component PDF Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271993 was assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/siyuan-note/siyuan/issues/11650 +- https://github.com/siyuan-note/siyuan/issues/11949 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6939.md b/2024/CVE-2024-6939.md new file mode 100644 index 000000000..747d78345 --- /dev/null +++ b/2024/CVE-2024-6939.md @@ -0,0 +1,17 @@ +### [CVE-2024-6939](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6939) +![](https://img.shields.io/static/v1?label=Product&message=RockOA&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.6.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in Xinhu RockOA 2.6.3 and classified as problematic. Affected by this issue is the function okla of the file /webmain/public/upload/tpl_upload.html. The manipulation of the argument callback leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271994 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/rainrocka/xinhu/issues/7 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6942.md b/2024/CVE-2024-6942.md new file mode 100644 index 000000000..9f5ca6b3e --- /dev/null +++ b/2024/CVE-2024-6942.md @@ -0,0 +1,17 @@ +### [CVE-2024-6942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6942) +![](https://img.shields.io/static/v1?label=Product&message=ThinkSAAS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.7.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, was found in ThinkSAAS 3.7.0. Affected is an unknown function of the file app/system/action/anti.php of the component Admin Panel Security Center. The manipulation of the argument ip/email/phone leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272064. + +### POC + +#### Reference +- https://github.com/thinksaas/ThinkSAAS/issues/37 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6947.md b/2024/CVE-2024-6947.md new file mode 100644 index 000000000..704978779 --- /dev/null +++ b/2024/CVE-2024-6947.md @@ -0,0 +1,17 @@ +### [CVE-2024-6947](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6947) +![](https://img.shields.io/static/v1?label=Product&message=CMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%200.2.2.4-alpha%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Code%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been rated as critical. This issue affects the function replaceContent of the file app/Core/Support/ContentParser.php of the component Notification Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272069 was assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE5-3.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6949.md b/2024/CVE-2024-6949.md new file mode 100644 index 000000000..7ae78f850 --- /dev/null +++ b/2024/CVE-2024-6949.md @@ -0,0 +1,17 @@ +### [CVE-2024-6949](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6949) +![](https://img.shields.io/static/v1?label=Product&message=wuhu&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203faad49bfcc3895e9ff76a591d05c8941273d120%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Path%20Traversal&color=brighgreen) + +### Description + +A vulnerability classified as problematic was found in Gargaj wuhu up to 3faad49bfcc3895e9ff76a591d05c8941273d120. Affected by this vulnerability is an unknown functionality of the file /pages.php?edit=News. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-272071. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE4-2.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6957.md b/2024/CVE-2024-6957.md new file mode 100644 index 000000000..c94a7080d --- /dev/null +++ b/2024/CVE-2024-6957.md @@ -0,0 +1,17 @@ +### [CVE-2024-6957](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6957) +![](https://img.shields.io/static/v1?label=Product&message=University%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in itsourcecode University Management System 1.0. This affects an unknown part of the file functions.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272079. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE6-3.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-6963.md b/2024/CVE-2024-6963.md index d3c3aabbd..46b676a01 100644 --- a/2024/CVE-2024-6963.md +++ b/2024/CVE-2024-6963.md @@ -10,7 +10,7 @@ A vulnerability, which was classified as critical, has been found in Tenda O3 1. ### POC #### Reference -No PoCs from references. +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/formexeCommand.md #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-6966.md b/2024/CVE-2024-6966.md index 6b3f67e0f..e936b1340 100644 --- a/2024/CVE-2024-6966.md +++ b/2024/CVE-2024-6966.md @@ -10,7 +10,7 @@ A vulnerability was found in itsourcecode Online Blood Bank Management System 1. ### POC #### Reference -No PoCs from references. +- https://github.com/HermesCui/CVE/issues/1 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-6967.md b/2024/CVE-2024-6967.md index be62d2cf9..304a6adc6 100644 --- a/2024/CVE-2024-6967.md +++ b/2024/CVE-2024-6967.md @@ -10,7 +10,7 @@ A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Loggi ### POC #### Reference -No PoCs from references. +- https://github.com/rtsjx-cve/cve/blob/main/sql.md #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-6975.md b/2024/CVE-2024-6975.md new file mode 100644 index 000000000..588e869e0 --- /dev/null +++ b/2024/CVE-2024-6975.md @@ -0,0 +1,17 @@ +### [CVE-2024-6975](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6975) +![](https://img.shields.io/static/v1?label=Product&message=SDP%20Client&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%205.10.34%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-426%20Untrusted%20Search%20Path&color=brighgreen) + +### Description + +Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.This issue affects SDP Client before 5.10.34. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/chnzzh/OpenSSL-CVE-lib + diff --git a/2024/CVE-2024-7007.md b/2024/CVE-2024-7007.md new file mode 100644 index 000000000..728ce09dc --- /dev/null +++ b/2024/CVE-2024-7007.md @@ -0,0 +1,17 @@ +### [CVE-2024-7007](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7007) +![](https://img.shields.io/static/v1?label=Product&message=Broadcast%20Signal%20Processor%20TRA7005&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v1.20%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-288%20Authentication%20Bypass%20Using%20an%20Alternate%20Path%20or%20Channel&color=brighgreen) + +### Description + +Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentication bypass exploit that could allow an attacker to have unauthorized access to protected areas of the application. + +### POC + +#### Reference +- https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-02 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7069.md b/2024/CVE-2024-7069.md new file mode 100644 index 000000000..c017bd66d --- /dev/null +++ b/2024/CVE-2024-7069.md @@ -0,0 +1,17 @@ +### [CVE-2024-7069](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7069) +![](https://img.shields.io/static/v1?label=Product&message=Employee%20and%20Visitor%20Gate%20Pass%20Logging%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. This issue affects some unknown processing of the file /employee_gatepass/classes/Master.php?f=delete_department. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272351. + +### POC + +#### Reference +- https://github.com/pineapple65/cve/blob/main/sql.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7080.md b/2024/CVE-2024-7080.md index f39436ba0..b4803fada 100644 --- a/2024/CVE-2024-7080.md +++ b/2024/CVE-2024-7080.md @@ -10,7 +10,7 @@ A vulnerability was found in SourceCodester Insurance Management System 1.0. It ### POC #### Reference -No PoCs from references. +- https://github.com/Xu-Mingming/cve/blob/main/bianli.md #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7106.md b/2024/CVE-2024-7106.md new file mode 100644 index 000000000..aeb5d931e --- /dev/null +++ b/2024/CVE-2024-7106.md @@ -0,0 +1,17 @@ +### [CVE-2024-7106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7106) +![](https://img.shields.io/static/v1?label=Product&message=CMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.18.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery&color=brighgreen) + +### Description + +A vulnerability classified as problematic was found in Spina CMS 2.18.0. Affected by this vulnerability is an unknown functionality of the file /admin/media_folders. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272431. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/topsky979/Security-Collections/blob/main/cve3/README.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7114.md b/2024/CVE-2024-7114.md new file mode 100644 index 000000000..6f0cdca56 --- /dev/null +++ b/2024/CVE-2024-7114.md @@ -0,0 +1,17 @@ +### [CVE-2024-7114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7114) +![](https://img.shields.io/static/v1?label=Product&message=Blog&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.8.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Tianchoy Blog up to 1.8.8. It has been classified as critical. This affects an unknown part of the file /so.php. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272445 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/topsky979/Security-Collections/tree/main/cve5 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7115.md b/2024/CVE-2024-7115.md new file mode 100644 index 000000000..588c8fbce --- /dev/null +++ b/2024/CVE-2024-7115.md @@ -0,0 +1,17 @@ +### [CVE-2024-7115](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7115) +![](https://img.shields.io/static/v1?label=Product&message=Online-Payroll-Management-System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020230911%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. It has been declared as critical. This vulnerability affects unknown code of the file /designation_viewmore.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-272446 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/topsky979/Security-Collections/tree/main/cve6 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7116.md b/2024/CVE-2024-7116.md new file mode 100644 index 000000000..748a47ff0 --- /dev/null +++ b/2024/CVE-2024-7116.md @@ -0,0 +1,17 @@ +### [CVE-2024-7116](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7116) +![](https://img.shields.io/static/v1?label=Product&message=Online-Payroll-Management-System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020230911%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. It has been rated as critical. This issue affects some unknown processing of the file /branch_viewmore.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-272447. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/topsky979/Security-Collections/tree/main/cve7 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7117.md b/2024/CVE-2024-7117.md new file mode 100644 index 000000000..5f00bab5a --- /dev/null +++ b/2024/CVE-2024-7117.md @@ -0,0 +1,17 @@ +### [CVE-2024-7117](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7117) +![](https://img.shields.io/static/v1?label=Product&message=Online-Payroll-Management-System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020230911%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected is an unknown function of the file /shift_viewmore.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-272448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/topsky979/Security-Collections/tree/main/cve8 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7118.md b/2024/CVE-2024-7118.md new file mode 100644 index 000000000..d5558bacb --- /dev/null +++ b/2024/CVE-2024-7118.md @@ -0,0 +1,17 @@ +### [CVE-2024-7118](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7118) +![](https://img.shields.io/static/v1?label=Product&message=Online-Payroll-Management-System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020230911%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected by this vulnerability is an unknown functionality of the file /department_viewmore.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier VDB-272449 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/topsky979/Security-Collections/tree/main/cve9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7119.md b/2024/CVE-2024-7119.md new file mode 100644 index 000000000..ca5b24adf --- /dev/null +++ b/2024/CVE-2024-7119.md @@ -0,0 +1,17 @@ +### [CVE-2024-7119](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7119) +![](https://img.shields.io/static/v1?label=Product&message=Online-Payroll-Management-System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020230911%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in MD-MAFUJUL-HASAN Online-Payroll-Management-System up to 20230911. Affected by this issue is some unknown functionality of the file /employee_viewmore.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-272450 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/topsky979/Security-Collections/tree/main/cve10 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7120.md b/2024/CVE-2024-7120.md new file mode 100644 index 000000000..c3af04052 --- /dev/null +++ b/2024/CVE-2024-7120.md @@ -0,0 +1,20 @@ +### [CVE-2024-7120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7120) +![](https://img.shields.io/static/v1?label=Product&message=MSG1200&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=MSG2100E&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=MSG2200&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=MSG2300&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.90%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. This affects an unknown part of the file list_base_config.php of the component Web Interface. The manipulation of the argument template leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272451. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/komodoooo/Some-things + diff --git a/2024/CVE-2024-7160.md b/2024/CVE-2024-7160.md new file mode 100644 index 000000000..8657071a4 --- /dev/null +++ b/2024/CVE-2024-7160.md @@ -0,0 +1,17 @@ +### [CVE-2024-7160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7160) +![](https://img.shields.io/static/v1?label=Product&message=A3700R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.1.2u.5822_B20200513%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWanCfg.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7161.md b/2024/CVE-2024-7161.md new file mode 100644 index 000000000..daf4244b0 --- /dev/null +++ b/2024/CVE-2024-7161.md @@ -0,0 +1,17 @@ +### [CVE-2024-7161](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7161) +![](https://img.shields.io/static/v1?label=Product&message=SeaCMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2013.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery&color=brighgreen) + +### Description + +A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this vulnerability is an unknown functionality of the file /member.php?action=chgpwdsubmit of the component Password Change Handler. The manipulation of the argument newpwd/newpwd2 leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272575. + +### POC + +#### Reference +- https://github.com/HuaQiPro/seacms/issues/30 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7162.md b/2024/CVE-2024-7162.md new file mode 100644 index 000000000..672a63380 --- /dev/null +++ b/2024/CVE-2024-7162.md @@ -0,0 +1,17 @@ +### [CVE-2024-7162](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7162) +![](https://img.shields.io/static/v1?label=Product&message=SeaCMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2012.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown functionality of the file js/player/dmplayer/admin/post.php?act=setting. The manipulation of the argument yzm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272576. + +### POC + +#### Reference +- https://github.com/HuaQiPro/seacms/issues/29 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7163.md b/2024/CVE-2024-7163.md new file mode 100644 index 000000000..4c7801600 --- /dev/null +++ b/2024/CVE-2024-7163.md @@ -0,0 +1,17 @@ +### [CVE-2024-7163](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7163) +![](https://img.shields.io/static/v1?label=Product&message=SeaCMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2012.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272577 was assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/HuaQiPro/seacms/issues/28 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7164.md b/2024/CVE-2024-7164.md new file mode 100644 index 000000000..30982eb89 --- /dev/null +++ b/2024/CVE-2024-7164.md @@ -0,0 +1,17 @@ +### [CVE-2024-7164](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7164) +![](https://img.shields.io/static/v1?label=Product&message=School%20Fees%20Payment%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in SourceCodester School Fees Payment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272578 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/d53eab0322b187bfe151b3f1f31958e2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7165.md b/2024/CVE-2024-7165.md new file mode 100644 index 000000000..db3856e81 --- /dev/null +++ b/2024/CVE-2024-7165.md @@ -0,0 +1,17 @@ +### [CVE-2024-7165](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7165) +![](https://img.shields.io/static/v1?label=Product&message=School%20Fees%20Payment%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_payment.php. The manipulation of the argument ef_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272579. + +### POC + +#### Reference +- https://gist.github.com/topsky979/efe8fa56e557bf3244909f348d5874f7 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7166.md b/2024/CVE-2024-7166.md new file mode 100644 index 000000000..b36ad6218 --- /dev/null +++ b/2024/CVE-2024-7166.md @@ -0,0 +1,17 @@ +### [CVE-2024-7166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7166) +![](https://img.shields.io/static/v1?label=Product&message=School%20Fees%20Payment%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been classified as critical. Affected is an unknown function of the file /receipt.php. The manipulation of the argument ef_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272580. + +### POC + +#### Reference +- https://gist.github.com/topsky979/8ab4ff5ffb2a555694931d14329f5a5d + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7167.md b/2024/CVE-2024-7167.md new file mode 100644 index 000000000..e00c08a64 --- /dev/null +++ b/2024/CVE-2024-7167.md @@ -0,0 +1,17 @@ +### [CVE-2024-7167](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7167) +![](https://img.shields.io/static/v1?label=Product&message=School%20Fees%20Payment%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /manage_course.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272581 was assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/69a797bc0b33fc19144a727a0be31685 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7168.md b/2024/CVE-2024-7168.md new file mode 100644 index 000000000..f5b0ac247 --- /dev/null +++ b/2024/CVE-2024-7168.md @@ -0,0 +1,17 @@ +### [CVE-2024-7168](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7168) +![](https://img.shields.io/static/v1?label=Product&message=School%20Fees%20Payment%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester School Fees Payment System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272582 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/14187eec46d6bc04772eadae7ac4e930 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7169.md b/2024/CVE-2024-7169.md new file mode 100644 index 000000000..b5215dcbe --- /dev/null +++ b/2024/CVE-2024-7169.md @@ -0,0 +1,17 @@ +### [CVE-2024-7169](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7169) +![](https://img.shields.io/static/v1?label=Product&message=School%20Fees%20Payment%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery&color=brighgreen) + +### Description + +A vulnerability classified as problematic has been found in SourceCodester School Fees Payment System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272583. + +### POC + +#### Reference +- https://gist.github.com/topsky979/421c916be6ab09dc990896b07185ec89 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7170.md b/2024/CVE-2024-7170.md new file mode 100644 index 000000000..a4b05ce3c --- /dev/null +++ b/2024/CVE-2024-7170.md @@ -0,0 +1,17 @@ +### [CVE-2024-7170](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7170) +![](https://img.shields.io/static/v1?label=Product&message=A3000RU&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%205.9c.5185%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-259%20Use%20of%20Hard-coded%20Password&color=brighgreen) + +### Description + +A vulnerability was found in TOTOLINK A3000RU 5.9c.5185. It has been rated as problematic. This issue affects some unknown processing of the file /web_cste/cgi-bin/product.ini. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3000RU/product.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7171.md b/2024/CVE-2024-7171.md new file mode 100644 index 000000000..048048144 --- /dev/null +++ b/2024/CVE-2024-7171.md @@ -0,0 +1,17 @@ +### [CVE-2024-7171](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7171) +![](https://img.shields.io/static/v1?label=Product&message=A3600R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.2cu.5182_B20201102%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostTime leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272592. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/NTPSyncWithHost.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7172.md b/2024/CVE-2024-7172.md new file mode 100644 index 000000000..74ef1bab0 --- /dev/null +++ b/2024/CVE-2024-7172.md @@ -0,0 +1,17 @@ +### [CVE-2024-7172](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7172) +![](https://img.shields.io/static/v1?label=Product&message=A3600R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.2cu.5182_B20201102%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected by this vulnerability is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272593 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/getSaveConfig.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7173.md b/2024/CVE-2024-7173.md new file mode 100644 index 000000000..01fb3ea4f --- /dev/null +++ b/2024/CVE-2024-7173.md @@ -0,0 +1,17 @@ +### [CVE-2024-7173](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7173) +![](https://img.shields.io/static/v1?label=Product&message=A3600R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.2cu.5182_B20201102%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password/http_host leads to buffer overflow. The attack may be launched remotely. VDB-272594 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/loginauth.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7174.md b/2024/CVE-2024-7174.md new file mode 100644 index 000000000..e9544026a --- /dev/null +++ b/2024/CVE-2024-7174.md @@ -0,0 +1,17 @@ +### [CVE-2024-7174](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7174) +![](https://img.shields.io/static/v1?label=Product&message=A3600R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.2cu.5182_B20201102%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setdeviceName of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument deviceMac/deviceName leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272595. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setDeviceName.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7175.md b/2024/CVE-2024-7175.md new file mode 100644 index 000000000..3124cbcfd --- /dev/null +++ b/2024/CVE-2024-7175.md @@ -0,0 +1,17 @@ +### [CVE-2024-7175](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7175) +![](https://img.shields.io/static/v1?label=Product&message=A3600R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.2cu.5182_B20201102%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ipDoamin leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272596. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setDiagnosisCfg.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7176.md b/2024/CVE-2024-7176.md new file mode 100644 index 000000000..ec9459bac --- /dev/null +++ b/2024/CVE-2024-7176.md @@ -0,0 +1,17 @@ +### [CVE-2024-7176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7176) +![](https://img.shields.io/static/v1?label=Product&message=A3600R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.2cu.5182_B20201102%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. This issue affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272597 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setIpQosRules.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7177.md b/2024/CVE-2024-7177.md new file mode 100644 index 000000000..515af2563 --- /dev/null +++ b/2024/CVE-2024-7177.md @@ -0,0 +1,17 @@ +### [CVE-2024-7177](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7177) +![](https://img.shields.io/static/v1?label=Product&message=A3600R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.2cu.5182_B20201102%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. Affected is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272598 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setLanguageCfg.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7178.md b/2024/CVE-2024-7178.md new file mode 100644 index 000000000..c6bb90a1a --- /dev/null +++ b/2024/CVE-2024-7178.md @@ -0,0 +1,17 @@ +### [CVE-2024-7178](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7178) +![](https://img.shields.io/static/v1?label=Product&message=A3600R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.2cu.5182_B20201102%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. Affected by this vulnerability is the function setMacQos of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument priority/macAddress leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272599. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setMacQos.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7179.md b/2024/CVE-2024-7179.md new file mode 100644 index 000000000..d4576f2e6 --- /dev/null +++ b/2024/CVE-2024-7179.md @@ -0,0 +1,17 @@ +### [CVE-2024-7179](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7179) +![](https://img.shields.io/static/v1?label=Product&message=A3600R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.2cu.5182_B20201102%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been rated as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument startTime/endTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272600. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setParentalRules.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7180.md b/2024/CVE-2024-7180.md new file mode 100644 index 000000000..1ddcccbe6 --- /dev/null +++ b/2024/CVE-2024-7180.md @@ -0,0 +1,17 @@ +### [CVE-2024-7180](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7180) +![](https://img.shields.io/static/v1?label=Product&message=A3600R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.2cu.5182_B20201102%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This affects the function setPortForwardRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setPortForwardRules.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7181.md b/2024/CVE-2024-7181.md new file mode 100644 index 000000000..8a0206cb7 --- /dev/null +++ b/2024/CVE-2024-7181.md @@ -0,0 +1,17 @@ +### [CVE-2024-7181](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7181) +![](https://img.shields.io/static/v1?label=Product&message=A3600R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.2cu.5182_B20201102%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This vulnerability affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument telnet_enabled leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272602 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setTelnetCfg.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7182.md b/2024/CVE-2024-7182.md new file mode 100644 index 000000000..c1ff5d2cf --- /dev/null +++ b/2024/CVE-2024-7182.md @@ -0,0 +1,17 @@ +### [CVE-2024-7182](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7182) +![](https://img.shields.io/static/v1?label=Product&message=A3600R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.2cu.5182_B20201102%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. This issue affects the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272603. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUpgradeFW.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7183.md b/2024/CVE-2024-7183.md new file mode 100644 index 000000000..21a0b6047 --- /dev/null +++ b/2024/CVE-2024-7183.md @@ -0,0 +1,17 @@ +### [CVE-2024-7183](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7183) +![](https://img.shields.io/static/v1?label=Product&message=A3600R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.2cu.5182_B20201102%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. Affected is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272604. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUploadSetting.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7184.md b/2024/CVE-2024-7184.md new file mode 100644 index 000000000..7eaeec90b --- /dev/null +++ b/2024/CVE-2024-7184.md @@ -0,0 +1,17 @@ +### [CVE-2024-7184](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7184) +![](https://img.shields.io/static/v1?label=Product&message=A3600R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.2cu.5182_B20201102%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this vulnerability is the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUrlFilterRules.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7185.md b/2024/CVE-2024-7185.md new file mode 100644 index 000000000..f993454bd --- /dev/null +++ b/2024/CVE-2024-7185.md @@ -0,0 +1,17 @@ +### [CVE-2024-7185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7185) +![](https://img.shields.io/static/v1?label=Product&message=A3600R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.2cu.5182_B20201102%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this issue is the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument webWlanIdx leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272606 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setWebWlanIdx.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7186.md b/2024/CVE-2024-7186.md new file mode 100644 index 000000000..15d299f88 --- /dev/null +++ b/2024/CVE-2024-7186.md @@ -0,0 +1,17 @@ +### [CVE-2024-7186](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7186) +![](https://img.shields.io/static/v1?label=Product&message=A3600R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.2cu.5182_B20201102%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been classified as critical. This affects the function setWiFiAclAddConfig of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument comment leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272607. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setWiFiAclAddConfig.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7187.md b/2024/CVE-2024-7187.md new file mode 100644 index 000000000..4fde66b2d --- /dev/null +++ b/2024/CVE-2024-7187.md @@ -0,0 +1,17 @@ +### [CVE-2024-7187](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7187) +![](https://img.shields.io/static/v1?label=Product&message=A3600R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.2cu.5182_B20201102%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272608. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/UploadCustomModule.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7188.md b/2024/CVE-2024-7188.md new file mode 100644 index 000000000..de1dced52 --- /dev/null +++ b/2024/CVE-2024-7188.md @@ -0,0 +1,17 @@ +### [CVE-2024-7188](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7188) +![](https://img.shields.io/static/v1?label=Product&message=Quicklancer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Bylancer Quicklancer 2.4. It has been rated as critical. This issue affects some unknown processing of the file /listing of the component GET Parameter Handler. The manipulation of the argument range2 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272609 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/bigb0x/CVEs/blob/main/quicklancer-2-4.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7189.md b/2024/CVE-2024-7189.md new file mode 100644 index 000000000..00b1a8b3a --- /dev/null +++ b/2024/CVE-2024-7189.md @@ -0,0 +1,17 @@ +### [CVE-2024-7189](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7189) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Food%20Ordering%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in itsourcecode Online Food Ordering System 1.0. Affected is an unknown function of the file editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272610 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/L1OudFd8cl09/CVE/blob/main/25_07_2024_a.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7190.md b/2024/CVE-2024-7190.md new file mode 100644 index 000000000..a42c0efe9 --- /dev/null +++ b/2024/CVE-2024-7190.md @@ -0,0 +1,17 @@ +### [CVE-2024-7190](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7190) +![](https://img.shields.io/static/v1?label=Product&message=Society%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/get_price.php. The manipulation of the argument expenses_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272611. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE7-4.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7191.md b/2024/CVE-2024-7191.md new file mode 100644 index 000000000..4cb42432e --- /dev/null +++ b/2024/CVE-2024-7191.md @@ -0,0 +1,17 @@ +### [CVE-2024-7191](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7191) +![](https://img.shields.io/static/v1?label=Product&message=Society%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/get_balance.php. The manipulation of the argument student_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272612. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE7-5.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7194.md b/2024/CVE-2024-7194.md new file mode 100644 index 000000000..d92cdb02c --- /dev/null +++ b/2024/CVE-2024-7194.md @@ -0,0 +1,17 @@ +### [CVE-2024-7194](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7194) +![](https://img.shields.io/static/v1?label=Product&message=Society%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in itsourcecode Society Management System 1.0 and classified as critical. This issue affects some unknown processing of the file check_student.php. The manipulation of the argument student_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272615. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE7-1.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7195.md b/2024/CVE-2024-7195.md new file mode 100644 index 000000000..e2d82ac02 --- /dev/null +++ b/2024/CVE-2024-7195.md @@ -0,0 +1,17 @@ +### [CVE-2024-7195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7195) +![](https://img.shields.io/static/v1?label=Product&message=Society%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in itsourcecode Society Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/check_admin.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272616. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE7-2.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7196.md b/2024/CVE-2024-7196.md new file mode 100644 index 000000000..564b900ac --- /dev/null +++ b/2024/CVE-2024-7196.md @@ -0,0 +1,17 @@ +### [CVE-2024-7196](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7196) +![](https://img.shields.io/static/v1?label=Product&message=Complaints%20Report%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272617 was assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/7c314add775caa87b4db700e0bef7f35 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7197.md b/2024/CVE-2024-7197.md new file mode 100644 index 000000000..564c4cd70 --- /dev/null +++ b/2024/CVE-2024-7197.md @@ -0,0 +1,17 @@ +### [CVE-2024-7197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7197) +![](https://img.shields.io/static/v1?label=Product&message=Complaints%20Report%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Complaints Report Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage_complaint.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272618 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/756e52cd9cd53ddc78801d322c69b5f2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7198.md b/2024/CVE-2024-7198.md new file mode 100644 index 000000000..8a5fff111 --- /dev/null +++ b/2024/CVE-2024-7198.md @@ -0,0 +1,17 @@ +### [CVE-2024-7198](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7198) +![](https://img.shields.io/static/v1?label=Product&message=Complaints%20Report%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in SourceCodester Complaints Report Management System 1.0. This affects an unknown part of the file /admin/manage_station.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272619. + +### POC + +#### Reference +- https://gist.github.com/topsky979/424d2ac58623b0fb4d5232a4ecbe5110 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7199.md b/2024/CVE-2024-7199.md new file mode 100644 index 000000000..831af8034 --- /dev/null +++ b/2024/CVE-2024-7199.md @@ -0,0 +1,17 @@ +### [CVE-2024-7199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7199) +![](https://img.shields.io/static/v1?label=Product&message=Complaints%20Report%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in SourceCodester Complaints Report Management System 1.0. This vulnerability affects unknown code of the file /admin/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272620. + +### POC + +#### Reference +- https://gist.github.com/topsky979/75ba3db98584b13d65d874e4fcac154b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7200.md b/2024/CVE-2024-7200.md new file mode 100644 index 000000000..18a8b8412 --- /dev/null +++ b/2024/CVE-2024-7200.md @@ -0,0 +1,17 @@ +### [CVE-2024-7200](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7200) +![](https://img.shields.io/static/v1?label=Product&message=Complaints%20Report%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, has been found in SourceCodester Complaints Report Management System 1.0. This issue affects some unknown processing of the file /admin/ajax.php?action=save_settings. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272621 was assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/e8b6651dd46922157920c8ed2305efd5 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7212.md b/2024/CVE-2024-7212.md new file mode 100644 index 000000000..745331a6b --- /dev/null +++ b/2024/CVE-2024-7212.md @@ -0,0 +1,17 @@ +### [CVE-2024-7212](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7212) +![](https://img.shields.io/static/v1?label=Product&message=A7000R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.1.0u.6268_B20220504%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in TOTOLINK A7000R 9.1.0u.6268_B20220504. This issue affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272783. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A7000R/loginauth_password.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7213.md b/2024/CVE-2024-7213.md new file mode 100644 index 000000000..a66a532db --- /dev/null +++ b/2024/CVE-2024-7213.md @@ -0,0 +1,17 @@ +### [CVE-2024-7213](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7213) +![](https://img.shields.io/static/v1?label=Product&message=A7000R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.1.0u.6268_B20220504%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in TOTOLINK A7000R 9.1.0u.6268_B20220504. Affected is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272784. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A7000R/setWizardCfg.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7214.md b/2024/CVE-2024-7214.md new file mode 100644 index 000000000..73cfb6e35 --- /dev/null +++ b/2024/CVE-2024-7214.md @@ -0,0 +1,17 @@ +### [CVE-2024-7214](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7214) +![](https://img.shields.io/static/v1?label=Product&message=LR350&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.3.5u.6369_B20220309%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in TOTOLINK LR350 9.3.5u.6369_B20220309 and classified as critical. Affected by this vulnerability is the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272785 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/LR350/setWanCfg.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7215.md b/2024/CVE-2024-7215.md new file mode 100644 index 000000000..a85f24012 --- /dev/null +++ b/2024/CVE-2024-7215.md @@ -0,0 +1,17 @@ +### [CVE-2024-7215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7215) +![](https://img.shields.io/static/v1?label=Product&message=LR1200&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.3.1cu.2832%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832 and classified as critical. Affected by this issue is the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-272786 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/LR1200/NTPSyncWithHost.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7216.md b/2024/CVE-2024-7216.md new file mode 100644 index 000000000..f54525c6d --- /dev/null +++ b/2024/CVE-2024-7216.md @@ -0,0 +1,17 @@ +### [CVE-2024-7216](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7216) +![](https://img.shields.io/static/v1?label=Product&message=LR1200&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.3.1cu.2832%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-259%20Use%20of%20Hard-coded%20Password&color=brighgreen) + +### Description + +A vulnerability was found in TOTOLINK LR1200 9.3.1cu.2832. It has been classified as problematic. This affects an unknown part of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/LR1200/shadow.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7217.md b/2024/CVE-2024-7217.md new file mode 100644 index 000000000..71c7e0e30 --- /dev/null +++ b/2024/CVE-2024-7217.md @@ -0,0 +1,17 @@ +### [CVE-2024-7217](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7217) +![](https://img.shields.io/static/v1?label=Product&message=CA300-PoE&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.2c.884%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in TOTOLINK CA300-PoE 6.2c.884. It has been declared as critical. This vulnerability affects the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CA300-PoE/loginauth_password.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7218.md b/2024/CVE-2024-7218.md new file mode 100644 index 000000000..d55ab6067 --- /dev/null +++ b/2024/CVE-2024-7218.md @@ -0,0 +1,17 @@ +### [CVE-2024-7218](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7218) +![](https://img.shields.io/static/v1?label=Product&message=School%20Log%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester School Log Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/ajax.php?action=save_student. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272789 was assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/86480890cc621c240c86e95a3de9ecc4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7219.md b/2024/CVE-2024-7219.md new file mode 100644 index 000000000..9bc61207e --- /dev/null +++ b/2024/CVE-2024-7219.md @@ -0,0 +1,17 @@ +### [CVE-2024-7219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7219) +![](https://img.shields.io/static/v1?label=Product&message=School%20Log%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in SourceCodester School Log Management System 1.0. Affected is an unknown function of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272790 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/03c7fe20c80455b4884ae9e6c3f3d978 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7220.md b/2024/CVE-2024-7220.md new file mode 100644 index 000000000..0850bf1d3 --- /dev/null +++ b/2024/CVE-2024-7220.md @@ -0,0 +1,17 @@ +### [CVE-2024-7220](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7220) +![](https://img.shields.io/static/v1?label=Product&message=School%20Log%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in SourceCodester School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/print_barcode.php. The manipulation of the argument tbl leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272791. + +### POC + +#### Reference +- https://gist.github.com/topsky979/5cd0b6a43815a0615b8493cde5c4dacf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7221.md b/2024/CVE-2024-7221.md new file mode 100644 index 000000000..338fd19a8 --- /dev/null +++ b/2024/CVE-2024-7221.md @@ -0,0 +1,17 @@ +### [CVE-2024-7221](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7221) +![](https://img.shields.io/static/v1?label=Product&message=School%20Log%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in SourceCodester School Log Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272792. + +### POC + +#### Reference +- https://gist.github.com/topsky979/1e98c4d1a3ba1ed73aab46d360c1c4b8 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7222.md b/2024/CVE-2024-7222.md new file mode 100644 index 000000000..5da3557ac --- /dev/null +++ b/2024/CVE-2024-7222.md @@ -0,0 +1,17 @@ +### [CVE-2024-7222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7222) +![](https://img.shields.io/static/v1?label=Product&message=Lot%20Reservation%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in SourceCodester Lot Reservation Management System 1.0. Affected is an unknown function of the file /home.php. The manipulation of the argument type leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272802 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/9f3d490a2bfdb5794dffc2f4aed72250 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7223.md b/2024/CVE-2024-7223.md new file mode 100644 index 000000000..b353b577b --- /dev/null +++ b/2024/CVE-2024-7223.md @@ -0,0 +1,17 @@ +### [CVE-2024-7223](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7223) +![](https://img.shields.io/static/v1?label=Product&message=Lot%20Reservation%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in SourceCodester Lot Reservation Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_model.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272803. + +### POC + +#### Reference +- https://gist.github.com/topsky979/4c28743586769e73fe37007ed92cc1a7 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7224.md b/2024/CVE-2024-7224.md new file mode 100644 index 000000000..69f62f05c --- /dev/null +++ b/2024/CVE-2024-7224.md @@ -0,0 +1,17 @@ +### [CVE-2024-7224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7224) +![](https://img.shields.io/static/v1?label=Product&message=Lot%20Reservation%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Lot Reservation Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /lot_details.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272804. + +### POC + +#### Reference +- https://gist.github.com/topsky979/76bc2c8ce4871ad8bb60c52e47c4fb5b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7225.md b/2024/CVE-2024-7225.md new file mode 100644 index 000000000..0d0723654 --- /dev/null +++ b/2024/CVE-2024-7225.md @@ -0,0 +1,17 @@ +### [CVE-2024-7225](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7225) +![](https://img.shields.io/static/v1?label=Product&message=Insurance%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /Script/admin/core/update_policy of the component Edit Insurance Policy Page. The manipulation of the argument pname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272805 was assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/Xu-Mingming/cve/blob/main/xss2.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7226.md b/2024/CVE-2024-7226.md new file mode 100644 index 000000000..56d9b8a9b --- /dev/null +++ b/2024/CVE-2024-7226.md @@ -0,0 +1,17 @@ +### [CVE-2024-7226](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7226) +![](https://img.shields.io/static/v1?label=Product&message=Medicine%20Tracker%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Medicine Tracker System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=save_user of the component Password Change Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-272806 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/Xu-Mingming/cve/blob/main/CSRF2.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7273.md b/2024/CVE-2024-7273.md new file mode 100644 index 000000000..ab5d134f9 --- /dev/null +++ b/2024/CVE-2024-7273.md @@ -0,0 +1,17 @@ +### [CVE-2024-7273](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7273) +![](https://img.shields.io/static/v1?label=Product&message=Alton%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in itsourcecode Alton Management System 1.0. This vulnerability affects unknown code of the file search.php. The manipulation of the argument rcode leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273142 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE8-1.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7274.md b/2024/CVE-2024-7274.md new file mode 100644 index 000000000..24e8207be --- /dev/null +++ b/2024/CVE-2024-7274.md @@ -0,0 +1,17 @@ +### [CVE-2024-7274](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7274) +![](https://img.shields.io/static/v1?label=Product&message=Alton%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in itsourcecode Alton Management System 1.0. This issue affects some unknown processing of the file /reservation_status.php. The manipulation of the argument rcode leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273143. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE8-2.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7275.md b/2024/CVE-2024-7275.md new file mode 100644 index 000000000..f610ae55f --- /dev/null +++ b/2024/CVE-2024-7275.md @@ -0,0 +1,17 @@ +### [CVE-2024-7275](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7275) +![](https://img.shields.io/static/v1?label=Product&message=Alton%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in itsourcecode Alton Management System 1.0. Affected is an unknown function of the file /admin/category_save.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273144. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE8-3.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7276.md b/2024/CVE-2024-7276.md new file mode 100644 index 000000000..bc3597cf8 --- /dev/null +++ b/2024/CVE-2024-7276.md @@ -0,0 +1,17 @@ +### [CVE-2024-7276](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7276) +![](https://img.shields.io/static/v1?label=Product&message=Alton%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/member_save.php. The manipulation of the argument last/first leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273145 was assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE8-4.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7277.md b/2024/CVE-2024-7277.md new file mode 100644 index 000000000..b30b27336 --- /dev/null +++ b/2024/CVE-2024-7277.md @@ -0,0 +1,17 @@ +### [CVE-2024-7277](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7277) +![](https://img.shields.io/static/v1?label=Product&message=Alton%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability was found in itsourcecode Alton Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/menu.php of the component Add a Menu. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273146 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE8-5.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7278.md b/2024/CVE-2024-7278.md new file mode 100644 index 000000000..60c045863 --- /dev/null +++ b/2024/CVE-2024-7278.md @@ -0,0 +1,17 @@ +### [CVE-2024-7278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7278) +![](https://img.shields.io/static/v1?label=Product&message=Alton%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in itsourcecode Alton Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/team_save.php. The manipulation of the argument team leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273147. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE8-6.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7279.md b/2024/CVE-2024-7279.md new file mode 100644 index 000000000..6aae54a8d --- /dev/null +++ b/2024/CVE-2024-7279.md @@ -0,0 +1,17 @@ +### [CVE-2024-7279](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7279) +![](https://img.shields.io/static/v1?label=Product&message=Lot%20Reservation%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Lot Reservation Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273148. + +### POC + +#### Reference +- https://gist.github.com/topsky979/8eb5a3711f4802b2b05ae3702addb61e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7280.md b/2024/CVE-2024-7280.md new file mode 100644 index 000000000..8863a787f --- /dev/null +++ b/2024/CVE-2024-7280.md @@ -0,0 +1,17 @@ +### [CVE-2024-7280](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7280) +![](https://img.shields.io/static/v1?label=Product&message=Lot%20Reservation%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Lot Reservation Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/view_reserved.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273149 was assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/c4e972f03739833ad2d111493f44138b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7281.md b/2024/CVE-2024-7281.md new file mode 100644 index 000000000..ff5c85051 --- /dev/null +++ b/2024/CVE-2024-7281.md @@ -0,0 +1,17 @@ +### [CVE-2024-7281](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7281) +![](https://img.shields.io/static/v1?label=Product&message=Lot%20Reservation%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in SourceCodester Lot Reservation Management System 1.0. Affected is an unknown function of the file /admin/index.php?page=manage_lot. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273150 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/13cfd55966ffe12c8904de995400fc33 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7282.md b/2024/CVE-2024-7282.md new file mode 100644 index 000000000..625ce52ac --- /dev/null +++ b/2024/CVE-2024-7282.md @@ -0,0 +1,17 @@ +### [CVE-2024-7282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7282) +![](https://img.shields.io/static/v1?label=Product&message=Lot%20Reservation%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in SourceCodester Lot Reservation Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/manage_model.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273151. + +### POC + +#### Reference +- https://gist.github.com/topsky979/16181c02e770952091a36784da530eab + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7283.md b/2024/CVE-2024-7283.md new file mode 100644 index 000000000..9cf67f37f --- /dev/null +++ b/2024/CVE-2024-7283.md @@ -0,0 +1,17 @@ +### [CVE-2024-7283](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7283) +![](https://img.shields.io/static/v1?label=Product&message=Lot%20Reservation%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in SourceCodester Lot Reservation Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273152. + +### POC + +#### Reference +- https://gist.github.com/topsky979/0cda40ceee628634e4bc984cc5651b51 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7284.md b/2024/CVE-2024-7284.md new file mode 100644 index 000000000..395144016 --- /dev/null +++ b/2024/CVE-2024-7284.md @@ -0,0 +1,17 @@ +### [CVE-2024-7284](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7284) +![](https://img.shields.io/static/v1?label=Product&message=Lot%20Reservation%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, was found in SourceCodester Lot Reservation Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=save_settings. The manipulation of the argument about leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273153 was assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/16da371a38fd91d64765fd16ed3d049e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7285.md b/2024/CVE-2024-7285.md new file mode 100644 index 000000000..3f12419f2 --- /dev/null +++ b/2024/CVE-2024-7285.md @@ -0,0 +1,17 @@ +### [CVE-2024-7285](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7285) +![](https://img.shields.io/static/v1?label=Product&message=Establishment%20Billing%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_settings. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273154 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/e2fa238262fcafdd8e301c32ee9f8e3a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7286.md b/2024/CVE-2024-7286.md new file mode 100644 index 000000000..187ef2710 --- /dev/null +++ b/2024/CVE-2024-7286.md @@ -0,0 +1,17 @@ +### [CVE-2024-7286](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7286) +![](https://img.shields.io/static/v1?label=Product&message=Establishment%20Billing%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273155. + +### POC + +#### Reference +- https://gist.github.com/topsky979/da1899833a862fb19fcc146b6725a67b + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7287.md b/2024/CVE-2024-7287.md new file mode 100644 index 000000000..4c13ca4b7 --- /dev/null +++ b/2024/CVE-2024-7287.md @@ -0,0 +1,17 @@ +### [CVE-2024-7287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7287) +![](https://img.shields.io/static/v1?label=Product&message=Establishment%20Billing%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273156. + +### POC + +#### Reference +- https://gist.github.com/topsky979/d4684a6cf3ca446bb7c71c51ff6152ba + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7288.md b/2024/CVE-2024-7288.md new file mode 100644 index 000000000..a7637022a --- /dev/null +++ b/2024/CVE-2024-7288.md @@ -0,0 +1,17 @@ +### [CVE-2024-7288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7288) +![](https://img.shields.io/static/v1?label=Product&message=Establishment%20Billing%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_block. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273157 was assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/f495fd0ec7cdda5c7c6059a0b2224b64 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7289.md b/2024/CVE-2024-7289.md new file mode 100644 index 000000000..f96bc8cc1 --- /dev/null +++ b/2024/CVE-2024-7289.md @@ -0,0 +1,17 @@ +### [CVE-2024-7289](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7289) +![](https://img.shields.io/static/v1?label=Product&message=Establishment%20Billing%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Establishment Billing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /manage_payment.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273158 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/7f65e9704b8650e6bee74190f96d21e3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7290.md b/2024/CVE-2024-7290.md new file mode 100644 index 000000000..3627b0a2e --- /dev/null +++ b/2024/CVE-2024-7290.md @@ -0,0 +1,17 @@ +### [CVE-2024-7290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7290) +![](https://img.shields.io/static/v1?label=Product&message=Establishment%20Billing%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in SourceCodester Establishment Billing Management System 1.0. This affects an unknown part of the file /manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273159. + +### POC + +#### Reference +- https://gist.github.com/topsky979/e40f691866138ea1abf3ca452c4ae3ac + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7297.md b/2024/CVE-2024-7297.md new file mode 100644 index 000000000..48684ca97 --- /dev/null +++ b/2024/CVE-2024-7297.md @@ -0,0 +1,17 @@ +### [CVE-2024-7297](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7297) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-913%20Improper%20Control%20of%20Dynamically-Managed%20Code%20Resources&color=brighgreen) + +### Description + +Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint. + +### POC + +#### Reference +- https://www.tenable.com/security/research/tra-2024-26 + +#### Github +- https://github.com/JoshuaMart/JoshuaMart + diff --git a/2024/CVE-2024-7299.md b/2024/CVE-2024-7299.md new file mode 100644 index 000000000..739fe251d --- /dev/null +++ b/2024/CVE-2024-7299.md @@ -0,0 +1,18 @@ +### [CVE-2024-7299](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7299) +![](https://img.shields.io/static/v1?label=Product&message=CMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.7.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing of the file /preview/page of the component Entry Preview Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273167. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. + +### POC + +#### Reference +- https://vuldb.com/?id.273167 +- https://vuldb.com/?submit.379971 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7300.md b/2024/CVE-2024-7300.md new file mode 100644 index 000000000..4f59dc3a4 --- /dev/null +++ b/2024/CVE-2024-7300.md @@ -0,0 +1,18 @@ +### [CVE-2024-7300](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7300) +![](https://img.shields.io/static/v1?label=Product&message=CMS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.7.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument textarea leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273168. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. + +### POC + +#### Reference +- https://vuldb.com/?id.273168 +- https://vuldb.com/?submit.380678 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7303.md b/2024/CVE-2024-7303.md new file mode 100644 index 000000000..f969ac10a --- /dev/null +++ b/2024/CVE-2024-7303.md @@ -0,0 +1,17 @@ +### [CVE-2024-7303](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7303) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Blood%20Bank%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /request.php of the component Send Blood Request Page. The manipulation of the argument Address/bloodgroup leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273185 was assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/cl4irv0yance/CVEs/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7306.md b/2024/CVE-2024-7306.md new file mode 100644 index 000000000..c02510408 --- /dev/null +++ b/2024/CVE-2024-7306.md @@ -0,0 +1,17 @@ +### [CVE-2024-7306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7306) +![](https://img.shields.io/static/v1?label=Product&message=Establishment%20Billing%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in SourceCodester Establishment Billing Management System 1.0. Affected is an unknown function of the file /manage_block.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273198 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/0d5ec3fac4f1fc895478344be5521575 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7307.md b/2024/CVE-2024-7307.md new file mode 100644 index 000000000..703a296df --- /dev/null +++ b/2024/CVE-2024-7307.md @@ -0,0 +1,17 @@ +### [CVE-2024-7307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7307) +![](https://img.shields.io/static/v1?label=Product&message=Establishment%20Billing%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_billing.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273199. + +### POC + +#### Reference +- https://gist.github.com/topsky979/df642bf14cce32c58d4805b6f6cf44e0 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7308.md b/2024/CVE-2024-7308.md new file mode 100644 index 000000000..1e0c88914 --- /dev/null +++ b/2024/CVE-2024-7308.md @@ -0,0 +1,17 @@ +### [CVE-2024-7308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7308) +![](https://img.shields.io/static/v1?label=Product&message=Establishment%20Billing%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Establishment Billing Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view_bill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273200. + +### POC + +#### Reference +- https://gist.github.com/topsky979/c11fd2c1b9027831031de2e58cbf5ff3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7311.md b/2024/CVE-2024-7311.md new file mode 100644 index 000000000..c02d5c3d2 --- /dev/null +++ b/2024/CVE-2024-7311.md @@ -0,0 +1,17 @@ +### [CVE-2024-7311](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7311) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Bus%20Reservation%20Site&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Online Bus Reservation Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file register.php. The manipulation of the argument Email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273203. + +### POC + +#### Reference +- https://github.com/23588hk/cve/issues/1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7314.md b/2024/CVE-2024-7314.md new file mode 100644 index 000000000..70965a42e --- /dev/null +++ b/2024/CVE-2024-7314.md @@ -0,0 +1,17 @@ +### [CVE-2024-7314](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7314) +![](https://img.shields.io/static/v1?label=Product&message=AJ-Report&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.4.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-280%20Authentication%20Bypass%20by%20Alternate%20Name&color=brighgreen) + +### Description + +anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. + +### POC + +#### Reference +- https://github.com/vulhub/vulhub/tree/master/aj-report/CNVD-2024-15077 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7320.md b/2024/CVE-2024-7320.md new file mode 100644 index 000000000..1da1f65a3 --- /dev/null +++ b/2024/CVE-2024-7320.md @@ -0,0 +1,17 @@ +### [CVE-2024-7320](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7320) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Blood%20Bank%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in itsourcecode Online Blood Bank Management System 1.0. This affects an unknown part of the file /admin/index.php of the component Admin Login. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273231. + +### POC + +#### Reference +- https://github.com/cl4irv0yance/CVEs/issues/3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7321.md b/2024/CVE-2024-7321.md new file mode 100644 index 000000000..7381fc9f8 --- /dev/null +++ b/2024/CVE-2024-7321.md @@ -0,0 +1,17 @@ +### [CVE-2024-7321](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7321) +![](https://img.shields.io/static/v1?label=Product&message=Online%20Blood%20Bank%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability classified as problematic was found in itsourcecode Online Blood Bank Management System 1.0. This vulnerability affects unknown code of the file signup.php of the component User Registration Handler. The manipulation of the argument user leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273232. + +### POC + +#### Reference +- https://github.com/cl4irv0yance/CVEs/issues/4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7327.md b/2024/CVE-2024-7327.md new file mode 100644 index 000000000..1b14a6bca --- /dev/null +++ b/2024/CVE-2024-7327.md @@ -0,0 +1,17 @@ +### [CVE-2024-7327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7327) +![](https://img.shields.io/static/v1?label=Product&message=RockOA&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.6.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Xinhu RockOA 2.6.2. This vulnerability affects the function dataAction of the file /webmain/task/openapi/openmodhetongAction.php. The manipulation of the argument nickName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273250 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://vuldb.com/?id.273250 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7331.md b/2024/CVE-2024-7331.md new file mode 100644 index 000000000..4359e7c83 --- /dev/null +++ b/2024/CVE-2024-7331.md @@ -0,0 +1,17 @@ +### [CVE-2024-7331](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7331) +![](https://img.shields.io/static/v1?label=Product&message=A3300R&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2017.0.0cu.557_B20221024%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in TOTOLINK A3300R 17.0.0cu.557_B20221024 and classified as critical. Affected by this issue is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/UploadCustomModule.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7332.md b/2024/CVE-2024-7332.md new file mode 100644 index 000000000..b922f6b22 --- /dev/null +++ b/2024/CVE-2024-7332.md @@ -0,0 +1,17 @@ +### [CVE-2024-7332](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7332) +![](https://img.shields.io/static/v1?label=Product&message=CP450&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.0cu.747_B20191224%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-259%20Use%20of%20Hard-coded%20Password&color=brighgreen) + +### Description + +A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP450/product.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7333.md b/2024/CVE-2024-7333.md new file mode 100644 index 000000000..4e62f8f0f --- /dev/null +++ b/2024/CVE-2024-7333.md @@ -0,0 +1,17 @@ +### [CVE-2024-7333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7333) +![](https://img.shields.io/static/v1?label=Product&message=N350RT&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.3.5u.6139_B20201216%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in TOTOLINK N350RT 9.3.5u.6139_B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273256. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/135a/IoT-vulnerable/blob/main/TOTOLINK/N350RT/setParentalRules.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7334.md b/2024/CVE-2024-7334.md new file mode 100644 index 000000000..1c7ea0b4b --- /dev/null +++ b/2024/CVE-2024-7334.md @@ -0,0 +1,17 @@ +### [CVE-2024-7334](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7334) +![](https://img.shields.io/static/v1?label=Product&message=EX1200L&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.3.5u.6146_B20201023%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. It has been rated as critical. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/ruan-uer/create/blob/main/IoT-vulnerable/TOTOLINK/EX1200/UploadCustomModule.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7335.md b/2024/CVE-2024-7335.md new file mode 100644 index 000000000..29818cdb1 --- /dev/null +++ b/2024/CVE-2024-7335.md @@ -0,0 +1,17 @@ +### [CVE-2024-7335](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7335) +![](https://img.shields.io/static/v1?label=Product&message=EX200&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.0.3c.7646_B20201211%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected is the function getSaveConfig of the file /cgi-bin/cstecgi.cgi?action=save&setting. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273258 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX200/getSaveConfig.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7336.md b/2024/CVE-2024-7336.md new file mode 100644 index 000000000..f9d53a5b1 --- /dev/null +++ b/2024/CVE-2024-7336.md @@ -0,0 +1,17 @@ +### [CVE-2024-7336](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7336) +![](https://img.shields.io/static/v1?label=Product&message=EX200&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.0.3c.7646_B20201211%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in TOTOLINK EX200 4.0.3c.7646_B20201211. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273259. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX200/loginauth.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7337.md b/2024/CVE-2024-7337.md new file mode 100644 index 000000000..ba072fa86 --- /dev/null +++ b/2024/CVE-2024-7337.md @@ -0,0 +1,17 @@ +### [CVE-2024-7337](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7337) +![](https://img.shields.io/static/v1?label=Product&message=EX1200L&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.3.5u.6146_B20201023%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. Affected by this issue is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX1200/loginauth.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7338.md b/2024/CVE-2024-7338.md new file mode 100644 index 000000000..91cf8885a --- /dev/null +++ b/2024/CVE-2024-7338.md @@ -0,0 +1,17 @@ +### [CVE-2024-7338](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7338) +![](https://img.shields.io/static/v1?label=Product&message=EX1200L&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.3.5u.6146_B20201023%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L 9.3.5u.6146_B20201023. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument week/sTime/eTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273261 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX1200/setParentalRules.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7339.md b/2024/CVE-2024-7339.md new file mode 100644 index 000000000..59ff14060 --- /dev/null +++ b/2024/CVE-2024-7339.md @@ -0,0 +1,20 @@ +### [CVE-2024-7339](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7339) +![](https://img.shields.io/static/v1?label=Product&message=AVISION%20DVR%20AV108T&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DVR%20TD-2104TS-CL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DVR%20TD-2108TS-HP&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Provision-ISR%20DVR%20SH-4050A5-5L(MM)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.3.3.20657B180918.D06.U2(4A41T)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Disclosure&color=brighgreen) + +### Description + +A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tanjiti/sec_profile + diff --git a/2024/CVE-2024-7340.md b/2024/CVE-2024-7340.md new file mode 100644 index 000000000..be1929821 --- /dev/null +++ b/2024/CVE-2024-7340.md @@ -0,0 +1,17 @@ +### [CVE-2024-7340](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7340) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. + +### POC + +#### Reference +- https://research.jfrog.com/vulnerabilities/wandb-weave-server-remote-arbitrary-file-leak-jfsa-2024-001039248/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7342.md b/2024/CVE-2024-7342.md new file mode 100644 index 000000000..e8e2410c0 --- /dev/null +++ b/2024/CVE-2024-7342.md @@ -0,0 +1,17 @@ +### [CVE-2024-7342](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7342) +![](https://img.shields.io/static/v1?label=Product&message=UEditor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.4.3.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273273 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/Hebing123/cve/issues/62 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7343.md b/2024/CVE-2024-7343.md new file mode 100644 index 000000000..167895343 --- /dev/null +++ b/2024/CVE-2024-7343.md @@ -0,0 +1,17 @@ +### [CVE-2024-7343](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7343) +![](https://img.shields.io/static/v1?label=Product&message=UEditor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.4.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/Hebing123/cve/issues/63 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7357.md b/2024/CVE-2024-7357.md new file mode 100644 index 000000000..10af34058 --- /dev/null +++ b/2024/CVE-2024-7357.md @@ -0,0 +1,17 @@ +### [CVE-2024-7357](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7357) +![](https://img.shields.io/static/v1?label=Product&message=DIR-600&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-600 up to 2.18. It has been rated as critical. This issue affects the function soapcgi_main of the file /soap.cgi. The manipulation of the argument service leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273329 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. + +### POC + +#### Reference +- https://github.com/BeaCox/IoT_vuln/tree/main/D-Link/DIR-600/soapcgi_main_injection + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7358.md b/2024/CVE-2024-7358.md new file mode 100644 index 000000000..a02dc8f75 --- /dev/null +++ b/2024/CVE-2024-7358.md @@ -0,0 +1,17 @@ +### [CVE-2024-7358](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7358) +![](https://img.shields.io/static/v1?label=Product&message=Getscreen%20Agent&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.19.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-378%20Creation%20of%20Temporary%20File%20With%20Insecure%20Permissions&color=brighgreen) + +### Description + +A vulnerability was found in Point B Ltd Getscreen Agent 2.19.6 on Windows. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file getscreen.msi of the component Installation. The manipulation leads to creation of temporary file with insecure permissions. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-273337 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but was not able to provide a technical response in time. + +### POC + +#### Reference +- https://github.com/SaumyajeetDas/Vulnerability/tree/main/GetScreen + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7359.md b/2024/CVE-2024-7359.md new file mode 100644 index 000000000..e3da682c7 --- /dev/null +++ b/2024/CVE-2024-7359.md @@ -0,0 +1,18 @@ +### [CVE-2024-7359](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7359) +![](https://img.shields.io/static/v1?label=Product&message=Tracking%20Monitoring%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_establishment. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273338 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/6fbd27f1942d76f0392d883dfd8fef10 +- https://vuldb.com/?id.273338 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7360.md b/2024/CVE-2024-7360.md new file mode 100644 index 000000000..6036d683d --- /dev/null +++ b/2024/CVE-2024-7360.md @@ -0,0 +1,17 @@ +### [CVE-2024-7360](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7360) +![](https://img.shields.io/static/v1?label=Product&message=Tracking%20Monitoring%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery&color=brighgreen) + +### Description + +A vulnerability classified as problematic has been found in SourceCodester Tracking Monitoring Management System 1.0. This affects an unknown part of the file /ajax.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273339. + +### POC + +#### Reference +- https://gist.github.com/topsky979/ac97a335ed9fcf4eefe3c952928a6d0e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7361.md b/2024/CVE-2024-7361.md new file mode 100644 index 000000000..32d00fb7f --- /dev/null +++ b/2024/CVE-2024-7361.md @@ -0,0 +1,17 @@ +### [CVE-2024-7361](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7361) +![](https://img.shields.io/static/v1?label=Product&message=Tracking%20Monitoring%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in SourceCodester Tracking Monitoring Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_establishment. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273340. + +### POC + +#### Reference +- https://gist.github.com/topsky979/f01eca07fce854bf5de96588126cdd7e + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7362.md b/2024/CVE-2024-7362.md new file mode 100644 index 000000000..00af244a7 --- /dev/null +++ b/2024/CVE-2024-7362.md @@ -0,0 +1,17 @@ +### [CVE-2024-7362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7362) +![](https://img.shields.io/static/v1?label=Product&message=Tracking%20Monitoring%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in SourceCodester Tracking Monitoring Management System 1.0. This issue affects some unknown processing of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273341 was assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/96f43bd9f1477a56d1c8f8e08f0e5449 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7363.md b/2024/CVE-2024-7363.md new file mode 100644 index 000000000..e4e54b3f3 --- /dev/null +++ b/2024/CVE-2024-7363.md @@ -0,0 +1,17 @@ +### [CVE-2024-7363](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7363) +![](https://img.shields.io/static/v1?label=Product&message=Tracking%20Monitoring%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in SourceCodester Tracking Monitoring Management System 1.0. Affected is an unknown function of the file /manage_person.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273342 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/69455a114e8718af6c611c86fbdc78b5 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7364.md b/2024/CVE-2024-7364.md new file mode 100644 index 000000000..361672093 --- /dev/null +++ b/2024/CVE-2024-7364.md @@ -0,0 +1,17 @@ +### [CVE-2024-7364](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7364) +![](https://img.shields.io/static/v1?label=Product&message=Tracking%20Monitoring%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in SourceCodester Tracking Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_records.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273343. + +### POC + +#### Reference +- https://gist.github.com/topsky979/b507afabd4e3da39e7eca6103435ba3a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7365.md b/2024/CVE-2024-7365.md new file mode 100644 index 000000000..a63717595 --- /dev/null +++ b/2024/CVE-2024-7365.md @@ -0,0 +1,17 @@ +### [CVE-2024-7365](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7365) +![](https://img.shields.io/static/v1?label=Product&message=Tracking%20Monitoring%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_establishment.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273344. + +### POC + +#### Reference +- https://gist.github.com/topsky979/18a15150a99566009476d918d79a0bf9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7366.md b/2024/CVE-2024-7366.md new file mode 100644 index 000000000..9af165388 --- /dev/null +++ b/2024/CVE-2024-7366.md @@ -0,0 +1,17 @@ +### [CVE-2024-7366](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7366) +![](https://img.shields.io/static/v1?label=Product&message=Tracking%20Monitoring%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Tracking Monitoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax.php?action=login of the component Login. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273345 was assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/c0efd2f3e6e146eb9e110e5e63cb5fbb + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7367.md b/2024/CVE-2024-7367.md new file mode 100644 index 000000000..d0c8e3c88 --- /dev/null +++ b/2024/CVE-2024-7367.md @@ -0,0 +1,17 @@ +### [CVE-2024-7367](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7367) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Realtime%20Quiz%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, was found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273351. + +### POC + +#### Reference +- https://gist.github.com/topsky979/03ae83fd32a94c85f910c8e3a85fa056 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7368.md b/2024/CVE-2024-7368.md new file mode 100644 index 000000000..3312016d7 --- /dev/null +++ b/2024/CVE-2024-7368.md @@ -0,0 +1,17 @@ +### [CVE-2024-7368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7368) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Realtime%20Quiz%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /ajax.php?action=save_quiz. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273352. + +### POC + +#### Reference +- https://gist.github.com/topsky979/ad93f7046d905cef9277304dd3ac8061 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7369.md b/2024/CVE-2024-7369.md new file mode 100644 index 000000000..e455e796c --- /dev/null +++ b/2024/CVE-2024-7369.md @@ -0,0 +1,17 @@ +### [CVE-2024-7369](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7369) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Realtime%20Quiz%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=login of the component Login. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273353 was assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/5e805f42f51224bdd52cfd099f44001d + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7370.md b/2024/CVE-2024-7370.md new file mode 100644 index 000000000..1e1a58141 --- /dev/null +++ b/2024/CVE-2024-7370.md @@ -0,0 +1,17 @@ +### [CVE-2024-7370](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7370) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Realtime%20Quiz%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. It has been classified as critical. Affected is an unknown function of the file /manage_quiz.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273354 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/df0a5328ddb5b43ab7fa933aee500155 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7371.md b/2024/CVE-2024-7371.md new file mode 100644 index 000000000..6bb4de1ef --- /dev/null +++ b/2024/CVE-2024-7371.md @@ -0,0 +1,17 @@ +### [CVE-2024-7371](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7371) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Realtime%20Quiz%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /quiz_view.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273355. + +### POC + +#### Reference +- https://gist.github.com/topsky979/e45c2b283d29bc0a2f3551ca9cb45999 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7372.md b/2024/CVE-2024-7372.md new file mode 100644 index 000000000..a587a5fcd --- /dev/null +++ b/2024/CVE-2024-7372.md @@ -0,0 +1,17 @@ +### [CVE-2024-7372](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7372) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Realtime%20Quiz%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /quiz_board.php. The manipulation of the argument quiz leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273356. + +### POC + +#### Reference +- https://gist.github.com/topsky979/6437f7c2f86d309ca000d0a33885d7bc + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7373.md b/2024/CVE-2024-7373.md new file mode 100644 index 000000000..d2c0c754a --- /dev/null +++ b/2024/CVE-2024-7373.md @@ -0,0 +1,17 @@ +### [CVE-2024-7373](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7373) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Realtime%20Quiz%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=load_answered. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273357 was assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/9bcb8b09acce0d5a8a453dfd5093881d + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7374.md b/2024/CVE-2024-7374.md new file mode 100644 index 000000000..df3e90b35 --- /dev/null +++ b/2024/CVE-2024-7374.md @@ -0,0 +1,17 @@ +### [CVE-2024-7374](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7374) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Realtime%20Quiz%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in SourceCodester Simple Realtime Quiz System 1.0. This vulnerability affects unknown code of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273358 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/94ae61ff3fc760ac985dcd5e64da06c4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7375.md b/2024/CVE-2024-7375.md new file mode 100644 index 000000000..86883bba6 --- /dev/null +++ b/2024/CVE-2024-7375.md @@ -0,0 +1,17 @@ +### [CVE-2024-7375](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7375) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Realtime%20Quiz%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in SourceCodester Simple Realtime Quiz System 1.0. This issue affects some unknown processing of the file /my_quiz_result.php. The manipulation of the argument quiz leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273359. + +### POC + +#### Reference +- https://gist.github.com/topsky979/840587360c33d53efb359ff314f7ea24 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7376.md b/2024/CVE-2024-7376.md new file mode 100644 index 000000000..21b37f32a --- /dev/null +++ b/2024/CVE-2024-7376.md @@ -0,0 +1,17 @@ +### [CVE-2024-7376](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7376) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Realtime%20Quiz%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in SourceCodester Simple Realtime Quiz System 1.0. Affected is an unknown function of the file /print_quiz_records.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273360. + +### POC + +#### Reference +- https://gist.github.com/topsky979/8c36e6a899fc02e8054f67b94e34f6c6 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7377.md b/2024/CVE-2024-7377.md new file mode 100644 index 000000000..07159653f --- /dev/null +++ b/2024/CVE-2024-7377.md @@ -0,0 +1,17 @@ +### [CVE-2024-7377](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7377) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Realtime%20Quiz%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_result.php. The manipulation of the argument qid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273361 was assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/4415a08deadd16356484d5ff540e60f9 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7378.md b/2024/CVE-2024-7378.md new file mode 100644 index 000000000..6667ced15 --- /dev/null +++ b/2024/CVE-2024-7378.md @@ -0,0 +1,17 @@ +### [CVE-2024-7378](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7378) +![](https://img.shields.io/static/v1?label=Product&message=Simple%20Realtime%20Quiz%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_question.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273362 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/d4cb58afc5fb41f647b1021d1364d846 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7436.md b/2024/CVE-2024-7436.md new file mode 100644 index 000000000..74cf757fc --- /dev/null +++ b/2024/CVE-2024-7436.md @@ -0,0 +1,17 @@ +### [CVE-2024-7436](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7436) +![](https://img.shields.io/static/v1?label=Product&message=DI-8100&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2016.07%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07. This issue affects the function msp_info_htm of the file msp_info.htm. The manipulation of the argument cmd leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273521 was assigned to this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tanjiti/sec_profile + diff --git a/2024/CVE-2024-7437.md b/2024/CVE-2024-7437.md new file mode 100644 index 000000000..3159524a3 --- /dev/null +++ b/2024/CVE-2024-7437.md @@ -0,0 +1,17 @@ +### [CVE-2024-7437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7437) +![](https://img.shields.io/static/v1?label=Product&message=SMF&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.1.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-99%20Improper%20Control%20of%20Resource%20Identifiers&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273522 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/Fewword/Poc/blob/main/smf/smf-poc1.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7438.md b/2024/CVE-2024-7438.md new file mode 100644 index 000000000..388a6a4a8 --- /dev/null +++ b/2024/CVE-2024-7438.md @@ -0,0 +1,17 @@ +### [CVE-2024-7438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7438) +![](https://img.shields.io/static/v1?label=Product&message=SMF&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.1.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-99%20Improper%20Control%20of%20Resource%20Identifiers&color=brighgreen) + +### Description + +A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?action=profile;u=2;area=showalerts;do=read of the component User Alert Read Status Handler. The manipulation of the argument aid leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273523. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/Fewword/Poc/blob/main/smf/smf-poc2.md + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-7439.md b/2024/CVE-2024-7439.md new file mode 100644 index 000000000..6a3ca1846 --- /dev/null +++ b/2024/CVE-2024-7439.md @@ -0,0 +1,17 @@ +### [CVE-2024-7439](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7439) +![](https://img.shields.io/static/v1?label=Product&message=CC8160&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20VVTK-0100d%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek CC8160 VVTK-0100d and classified as critical. Affected by this issue is the function read of the component httpd. The manipulation of the argument Content-Length leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273524. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7442.md b/2024/CVE-2024-7442.md new file mode 100644 index 000000000..d46cdd578 --- /dev/null +++ b/2024/CVE-2024-7442.md @@ -0,0 +1,17 @@ +### [CVE-2024-7442](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7442) +![](https://img.shields.io/static/v1?label=Product&message=SD9364&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20VVTK-0103f%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been rated as critical. This issue affects the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-273527. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7443.md b/2024/CVE-2024-7443.md new file mode 100644 index 000000000..7398d6956 --- /dev/null +++ b/2024/CVE-2024-7443.md @@ -0,0 +1,17 @@ +### [CVE-2024-7443](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7443) +![](https://img.shields.io/static/v1?label=Product&message=IB8367A&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20VVTK-0100b%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in Vivotek IB8367A VVTK-0100b. Affected is the function getenv of the file upload_file.cgi. The manipulation of the argument QUERY_STRING leads to command injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-273528. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7444.md b/2024/CVE-2024-7444.md new file mode 100644 index 000000000..de88341f8 --- /dev/null +++ b/2024/CVE-2024-7444.md @@ -0,0 +1,17 @@ +### [CVE-2024-7444](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7444) +![](https://img.shields.io/static/v1?label=Product&message=Ticket%20Reservation%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in itsourcecode Ticket Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Login Page. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273529 was assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE10-1.md + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7445.md b/2024/CVE-2024-7445.md new file mode 100644 index 000000000..bcd38c5e4 --- /dev/null +++ b/2024/CVE-2024-7445.md @@ -0,0 +1,17 @@ +### [CVE-2024-7445](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7445) +![](https://img.shields.io/static/v1?label=Product&message=Ticket%20Reservation%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in itsourcecode Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file checkout_ticket_save.php. The manipulation of the argument data leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273530 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE10-2.md + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7446.md b/2024/CVE-2024-7446.md new file mode 100644 index 000000000..0f73b5c74 --- /dev/null +++ b/2024/CVE-2024-7446.md @@ -0,0 +1,17 @@ +### [CVE-2024-7446](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7446) +![](https://img.shields.io/static/v1?label=Product&message=Ticket%20Reservation%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in itsourcecode Ticket Reservation System 1.0. This affects an unknown part of the file list_tickets.php. The manipulation of the argument prefSeat_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273531. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE10-3.md + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7449.md b/2024/CVE-2024-7449.md new file mode 100644 index 000000000..9ab4235d9 --- /dev/null +++ b/2024/CVE-2024-7449.md @@ -0,0 +1,17 @@ +### [CVE-2024-7449](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7449) +![](https://img.shields.io/static/v1?label=Product&message=Placement%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273540. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE11-1.md + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7450.md b/2024/CVE-2024-7450.md new file mode 100644 index 000000000..90f17f6b9 --- /dev/null +++ b/2024/CVE-2024-7450.md @@ -0,0 +1,17 @@ +### [CVE-2024-7450](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7450) +![](https://img.shields.io/static/v1?label=Product&message=Placement%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen) + +### Description + +A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resume_upload.php of the component Image Handler. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273541 was assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE11-2.md + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7451.md b/2024/CVE-2024-7451.md new file mode 100644 index 000000000..2e7ff2f40 --- /dev/null +++ b/2024/CVE-2024-7451.md @@ -0,0 +1,17 @@ +### [CVE-2024-7451](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7451) +![](https://img.shields.io/static/v1?label=Product&message=Placement%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file apply_now.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273542 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE11-3.md + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7452.md b/2024/CVE-2024-7452.md new file mode 100644 index 000000000..6f9da63b4 --- /dev/null +++ b/2024/CVE-2024-7452.md @@ -0,0 +1,17 @@ +### [CVE-2024-7452](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7452) +![](https://img.shields.io/static/v1?label=Product&message=Placement%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in itsourcecode Placement Management System 1.0. It has been classified as critical. This affects an unknown part of the file view_company.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273543. + +### POC + +#### Reference +- https://github.com/DeepMountains/Mirage/blob/main/CVE11-4.md + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7453.md b/2024/CVE-2024-7453.md new file mode 100644 index 000000000..fe2af871b --- /dev/null +++ b/2024/CVE-2024-7453.md @@ -0,0 +1,18 @@ +### [CVE-2024-7453](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7453) +![](https://img.shields.io/static/v1?label=Product&message=FastAdmin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.5.0.20240328%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability was found in FastAdmin 1.5.0.20240328. It has been declared as problematic. This vulnerability affects unknown code of the file /[admins_url].php/general/attachment/edit/ids/4?dialog=1 of the component Attachment Management Section. The manipulation of the argument row[url]/row[imagewidth]/row[imageheight] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273544. + +### POC + +#### Reference +- https://github.com/Hebing123/cve/issues/65 +- https://github.com/Hebing123/cve/issues/66 + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7454.md b/2024/CVE-2024-7454.md new file mode 100644 index 000000000..a9df15700 --- /dev/null +++ b/2024/CVE-2024-7454.md @@ -0,0 +1,17 @@ +### [CVE-2024-7454](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7454) +![](https://img.shields.io/static/v1?label=Product&message=Clinics%20Patient%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in SourceCodester Clinics Patient Management System 1.0. Affected by this issue is the function patient_name of the file patients.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273548. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7455.md b/2024/CVE-2024-7455.md new file mode 100644 index 000000000..b3d445655 --- /dev/null +++ b/2024/CVE-2024-7455.md @@ -0,0 +1,17 @@ +### [CVE-2024-7455](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7455) +![](https://img.shields.io/static/v1?label=Product&message=Tailoring%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file partedit.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273549 was assigned to this vulnerability. + +### POC + +#### Reference +- https://github.com/Wumshi/cve/issues/3 + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7458.md b/2024/CVE-2024-7458.md new file mode 100644 index 000000000..ea0af469e --- /dev/null +++ b/2024/CVE-2024-7458.md @@ -0,0 +1,17 @@ +### [CVE-2024-7458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7458) +![](https://img.shields.io/static/v1?label=Product&message=eladmin&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-27%20Path%20Traversal%3A%20'dir%2F..%2F..%2Ffilename'&color=brighgreen) + +### Description + +A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversal: 'dir/../../filename'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273551. + +### POC + +#### Reference +- https://github.com/elunez/eladmin/issues/851 + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7459.md b/2024/CVE-2024-7459.md new file mode 100644 index 000000000..549202bc4 --- /dev/null +++ b/2024/CVE-2024-7459.md @@ -0,0 +1,17 @@ +### [CVE-2024-7459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7459) +![](https://img.shields.io/static/v1?label=Product&message=Warehouse%20Inventory%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery&color=brighgreen) + +### Description + +A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been classified as problematic. Affected is an unknown function of the file /edit_account.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273552. + +### POC + +#### Reference +- https://gist.github.com/topsky979/26ab4dc35349a3f670fb8688c69a5cad + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7460.md b/2024/CVE-2024-7460.md new file mode 100644 index 000000000..a68798916 --- /dev/null +++ b/2024/CVE-2024-7460.md @@ -0,0 +1,17 @@ +### [CVE-2024-7460](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7460) +![](https://img.shields.io/static/v1?label=Product&message=Warehouse%20Inventory%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery&color=brighgreen) + +### Description + +A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /change_password.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273553 was assigned to this vulnerability. + +### POC + +#### Reference +- https://gist.github.com/topsky979/b178dd940d98828d1dfd0ccaaaddeb6b + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7461.md b/2024/CVE-2024-7461.md new file mode 100644 index 000000000..4fcb7095a --- /dev/null +++ b/2024/CVE-2024-7461.md @@ -0,0 +1,17 @@ +### [CVE-2024-7461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7461) +![](https://img.shields.io/static/v1?label=Product&message=Administra%C3%A7%C3%A3o%20PABX&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.x%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in ForIP Tecnologia Administração PABX 1.x. It has been rated as critical. Affected by this issue is some unknown functionality of the file /authMonitCallcenter of the component monitcallcenter. The manipulation of the argument user leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-273554 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7462.md b/2024/CVE-2024-7462.md new file mode 100644 index 000000000..e41994710 --- /dev/null +++ b/2024/CVE-2024-7462.md @@ -0,0 +1,17 @@ +### [CVE-2024-7462](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7462) +![](https://img.shields.io/static/v1?label=Product&message=N350RT&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%209.3.5u.6139_B20201216%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273555. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/N350R/setWizardCfg.md + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7463.md b/2024/CVE-2024-7463.md new file mode 100644 index 000000000..b5e2d6460 --- /dev/null +++ b/2024/CVE-2024-7463.md @@ -0,0 +1,17 @@ +### [CVE-2024-7463](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7463) +![](https://img.shields.io/static/v1?label=Product&message=CP900&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.3c.566%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in TOTOLINK CP900 6.3c.566. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273556. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP900/UploadCustomModule.md + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7464.md b/2024/CVE-2024-7464.md new file mode 100644 index 000000000..e8ac7e33e --- /dev/null +++ b/2024/CVE-2024-7464.md @@ -0,0 +1,17 @@ +### [CVE-2024-7464](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7464) +![](https://img.shields.io/static/v1?label=Product&message=CP900&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.3c.566%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in TOTOLINK CP900 6.3c.566. This issue affects the function setTelnetCfg of the component Telnet Service. The manipulation of the argument telnet_enabled leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273557 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP900/setTelnetCfg.md + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7465.md b/2024/CVE-2024-7465.md new file mode 100644 index 000000000..9299b08fb --- /dev/null +++ b/2024/CVE-2024-7465.md @@ -0,0 +1,17 @@ +### [CVE-2024-7465](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7465) +![](https://img.shields.io/static/v1?label=Product&message=CP450&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.1.0cu.747_B20191224%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-120%20Buffer%20Overflow&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in TOTOLINK CP450 4.1.0cu.747_B20191224. Affected is the function loginauth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-273558 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP450/loginauth.md + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7466.md b/2024/CVE-2024-7466.md new file mode 100644 index 000000000..c63de88f3 --- /dev/null +++ b/2024/CVE-2024-7466.md @@ -0,0 +1,18 @@ +### [CVE-2024-7466](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7466) +![](https://img.shields.io/static/v1?label=Product&message=PMWeb&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%207.2.00%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability has been found in PMWeb 7.2.00 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Application Firewall. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273559. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ahmedvienna/CVEs-and-Vulnerabilities +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7467.md b/2024/CVE-2024-7467.md new file mode 100644 index 000000000..51aae2570 --- /dev/null +++ b/2024/CVE-2024-7467.md @@ -0,0 +1,20 @@ +### [CVE-2024-7467](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7467) +![](https://img.shields.io/static/v1?label=Product&message=MSG1200&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=MSG2100E&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=MSG2200&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=MSG2300&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.90%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 and classified as critical. Affected by this issue is the function sslvpn_config_mod of the file /vpn/list_ip_network.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273560. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7468.md b/2024/CVE-2024-7468.md new file mode 100644 index 000000000..4262dd75c --- /dev/null +++ b/2024/CVE-2024-7468.md @@ -0,0 +1,20 @@ +### [CVE-2024-7468](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7468) +![](https://img.shields.io/static/v1?label=Product&message=MSG1200&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=MSG2100E&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=MSG2200&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=MSG2300&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.90%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been classified as critical. This affects the function sslvpn_config_mod of the file /vpn/list_service_manage.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273561 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7469.md b/2024/CVE-2024-7469.md new file mode 100644 index 000000000..b8d09970d --- /dev/null +++ b/2024/CVE-2024-7469.md @@ -0,0 +1,20 @@ +### [CVE-2024-7469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7469) +![](https://img.shields.io/static/v1?label=Product&message=MSG1200&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=MSG2100E&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=MSG2200&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=MSG2300&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.90%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been declared as critical. This vulnerability affects the function sslvpn_config_mod of the file /vpn/list_vpn_web_custom.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273562 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7470.md b/2024/CVE-2024-7470.md new file mode 100644 index 000000000..7336bc534 --- /dev/null +++ b/2024/CVE-2024-7470.md @@ -0,0 +1,20 @@ +### [CVE-2024-7470](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7470) +![](https://img.shields.io/static/v1?label=Product&message=MSG1200&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=MSG2100E&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=MSG2200&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=MSG2300&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%203.90%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%20OS%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90. It has been rated as critical. This issue affects the function sslvpn_config_mod of the file /vpn/vpn_template_style.php of the component Web Interface. The manipulation of the argument template/stylenum leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273563. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/github.txt b/github.txt index ec23c1f4e..382b6b297 100644 --- a/github.txt +++ b/github.txt @@ -160,11 +160,13 @@ CVE-2000-0098 - https://github.com/EdoWhite/CVEtoMS CVE-2000-0101 - https://github.com/Live-Hack-CVE/CVE-2000-0101 CVE-2000-0102 - https://github.com/Live-Hack-CVE/CVE-2000-0102 CVE-2000-0109 - https://github.com/Live-Hack-CVE/CVE-2000-0109 +CVE-2000-0114 - https://github.com/0xMe5war/CVE-2000-0114 CVE-2000-0114 - https://github.com/0xPugal/One-Liners CVE-2000-0114 - https://github.com/0xPugazh/One-Liners CVE-2000-0114 - https://github.com/ARPSyndicate/kenzer-templates CVE-2000-0114 - https://github.com/CVEDB/awesome-cve-repo CVE-2000-0114 - https://github.com/Cappricio-Securities/CVE-2000-0114 +CVE-2000-0114 - https://github.com/Josekutty-K/frontpage-server-extensions-vulnerability-scanner CVE-2000-0114 - https://github.com/Live-Hack-CVE/CVE-2000-0114 CVE-2000-0114 - https://github.com/POORVAJA-195/Nuclei-Analysis-main CVE-2000-0114 - https://github.com/bhavesh-pardhi/One-Liner @@ -191,6 +193,7 @@ CVE-2000-0507 - https://github.com/siegfried415/smtp-nel-filter CVE-2000-0535 - https://github.com/ARPSyndicate/cvemon CVE-2000-0535 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2000-0564 - https://github.com/CamiloEscobar98/DjangoProject +CVE-2000-0564 - https://github.com/jairoCO10/security_management CVE-2000-0649 - https://github.com/0xNVAN/win-iisadmin CVE-2000-0649 - https://github.com/ARPSyndicate/cvemon CVE-2000-0649 - https://github.com/CVEDB/PoC-List @@ -686,6 +689,7 @@ CVE-2003-0282 - https://github.com/ronomon/zip CVE-2003-0282 - https://github.com/runtimed/cve-2003-0282 CVE-2003-0282 - https://github.com/runtimem/cve-2003-0282 CVE-2003-0282 - https://github.com/runtimme/cve-2003-0282 +CVE-2003-0282 - https://github.com/silasol/cve-2003-0282 CVE-2003-0282 - https://github.com/theseann/cve-2003-0282 CVE-2003-0284 - https://github.com/0xCyberY/CVE-T4PDF CVE-2003-0284 - https://github.com/ARPSyndicate/cvemon @@ -997,6 +1001,8 @@ CVE-2004-1120 - https://github.com/mudongliang/LinuxFlaw CVE-2004-1120 - https://github.com/oneoy/cve- CVE-2004-1125 - https://github.com/0xCyberY/CVE-T4PDF CVE-2004-1125 - https://github.com/ARPSyndicate/cvemon +CVE-2004-1151 - https://github.com/CVEDB/awesome-cve-repo +CVE-2004-1151 - https://github.com/lulugelian/CVE_TEST CVE-2004-1152 - https://github.com/0xCyberY/CVE-T4PDF CVE-2004-1152 - https://github.com/ARPSyndicate/cvemon CVE-2004-1235 - https://github.com/ARPSyndicate/cvemon @@ -1214,6 +1220,7 @@ CVE-2004-2760 - https://github.com/phx/cvescan CVE-2004-2761 - https://github.com/ajread4/cve_pull CVE-2004-2771 - https://github.com/Eli-the-Bearded/heirloom-mailx CVE-2004-4002 - https://github.com/Xiol/CVEChecker +CVE-2004-6768 - https://github.com/CVEDB/awesome-cve-repo CVE-2004-6768 - https://github.com/yougboiz/Metasploit-CVE-2004-6768 CVE-2005-0064 - https://github.com/0xCyberY/CVE-T4PDF CVE-2005-0064 - https://github.com/ARPSyndicate/cvemon @@ -1784,6 +1791,7 @@ CVE-2006-4814 - https://github.com/tagatac/linux-CVE-2006-4814 CVE-2006-4842 - https://github.com/0xdea/exploits CVE-2006-4868 - https://github.com/shirkdog/exploits CVE-2006-4925 - https://github.com/phx/cvescan +CVE-2006-5051 - https://github.com/CVEDB/awesome-cve-repo CVE-2006-5051 - https://github.com/David-M-Berry/openssh-cve-discovery CVE-2006-5051 - https://github.com/Passyed/regreSSHion-Fix CVE-2006-5051 - https://github.com/TAM-K592/CVE-2024-6387 @@ -1791,6 +1799,7 @@ CVE-2006-5051 - https://github.com/ThemeHackers/CVE-2024-6387 CVE-2006-5051 - https://github.com/azurejoga/CVE-2024-6387-how-to-fix CVE-2006-5051 - https://github.com/bigb0x/CVE-2024-6387 CVE-2006-5051 - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- +CVE-2006-5051 - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion CVE-2006-5051 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2006-5051 - https://github.com/sardine-web/CVE-2024-6387_Check CVE-2006-5156 - https://github.com/trend-anz/Deep-Security-CVE-to-IPS-Mapper @@ -2007,6 +2016,7 @@ CVE-2007-1858 - https://github.com/paroteen/SecurEagle CVE-2007-1858 - https://github.com/shenril/Sitadel CVE-2007-1858 - https://github.com/tag888/tag123 CVE-2007-1860 - https://github.com/mgeeky/tomcatWarDeployer +CVE-2007-1860 - https://github.com/paulveillard/cybersecurity-infosec CVE-2007-1860 - https://github.com/sagardevopss/sample_web_app CVE-2007-1860 - https://github.com/sagardevopss/simple-maker CVE-2007-1860 - https://github.com/yingshang/sturoad @@ -2556,6 +2566,7 @@ CVE-2008-0166 - https://github.com/manyunya/CryptoDeepTools CVE-2008-0166 - https://github.com/nitishbadole/oscp-note-2 CVE-2008-0166 - https://github.com/olivexo28/potential-octo-waddle CVE-2008-0166 - https://github.com/pixel-wipe/CryptoDeepTools +CVE-2008-0166 - https://github.com/pkimetal/pkimetal CVE-2008-0166 - https://github.com/rmsbpro/rmsbpro CVE-2008-0166 - https://github.com/shn3rd/OpenSSL-PRNG CVE-2008-0166 - https://github.com/snowdroppe/ssh-keybrute @@ -2837,6 +2848,7 @@ CVE-2008-1837 - https://github.com/sunzu94/radamsa-Fuzzer CVE-2008-1887 - https://github.com/mudongliang/LinuxFlaw CVE-2008-1887 - https://github.com/oneoy/cve- CVE-2008-1930 - https://github.com/J-16/Pentester-Bootcamp +CVE-2008-1930 - https://github.com/paulveillard/cybersecurity-infosec CVE-2008-1942 - https://github.com/0xCyberY/CVE-T4PDF CVE-2008-1942 - https://github.com/ARPSyndicate/cvemon CVE-2008-2019 - https://github.com/ARPSyndicate/cvemon @@ -2972,6 +2984,7 @@ CVE-2008-3464 - https://github.com/Cruxer8Mech/Idk CVE-2008-3464 - https://github.com/fei9747/WindowsElevation CVE-2008-3464 - https://github.com/lyshark/Windows-exploits CVE-2008-3464 - https://github.com/ycdxsb/WindowsPrivilegeEscalation +CVE-2008-3531 - https://github.com/CVEDB/awesome-cve-repo CVE-2008-3531 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE CVE-2008-3662 - https://github.com/aemon1407/KWSPZapTest CVE-2008-3662 - https://github.com/faizhaffizudin/Case-Study-Hamsa @@ -3019,12 +3032,14 @@ CVE-2008-4098 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-info CVE-2008-4098 - https://github.com/tomwillfixit/alpine-cvecheck CVE-2008-4098 - https://github.com/zzzWTF/db-13-01 CVE-2008-4102 - https://github.com/GulAli-N/nbs-mentored-project +CVE-2008-4109 - https://github.com/CVEDB/awesome-cve-repo CVE-2008-4109 - https://github.com/David-M-Berry/openssh-cve-discovery CVE-2008-4109 - https://github.com/Passyed/regreSSHion-Fix CVE-2008-4109 - https://github.com/TAM-K592/CVE-2024-6387 CVE-2008-4109 - https://github.com/azurejoga/CVE-2024-6387-how-to-fix CVE-2008-4109 - https://github.com/bigb0x/CVE-2024-6387 CVE-2008-4109 - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- +CVE-2008-4109 - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion CVE-2008-4114 - https://github.com/RodrigoVarasLopez/Download-Scanners-from-Nessus-8.7-using-the-API CVE-2008-4163 - https://github.com/ARPSyndicate/cvemon CVE-2008-4163 - https://github.com/DButter/whitehat_public @@ -3085,6 +3100,7 @@ CVE-2008-4250 - https://github.com/Al1ex/WindowsElevation CVE-2008-4250 - https://github.com/AnshumanSrivastavaGit/OSCP-3 CVE-2008-4250 - https://github.com/ArcadeHustle/X3_USB_softmod CVE-2008-4250 - https://github.com/Ascotbe/Kernelhub +CVE-2008-4250 - https://github.com/BrennanStJohn/Sample_Pentest CVE-2008-4250 - https://github.com/CVEDB/PoC-List CVE-2008-4250 - https://github.com/CVEDB/awesome-cve-repo CVE-2008-4250 - https://github.com/Cruxer8Mech/Idk @@ -3264,6 +3280,7 @@ CVE-2008-5927 - https://github.com/gosirys/Exploits CVE-2008-6080 - https://github.com/ARPSyndicate/kenzer-templates CVE-2008-6143 - https://github.com/gosirys/Exploits CVE-2008-6172 - https://github.com/ARPSyndicate/kenzer-templates +CVE-2008-6178 - https://github.com/mactronmedia/FUCKeditor CVE-2008-6178 - https://github.com/speedyfriend67/Experiments CVE-2008-6222 - https://github.com/20142995/nuclei-templates CVE-2008-6222 - https://github.com/ARPSyndicate/kenzer-templates @@ -3895,6 +3912,7 @@ CVE-2009-2265 - https://github.com/c0d3cr4f73r/CVE-2009-2265 CVE-2009-2265 - https://github.com/crypticdante/CVE-2009-2265 CVE-2009-2265 - https://github.com/k4u5h41/CVE-2009-2265 CVE-2009-2265 - https://github.com/macosta-42/Exploit-Development +CVE-2009-2265 - https://github.com/mactronmedia/FUCKeditor CVE-2009-2265 - https://github.com/n3ov4n1sh/CVE-2009-2265 CVE-2009-2265 - https://github.com/p1ckzi/CVE-2009-2265 CVE-2009-2265 - https://github.com/zaphoxx/zaphoxx-coldfusion @@ -3904,6 +3922,7 @@ CVE-2009-2285 - https://github.com/oneoy/cve- CVE-2009-2286 - https://github.com/mudongliang/LinuxFlaw CVE-2009-2286 - https://github.com/oneoy/cve- CVE-2009-2299 - https://github.com/xonoxitron/cpe2cve +CVE-2009-2324 - https://github.com/mactronmedia/FUCKeditor CVE-2009-2335 - https://github.com/ARPSyndicate/cvemon CVE-2009-2335 - https://github.com/Austin-Jacobs/Code_Path CVE-2009-2335 - https://github.com/OmarG13/Raven1-Pen-Test @@ -4583,10 +4602,12 @@ CVE-2010-0219 - https://github.com/20142995/Goby CVE-2010-0219 - https://github.com/ACIC-Africa/metasploitable3 CVE-2010-0219 - https://github.com/ARPSyndicate/cvemon CVE-2010-0219 - https://github.com/ARPSyndicate/kenzer-templates +CVE-2010-0219 - https://github.com/CVEDB/awesome-cve-repo CVE-2010-0219 - https://github.com/HimmelAward/Goby_POC CVE-2010-0219 - https://github.com/Z0fhack/Goby_POC CVE-2010-0219 - https://github.com/adamziaja/vulnerability-check CVE-2010-0219 - https://github.com/ugurilgin/MoocFiProject-2 +CVE-2010-0219 - https://github.com/veritas-rt/CVE-2010-0219 CVE-2010-0231 - https://github.com/Amnesthesia/EHAPT-Group-Project CVE-2010-0231 - https://github.com/EricwentwithCyber/Vulnerability-Scan-Lab CVE-2010-0231 - https://github.com/uroboros-security/SMB-CVE @@ -5643,6 +5664,7 @@ CVE-2010-2883 - https://github.com/season-lab/rop-collection CVE-2010-2883 - https://github.com/xinali/articles CVE-2010-2891 - https://github.com/mudongliang/LinuxFlaw CVE-2010-2891 - https://github.com/oneoy/cve- +CVE-2010-2918 - https://github.com/20142995/nuclei-templates CVE-2010-2918 - https://github.com/ARPSyndicate/kenzer-templates CVE-2010-2920 - https://github.com/ARPSyndicate/kenzer-templates CVE-2010-2939 - https://github.com/ARPSyndicate/cvemon @@ -6812,6 +6834,7 @@ CVE-2011-10002 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2011-10003 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2011-1002 - https://github.com/ARPSyndicate/cvemon CVE-2011-1002 - https://github.com/DButter/whitehat_public +CVE-2011-1002 - https://github.com/EvgeniyaBalanyuk/attacks CVE-2011-1002 - https://github.com/Howertx/avahi-dos CVE-2011-1002 - https://github.com/NikolayAntipov/DB_13-01 CVE-2011-1002 - https://github.com/berradiginamic/32123BC7-Securite-Informatique @@ -7099,11 +7122,14 @@ CVE-2011-2523 - https://github.com/ARPSyndicate/cvemon CVE-2011-2523 - https://github.com/AhmedIrfan198/Penetration-Test-of-Metasploitable-2 CVE-2011-2523 - https://github.com/AnugiArrawwala/CVE-Research CVE-2011-2523 - https://github.com/Atiwitch15101/vsftpd-2.3.4-Exploit +CVE-2011-2523 - https://github.com/BrennanStJohn/Sample_Pentest CVE-2011-2523 - https://github.com/CVEDB/PoC-List CVE-2011-2523 - https://github.com/CVEDB/awesome-cve-repo CVE-2011-2523 - https://github.com/CoolerVoid/Vision CVE-2011-2523 - https://github.com/CoolerVoid/Vision2 CVE-2011-2523 - https://github.com/DButter/whitehat_public +CVE-2011-2523 - https://github.com/EvgeniyaBalanyuk/attacks +CVE-2011-2523 - https://github.com/Gill-Singh-A/vsFTP-2.3.4-Remote-Root-Shell-Exploit CVE-2011-2523 - https://github.com/GodZer/exploit_vsftpd_backdoor CVE-2011-2523 - https://github.com/Gr4ykt/CVE-2011-2523 CVE-2011-2523 - https://github.com/Hellsender01/vsftpd_2.3.4_Exploit @@ -8472,6 +8498,7 @@ CVE-2012-1823 - https://github.com/khansiddique/VulnHub-Boot2root-CTFs-Writeups CVE-2012-1823 - https://github.com/krishpranav/autosploit CVE-2012-1823 - https://github.com/marcocastro100/Intrusion_Detection_System-Python CVE-2012-1823 - https://github.com/panduki/SIE +CVE-2012-1823 - https://github.com/paulveillard/cybersecurity-infosec CVE-2012-1823 - https://github.com/psifertex/ctf-vs-the-real-world CVE-2012-1823 - https://github.com/pwnwiki/webappurls CVE-2012-1823 - https://github.com/slxwzk/slxwzkBotnet @@ -8553,6 +8580,7 @@ CVE-2012-2122 - https://github.com/ipirva/NSX-T_IDS CVE-2012-2122 - https://github.com/kimkaon73/WhiteHatSchool CVE-2012-2122 - https://github.com/metaDNA/hackingteamhack CVE-2012-2122 - https://github.com/oneplus-x/jok3r +CVE-2012-2122 - https://github.com/q99266/saury-vulnhub CVE-2012-2122 - https://github.com/qatarattack/nmap-nse-scripts CVE-2012-2122 - https://github.com/safe6Sec/PentestNote CVE-2012-2122 - https://github.com/zhangkaibin0921/CVE-2012-2122 @@ -8646,6 +8674,7 @@ CVE-2012-2658 - https://github.com/Live-Hack-CVE/CVE-2012-2658 CVE-2012-2660 - https://github.com/kavgan/vuln_test_repo_public_ruby_gemfile_cve-2016-6317 CVE-2012-2661 - https://github.com/Blackyguy/-CVE-2012-2661-ActiveRecord-SQL-injection- CVE-2012-2661 - https://github.com/ehayushpathak/WebApp-Hacking +CVE-2012-2661 - https://github.com/paulveillard/cybersecurity-infosec CVE-2012-2661 - https://github.com/r4x0r1337/-CVE-2012-2661-ActiveRecord-SQL-injection- CVE-2012-2663 - https://github.com/Live-Hack-CVE/CVE-2012-6638 CVE-2012-2686 - https://github.com/ARPSyndicate/cvemon @@ -9304,6 +9333,7 @@ CVE-2012-6060 - https://github.com/Live-Hack-CVE/CVE-2012-5598 CVE-2012-6061 - https://github.com/Live-Hack-CVE/CVE-2012-5599 CVE-2012-6062 - https://github.com/Live-Hack-CVE/CVE-2012-5600 CVE-2012-6066 - https://github.com/bongbongco/CVE-2012-6066 +CVE-2012-6081 - https://github.com/paulveillard/cybersecurity-infosec CVE-2012-6081 - https://github.com/shaynewang/exploits CVE-2012-6093 - https://github.com/ARPSyndicate/cvemon CVE-2012-6093 - https://github.com/chnzzh/OpenSSL-CVE-lib @@ -10116,6 +10146,7 @@ CVE-2013-2028 - https://github.com/oneoy/cve- CVE-2013-2028 - https://github.com/q40603/Continuous-Invivo-Fuzz CVE-2013-2028 - https://github.com/tachibana51/CVE-2013-2028-x64-bypass-ssp-and-pie-PoC CVE-2013-2028 - https://github.com/weeka10/-hktalent-TOP +CVE-2013-2028 - https://github.com/xiw1ll/CVE-2013-2028_Checker CVE-2013-2035 - https://github.com/ian4hu/super-pom CVE-2013-2049 - https://github.com/rcvalle/vulnerabilities CVE-2013-2050 - https://github.com/rcvalle/vulnerabilities @@ -10808,6 +10839,7 @@ CVE-2013-4547 - https://github.com/fir3storm/Vision2 CVE-2013-4547 - https://github.com/hxysaury/The-Road-to-Safety CVE-2013-4547 - https://github.com/hxysaury/saury-vulnhub CVE-2013-4547 - https://github.com/lukeber4/usn-search +CVE-2013-4547 - https://github.com/q99266/saury-vulnhub CVE-2013-4547 - https://github.com/safe6Sec/PentestNote CVE-2013-4547 - https://github.com/shuangjiang/DVWA-Note CVE-2013-4547 - https://github.com/twfb/DVWA-Note @@ -10967,6 +10999,7 @@ CVE-2013-5882 - https://github.com/scmanjarrez/CVEScannerV2 CVE-2013-5891 - https://github.com/Live-Hack-CVE/CVE-2013-5891 CVE-2013-5908 - https://github.com/Live-Hack-CVE/CVE-2013-5908 CVE-2013-5979 - https://github.com/ARPSyndicate/kenzer-templates +CVE-2013-6026 - https://github.com/Ro9ueAdmin/bamf CVE-2013-6026 - https://github.com/Soldie/bamf-SHODAN.IO CVE-2013-6026 - https://github.com/malwaredllc/bamf CVE-2013-6031 - https://github.com/aczire/huawei-csrf-info_disclosure @@ -11067,6 +11100,7 @@ CVE-2013-6629 - https://github.com/mrash/afl-cve CVE-2013-6632 - https://github.com/ARPSyndicate/cvemon CVE-2013-6632 - https://github.com/allpaca/chrome-sbx-db CVE-2013-6632 - https://github.com/lnick2023/nicenice +CVE-2013-6632 - https://github.com/otravidaahora2t/js-vuln-db CVE-2013-6632 - https://github.com/qazbnm456/awesome-cve-poc CVE-2013-6632 - https://github.com/thelostvoice/global-takeover CVE-2013-6632 - https://github.com/thelostvoice/inept-us-military @@ -11545,6 +11579,7 @@ CVE-2014-0160 - https://github.com/Justic-D/Dev_net_home_1 CVE-2014-0160 - https://github.com/K1ngDamien/epss-super-sorter CVE-2014-0160 - https://github.com/Kapotov/3.9.1 CVE-2014-0160 - https://github.com/KayCHENvip/vulnerability-poc +CVE-2014-0160 - https://github.com/KenTi0/lista-de-Ferramentas-hacker CVE-2014-0160 - https://github.com/KickFootCode/LoveYouALL CVE-2014-0160 - https://github.com/LavaOps/LeakReducer CVE-2014-0160 - https://github.com/Lekensteyn/pacemaker @@ -11608,6 +11643,7 @@ CVE-2014-0160 - https://github.com/Soldie/Colection-pentest CVE-2014-0160 - https://github.com/Soldie/PayloadsAllTheThings CVE-2014-0160 - https://github.com/Soldie/Penetration-Testing CVE-2014-0160 - https://github.com/Soldie/awesome-pentest-listas +CVE-2014-0160 - https://github.com/Sp3c73rSh4d0w/CVE-2014-0160_Heartbleed CVE-2014-0160 - https://github.com/Sparrow-Co-Ltd/real_cve_examples CVE-2014-0160 - https://github.com/SureshKumarPakalapati/-Penetration-Testing CVE-2014-0160 - https://github.com/SwiftfireDev/OpenVPN-install @@ -12108,6 +12144,7 @@ CVE-2014-0224 - https://github.com/Artem-Tvr/sysadmin-09-security CVE-2014-0224 - https://github.com/BSolarV/cvedetails-summary CVE-2014-0224 - https://github.com/CertifiedCEH/DB CVE-2014-0224 - https://github.com/DButter/whitehat_public +CVE-2014-0224 - https://github.com/EvgeniyaBalanyuk/attacks CVE-2014-0224 - https://github.com/F4RM0X/script_a2sv CVE-2014-0224 - https://github.com/H4CK3RT3CH/a2sv CVE-2014-0224 - https://github.com/Justic-D/Dev_net_home_1 @@ -12214,6 +12251,7 @@ CVE-2014-0231 - https://github.com/zzzWTF/db-13-01 CVE-2014-0235 - https://github.com/c3isecurity/My-iPost CVE-2014-0238 - https://github.com/Live-Hack-CVE/CVE-2014-0238 CVE-2014-0239 - https://github.com/Live-Hack-CVE/CVE-2014-0239 +CVE-2014-0260 - https://github.com/splunk-soar-connectors/fireamp CVE-2014-0282 - https://github.com/ARPSyndicate/cvemon CVE-2014-0282 - https://github.com/CVEDB/awesome-cve-repo CVE-2014-0282 - https://github.com/Charmve/PyStegosploit @@ -12421,6 +12459,7 @@ CVE-2014-125083 - https://github.com/Live-Hack-CVE/CVE-2014-125083 CVE-2014-125084 - https://github.com/Live-Hack-CVE/CVE-2014-125084 CVE-2014-125085 - https://github.com/Live-Hack-CVE/CVE-2014-125085 CVE-2014-125086 - https://github.com/Live-Hack-CVE/CVE-2014-125086 +CVE-2014-125106 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2014-1266 - https://github.com/ARPSyndicate/cvemon CVE-2014-1266 - https://github.com/CVEDB/PoC-List CVE-2014-1266 - https://github.com/CVEDB/awesome-cve-repo @@ -12444,6 +12483,7 @@ CVE-2014-1402 - https://github.com/LoricAndre/OSV_Commits_Analysis CVE-2014-1420 - https://github.com/404notf0und/CVE-Flow CVE-2014-1447 - https://github.com/tagatac/libvirt-CVE-2014-1447 CVE-2014-1513 - https://github.com/RUB-SysSec/PrimGen +CVE-2014-1513 - https://github.com/otravidaahora2t/js-vuln-db CVE-2014-1513 - https://github.com/tunz/js-vuln-db CVE-2014-1542 - https://github.com/mattfeng/picoctf-2014-solutions CVE-2014-1564 - https://github.com/mrash/afl-cve @@ -12475,6 +12515,7 @@ CVE-2014-1705 - https://github.com/ARPSyndicate/cvemon CVE-2014-1705 - https://github.com/BushraAloraini/Android-Vulnerabilities CVE-2014-1705 - https://github.com/Live-Hack-CVE/CVE-2014-1705 CVE-2014-1705 - https://github.com/lnick2023/nicenice +CVE-2014-1705 - https://github.com/otravidaahora2t/js-vuln-db CVE-2014-1705 - https://github.com/qazbnm456/awesome-cve-poc CVE-2014-1705 - https://github.com/thelostvoice/global-takeover CVE-2014-1705 - https://github.com/thelostvoice/inept-us-military @@ -12894,6 +12935,7 @@ CVE-2014-3166 - https://github.com/Live-Hack-CVE/CVE-2014-3166 CVE-2014-3176 - https://github.com/ARPSyndicate/cvemon CVE-2014-3176 - https://github.com/RUB-SysSec/PrimGen CVE-2014-3176 - https://github.com/lnick2023/nicenice +CVE-2014-3176 - https://github.com/otravidaahora2t/js-vuln-db CVE-2014-3176 - https://github.com/qazbnm456/awesome-cve-poc CVE-2014-3176 - https://github.com/tunz/js-vuln-db CVE-2014-3176 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -13010,6 +13052,7 @@ CVE-2014-3566 - https://github.com/CVEDB/top CVE-2014-3566 - https://github.com/CamiloEscobar98/DjangoProject CVE-2014-3566 - https://github.com/CertifiedCEH/DB CVE-2014-3566 - https://github.com/DButter/whitehat_public +CVE-2014-3566 - https://github.com/EvgeniyaBalanyuk/attacks CVE-2014-3566 - https://github.com/F4RM0X/script_a2sv CVE-2014-3566 - https://github.com/FroggDev/BASH_froggPoodler CVE-2014-3566 - https://github.com/GhostTroops/TOP @@ -13223,6 +13266,7 @@ CVE-2014-3704 - https://github.com/kalivim/pySecurity CVE-2014-3704 - https://github.com/koutto/jok3r-pocs CVE-2014-3704 - https://github.com/maya6/-scan- CVE-2014-3704 - https://github.com/moradotai/CMS-Scan +CVE-2014-3704 - https://github.com/q99266/saury-vulnhub CVE-2014-3704 - https://github.com/smartFlash/pySecurity CVE-2014-3704 - https://github.com/superfish9/pt CVE-2014-3704 - https://github.com/superlink996/chunqiuyunjingbachang @@ -13357,6 +13401,7 @@ CVE-2014-4113 - https://github.com/HackOvert/awesome-bugs CVE-2014-4113 - https://github.com/JERRY123S/all-poc CVE-2014-4113 - https://github.com/JennieXLisa/awe-win-expx CVE-2014-4113 - https://github.com/LegendSaber/exp +CVE-2014-4113 - https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources CVE-2014-4113 - https://github.com/NitroA/windowsexpoitationresources CVE-2014-4113 - https://github.com/NullArray/WinKernel-Resources CVE-2014-4113 - https://github.com/Ondrik8/RED-Team @@ -13527,6 +13572,7 @@ CVE-2014-4210 - https://github.com/hanc00l/some_pocsuite CVE-2014-4210 - https://github.com/hktalent/TOP CVE-2014-4210 - https://github.com/hktalent/myhktools CVE-2014-4210 - https://github.com/hmoytx/weblogicscan +CVE-2014-4210 - https://github.com/huan-cdm/secure_tools_link CVE-2014-4210 - https://github.com/iceberg-N/WL_Scan_GO CVE-2014-4210 - https://github.com/ilmila/J2EEScan CVE-2014-4210 - https://github.com/iqrok/myhktools @@ -13928,6 +13974,7 @@ CVE-2014-6230 - https://github.com/Live-Hack-CVE/CVE-2014-6230 CVE-2014-6230 - https://github.com/lesterchan/wp-ban CVE-2014-6271 - https://github.com/00xNetrunner/Shodan_Cheet-Sheet CVE-2014-6271 - https://github.com/0bfxgh0st/cve-2014-6271 +CVE-2014-6271 - https://github.com/0neXo0r/Exploits CVE-2014-6271 - https://github.com/0x00-0x00/CVE-2014-6271 CVE-2014-6271 - https://github.com/0x0d3ad/Kn0ck CVE-2014-6271 - https://github.com/0x43f/Exploits @@ -14063,6 +14110,7 @@ CVE-2014-6271 - https://github.com/K3ysTr0K3R/K3ysTr0K3R CVE-2014-6271 - https://github.com/KJOONHWAN/CVE-Exploit-Demonstration CVE-2014-6271 - https://github.com/Kaizhe/attacker CVE-2014-6271 - https://github.com/KateFayra/auto_vulnerability_tester +CVE-2014-6271 - https://github.com/KenTi0/lista-de-Ferramentas-hacker CVE-2014-6271 - https://github.com/Kr1tz3x3/HTB-Writeups CVE-2014-6271 - https://github.com/LearnGolang/LearnGolang CVE-2014-6271 - https://github.com/LiuYuancheng/ChatGPT_on_CTF @@ -14119,6 +14167,7 @@ CVE-2014-6271 - https://github.com/SARATOGAMarine/Lastest-Web-Hacking-Tools-vol- CVE-2014-6271 - https://github.com/SaltwaterC/sploit-tools CVE-2014-6271 - https://github.com/Sanket-HP/Ethical-Hacking-Tutorial CVE-2014-6271 - https://github.com/Secop/awesome-security +CVE-2014-6271 - https://github.com/SenukDias/OSCP_cheat CVE-2014-6271 - https://github.com/Sep0lkit/oval-for-el CVE-2014-6271 - https://github.com/Sindadziy/cve-2014-6271 CVE-2014-6271 - https://github.com/Sindayifu/CVE-2019-14287-CVE-2014-6271 @@ -14408,6 +14457,7 @@ CVE-2014-6271 - https://github.com/parveshkatoch/Penetration-Testing CVE-2014-6271 - https://github.com/paulveillard/cybersecurity CVE-2014-6271 - https://github.com/paulveillard/cybersecurity-ethical-hacking CVE-2014-6271 - https://github.com/paulveillard/cybersecurity-hacking +CVE-2014-6271 - https://github.com/paulveillard/cybersecurity-infosec CVE-2014-6271 - https://github.com/paulveillard/cybersecurity-penetration-testing CVE-2014-6271 - https://github.com/paulveillard/cybersecurity-pentest CVE-2014-6271 - https://github.com/paulveillard/cybersecurity-web-hacking @@ -14738,6 +14788,7 @@ CVE-2014-6407 - https://github.com/xxg1413/docker-security CVE-2014-6408 - https://github.com/xxg1413/docker-security CVE-2014-6416 - https://github.com/Live-Hack-CVE/CVE-2014-6416 CVE-2014-6417 - https://github.com/Live-Hack-CVE/CVE-2014-6417 +CVE-2014-6446 - https://github.com/0neXo0r/Exploits CVE-2014-6446 - https://github.com/0x43f/Exploits CVE-2014-6446 - https://github.com/R0B1NL1N/E-x-p-l-o-i-t-s CVE-2014-6446 - https://github.com/Xcod3bughunt3r/ExploitsTools @@ -15024,11 +15075,13 @@ CVE-2014-7923 - https://github.com/ARPSyndicate/cvemon CVE-2014-7926 - https://github.com/ARPSyndicate/cvemon CVE-2014-7927 - https://github.com/ARPSyndicate/cvemon CVE-2014-7927 - https://github.com/lnick2023/nicenice +CVE-2014-7927 - https://github.com/otravidaahora2t/js-vuln-db CVE-2014-7927 - https://github.com/qazbnm456/awesome-cve-poc CVE-2014-7927 - https://github.com/tunz/js-vuln-db CVE-2014-7927 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2014-7928 - https://github.com/ARPSyndicate/cvemon CVE-2014-7928 - https://github.com/lnick2023/nicenice +CVE-2014-7928 - https://github.com/otravidaahora2t/js-vuln-db CVE-2014-7928 - https://github.com/qazbnm456/awesome-cve-poc CVE-2014-7928 - https://github.com/tunz/js-vuln-db CVE-2014-7928 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -15396,6 +15449,7 @@ CVE-2015-0057 - https://github.com/JERRY123S/all-poc CVE-2015-0057 - https://github.com/JennieXLisa/awe-win-expx CVE-2015-0057 - https://github.com/Karneades/awesome-vulnerabilities CVE-2015-0057 - https://github.com/LegendSaber/exp +CVE-2015-0057 - https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources CVE-2015-0057 - https://github.com/NitroA/windowsexpoitationresources CVE-2015-0057 - https://github.com/NullArray/WinKernel-Resources CVE-2015-0057 - https://github.com/Ondrik8/exploit @@ -15883,6 +15937,7 @@ CVE-2015-0852 - https://github.com/andir/nixos-issue-db-example CVE-2015-0860 - https://github.com/mrash/afl-cve CVE-2015-0860 - https://github.com/sjourdan/clair-lab CVE-2015-0886 - https://github.com/ARPSyndicate/cvemon +CVE-2015-0886 - https://github.com/ytono/gcp-arcade CVE-2015-0899 - https://github.com/ARPSyndicate/cvemon CVE-2015-0899 - https://github.com/IkerSaint/VULNAPP-vulnerable-app CVE-2015-0899 - https://github.com/bingcai/struts-mini @@ -15960,6 +16015,7 @@ CVE-2015-10055 - https://github.com/Live-Hack-CVE/CVE-2015-10055 CVE-2015-10056 - https://github.com/Live-Hack-CVE/CVE-2015-10056 CVE-2015-10057 - https://github.com/Live-Hack-CVE/CVE-2015-10057 CVE-2015-10061 - https://github.com/Live-Hack-CVE/CVE-2015-10061 +CVE-2015-10065 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2015-10067 - https://github.com/Live-Hack-CVE/CVE-2015-10067 CVE-2015-10068 - https://github.com/Live-Hack-CVE/CVE-2015-10068 CVE-2015-10069 - https://github.com/Live-Hack-CVE/CVE-2015-10069 @@ -16033,6 +16089,7 @@ CVE-2015-1224 - https://github.com/sambacha/mirror-radamsa CVE-2015-1224 - https://github.com/sunzu94/radamsa-Fuzzer CVE-2015-1233 - https://github.com/ARPSyndicate/cvemon CVE-2015-1233 - https://github.com/lnick2023/nicenice +CVE-2015-1233 - https://github.com/otravidaahora2t/js-vuln-db CVE-2015-1233 - https://github.com/qazbnm456/awesome-cve-poc CVE-2015-1233 - https://github.com/tunz/js-vuln-db CVE-2015-1233 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -16041,6 +16098,7 @@ CVE-2015-1239 - https://github.com/0xCyberY/CVE-T4PDF CVE-2015-1239 - https://github.com/ARPSyndicate/cvemon CVE-2015-1242 - https://github.com/ARPSyndicate/cvemon CVE-2015-1242 - https://github.com/lnick2023/nicenice +CVE-2015-1242 - https://github.com/otravidaahora2t/js-vuln-db CVE-2015-1242 - https://github.com/qazbnm456/awesome-cve-poc CVE-2015-1242 - https://github.com/tunz/js-vuln-db CVE-2015-1242 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -16162,6 +16220,7 @@ CVE-2015-1420 - https://github.com/thdusdl1219/CVE-Study CVE-2015-1420 - https://github.com/vincent-deng/veracode-container-security-finding-parser CVE-2015-1421 - https://github.com/Live-Hack-CVE/CVE-2015-1421 CVE-2015-1427 - https://github.com/0day404/vulnerability-poc +CVE-2015-1427 - https://github.com/0neXo0r/Exploits CVE-2015-1427 - https://github.com/0ps/pocassistdb CVE-2015-1427 - https://github.com/0x43f/Exploits CVE-2015-1427 - https://github.com/20142995/Goby @@ -16340,6 +16399,8 @@ CVE-2015-1635 - https://github.com/Olysyan/MSS CVE-2015-1635 - https://github.com/Ostorlab/KEV CVE-2015-1635 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2015-1635 - https://github.com/SkinAir/ms15-034-Scan +CVE-2015-1635 - https://github.com/Sp3c73rSh4d0w/CVE-2015-1635 +CVE-2015-1635 - https://github.com/Sp3c73rSh4d0w/CVE-2015-1635-POC CVE-2015-1635 - https://github.com/Zx7ffa4512-Python/Project-CVE-2015-1635 CVE-2015-1635 - https://github.com/aedoo/CVE-2015-1635-POC CVE-2015-1635 - https://github.com/ahm3dhany/IDS-Evasion @@ -16418,6 +16479,7 @@ CVE-2015-1701 - https://github.com/GhostTroops/TOP CVE-2015-1701 - https://github.com/IAmAnubhavSaini/wes.py3 CVE-2015-1701 - https://github.com/IMCG/awesome-c CVE-2015-1701 - https://github.com/JERRY123S/all-poc +CVE-2015-1701 - https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources CVE-2015-1701 - https://github.com/NitroA/windowsexpoitationresources CVE-2015-1701 - https://github.com/NullArray/WinKernel-Resources CVE-2015-1701 - https://github.com/Ondrik8/exploit @@ -16714,6 +16776,7 @@ CVE-2015-2177 - https://github.com/qazbnm456/awesome-cve-poc CVE-2015-2177 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2015-2180 - https://github.com/ARPSyndicate/cvemon CVE-2015-2199 - https://github.com/ARPSyndicate/cvemon +CVE-2015-2208 - https://github.com/0neXo0r/Exploits CVE-2015-2208 - https://github.com/0x43f/Exploits CVE-2015-2208 - https://github.com/ARPSyndicate/cvemon CVE-2015-2208 - https://github.com/AndreaOm/awesome-stars @@ -17485,6 +17548,7 @@ CVE-2015-3440 - https://github.com/oleksandrbi/CodePathweek7 CVE-2015-3440 - https://github.com/preritpathak/Pentesting-live-targets-2 CVE-2015-3440 - https://github.com/rlucus/codepath CVE-2015-3440 - https://github.com/theawkwardchild/WordPress-Pentesting +CVE-2015-3440 - https://github.com/w3bcooki3/Wordpress-vs-Kali CVE-2015-3440 - https://github.com/zakia00/Week7Lab CVE-2015-3440 - https://github.com/zjasonshen/CodepathWebSecurityWeek7 CVE-2015-3440 - https://github.com/zmh68/codepath-w07 @@ -17625,6 +17689,7 @@ CVE-2015-4000 - https://github.com/ARPSyndicate/cvemon CVE-2015-4000 - https://github.com/Artem-Salnikov/devops-netology CVE-2015-4000 - https://github.com/Artem-Tvr/sysadmin-09-security CVE-2015-4000 - https://github.com/DButter/whitehat_public +CVE-2015-4000 - https://github.com/EvgeniyaBalanyuk/attacks CVE-2015-4000 - https://github.com/F4RM0X/script_a2sv CVE-2015-4000 - https://github.com/H4CK3RT3CH/a2sv CVE-2015-4000 - https://github.com/Justic-D/Dev_net_home_1 @@ -18197,6 +18262,7 @@ CVE-2015-5372 - https://github.com/CompassSecurity/SAMLRaider CVE-2015-5374 - https://github.com/ARPSyndicate/cvemon CVE-2015-5374 - https://github.com/can/CVE-2015-5374-DoS-PoC CVE-2015-5377 - https://github.com/blackswanburst/afistfulofmetrics +CVE-2015-5377 - https://github.com/fi3ro/CVE-2015-5377 CVE-2015-5377 - https://github.com/fi3ro/elasticsearch_CVE-2015-5377 CVE-2015-5377 - https://github.com/marcocesarato/Shell-BotKiller CVE-2015-5395 - https://github.com/Live-Hack-CVE/CVE-2015-5395 @@ -18773,6 +18839,7 @@ CVE-2015-6668 - https://github.com/ARPSyndicate/cvemon CVE-2015-6668 - https://github.com/G01d3nW01f/CVE-2015-6668 CVE-2015-6668 - https://github.com/H3xL00m/CVE-2015-6668 CVE-2015-6668 - https://github.com/Ki11i0n4ir3/CVE-2015-6668 +CVE-2015-6668 - https://github.com/Sp3c73rSh4d0w/CVE-2015-6668 CVE-2015-6668 - https://github.com/c0d3cr4f73r/CVE-2015-6668 CVE-2015-6668 - https://github.com/crypticdante/CVE-2015-6668 CVE-2015-6668 - https://github.com/k4u5h41/CVE-2015-6668 @@ -18793,6 +18860,7 @@ CVE-2015-6758 - https://github.com/ARPSyndicate/cvemon CVE-2015-6764 - https://github.com/ARPSyndicate/cvemon CVE-2015-6764 - https://github.com/allpaca/chrome-sbx-db CVE-2015-6764 - https://github.com/lnick2023/nicenice +CVE-2015-6764 - https://github.com/otravidaahora2t/js-vuln-db CVE-2015-6764 - https://github.com/qazbnm456/awesome-cve-poc CVE-2015-6764 - https://github.com/secmob/cansecwest2016 CVE-2015-6764 - https://github.com/tunz/js-vuln-db @@ -18821,6 +18889,7 @@ CVE-2015-6770 - https://github.com/qazbnm456/awesome-cve-poc CVE-2015-6770 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2015-6771 - https://github.com/ARPSyndicate/cvemon CVE-2015-6771 - https://github.com/lnick2023/nicenice +CVE-2015-6771 - https://github.com/otravidaahora2t/js-vuln-db CVE-2015-6771 - https://github.com/qazbnm456/awesome-cve-poc CVE-2015-6771 - https://github.com/tunz/js-vuln-db CVE-2015-6771 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -18890,6 +18959,7 @@ CVE-2015-7091 - https://github.com/sambacha/mirror-radamsa CVE-2015-7091 - https://github.com/sunzu94/radamsa-Fuzzer CVE-2015-7181 - https://github.com/ARPSyndicate/cvemon CVE-2015-7188 - https://github.com/ARPSyndicate/cvemon +CVE-2015-7204 - https://github.com/splunk-soar-connectors/fireamp CVE-2015-7214 - https://github.com/llamakko/CVE-2015-7214 CVE-2015-7225 - https://github.com/ARPSyndicate/cvemon CVE-2015-7235 - https://github.com/ARPSyndicate/cvemon @@ -19384,6 +19454,7 @@ CVE-2015-7803 - https://github.com/ARPSyndicate/cvemon CVE-2015-7805 - https://github.com/mudongliang/LinuxFlaw CVE-2015-7805 - https://github.com/oneoy/cve- CVE-2015-7806 - https://github.com/ARPSyndicate/cvemon +CVE-2015-7808 - https://github.com/0neXo0r/Exploits CVE-2015-7808 - https://github.com/0x43f/Exploits CVE-2015-7808 - https://github.com/ARPSyndicate/cvemon CVE-2015-7808 - https://github.com/PleXone2019/vBulletin-5.1.x-PreAuth-RCE @@ -19786,6 +19857,7 @@ CVE-2015-8545 - https://github.com/klausware/Java-Deserialization-Cheat-Sheet CVE-2015-8545 - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet CVE-2015-8548 - https://github.com/ARPSyndicate/cvemon CVE-2015-8548 - https://github.com/lnick2023/nicenice +CVE-2015-8548 - https://github.com/otravidaahora2t/js-vuln-db CVE-2015-8548 - https://github.com/qazbnm456/awesome-cve-poc CVE-2015-8548 - https://github.com/tunz/js-vuln-db CVE-2015-8548 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -19837,6 +19909,7 @@ CVE-2015-8580 - https://github.com/ARPSyndicate/cvemon CVE-2015-8581 - https://github.com/klausware/Java-Deserialization-Cheat-Sheet CVE-2015-8584 - https://github.com/ARPSyndicate/cvemon CVE-2015-8584 - https://github.com/lnick2023/nicenice +CVE-2015-8584 - https://github.com/otravidaahora2t/js-vuln-db CVE-2015-8584 - https://github.com/qazbnm456/awesome-cve-poc CVE-2015-8584 - https://github.com/tunz/js-vuln-db CVE-2015-8584 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -20526,6 +20599,7 @@ CVE-2016-0638 - https://github.com/hanc00l/some_pocsuite CVE-2016-0638 - https://github.com/hanc00l/weblogic_unserialize_exploit CVE-2016-0638 - https://github.com/hktalent/TOP CVE-2016-0638 - https://github.com/hmoytx/weblogicscan +CVE-2016-0638 - https://github.com/huan-cdm/secure_tools_link CVE-2016-0638 - https://github.com/iceberg-N/WL_Scan_GO CVE-2016-0638 - https://github.com/jbmihoub/all-poc CVE-2016-0638 - https://github.com/koutto/jok3r-pocs @@ -20802,6 +20876,7 @@ CVE-2016-0779 - https://github.com/PalindromeLabs/Java-Deserialization-CVEs CVE-2016-0779 - https://github.com/klausware/Java-Deserialization-Cheat-Sheet CVE-2016-0779 - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet CVE-2016-0783 - https://github.com/Quadrupl3d/ICISPD-47-2023 +CVE-2016-0783 - https://github.com/redp4rrot/ICISPD-47-2023 CVE-2016-0785 - https://github.com/20142995/pocsuite3 CVE-2016-0785 - https://github.com/ARPSyndicate/cvemon CVE-2016-0785 - https://github.com/SexyBeast233/SecBooks @@ -22674,6 +22749,7 @@ CVE-2016-1531 - https://github.com/ARPSyndicate/cvemon CVE-2016-1531 - https://github.com/HadessCS/Awesome-Privilege-Escalation CVE-2016-1531 - https://github.com/Jekyll-Hyde2022/PrivEsc-Linux CVE-2016-1531 - https://github.com/Pr1vEsc/Hacking-linux +CVE-2016-1531 - https://github.com/SenukDias/OSCP_cheat CVE-2016-1531 - https://github.com/SirElmard/ethical_hacking CVE-2016-1531 - https://github.com/Totes5706/Offensive-Security-Cheat-Sheet CVE-2016-1531 - https://github.com/c0d3cr4f73r/CVE-2016-1531 @@ -22776,17 +22852,20 @@ CVE-2016-1646 - https://github.com/Ostorlab/KEV CVE-2016-1646 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2016-1646 - https://github.com/hwiwonl/dayone CVE-2016-1646 - https://github.com/lnick2023/nicenice +CVE-2016-1646 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-1646 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-1646 - https://github.com/tunz/js-vuln-db CVE-2016-1646 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2016-1647 - https://github.com/allpaca/chrome-sbx-db CVE-2016-1653 - https://github.com/ARPSyndicate/cvemon CVE-2016-1653 - https://github.com/lnick2023/nicenice +CVE-2016-1653 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-1653 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-1653 - https://github.com/tunz/js-vuln-db CVE-2016-1653 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2016-1665 - https://github.com/ARPSyndicate/cvemon CVE-2016-1665 - https://github.com/lnick2023/nicenice +CVE-2016-1665 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-1665 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-1665 - https://github.com/tunz/js-vuln-db CVE-2016-1665 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -22802,6 +22881,7 @@ CVE-2016-1668 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-1668 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2016-1669 - https://github.com/ARPSyndicate/cvemon CVE-2016-1669 - https://github.com/lnick2023/nicenice +CVE-2016-1669 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-1669 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-1669 - https://github.com/tunz/js-vuln-db CVE-2016-1669 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -22833,6 +22913,7 @@ CVE-2016-1676 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-1676 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2016-1677 - https://github.com/ARPSyndicate/cvemon CVE-2016-1677 - https://github.com/lnick2023/nicenice +CVE-2016-1677 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-1677 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-1677 - https://github.com/tunz/js-vuln-db CVE-2016-1677 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -22844,6 +22925,7 @@ CVE-2016-1686 - https://github.com/0xCyberY/CVE-T4PDF CVE-2016-1686 - https://github.com/ARPSyndicate/cvemon CVE-2016-1688 - https://github.com/ARPSyndicate/cvemon CVE-2016-1688 - https://github.com/lnick2023/nicenice +CVE-2016-1688 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-1688 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-1688 - https://github.com/tunz/js-vuln-db CVE-2016-1688 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -22962,6 +23044,7 @@ CVE-2016-1856 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2016-1857 - https://github.com/ARPSyndicate/cvemon CVE-2016-1857 - https://github.com/hedgeberg/PegMii-Boogaloo CVE-2016-1857 - https://github.com/lnick2023/nicenice +CVE-2016-1857 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-1857 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-1857 - https://github.com/tunz/js-vuln-db CVE-2016-1857 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -24127,6 +24210,7 @@ CVE-2016-3309 - https://github.com/ExpLife0011/awesome-windows-kernel-security-d CVE-2016-3309 - https://github.com/GhostTroops/TOP CVE-2016-3309 - https://github.com/JERRY123S/all-poc CVE-2016-3309 - https://github.com/LegendSaber/exp_x64 +CVE-2016-3309 - https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources CVE-2016-3309 - https://github.com/Ondrik8/RED-Team CVE-2016-3309 - https://github.com/Ondrik8/exploit CVE-2016-3309 - https://github.com/Ostorlab/KEV @@ -24218,6 +24302,7 @@ CVE-2016-3378 - https://github.com/ARPSyndicate/cvemon CVE-2016-3380 - https://github.com/p0w3rsh3ll/MSRC-data CVE-2016-3386 - https://github.com/ARPSyndicate/cvemon CVE-2016-3386 - https://github.com/lnick2023/nicenice +CVE-2016-3386 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-3386 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-3386 - https://github.com/tunz/js-vuln-db CVE-2016-3386 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -24333,6 +24418,7 @@ CVE-2016-3510 - https://github.com/hanc00l/weblogic_unserialize_exploit CVE-2016-3510 - https://github.com/hellochunqiu/PayloadsAllTheThings CVE-2016-3510 - https://github.com/hktalent/TOP CVE-2016-3510 - https://github.com/hmoytx/weblogicscan +CVE-2016-3510 - https://github.com/huan-cdm/secure_tools_link CVE-2016-3510 - https://github.com/iceberg-N/WL_Scan_GO CVE-2016-3510 - https://github.com/jbmihoub/all-poc CVE-2016-3510 - https://github.com/koutto/jok3r-pocs @@ -25789,6 +25875,7 @@ CVE-2016-4437 - https://github.com/pen4uin/awesome-vulnerability-research CVE-2016-4437 - https://github.com/pen4uin/vulnerability-research CVE-2016-4437 - https://github.com/pen4uin/vulnerability-research-list CVE-2016-4437 - https://github.com/pizza-power/CVE-2016-4437 +CVE-2016-4437 - https://github.com/q99266/saury-vulnhub CVE-2016-4437 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-4437 - https://github.com/retr0-13/Goby CVE-2016-4437 - https://github.com/skyblueflag/WebSecurityStudy @@ -25959,6 +26046,7 @@ CVE-2016-4622 - https://github.com/lnick2023/nicenice CVE-2016-4622 - https://github.com/m1ghtym0/browser-pwn CVE-2016-4622 - https://github.com/mishmashclone/qazbnm456-awesome-web-security CVE-2016-4622 - https://github.com/ocipap/My_external_stars +CVE-2016-4622 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-4622 - https://github.com/paramint/awesome-web-security CVE-2016-4622 - https://github.com/paulveillard/cybersecurity-web-security CVE-2016-4622 - https://github.com/qazbnm456/awesome-cve-poc @@ -26079,6 +26167,7 @@ CVE-2016-4733 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-4733 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2016-4734 - https://github.com/ARPSyndicate/cvemon CVE-2016-4734 - https://github.com/lnick2023/nicenice +CVE-2016-4734 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-4734 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-4734 - https://github.com/tunz/js-vuln-db CVE-2016-4734 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -26179,6 +26268,7 @@ CVE-2016-4977 - https://github.com/huimzjty/vulwiki CVE-2016-4977 - https://github.com/hxysaury/saury-vulnhub CVE-2016-4977 - https://github.com/jweny/pocassistdb CVE-2016-4977 - https://github.com/langu-xyz/JavaVulnMap +CVE-2016-4977 - https://github.com/q99266/saury-vulnhub CVE-2016-4977 - https://github.com/superfish9/pt CVE-2016-4977 - https://github.com/tpt11fb/SpringVulScan CVE-2016-4977 - https://github.com/zisigui123123s/FINAL @@ -26240,6 +26330,7 @@ CVE-2016-5118 - https://github.com/SudoIndividual/CVE-2023-34152 CVE-2016-5118 - https://github.com/superfish9/pt CVE-2016-5129 - https://github.com/ARPSyndicate/cvemon CVE-2016-5129 - https://github.com/lnick2023/nicenice +CVE-2016-5129 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-5129 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-5129 - https://github.com/tunz/js-vuln-db CVE-2016-5129 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -26254,6 +26345,7 @@ CVE-2016-5159 - https://github.com/idhyt/androotzf CVE-2016-5160 - https://github.com/ARPSyndicate/cvemon CVE-2016-5172 - https://github.com/ARPSyndicate/cvemon CVE-2016-5172 - https://github.com/lnick2023/nicenice +CVE-2016-5172 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-5172 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-5172 - https://github.com/tunz/js-vuln-db CVE-2016-5172 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -26374,6 +26466,7 @@ CVE-2016-5195 - https://github.com/RoqueNight/Linux-Privilege-Escalation-Basics CVE-2016-5195 - https://github.com/Satya42/OSCP-Guide CVE-2016-5195 - https://github.com/SecWiki/linux-kernel-exploits CVE-2016-5195 - https://github.com/SenpaiX00/OSCP-Survival +CVE-2016-5195 - https://github.com/SenukDias/OSCP_cheat CVE-2016-5195 - https://github.com/SexyBeast233/SecBooks CVE-2016-5195 - https://github.com/Shadowshusky/linux-kernel-exploits CVE-2016-5195 - https://github.com/Shadowven/Vulnerability_Reproduction @@ -26682,6 +26775,7 @@ CVE-2016-5198 - https://github.com/ARPSyndicate/cvemon CVE-2016-5198 - https://github.com/Ostorlab/KEV CVE-2016-5198 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2016-5198 - https://github.com/lnick2023/nicenice +CVE-2016-5198 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-5198 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-5198 - https://github.com/tunz/js-vuln-db CVE-2016-5198 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -26689,6 +26783,7 @@ CVE-2016-5199 - https://github.com/BushraAloraini/Android-Vulnerabilities CVE-2016-5200 - https://github.com/ARPSyndicate/cvemon CVE-2016-5200 - https://github.com/BushraAloraini/Android-Vulnerabilities CVE-2016-5200 - https://github.com/lnick2023/nicenice +CVE-2016-5200 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-5200 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-5200 - https://github.com/tunz/js-vuln-db CVE-2016-5200 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -28048,6 +28143,7 @@ CVE-2016-7188 - https://github.com/ARPSyndicate/cvemon CVE-2016-7189 - https://github.com/ARPSyndicate/cvemon CVE-2016-7189 - https://github.com/lnick2023/nicenice CVE-2016-7189 - https://github.com/mynameisv/MMSBGA +CVE-2016-7189 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-7189 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-7189 - https://github.com/tunz/js-vuln-db CVE-2016-7189 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -28055,6 +28151,7 @@ CVE-2016-7190 - https://github.com/0xcl/cve-2016-7190 CVE-2016-7190 - https://github.com/ARPSyndicate/cvemon CVE-2016-7190 - https://github.com/lnick2023/nicenice CVE-2016-7190 - https://github.com/mynameisv/MMSBGA +CVE-2016-7190 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-7190 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-7190 - https://github.com/tunz/js-vuln-db CVE-2016-7190 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -28067,6 +28164,7 @@ CVE-2016-7193 - https://github.com/qiantu88/office-cve CVE-2016-7194 - https://github.com/ARPSyndicate/cvemon CVE-2016-7194 - https://github.com/lnick2023/nicenice CVE-2016-7194 - https://github.com/mynameisv/MMSBGA +CVE-2016-7194 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-7194 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-7194 - https://github.com/tunz/js-vuln-db CVE-2016-7194 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -28088,6 +28186,7 @@ CVE-2016-7200 - https://github.com/hktalent/TOP CVE-2016-7200 - https://github.com/jbmihoub/all-poc CVE-2016-7200 - https://github.com/lnick2023/nicenice CVE-2016-7200 - https://github.com/nyerkym/sectools +CVE-2016-7200 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-7200 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-7200 - https://github.com/theori-io/chakra-2016-11 CVE-2016-7200 - https://github.com/trhacknon/chakra-2016-11 @@ -28109,6 +28208,7 @@ CVE-2016-7201 - https://github.com/hktalent/TOP CVE-2016-7201 - https://github.com/jbmihoub/all-poc CVE-2016-7201 - https://github.com/lnick2023/nicenice CVE-2016-7201 - https://github.com/nyerkym/sectools +CVE-2016-7201 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-7201 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-7201 - https://github.com/theori-io/chakra-2016-11 CVE-2016-7201 - https://github.com/trhacknon/chakra-2016-11 @@ -28118,11 +28218,13 @@ CVE-2016-7201 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2016-7202 - https://github.com/ARPSyndicate/cvemon CVE-2016-7202 - https://github.com/lnick2023/nicenice CVE-2016-7202 - https://github.com/mynameisv/MMSBGA +CVE-2016-7202 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-7202 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-7202 - https://github.com/tunz/js-vuln-db CVE-2016-7202 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2016-7203 - https://github.com/ARPSyndicate/cvemon CVE-2016-7203 - https://github.com/lnick2023/nicenice +CVE-2016-7203 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-7203 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-7203 - https://github.com/tunz/js-vuln-db CVE-2016-7203 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -28151,12 +28253,14 @@ CVE-2016-7232 - https://github.com/ARPSyndicate/cvemon CVE-2016-7232 - https://github.com/splunk-soar-connectors/flashpoint CVE-2016-7240 - https://github.com/ARPSyndicate/cvemon CVE-2016-7240 - https://github.com/lnick2023/nicenice +CVE-2016-7240 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-7240 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-7240 - https://github.com/tunz/js-vuln-db CVE-2016-7240 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2016-7241 - https://github.com/0xdade/bugname.club CVE-2016-7241 - https://github.com/ARPSyndicate/cvemon CVE-2016-7241 - https://github.com/lnick2023/nicenice +CVE-2016-7241 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-7241 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-7241 - https://github.com/tunz/js-vuln-db CVE-2016-7241 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -28192,6 +28296,7 @@ CVE-2016-7255 - https://github.com/Iamgublin/CVE-2019-0803 CVE-2016-7255 - https://github.com/Iamgublin/CVE-2020-1054 CVE-2016-7255 - https://github.com/JERRY123S/all-poc CVE-2016-7255 - https://github.com/LegendSaber/exp +CVE-2016-7255 - https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources CVE-2016-7255 - https://github.com/NitroA/windowsexpoitationresources CVE-2016-7255 - https://github.com/NullArray/WinKernel-Resources CVE-2016-7255 - https://github.com/Ondrik8/RED-Team @@ -28248,11 +28353,13 @@ CVE-2016-7266 - https://github.com/splunk-soar-connectors/flashpoint CVE-2016-7274 - https://github.com/ARPSyndicate/cvemon CVE-2016-7286 - https://github.com/ARPSyndicate/cvemon CVE-2016-7286 - https://github.com/lnick2023/nicenice +CVE-2016-7286 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-7286 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-7286 - https://github.com/tunz/js-vuln-db CVE-2016-7286 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2016-7287 - https://github.com/ARPSyndicate/cvemon CVE-2016-7287 - https://github.com/lnick2023/nicenice +CVE-2016-7287 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-7287 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-7287 - https://github.com/tunz/js-vuln-db CVE-2016-7287 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -28273,6 +28380,7 @@ CVE-2016-7288 - https://github.com/guzzisec/PENTESTING-BIBLE CVE-2016-7288 - https://github.com/hacker-insider/Hacking CVE-2016-7288 - https://github.com/lnick2023/nicenice CVE-2016-7288 - https://github.com/nitishbadole/PENTESTING-BIBLE +CVE-2016-7288 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-7288 - https://github.com/phant0n/PENTESTING-BIBLE CVE-2016-7288 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-7288 - https://github.com/readloud/Pentesting-Bible @@ -29001,6 +29109,7 @@ CVE-2016-8864 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-info CVE-2016-8864 - https://github.com/zzzWTF/db-13-01 CVE-2016-8866 - https://github.com/mrash/afl-cve CVE-2016-8867 - https://github.com/ARPSyndicate/cvemon +CVE-2016-8869 - https://github.com/0neXo0r/Exploits CVE-2016-8869 - https://github.com/0x43f/Exploits CVE-2016-8869 - https://github.com/ARPSyndicate/cvemon CVE-2016-8869 - https://github.com/Micr067/CMS-Hunter @@ -29023,6 +29132,7 @@ CVE-2016-8869 - https://github.com/sunsunza2009/Joomla-3.4.4-3.6.4_CVE-2016-8869 CVE-2016-8869 - https://github.com/tu3n4nh/OWASP-Testing-Guide-v4-Table-of-Contents CVE-2016-8869 - https://github.com/yige666/CMS-Hunter CVE-2016-8869 - https://github.com/zugetor/Joomla-3.4.4-3.6.4_CVE-2016-8869_and_CVE-2016-8870 +CVE-2016-8870 - https://github.com/0neXo0r/Exploits CVE-2016-8870 - https://github.com/0x43f/Exploits CVE-2016-8870 - https://github.com/ARPSyndicate/cvemon CVE-2016-8870 - https://github.com/R0B1NL1N/E-x-p-l-o-i-t-s @@ -29387,6 +29497,7 @@ CVE-2016-9633 - https://github.com/mrash/afl-cve CVE-2016-9643 - https://github.com/ARPSyndicate/cvemon CVE-2016-9651 - https://github.com/ARPSyndicate/cvemon CVE-2016-9651 - https://github.com/lnick2023/nicenice +CVE-2016-9651 - https://github.com/otravidaahora2t/js-vuln-db CVE-2016-9651 - https://github.com/qazbnm456/awesome-cve-poc CVE-2016-9651 - https://github.com/secmob/pwnfest2016 CVE-2016-9651 - https://github.com/tunz/js-vuln-db @@ -29612,6 +29723,7 @@ CVE-2017-0005 - https://github.com/0xpetros/windows-privilage-escalation CVE-2017-0005 - https://github.com/Ascotbe/Kernelhub CVE-2017-0005 - https://github.com/Cruxer8Mech/Idk CVE-2017-0005 - https://github.com/FULLSHADE/WindowsExploitationResources +CVE-2017-0005 - https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources CVE-2017-0005 - https://github.com/NitroA/windowsexpoitationresources CVE-2017-0005 - https://github.com/NullArray/WinKernel-Resources CVE-2017-0005 - https://github.com/Ondrik8/exploit @@ -29642,6 +29754,7 @@ CVE-2017-0011 - https://github.com/0xT11/CVE-POC CVE-2017-0014 - https://github.com/homjxi0e/CVE-2017-0108 CVE-2017-0015 - https://github.com/ARPSyndicate/cvemon CVE-2017-0015 - https://github.com/lnick2023/nicenice +CVE-2017-0015 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-0015 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-0015 - https://github.com/tunz/js-vuln-db CVE-2017-0015 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -29732,6 +29845,7 @@ CVE-2017-0070 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-0070 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-0071 - https://github.com/ARPSyndicate/cvemon CVE-2017-0071 - https://github.com/lnick2023/nicenice +CVE-2017-0071 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-0071 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-0071 - https://github.com/tunz/js-vuln-db CVE-2017-0071 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -29801,6 +29915,7 @@ CVE-2017-0133 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-0133 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-0134 - https://github.com/ARPSyndicate/cvemon CVE-2017-0134 - https://github.com/lnick2023/nicenice +CVE-2017-0134 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-0134 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-0134 - https://github.com/tunz/js-vuln-db CVE-2017-0134 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -29827,6 +29942,7 @@ CVE-2017-0140 - https://github.com/tolgadevsec/PHP-Security-Cheatsheet CVE-2017-0140 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-0141 - https://github.com/ARPSyndicate/cvemon CVE-2017-0141 - https://github.com/lnick2023/nicenice +CVE-2017-0141 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-0141 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-0141 - https://github.com/tunz/js-vuln-db CVE-2017-0141 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -30015,6 +30131,7 @@ CVE-2017-0144 - https://github.com/Ratlesv/Scan4all CVE-2017-0144 - https://github.com/RedYetiDev/RedYetiDev CVE-2017-0144 - https://github.com/RodrigoVarasLopez/Download-Scanners-from-Nessus-8.7-using-the-API CVE-2017-0144 - https://github.com/SaintsConnor/Exploits +CVE-2017-0144 - https://github.com/SenukDias/OSCP_cheat CVE-2017-0144 - https://github.com/ShubhamGuptaIN/WannaCry-ransomware-attack-Virus CVE-2017-0144 - https://github.com/SirElmard/ethical_hacking CVE-2017-0144 - https://github.com/Totes5706/TotesHTB @@ -30412,6 +30529,7 @@ CVE-2017-0199 - https://github.com/R0B1NL1N/APTnotes CVE-2017-0199 - https://github.com/RxXwx3x/Redteam CVE-2017-0199 - https://github.com/S3cur3Th1sSh1t/Pentest-Tools CVE-2017-0199 - https://github.com/Saidul-M-Khan/Red-Teaming-Toolkit +CVE-2017-0199 - https://github.com/SenukDias/OSCP_cheat CVE-2017-0199 - https://github.com/SirElmard/ethical_hacking CVE-2017-0199 - https://github.com/Soldie/Red-Team-Tool-Kit---Shr3dKit CVE-2017-0199 - https://github.com/Sunqiz/CVE-2017-0199-reprofuction @@ -30740,6 +30858,7 @@ CVE-2017-0230 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-0230 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-0234 - https://github.com/ARPSyndicate/cvemon CVE-2017-0234 - https://github.com/lnick2023/nicenice +CVE-2017-0234 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-0234 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-0234 - https://github.com/tunz/js-vuln-db CVE-2017-0234 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -30749,6 +30868,7 @@ CVE-2017-0235 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-0235 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-0236 - https://github.com/ARPSyndicate/cvemon CVE-2017-0236 - https://github.com/lnick2023/nicenice +CVE-2017-0236 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-0236 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-0236 - https://github.com/tunz/js-vuln-db CVE-2017-0236 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -32110,6 +32230,7 @@ CVE-2017-10271 - https://github.com/hktalent/TOP CVE-2017-10271 - https://github.com/hktalent/bug-bounty CVE-2017-10271 - https://github.com/hktalent/myhktools CVE-2017-10271 - https://github.com/hmoytx/weblogicscan +CVE-2017-10271 - https://github.com/huan-cdm/secure_tools_link CVE-2017-10271 - https://github.com/hxysaury/saury-vulnhub CVE-2017-10271 - https://github.com/ianxtianxt/-CVE-2017-10271- CVE-2017-10271 - https://github.com/iceberg-N/WL_Scan_GO @@ -32161,6 +32282,7 @@ CVE-2017-10271 - https://github.com/pizza-power/weblogic-CVE-2019-2729-POC CVE-2017-10271 - https://github.com/pjgmonteiro/Pentest-tools CVE-2017-10271 - https://github.com/pssss/CVE-2017-10271 CVE-2017-10271 - https://github.com/pwnagelabs/VEF +CVE-2017-10271 - https://github.com/q99266/saury-vulnhub CVE-2017-10271 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-10271 - https://github.com/qi4L/WeblogicScan.go CVE-2017-10271 - https://github.com/qince1455373819/awesome-honeypots @@ -32648,6 +32770,7 @@ CVE-2017-11761 - https://github.com/ARPSyndicate/cvemon CVE-2017-11761 - https://github.com/shelly-cn/ExchangeCVESearch CVE-2017-11764 - https://github.com/ARPSyndicate/cvemon CVE-2017-11764 - https://github.com/lnick2023/nicenice +CVE-2017-11764 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11764 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11764 - https://github.com/tunz/js-vuln-db CVE-2017-11764 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -32684,6 +32807,7 @@ CVE-2017-11793 - https://github.com/lnick2023/nicenice CVE-2017-11793 - https://github.com/marckwei/temp CVE-2017-11793 - https://github.com/merlinepedra/DONATO CVE-2017-11793 - https://github.com/merlinepedra25/DONATO +CVE-2017-11793 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11793 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11793 - https://github.com/tunz/js-vuln-db CVE-2017-11793 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -32701,6 +32825,7 @@ CVE-2017-11798 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11798 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-11799 - https://github.com/ARPSyndicate/cvemon CVE-2017-11799 - https://github.com/lnick2023/nicenice +CVE-2017-11799 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11799 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11799 - https://github.com/tunz/js-vuln-db CVE-2017-11799 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -32714,6 +32839,7 @@ CVE-2017-11801 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11801 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-11802 - https://github.com/ARPSyndicate/cvemon CVE-2017-11802 - https://github.com/lnick2023/nicenice +CVE-2017-11802 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11802 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11802 - https://github.com/tunz/js-vuln-db CVE-2017-11802 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -32739,6 +32865,7 @@ CVE-2017-11808 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11808 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-11809 - https://github.com/ARPSyndicate/cvemon CVE-2017-11809 - https://github.com/lnick2023/nicenice +CVE-2017-11809 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11809 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11809 - https://github.com/tunz/js-vuln-db CVE-2017-11809 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -32749,6 +32876,7 @@ CVE-2017-11810 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11810 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-11811 - https://github.com/ARPSyndicate/cvemon CVE-2017-11811 - https://github.com/lnick2023/nicenice +CVE-2017-11811 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11811 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11811 - https://github.com/tunz/js-vuln-db CVE-2017-11811 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -32801,16 +32929,19 @@ CVE-2017-11838 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11838 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-11839 - https://github.com/ARPSyndicate/cvemon CVE-2017-11839 - https://github.com/lnick2023/nicenice +CVE-2017-11839 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11839 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11839 - https://github.com/tunz/js-vuln-db CVE-2017-11839 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-11840 - https://github.com/ARPSyndicate/cvemon CVE-2017-11840 - https://github.com/lnick2023/nicenice +CVE-2017-11840 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11840 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11840 - https://github.com/tunz/js-vuln-db CVE-2017-11840 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-11841 - https://github.com/ARPSyndicate/cvemon CVE-2017-11841 - https://github.com/lnick2023/nicenice +CVE-2017-11841 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11841 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11841 - https://github.com/tunz/js-vuln-db CVE-2017-11841 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -32830,6 +32961,7 @@ CVE-2017-11855 - https://github.com/lnick2023/nicenice CVE-2017-11855 - https://github.com/marckwei/temp CVE-2017-11855 - https://github.com/merlinepedra/DONATO CVE-2017-11855 - https://github.com/merlinepedra25/DONATO +CVE-2017-11855 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11855 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11855 - https://github.com/tunz/js-vuln-db CVE-2017-11855 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -32846,6 +32978,7 @@ CVE-2017-11859 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11859 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-11861 - https://github.com/ARPSyndicate/cvemon CVE-2017-11861 - https://github.com/lnick2023/nicenice +CVE-2017-11861 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11861 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11861 - https://github.com/tunz/js-vuln-db CVE-2017-11861 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -32863,6 +32996,7 @@ CVE-2017-11869 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11869 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-11870 - https://github.com/ARPSyndicate/cvemon CVE-2017-11870 - https://github.com/lnick2023/nicenice +CVE-2017-11870 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11870 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11870 - https://github.com/tunz/js-vuln-db CVE-2017-11870 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -32872,6 +33006,7 @@ CVE-2017-11871 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11871 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-11873 - https://github.com/ARPSyndicate/cvemon CVE-2017-11873 - https://github.com/lnick2023/nicenice +CVE-2017-11873 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11873 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11873 - https://github.com/tunz/js-vuln-db CVE-2017-11873 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -33089,11 +33224,13 @@ CVE-2017-11889 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11889 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-11890 - https://github.com/ARPSyndicate/cvemon CVE-2017-11890 - https://github.com/lnick2023/nicenice +CVE-2017-11890 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11890 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11890 - https://github.com/tunz/js-vuln-db CVE-2017-11890 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-11893 - https://github.com/ARPSyndicate/cvemon CVE-2017-11893 - https://github.com/lnick2023/nicenice +CVE-2017-11893 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11893 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11893 - https://github.com/tunz/js-vuln-db CVE-2017-11893 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -33115,6 +33252,7 @@ CVE-2017-11903 - https://github.com/lnick2023/nicenice CVE-2017-11903 - https://github.com/marckwei/temp CVE-2017-11903 - https://github.com/merlinepedra/DONATO CVE-2017-11903 - https://github.com/merlinepedra25/DONATO +CVE-2017-11903 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11903 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11903 - https://github.com/tunz/js-vuln-db CVE-2017-11903 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -33128,6 +33266,7 @@ CVE-2017-11906 - https://github.com/lnick2023/nicenice CVE-2017-11906 - https://github.com/marckwei/temp CVE-2017-11906 - https://github.com/merlinepedra/DONATO CVE-2017-11906 - https://github.com/merlinepedra25/DONATO +CVE-2017-11906 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11906 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11906 - https://github.com/tunz/js-vuln-db CVE-2017-11906 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -33138,6 +33277,7 @@ CVE-2017-11907 - https://github.com/lnick2023/nicenice CVE-2017-11907 - https://github.com/marckwei/temp CVE-2017-11907 - https://github.com/merlinepedra/DONATO CVE-2017-11907 - https://github.com/merlinepedra25/DONATO +CVE-2017-11907 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11907 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11907 - https://github.com/tunz/js-vuln-db CVE-2017-11907 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -33147,6 +33287,7 @@ CVE-2017-11908 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11908 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-11909 - https://github.com/ARPSyndicate/cvemon CVE-2017-11909 - https://github.com/lnick2023/nicenice +CVE-2017-11909 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11909 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11909 - https://github.com/tunz/js-vuln-db CVE-2017-11909 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -33156,6 +33297,7 @@ CVE-2017-11910 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11910 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-11911 - https://github.com/ARPSyndicate/cvemon CVE-2017-11911 - https://github.com/lnick2023/nicenice +CVE-2017-11911 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11911 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11911 - https://github.com/tunz/js-vuln-db CVE-2017-11911 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -33170,6 +33312,7 @@ CVE-2017-11913 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11913 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-11914 - https://github.com/ARPSyndicate/cvemon CVE-2017-11914 - https://github.com/lnick2023/nicenice +CVE-2017-11914 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11914 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11914 - https://github.com/tunz/js-vuln-db CVE-2017-11914 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -33179,6 +33322,7 @@ CVE-2017-11916 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11916 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-11918 - https://github.com/ARPSyndicate/cvemon CVE-2017-11918 - https://github.com/lnick2023/nicenice +CVE-2017-11918 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-11918 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-11918 - https://github.com/tunz/js-vuln-db CVE-2017-11918 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -33626,6 +33770,7 @@ CVE-2017-12615 - https://github.com/oneplus-x/MS17-010 CVE-2017-12615 - https://github.com/onewinner/VulToolsKit CVE-2017-12615 - https://github.com/password520/Penetration_PoC CVE-2017-12615 - https://github.com/password520/RedTeamer +CVE-2017-12615 - https://github.com/q99266/saury-vulnhub CVE-2017-12615 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-12615 - https://github.com/qiantu88/Tomcat-Exploit CVE-2017-12615 - https://github.com/qiwentaidi/Slack @@ -33922,6 +34067,7 @@ CVE-2017-12794 - https://github.com/gnarkill78/CSA_S2_2024 CVE-2017-12794 - https://github.com/hktalent/bug-bounty CVE-2017-12794 - https://github.com/hxysaury/saury-vulnhub CVE-2017-12794 - https://github.com/kenuosec/youzai +CVE-2017-12794 - https://github.com/q99266/saury-vulnhub CVE-2017-12794 - https://github.com/qian-shen/youzai CVE-2017-12794 - https://github.com/reph0r/poc-exp CVE-2017-12794 - https://github.com/reph0r/poc-exp-tools @@ -34622,6 +34768,7 @@ CVE-2017-14849 - https://github.com/mengdaya/Web-CTF-Cheatsheet CVE-2017-14849 - https://github.com/merlinepedra/nuclei-templates CVE-2017-14849 - https://github.com/merlinepedra25/nuclei-templates CVE-2017-14849 - https://github.com/openx-org/BLEN +CVE-2017-14849 - https://github.com/q99266/saury-vulnhub CVE-2017-14849 - https://github.com/ronoski/j2ee-rscan CVE-2017-14849 - https://github.com/snyk-labs/container-breaking-in-goof CVE-2017-14849 - https://github.com/sobinge/nuclei-templates @@ -34696,6 +34843,7 @@ CVE-2017-14960 - https://github.com/ARPSyndicate/cvemon CVE-2017-14961 - https://github.com/0xcyberpj/windows-exploitation CVE-2017-14961 - https://github.com/0xpetros/windows-privilage-escalation CVE-2017-14961 - https://github.com/FULLSHADE/WindowsExploitationResources +CVE-2017-14961 - https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources CVE-2017-14961 - https://github.com/NitroA/windowsexpoitationresources CVE-2017-14961 - https://github.com/NullArray/WinKernel-Resources CVE-2017-14961 - https://github.com/TamilHackz/windows-exploitation @@ -34903,6 +35051,7 @@ CVE-2017-15399 - https://github.com/ARPSyndicate/cvemon CVE-2017-15399 - https://github.com/IMULMUL/WebAssemblyCVE CVE-2017-15399 - https://github.com/hwiwonl/dayone CVE-2017-15399 - https://github.com/lnick2023/nicenice +CVE-2017-15399 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-15399 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-15399 - https://github.com/tunz/js-vuln-db CVE-2017-15399 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -34911,6 +35060,7 @@ CVE-2017-15400 - https://github.com/vulsio/goval-dictionary CVE-2017-15401 - https://github.com/ARPSyndicate/cvemon CVE-2017-15401 - https://github.com/IMULMUL/WebAssemblyCVE CVE-2017-15401 - https://github.com/lnick2023/nicenice +CVE-2017-15401 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-15401 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-15401 - https://github.com/tunz/js-vuln-db CVE-2017-15401 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -35165,6 +35315,7 @@ CVE-2017-15715 - https://github.com/hxysaury/saury-vulnhub CVE-2017-15715 - https://github.com/intrigueio/intrigue-ident CVE-2017-15715 - https://github.com/jiushill/haq5201314 CVE-2017-15715 - https://github.com/kabir0104k/ethan +CVE-2017-15715 - https://github.com/q99266/saury-vulnhub CVE-2017-15715 - https://github.com/retr0-13/nrich CVE-2017-15715 - https://github.com/rnbochsr/yr_of_the_jellyfish CVE-2017-15715 - https://github.com/rochoabanuelos/Red-Team-vs-Blue-Team-Analysis @@ -36509,6 +36660,7 @@ CVE-2017-18640 - https://github.com/AwsAlbayati/Software-Security CVE-2017-18640 - https://github.com/GangOf7/WebApp CVE-2017-18640 - https://github.com/adioss/snakeyaml-test CVE-2017-18640 - https://github.com/danielps99/startquarkus +CVE-2017-18640 - https://github.com/ytono/gcp-arcade CVE-2017-18697 - https://github.com/ARPSyndicate/cvemon CVE-2017-18697 - https://github.com/starnightcyber/cve_for_today CVE-2017-18926 - https://github.com/Live-Hack-CVE/CVE-2017-18926 @@ -36664,6 +36816,7 @@ CVE-2017-2446 - https://github.com/elinakrmova/awesome-web-security CVE-2017-2446 - https://github.com/lnick2023/nicenice CVE-2017-2446 - https://github.com/m1ghtym0/browser-pwn CVE-2017-2446 - https://github.com/mishmashclone/qazbnm456-awesome-web-security +CVE-2017-2446 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-2446 - https://github.com/paulveillard/cybersecurity-web-security CVE-2017-2446 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-2446 - https://github.com/qazbnm456/awesome-web-security @@ -36673,6 +36826,7 @@ CVE-2017-2446 - https://github.com/winterwolf32/Web-security CVE-2017-2446 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-2447 - https://github.com/ARPSyndicate/cvemon CVE-2017-2447 - https://github.com/lnick2023/nicenice +CVE-2017-2447 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-2447 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-2447 - https://github.com/tunz/js-vuln-db CVE-2017-2447 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -36700,6 +36854,7 @@ CVE-2017-2460 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-2460 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-2464 - https://github.com/ARPSyndicate/cvemon CVE-2017-2464 - https://github.com/lnick2023/nicenice +CVE-2017-2464 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-2464 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-2464 - https://github.com/r0ysue/OSG-TranslationTeam CVE-2017-2464 - https://github.com/tunz/js-vuln-db @@ -36743,6 +36898,7 @@ CVE-2017-2480 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-2491 - https://github.com/ARPSyndicate/cvemon CVE-2017-2491 - https://github.com/hedgeberg/PegMii-Boogaloo CVE-2017-2491 - https://github.com/lnick2023/nicenice +CVE-2017-2491 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-2491 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-2491 - https://github.com/r0ysue/OSG-TranslationTeam CVE-2017-2491 - https://github.com/tunz/js-vuln-db @@ -36777,6 +36933,7 @@ CVE-2017-2519 - https://github.com/ARPSyndicate/cvemon CVE-2017-2519 - https://github.com/victoriza/claire CVE-2017-2521 - https://github.com/ARPSyndicate/cvemon CVE-2017-2521 - https://github.com/lnick2023/nicenice +CVE-2017-2521 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-2521 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-2521 - https://github.com/tunz/js-vuln-db CVE-2017-2521 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -36788,6 +36945,7 @@ CVE-2017-2528 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-2528 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-2531 - https://github.com/ARPSyndicate/cvemon CVE-2017-2531 - https://github.com/lnick2023/nicenice +CVE-2017-2531 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-2531 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-2531 - https://github.com/tunz/js-vuln-db CVE-2017-2531 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -36798,6 +36956,7 @@ CVE-2017-2535 - https://github.com/maximehip/Safari-iOS10.3.2-macOS-10.12.4-expl CVE-2017-2536 - https://github.com/ARPSyndicate/cvemon CVE-2017-2536 - https://github.com/SkyBulk/RealWorldPwn CVE-2017-2536 - https://github.com/lnick2023/nicenice +CVE-2017-2536 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-2536 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-2536 - https://github.com/tunz/js-vuln-db CVE-2017-2536 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -36820,6 +36979,7 @@ CVE-2017-2547 - https://github.com/SkyBulk/RealWorldPwn CVE-2017-2547 - https://github.com/externalist/exploit_playground CVE-2017-2547 - https://github.com/likescam/exploit_playground_lists_androidCVE CVE-2017-2547 - https://github.com/lnick2023/nicenice +CVE-2017-2547 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-2547 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-2547 - https://github.com/theori-io/zer0con2018_singi CVE-2017-2547 - https://github.com/tunz/js-vuln-db @@ -37209,6 +37369,7 @@ CVE-2017-3248 - https://github.com/hanc00l/some_pocsuite CVE-2017-3248 - https://github.com/hanc00l/weblogic_unserialize_exploit CVE-2017-3248 - https://github.com/hktalent/TOP CVE-2017-3248 - https://github.com/hmoytx/weblogicscan +CVE-2017-3248 - https://github.com/huan-cdm/secure_tools_link CVE-2017-3248 - https://github.com/ianxtianxt/CVE-2017-3248 CVE-2017-3248 - https://github.com/iceberg-N/WL_Scan_GO CVE-2017-3248 - https://github.com/jbmihoub/all-poc @@ -37311,6 +37472,7 @@ CVE-2017-3506 - https://github.com/forhub2021/weblogicScanner CVE-2017-3506 - https://github.com/heane404/CVE_scan CVE-2017-3506 - https://github.com/hktalent/TOP CVE-2017-3506 - https://github.com/hmoytx/weblogicscan +CVE-2017-3506 - https://github.com/huan-cdm/secure_tools_link CVE-2017-3506 - https://github.com/ianxtianxt/CVE-2017-3506 CVE-2017-3506 - https://github.com/iceberg-N/WL_Scan_GO CVE-2017-3506 - https://github.com/jbmihoub/all-poc @@ -37623,6 +37785,7 @@ CVE-2017-5030 - https://github.com/Ostorlab/KEV CVE-2017-5030 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2017-5030 - https://github.com/gipi/cve-cemetery CVE-2017-5030 - https://github.com/lnick2023/nicenice +CVE-2017-5030 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-5030 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-5030 - https://github.com/tunz/js-vuln-db CVE-2017-5030 - https://github.com/wh1ant/vulnjs @@ -37643,6 +37806,7 @@ CVE-2017-5039 - https://github.com/0xCyberY/CVE-T4PDF CVE-2017-5039 - https://github.com/ARPSyndicate/cvemon CVE-2017-5040 - https://github.com/ARPSyndicate/cvemon CVE-2017-5040 - https://github.com/lnick2023/nicenice +CVE-2017-5040 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-5040 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-5040 - https://github.com/tunz/js-vuln-db CVE-2017-5040 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -37659,6 +37823,7 @@ CVE-2017-5051 - https://github.com/thdusdl1219/CVE-Study CVE-2017-5052 - https://github.com/ARPSyndicate/cvemon CVE-2017-5053 - https://github.com/ARPSyndicate/cvemon CVE-2017-5053 - https://github.com/lnick2023/nicenice +CVE-2017-5053 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-5053 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-5053 - https://github.com/tunz/js-vuln-db CVE-2017-5053 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -37672,12 +37837,14 @@ CVE-2017-5070 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detec CVE-2017-5070 - https://github.com/RingLcy/VulnerabilityAnalysisAndExploit CVE-2017-5070 - https://github.com/hwiwonl/dayone CVE-2017-5070 - https://github.com/lnick2023/nicenice +CVE-2017-5070 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-5070 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-5070 - https://github.com/tunz/js-vuln-db CVE-2017-5070 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-5070 - https://github.com/xuechiyaobai/V8_November_2017 CVE-2017-5071 - https://github.com/ARPSyndicate/cvemon CVE-2017-5071 - https://github.com/lnick2023/nicenice +CVE-2017-5071 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-5071 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-5071 - https://github.com/tunz/js-vuln-db CVE-2017-5071 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -37685,6 +37852,7 @@ CVE-2017-5087 - https://github.com/allpaca/chrome-sbx-db CVE-2017-5088 - https://github.com/ARPSyndicate/cvemon CVE-2017-5088 - https://github.com/IMULMUL/WebAssemblyCVE CVE-2017-5088 - https://github.com/lnick2023/nicenice +CVE-2017-5088 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-5088 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-5088 - https://github.com/tunz/js-vuln-db CVE-2017-5088 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -37693,6 +37861,7 @@ CVE-2017-5095 - https://github.com/0xCyberY/CVE-T4PDF CVE-2017-5095 - https://github.com/ARPSyndicate/cvemon CVE-2017-5098 - https://github.com/ARPSyndicate/cvemon CVE-2017-5098 - https://github.com/lnick2023/nicenice +CVE-2017-5098 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-5098 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-5098 - https://github.com/tunz/js-vuln-db CVE-2017-5098 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -37704,6 +37873,7 @@ CVE-2017-5114 - https://github.com/0xCyberY/CVE-T4PDF CVE-2017-5114 - https://github.com/ARPSyndicate/cvemon CVE-2017-5115 - https://github.com/ARPSyndicate/cvemon CVE-2017-5115 - https://github.com/lnick2023/nicenice +CVE-2017-5115 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-5115 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-5115 - https://github.com/tunz/js-vuln-db CVE-2017-5115 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -37711,6 +37881,7 @@ CVE-2017-5116 - https://github.com/ARPSyndicate/cvemon CVE-2017-5116 - https://github.com/IMULMUL/WebAssemblyCVE CVE-2017-5116 - https://github.com/chibataiki/ttttt CVE-2017-5116 - https://github.com/lnick2023/nicenice +CVE-2017-5116 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-5116 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-5116 - https://github.com/tunz/js-vuln-db CVE-2017-5116 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -37718,12 +37889,14 @@ CVE-2017-5121 - https://github.com/0xcl/clang-cfi-bypass-techniques CVE-2017-5121 - https://github.com/ARPSyndicate/cvemon CVE-2017-5121 - https://github.com/alphaSeclab/sec-daily-2019 CVE-2017-5121 - https://github.com/lnick2023/nicenice +CVE-2017-5121 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-5121 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-5121 - https://github.com/tunz/js-vuln-db CVE-2017-5121 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-5122 - https://github.com/ARPSyndicate/cvemon CVE-2017-5122 - https://github.com/IMULMUL/WebAssemblyCVE CVE-2017-5122 - https://github.com/lnick2023/nicenice +CVE-2017-5122 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-5122 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-5122 - https://github.com/tunz/js-vuln-db CVE-2017-5122 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -38482,6 +38655,7 @@ CVE-2017-5638 - https://github.com/pmihsan/Jex-Boss CVE-2017-5638 - https://github.com/pr0x1ma-byte/cybersecurity-struts2 CVE-2017-5638 - https://github.com/pr0x1ma-byte/cybersecurity-struts2-send CVE-2017-5638 - https://github.com/pthiagu2/Security-multi-stage-data-analysis +CVE-2017-5638 - https://github.com/q99266/saury-vulnhub CVE-2017-5638 - https://github.com/qashqao/jexboss CVE-2017-5638 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-5638 - https://github.com/random-robbie/CVE-2017-5638 @@ -38588,6 +38762,7 @@ CVE-2017-5645 - https://github.com/pen4uin/awesome-vulnerability-research CVE-2017-5645 - https://github.com/pen4uin/vulnerability-research CVE-2017-5645 - https://github.com/pen4uin/vulnerability-research-list CVE-2017-5645 - https://github.com/pimps/CVE-2017-5645 +CVE-2017-5645 - https://github.com/q99266/saury-vulnhub CVE-2017-5645 - https://github.com/shadow-horse/CVE-2019-17571 CVE-2017-5645 - https://github.com/spmonkey/spassassin CVE-2017-5645 - https://github.com/thl-cmk/CVE-log4j-check_mk-plugin @@ -39094,6 +39269,7 @@ CVE-2017-5929 - https://github.com/hinat0y/Dataset8 CVE-2017-5929 - https://github.com/hinat0y/Dataset9 CVE-2017-5929 - https://github.com/ilmari666/cybsec CVE-2017-5929 - https://github.com/yahoo/cubed +CVE-2017-5929 - https://github.com/ytono/gcp-arcade CVE-2017-5933 - https://github.com/nonce-disrespect/nonce-disrespect CVE-2017-5941 - https://github.com/ARPSyndicate/cvemon CVE-2017-5941 - https://github.com/Cr4zyD14m0nd137/Lab-for-cve-2018-15133 @@ -39607,6 +39783,7 @@ CVE-2017-6976 - https://github.com/ARPSyndicate/cvemon CVE-2017-6977 - https://github.com/maximehip/Safari-iOS10.3.2-macOS-10.12.4-exploit-Bugs CVE-2017-6980 - https://github.com/ARPSyndicate/cvemon CVE-2017-6980 - https://github.com/lnick2023/nicenice +CVE-2017-6980 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-6980 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-6980 - https://github.com/tunz/js-vuln-db CVE-2017-6980 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -39614,6 +39791,7 @@ CVE-2017-6982 - https://github.com/ARPSyndicate/cvemon CVE-2017-6982 - https://github.com/vincedes3/SpaceSpring CVE-2017-6984 - https://github.com/ARPSyndicate/cvemon CVE-2017-6984 - https://github.com/lnick2023/nicenice +CVE-2017-6984 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-6984 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-6984 - https://github.com/tunz/js-vuln-db CVE-2017-6984 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -39673,6 +39851,7 @@ CVE-2017-7049 - https://github.com/merlinepedra/DONATO CVE-2017-7049 - https://github.com/merlinepedra25/DONATO CVE-2017-7056 - https://github.com/ARPSyndicate/cvemon CVE-2017-7056 - https://github.com/lnick2023/nicenice +CVE-2017-7056 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-7056 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-7056 - https://github.com/tunz/js-vuln-db CVE-2017-7056 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -39680,6 +39859,7 @@ CVE-2017-7061 - https://github.com/ARPSyndicate/cvemon CVE-2017-7061 - https://github.com/MTJailed/MSF-Webkit-10.3 CVE-2017-7061 - https://github.com/TheLoneHaxor/jailbreakme103 CVE-2017-7061 - https://github.com/lnick2023/nicenice +CVE-2017-7061 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-7061 - https://github.com/pwnuriphone/pwnuriphone.github.io CVE-2017-7061 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-7061 - https://github.com/tunz/js-vuln-db @@ -39695,6 +39875,7 @@ CVE-2017-7089 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-7092 - https://github.com/ARPSyndicate/cvemon CVE-2017-7092 - https://github.com/NetW0rK1le3r/awesome-hacking-lists CVE-2017-7092 - https://github.com/lnick2023/nicenice +CVE-2017-7092 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-7092 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-7092 - https://github.com/readloud/Awesome-Stars CVE-2017-7092 - https://github.com/taielab/awesome-hacking-lists @@ -39708,6 +39889,7 @@ CVE-2017-7115 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-7115 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-7117 - https://github.com/ARPSyndicate/cvemon CVE-2017-7117 - https://github.com/lnick2023/nicenice +CVE-2017-7117 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-7117 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-7117 - https://github.com/tunz/js-vuln-db CVE-2017-7117 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -41035,6 +41217,7 @@ CVE-2017-8046 - https://github.com/m3ssap0/spring-break_cve-2017-8046 CVE-2017-8046 - https://github.com/nBp1Ng/FrameworkAndComponentVulnerabilities CVE-2017-8046 - https://github.com/nBp1Ng/SpringFramework-Vul CVE-2017-8046 - https://github.com/nihaohello/N-MiddlewareScan +CVE-2017-8046 - https://github.com/q99266/saury-vulnhub CVE-2017-8046 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-8046 - https://github.com/ronoski/j2ee-rscan CVE-2017-8046 - https://github.com/sj/spring-data-rest-CVE-2017-8046 @@ -41172,6 +41355,7 @@ CVE-2017-8337 - https://github.com/ethanhunnt/IoT_vulnerabilities CVE-2017-8357 - https://github.com/ARPSyndicate/cvemon CVE-2017-8360 - https://github.com/ARPSyndicate/cvemon CVE-2017-8360 - https://github.com/ffffffff0x/Dork-Admin +CVE-2017-8360 - https://github.com/orgTestCodacy11KRepos110MB/repo-1492-Dork-Admin CVE-2017-8360 - https://github.com/thom-s/nessus-compliance CVE-2017-8361 - https://github.com/andir/nixos-issue-db-example CVE-2017-8362 - https://github.com/andir/nixos-issue-db-example @@ -41447,6 +41631,7 @@ CVE-2017-8543 - https://github.com/ycdxsb/WindowsPrivilegeEscalation CVE-2017-8548 - https://github.com/ARPSyndicate/cvemon CVE-2017-8548 - https://github.com/DaramG/IS571-ACSP-Fall-2018 CVE-2017-8548 - https://github.com/lnick2023/nicenice +CVE-2017-8548 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-8548 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-8548 - https://github.com/tunz/js-vuln-db CVE-2017-8548 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -41591,6 +41776,7 @@ CVE-2017-8601 - https://github.com/BLACKHAT-SSG/EXP-401-OSEE CVE-2017-8601 - https://github.com/PwnAwan/EXP-401-OSEE CVE-2017-8601 - https://github.com/gscamelo/OSEE CVE-2017-8601 - https://github.com/lnick2023/nicenice +CVE-2017-8601 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-8601 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-8601 - https://github.com/tunz/js-vuln-db CVE-2017-8601 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -41726,6 +41912,7 @@ CVE-2017-8630 - https://github.com/debasishm89/OpenXMolar CVE-2017-8634 - https://github.com/ARPSyndicate/cvemon CVE-2017-8634 - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject CVE-2017-8634 - https://github.com/lnick2023/nicenice +CVE-2017-8634 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-8634 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-8634 - https://github.com/tunz/js-vuln-db CVE-2017-8634 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -41737,6 +41924,7 @@ CVE-2017-8635 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-8636 - https://github.com/ARPSyndicate/cvemon CVE-2017-8636 - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject CVE-2017-8636 - https://github.com/lnick2023/nicenice +CVE-2017-8636 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-8636 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-8636 - https://github.com/tunz/js-vuln-db CVE-2017-8636 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -41754,6 +41942,7 @@ CVE-2017-8639 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-8640 - https://github.com/ARPSyndicate/cvemon CVE-2017-8640 - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject CVE-2017-8640 - https://github.com/lnick2023/nicenice +CVE-2017-8640 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-8640 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-8640 - https://github.com/tunz/js-vuln-db CVE-2017-8640 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -41771,12 +41960,14 @@ CVE-2017-8644 - https://github.com/merlinepedra25/DONATO CVE-2017-8645 - https://github.com/ARPSyndicate/cvemon CVE-2017-8645 - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject CVE-2017-8645 - https://github.com/lnick2023/nicenice +CVE-2017-8645 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-8645 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-8645 - https://github.com/tunz/js-vuln-db CVE-2017-8645 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-8646 - https://github.com/ARPSyndicate/cvemon CVE-2017-8646 - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject CVE-2017-8646 - https://github.com/lnick2023/nicenice +CVE-2017-8646 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-8646 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-8646 - https://github.com/tunz/js-vuln-db CVE-2017-8646 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -41801,12 +41992,14 @@ CVE-2017-8655 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-8656 - https://github.com/ARPSyndicate/cvemon CVE-2017-8656 - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject CVE-2017-8656 - https://github.com/lnick2023/nicenice +CVE-2017-8656 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-8656 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-8656 - https://github.com/tunz/js-vuln-db CVE-2017-8656 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-8657 - https://github.com/ARPSyndicate/cvemon CVE-2017-8657 - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject CVE-2017-8657 - https://github.com/lnick2023/nicenice +CVE-2017-8657 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-8657 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-8657 - https://github.com/tunz/js-vuln-db CVE-2017-8657 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -41818,12 +42011,14 @@ CVE-2017-8662 - https://github.com/ARPSyndicate/cvemon CVE-2017-8670 - https://github.com/ARPSyndicate/cvemon CVE-2017-8670 - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject CVE-2017-8670 - https://github.com/lnick2023/nicenice +CVE-2017-8670 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-8670 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-8670 - https://github.com/tunz/js-vuln-db CVE-2017-8670 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-8671 - https://github.com/ARPSyndicate/cvemon CVE-2017-8671 - https://github.com/homjxi0e/CVE-2017-8641_chakra_Js_GlobalObject CVE-2017-8671 - https://github.com/lnick2023/nicenice +CVE-2017-8671 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-8671 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-8671 - https://github.com/tunz/js-vuln-db CVE-2017-8671 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -41879,6 +42074,7 @@ CVE-2017-8723 - https://github.com/ARPSyndicate/cvemon CVE-2017-8724 - https://github.com/ARPSyndicate/cvemon CVE-2017-8729 - https://github.com/ARPSyndicate/cvemon CVE-2017-8729 - https://github.com/lnick2023/nicenice +CVE-2017-8729 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-8729 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-8729 - https://github.com/tunz/js-vuln-db CVE-2017-8729 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -41896,6 +42092,7 @@ CVE-2017-8738 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-8738 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-8740 - https://github.com/ARPSyndicate/cvemon CVE-2017-8740 - https://github.com/lnick2023/nicenice +CVE-2017-8740 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-8740 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-8740 - https://github.com/tunz/js-vuln-db CVE-2017-8740 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -41922,6 +42119,7 @@ CVE-2017-8753 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2017-8754 - https://github.com/ARPSyndicate/cvemon CVE-2017-8755 - https://github.com/ARPSyndicate/cvemon CVE-2017-8755 - https://github.com/lnick2023/nicenice +CVE-2017-8755 - https://github.com/otravidaahora2t/js-vuln-db CVE-2017-8755 - https://github.com/qazbnm456/awesome-cve-poc CVE-2017-8755 - https://github.com/tunz/js-vuln-db CVE-2017-8755 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -43472,6 +43670,7 @@ CVE-2018-0752 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0752 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-0758 - https://github.com/ARPSyndicate/cvemon CVE-2018-0758 - https://github.com/lnick2023/nicenice +CVE-2018-0758 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0758 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0758 - https://github.com/tomoyamachi/gocarts CVE-2018-0758 - https://github.com/tunz/js-vuln-db @@ -43489,6 +43688,7 @@ CVE-2018-0763 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-0765 - https://github.com/ARPSyndicate/cvemon CVE-2018-0767 - https://github.com/ARPSyndicate/cvemon CVE-2018-0767 - https://github.com/lnick2023/nicenice +CVE-2018-0767 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0767 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0767 - https://github.com/tomoyamachi/gocarts CVE-2018-0767 - https://github.com/tunz/js-vuln-db @@ -43499,12 +43699,14 @@ CVE-2018-0768 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0768 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-0769 - https://github.com/ARPSyndicate/cvemon CVE-2018-0769 - https://github.com/lnick2023/nicenice +CVE-2018-0769 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0769 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0769 - https://github.com/tomoyamachi/gocarts CVE-2018-0769 - https://github.com/tunz/js-vuln-db CVE-2018-0769 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-0770 - https://github.com/ARPSyndicate/cvemon CVE-2018-0770 - https://github.com/lnick2023/nicenice +CVE-2018-0770 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0770 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0770 - https://github.com/tunz/js-vuln-db CVE-2018-0770 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -43518,21 +43720,25 @@ CVE-2018-0773 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0773 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-0774 - https://github.com/ARPSyndicate/cvemon CVE-2018-0774 - https://github.com/lnick2023/nicenice +CVE-2018-0774 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0774 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0774 - https://github.com/tunz/js-vuln-db CVE-2018-0774 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-0775 - https://github.com/ARPSyndicate/cvemon CVE-2018-0775 - https://github.com/lnick2023/nicenice +CVE-2018-0775 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0775 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0775 - https://github.com/tunz/js-vuln-db CVE-2018-0775 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-0776 - https://github.com/ARPSyndicate/cvemon CVE-2018-0776 - https://github.com/lnick2023/nicenice +CVE-2018-0776 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0776 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0776 - https://github.com/tunz/js-vuln-db CVE-2018-0776 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-0777 - https://github.com/ARPSyndicate/cvemon CVE-2018-0777 - https://github.com/lnick2023/nicenice +CVE-2018-0777 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0777 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0777 - https://github.com/tunz/js-vuln-db CVE-2018-0777 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -43542,6 +43748,7 @@ CVE-2018-0778 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0778 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-0780 - https://github.com/ARPSyndicate/cvemon CVE-2018-0780 - https://github.com/lnick2023/nicenice +CVE-2018-0780 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0780 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0780 - https://github.com/tunz/js-vuln-db CVE-2018-0780 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -43741,12 +43948,14 @@ CVE-2018-0833 - https://github.com/yiyebuhuijia/windows-kernel-exploits CVE-2018-0833 - https://github.com/zyjsuper/windows-kernel-exploits CVE-2018-0834 - https://github.com/ARPSyndicate/cvemon CVE-2018-0834 - https://github.com/lnick2023/nicenice +CVE-2018-0834 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0834 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0834 - https://github.com/tomoyamachi/gocarts CVE-2018-0834 - https://github.com/tunz/js-vuln-db CVE-2018-0834 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-0835 - https://github.com/ARPSyndicate/cvemon CVE-2018-0835 - https://github.com/lnick2023/nicenice +CVE-2018-0835 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0835 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0835 - https://github.com/tomoyamachi/gocarts CVE-2018-0835 - https://github.com/tunz/js-vuln-db @@ -43757,11 +43966,13 @@ CVE-2018-0836 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0836 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-0837 - https://github.com/ARPSyndicate/cvemon CVE-2018-0837 - https://github.com/lnick2023/nicenice +CVE-2018-0837 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0837 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0837 - https://github.com/tunz/js-vuln-db CVE-2018-0837 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-0838 - https://github.com/ARPSyndicate/cvemon CVE-2018-0838 - https://github.com/lnick2023/nicenice +CVE-2018-0838 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0838 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0838 - https://github.com/tunz/js-vuln-db CVE-2018-0838 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -43773,6 +43984,7 @@ CVE-2018-0840 - https://github.com/ARPSyndicate/cvemon CVE-2018-0840 - https://github.com/BlackburnHax/inntinn CVE-2018-0840 - https://github.com/Heretyc/inntinn CVE-2018-0840 - https://github.com/lnick2023/nicenice +CVE-2018-0840 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0840 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0840 - https://github.com/tunz/js-vuln-db CVE-2018-0840 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -43799,6 +44011,7 @@ CVE-2018-0859 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0859 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-0860 - https://github.com/ARPSyndicate/cvemon CVE-2018-0860 - https://github.com/lnick2023/nicenice +CVE-2018-0860 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0860 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0860 - https://github.com/tunz/js-vuln-db CVE-2018-0860 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -43882,6 +44095,7 @@ CVE-2018-0889 - https://github.com/tomoyamachi/gocarts CVE-2018-0889 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-0891 - https://github.com/ARPSyndicate/cvemon CVE-2018-0891 - https://github.com/lnick2023/nicenice +CVE-2018-0891 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0891 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0891 - https://github.com/tunz/js-vuln-db CVE-2018-0891 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -43907,11 +44121,13 @@ CVE-2018-0931 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0931 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-0933 - https://github.com/ARPSyndicate/cvemon CVE-2018-0933 - https://github.com/lnick2023/nicenice +CVE-2018-0933 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0933 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0933 - https://github.com/tunz/js-vuln-db CVE-2018-0933 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-0934 - https://github.com/ARPSyndicate/cvemon CVE-2018-0934 - https://github.com/lnick2023/nicenice +CVE-2018-0934 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0934 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0934 - https://github.com/tunz/js-vuln-db CVE-2018-0934 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -43921,6 +44137,7 @@ CVE-2018-0935 - https://github.com/lnick2023/nicenice CVE-2018-0935 - https://github.com/marckwei/temp CVE-2018-0935 - https://github.com/merlinepedra/DONATO CVE-2018-0935 - https://github.com/merlinepedra25/DONATO +CVE-2018-0935 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0935 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0935 - https://github.com/tunz/js-vuln-db CVE-2018-0935 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -43962,6 +44179,7 @@ CVE-2018-0952 - https://github.com/hectorgie/PoC-in-GitHub CVE-2018-0952 - https://github.com/txuswashere/Pentesting-Windows CVE-2018-0953 - https://github.com/ARPSyndicate/cvemon CVE-2018-0953 - https://github.com/lnick2023/nicenice +CVE-2018-0953 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0953 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0953 - https://github.com/tunz/js-vuln-db CVE-2018-0953 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -43982,6 +44200,7 @@ CVE-2018-0979 - https://github.com/tomoyamachi/gocarts CVE-2018-0979 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-0980 - https://github.com/ARPSyndicate/cvemon CVE-2018-0980 - https://github.com/lnick2023/nicenice +CVE-2018-0980 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-0980 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-0980 - https://github.com/tomoyamachi/gocarts CVE-2018-0980 - https://github.com/tunz/js-vuln-db @@ -44163,6 +44382,7 @@ CVE-2018-1000129 - https://github.com/ARPSyndicate/kenzer-templates CVE-2018-1000129 - https://github.com/Elsfa7-110/kenzer-templates CVE-2018-1000129 - https://github.com/SexyBeast233/SecBooks CVE-2018-1000129 - https://github.com/d4n-sec/d4n-sec.github.io +CVE-2018-1000129 - https://github.com/drwiiche/resource CVE-2018-1000129 - https://github.com/lnick2023/nicenice CVE-2018-1000129 - https://github.com/merlinepedra/nuclei-templates CVE-2018-1000129 - https://github.com/merlinepedra25/nuclei-templates @@ -44661,6 +44881,7 @@ CVE-2018-10237 - https://github.com/pctF/vulnerable-app CVE-2018-10237 - https://github.com/securityranjan/vulnapp CVE-2018-10237 - https://github.com/singhkranjan/vulnapp CVE-2018-10237 - https://github.com/surajbabar/dependency-demo-app +CVE-2018-10237 - https://github.com/ytono/gcp-arcade CVE-2018-10240 - https://github.com/ARPSyndicate/cvemon CVE-2018-10253 - https://github.com/ARPSyndicate/cvemon CVE-2018-10253 - https://github.com/lur1el/JewishNapalm @@ -44889,6 +45110,7 @@ CVE-2018-1058 - https://github.com/claranet/terraform-postgresql-database-config CVE-2018-1058 - https://github.com/digoal/blog CVE-2018-1058 - https://github.com/hxysaury/saury-vulnhub CVE-2018-1058 - https://github.com/ngadminq/Bei-Gai-penetration-test-guide +CVE-2018-1058 - https://github.com/q99266/saury-vulnhub CVE-2018-1058 - https://github.com/stilet/postgraphile-simple-express-starter CVE-2018-10583 - https://github.com/0xT11/CVE-POC CVE-2018-10583 - https://github.com/ARPSyndicate/cvemon @@ -45059,6 +45281,7 @@ CVE-2018-10933 - https://github.com/OCEANOFANYTHING/BHR_Labs CVE-2018-10933 - https://github.com/Ondrik8/RED-Team CVE-2018-10933 - https://github.com/Rubikcuv5/CVE-2018-10933 CVE-2018-10933 - https://github.com/SF4bin/SEEKER_dataset +CVE-2018-10933 - https://github.com/SenukDias/OSCP_cheat CVE-2018-10933 - https://github.com/SexyBeast233/SecBooks CVE-2018-10933 - https://github.com/SilasSpringer/CVE-2018-10933 CVE-2018-10933 - https://github.com/SirElmard/ethical_hacking @@ -46131,6 +46354,7 @@ CVE-2018-12387 - https://github.com/ZihanYe/web-browser-vulnerabilities CVE-2018-12387 - https://github.com/lnick2023/nicenice CVE-2018-12387 - https://github.com/m00zh33/sploits CVE-2018-12387 - https://github.com/niklasb/sploits +CVE-2018-12387 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-12387 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-12387 - https://github.com/tunz/js-vuln-db CVE-2018-12387 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -47271,6 +47495,7 @@ CVE-2018-1335 - https://github.com/r0eXpeR/redteam_vul CVE-2018-1335 - https://github.com/readloud/Awesome-Stars CVE-2018-1335 - https://github.com/siramk/CVE-2018-1335 CVE-2018-1335 - https://github.com/sunzu94/AWS-CVEs +CVE-2018-1335 - https://github.com/twhelan25/tryhackme-CTF-writeup-for-cyberlens CVE-2018-1335 - https://github.com/xbl2022/awesome-hacking-lists CVE-2018-1335 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-1335 - https://github.com/zhengjim/loophole @@ -47337,6 +47562,7 @@ CVE-2018-13379 - https://github.com/merlinepedra25/nuclei-templates CVE-2018-13379 - https://github.com/milo2012/CVE-2018-13379 CVE-2018-13379 - https://github.com/murchie85/twitterCyberMonitor CVE-2018-13379 - https://github.com/nescam123/forti +CVE-2018-13379 - https://github.com/nitish778191/fitness_app CVE-2018-13379 - https://github.com/nivdolgin/CVE-2018-13379 CVE-2018-13379 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2018-13379 - https://github.com/password520/RedTeamer @@ -47672,6 +47898,7 @@ CVE-2018-14574 - https://github.com/bakery312/Vulhub-Reproduce CVE-2018-14574 - https://github.com/garethr/snyksh CVE-2018-14574 - https://github.com/hktalent/bug-bounty CVE-2018-14574 - https://github.com/hxysaury/saury-vulnhub +CVE-2018-14574 - https://github.com/q99266/saury-vulnhub CVE-2018-14574 - https://github.com/reph0r/poc-exp CVE-2018-14574 - https://github.com/reph0r/poc-exp-tools CVE-2018-14574 - https://github.com/sobinge/nuclei-templates @@ -48725,6 +48952,7 @@ CVE-2018-16062 - https://github.com/flyrev/security-scan-ci-presentation CVE-2018-16062 - https://github.com/kaidotdev/kube-trivy-exporter CVE-2018-16065 - https://github.com/Kiprey/Skr_Learning CVE-2018-16065 - https://github.com/Self-Study-Committee/Skr_Learning +CVE-2018-16065 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-16065 - https://github.com/tunz/js-vuln-db CVE-2018-16068 - https://github.com/allpaca/chrome-sbx-db CVE-2018-16076 - https://github.com/0xCyberY/CVE-T4PDF @@ -48767,6 +48995,7 @@ CVE-2018-16229 - https://github.com/nidhi7598/external_tcpdump-4.9.2_AOSP_10_r33 CVE-2018-16229 - https://github.com/scottford-lw/up-and-running-packer CVE-2018-16230 - https://github.com/ARPSyndicate/cvemon CVE-2018-16242 - https://github.com/antoinet/obike +CVE-2018-16259 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2018-16283 - https://github.com/0xT11/CVE-POC CVE-2018-16283 - https://github.com/ARPSyndicate/cvemon CVE-2018-16283 - https://github.com/ARPSyndicate/kenzer-templates @@ -48794,6 +49023,7 @@ CVE-2018-16299 - https://github.com/ARPSyndicate/kenzer-templates CVE-2018-16301 - https://github.com/ARPSyndicate/cvemon CVE-2018-16301 - https://github.com/Morton-L/BoltWrt CVE-2018-16303 - https://github.com/ponypot/cve +CVE-2018-16310 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2018-16323 - https://github.com/0xT11/CVE-POC CVE-2018-16323 - https://github.com/ARPSyndicate/cvemon CVE-2018-16323 - https://github.com/Flerov/WindowsExploitDev @@ -48913,6 +49143,7 @@ CVE-2018-16509 - https://github.com/ARPSyndicate/cvemon CVE-2018-16509 - https://github.com/AssassinUKG/CVE_2018_16509 CVE-2018-16509 - https://github.com/Ly0nt4r/OSCP CVE-2018-16509 - https://github.com/NCSU-DANCE-Research-Group/CDL +CVE-2018-16509 - https://github.com/SenukDias/OSCP_cheat CVE-2018-16509 - https://github.com/SexyBeast233/SecBooks CVE-2018-16509 - https://github.com/SirElmard/ethical_hacking CVE-2018-16509 - https://github.com/Threekiii/Awesome-Exploit @@ -48942,6 +49173,7 @@ CVE-2018-16517 - https://github.com/nafiez/Vulnerability-Research CVE-2018-16518 - https://github.com/ponypot/cve CVE-2018-16519 - https://github.com/ARPSyndicate/cvemon CVE-2018-16542 - https://github.com/ARPSyndicate/cvemon +CVE-2018-16585 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2018-16588 - https://github.com/blackberry/UBCIS CVE-2018-16597 - https://github.com/ARPSyndicate/cvemon CVE-2018-16598 - https://github.com/ARPSyndicate/cvemon @@ -48993,6 +49225,7 @@ CVE-2018-16671 - https://github.com/SadFud/Exploits CVE-2018-16672 - https://github.com/SadFud/Exploits CVE-2018-16706 - https://github.com/0xT11/CVE-POC CVE-2018-16706 - https://github.com/Nurdilin/CVE-2018-16706 +CVE-2018-16710 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2018-16711 - https://github.com/0xT11/CVE-POC CVE-2018-16711 - https://github.com/ARPSyndicate/cvemon CVE-2018-16711 - https://github.com/DownWithUp/CVE-2018-16711 @@ -49257,6 +49490,7 @@ CVE-2018-17095 - https://github.com/ZhengMinghui1234/enfuzzer CVE-2018-17095 - https://github.com/sardChen/enfuzzer CVE-2018-17100 - https://github.com/revl-ca/scan-docker-image CVE-2018-17101 - https://github.com/revl-ca/scan-docker-image +CVE-2018-17103 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2018-17127 - https://github.com/PAGalaxyLab/VulInfo CVE-2018-17144 - https://github.com/0xT11/CVE-POC CVE-2018-17144 - https://github.com/ARPSyndicate/cvemon @@ -49381,6 +49615,7 @@ CVE-2018-17229 - https://github.com/Marsman1996/pocs CVE-2018-1723 - https://github.com/ARPSyndicate/cvemon CVE-2018-1723 - https://github.com/flyarong/pwnserver CVE-2018-17230 - https://github.com/Marsman1996/pocs +CVE-2018-17231 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2018-1724 - https://github.com/ExpLangcn/FuYao-Go CVE-2018-1724 - https://github.com/rmadamson/rmadamson CVE-2018-17240 - https://github.com/BBge/CVE-2018-17240 @@ -49422,6 +49657,10 @@ CVE-2018-17360 - https://github.com/fokypoky/places-list CVE-2018-17360 - https://github.com/phonito/phonito-vulnerable-container CVE-2018-17375 - https://github.com/ARPSyndicate/cvemon CVE-2018-17379 - https://github.com/ARPSyndicate/cvemon +CVE-2018-17400 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2018-17401 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2018-17402 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2018-17403 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2018-17418 - https://github.com/0xT11/CVE-POC CVE-2018-17418 - https://github.com/Jx0n0/monstra_cms-3.0.4--getshell CVE-2018-17422 - https://github.com/ARPSyndicate/kenzer-templates @@ -49476,6 +49715,7 @@ CVE-2018-17463 - https://github.com/ernestang98/win-exploits CVE-2018-17463 - https://github.com/hwiwonl/dayone CVE-2018-17463 - https://github.com/jhalon/CVE-2018-17463 CVE-2018-17463 - https://github.com/kdmarti2/CVE-2018-17463 +CVE-2018-17463 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-17463 - https://github.com/rycbar77/V8Exploits CVE-2018-17463 - https://github.com/rycbar77/rycbar77 CVE-2018-17463 - https://github.com/tunz/js-vuln-db @@ -49505,6 +49745,7 @@ CVE-2018-17497 - https://github.com/nutc4k3/amazing-iot-security CVE-2018-17499 - https://github.com/nutc4k3/amazing-iot-security CVE-2018-17500 - https://github.com/nutc4k3/amazing-iot-security CVE-2018-17502 - https://github.com/nutc4k3/amazing-iot-security +CVE-2018-17538 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2018-17552 - https://github.com/MidwintersTomb/CVE-2018-17553 CVE-2018-17552 - https://github.com/anhquan99/DetectSQLInjectionPyshark CVE-2018-17552 - https://github.com/kimstars/CVE-2018-17552 @@ -49547,6 +49788,9 @@ CVE-2018-1782 - https://github.com/rmadamson/rmadamson CVE-2018-17853 - https://github.com/PAGalaxyLab/VulInfo CVE-2018-17854 - https://github.com/ZhengMinghui1234/enfuzzer CVE-2018-17854 - https://github.com/sardChen/enfuzzer +CVE-2018-17861 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2018-17862 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2018-17865 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2018-17871 - https://github.com/ARPSyndicate/cvemon CVE-2018-17873 - https://github.com/0xT11/CVE-POC CVE-2018-17873 - https://github.com/Luct0r/CVE-2018-17873 @@ -49595,6 +49839,8 @@ CVE-2018-17996 - https://github.com/ARPSyndicate/cvemon CVE-2018-17997 - https://github.com/ARPSyndicate/cvemon CVE-2018-18007 - https://github.com/ARPSyndicate/cvemon CVE-2018-18013 - https://github.com/PalindromeLabs/Java-Deserialization-CVEs +CVE-2018-18013 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2018-18014 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2018-18017 - https://github.com/El-Palomo/DerpNStink CVE-2018-18018 - https://github.com/El-Palomo/DerpNStink CVE-2018-18019 - https://github.com/El-Palomo/DerpNStink @@ -49631,6 +49877,7 @@ CVE-2018-18189 - https://github.com/Jx0n0/xiaocms-SQL-injection CVE-2018-18191 - https://github.com/SexyBeast233/SecBooks CVE-2018-18203 - https://github.com/sgayou/subaru-starlink-research CVE-2018-18240 - https://github.com/PAGalaxyLab/VulInfo +CVE-2018-18260 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2018-18264 - https://github.com/ARPSyndicate/kenzer-templates CVE-2018-18264 - https://github.com/Elsfa7-110/kenzer-templates CVE-2018-18264 - https://github.com/cloudnative-security/hacking-kubernetes @@ -49654,8 +49901,10 @@ CVE-2018-18281 - https://github.com/wkhnh06/linux-kernel-exploitation CVE-2018-18281 - https://github.com/xairy/linux-kernel-exploitation CVE-2018-18282 - https://github.com/ossf-cve-benchmark/CVE-2018-18282 CVE-2018-18287 - https://github.com/syrex1013/AsusLeak +CVE-2018-18290 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2018-18291 - https://github.com/ARPSyndicate/cvemon CVE-2018-18291 - https://github.com/syrex1013/AsusXSS +CVE-2018-18307 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2018-18310 - https://github.com/flyrev/security-scan-ci-presentation CVE-2018-18310 - https://github.com/kaidotdev/kube-trivy-exporter CVE-2018-18312 - https://github.com/ARPSyndicate/cvemon @@ -49664,6 +49913,8 @@ CVE-2018-18312 - https://github.com/imhunterand/hackerone-publicy-disclosed CVE-2018-18313 - https://github.com/ARPSyndicate/cvemon CVE-2018-18313 - https://github.com/RClueX/Hackerone-Reports CVE-2018-18313 - https://github.com/imhunterand/hackerone-publicy-disclosed +CVE-2018-18319 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2018-18320 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2018-18323 - https://github.com/ARPSyndicate/kenzer-templates CVE-2018-18325 - https://github.com/ARPSyndicate/cvemon CVE-2018-18325 - https://github.com/Ostorlab/KEV @@ -49696,6 +49947,7 @@ CVE-2018-18384 - https://github.com/ronomon/zip CVE-2018-18387 - https://github.com/0xT11/CVE-POC CVE-2018-18387 - https://github.com/TheeBlind/CVE-2018-18387 CVE-2018-18397 - https://github.com/ARPSyndicate/cvemon +CVE-2018-18405 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2018-18421 - https://github.com/PAGalaxyLab/VulInfo CVE-2018-18428 - https://github.com/Samsung/cotopaxi CVE-2018-18435 - https://github.com/ARPSyndicate/cvemon @@ -49713,6 +49965,7 @@ CVE-2018-18458 - https://github.com/0xCyberY/CVE-T4PDF CVE-2018-18458 - https://github.com/ARPSyndicate/cvemon CVE-2018-18459 - https://github.com/0xCyberY/CVE-T4PDF CVE-2018-18459 - https://github.com/ARPSyndicate/cvemon +CVE-2018-18466 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2018-18472 - https://github.com/odolezal/notes CVE-2018-18478 - https://github.com/JavierOlmedo/JavierOlmedo CVE-2018-18483 - https://github.com/fokypoky/places-list @@ -51289,6 +51542,7 @@ CVE-2018-2628 - https://github.com/hectorgie/PoC-in-GitHub CVE-2018-2628 - https://github.com/hktalent/TOP CVE-2018-2628 - https://github.com/hktalent/bug-bounty CVE-2018-2628 - https://github.com/hmoytx/weblogicscan +CVE-2018-2628 - https://github.com/huan-cdm/secure_tools_link CVE-2018-2628 - https://github.com/iceberg-N/WL_Scan_GO CVE-2018-2628 - https://github.com/jas502n/CVE-2018-2628 CVE-2018-2628 - https://github.com/jas502n/CVE-2018-2893 @@ -51519,6 +51773,7 @@ CVE-2018-2893 - https://github.com/hasee2018/Safety-net-information CVE-2018-2893 - https://github.com/hectorgie/PoC-in-GitHub CVE-2018-2893 - https://github.com/hktalent/TOP CVE-2018-2893 - https://github.com/hmoytx/weblogicscan +CVE-2018-2893 - https://github.com/huan-cdm/secure_tools_link CVE-2018-2893 - https://github.com/hudunkey/Red-Team-links CVE-2018-2893 - https://github.com/ianxtianxt/CVE-2018-2893 CVE-2018-2893 - https://github.com/ianxtianxt/CVE-2018-3245 @@ -51646,6 +51901,7 @@ CVE-2018-2894 - https://github.com/hectorgie/PoC-in-GitHub CVE-2018-2894 - https://github.com/hellochunqiu/PayloadsAllTheThings CVE-2018-2894 - https://github.com/hktalent/TOP CVE-2018-2894 - https://github.com/hmoytx/weblogicscan +CVE-2018-2894 - https://github.com/huan-cdm/secure_tools_link CVE-2018-2894 - https://github.com/hxysaury/saury-vulnhub CVE-2018-2894 - https://github.com/iceberg-N/WL_Scan_GO CVE-2018-2894 - https://github.com/jared1981/More-Pentest-Tools @@ -51675,6 +51931,7 @@ CVE-2018-2894 - https://github.com/password520/RedTeamer CVE-2018-2894 - https://github.com/pathakabhi24/Pentest-Tools CVE-2018-2894 - https://github.com/pjgmonteiro/Pentest-tools CVE-2018-2894 - https://github.com/pwnagelabs/VEF +CVE-2018-2894 - https://github.com/q99266/saury-vulnhub CVE-2018-2894 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-2894 - https://github.com/qi4L/WeblogicScan.go CVE-2018-2894 - https://github.com/rabbitmask/WeblogicScan @@ -51825,6 +52082,7 @@ CVE-2018-3191 - https://github.com/forhub2021/weblogicScanner CVE-2018-3191 - https://github.com/hasee2018/Safety-net-information CVE-2018-3191 - https://github.com/hectorgie/PoC-in-GitHub CVE-2018-3191 - https://github.com/hktalent/TOP +CVE-2018-3191 - https://github.com/huan-cdm/secure_tools_link CVE-2018-3191 - https://github.com/hudunkey/Red-Team-links CVE-2018-3191 - https://github.com/iceberg-N/WL_Scan_GO CVE-2018-3191 - https://github.com/jas502n/CVE-2018-3191 @@ -51898,6 +52156,7 @@ CVE-2018-3245 - https://github.com/forhub2021/weblogicScanner CVE-2018-3245 - https://github.com/hasee2018/Safety-net-information CVE-2018-3245 - https://github.com/hectorgie/PoC-in-GitHub CVE-2018-3245 - https://github.com/hktalent/TOP +CVE-2018-3245 - https://github.com/huan-cdm/secure_tools_link CVE-2018-3245 - https://github.com/hudunkey/Red-Team-links CVE-2018-3245 - https://github.com/ianxtianxt/CVE-2018-3245 CVE-2018-3245 - https://github.com/jas502n/CVE-2018-3245 @@ -51958,6 +52217,7 @@ CVE-2018-3252 - https://github.com/forhub2021/weblogicScanner CVE-2018-3252 - https://github.com/go-spider/CVE-2018-3252 CVE-2018-3252 - https://github.com/hectorgie/PoC-in-GitHub CVE-2018-3252 - https://github.com/hktalent/TOP +CVE-2018-3252 - https://github.com/huan-cdm/secure_tools_link CVE-2018-3252 - https://github.com/iceberg-N/WL_Scan_GO CVE-2018-3252 - https://github.com/jas502n/CVE-2018-3252 CVE-2018-3252 - https://github.com/jbmihoub/all-poc @@ -52601,6 +52861,7 @@ CVE-2018-4233 - https://github.com/lnick2023/nicenice CVE-2018-4233 - https://github.com/m00zh33/sploits CVE-2018-4233 - https://github.com/niklasb/sploits CVE-2018-4233 - https://github.com/nqcshady/webvfs +CVE-2018-4233 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-4233 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-4233 - https://github.com/saelo/cve-2018-4233 CVE-2018-4233 - https://github.com/salcho/spiderMonkeyDebugEnv @@ -52757,11 +53018,13 @@ CVE-2018-4359 - https://github.com/zhangjiahui-buaa/MasterThesis CVE-2018-4368 - https://github.com/ARPSyndicate/cvemon CVE-2018-4372 - https://github.com/SoftSec-KAIST/CodeAlchemist CVE-2018-4378 - https://github.com/SoftSec-KAIST/CodeAlchemist +CVE-2018-4382 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-4382 - https://github.com/tunz/js-vuln-db CVE-2018-4386 - https://github.com/ARPSyndicate/cvemon CVE-2018-4386 - https://github.com/Fire30/bad_hoist CVE-2018-4386 - https://github.com/Francesco146/Francesco146.github.io CVE-2018-4386 - https://github.com/alphaSeclab/sec-daily-2019 +CVE-2018-4386 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-4386 - https://github.com/tunz/js-vuln-db CVE-2018-4396 - https://github.com/didi/kemon CVE-2018-4403 - https://github.com/ARPSyndicate/cvemon @@ -52853,6 +53116,7 @@ CVE-2018-4415 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-4416 - https://github.com/SkyBulk/RealWorldPwn CVE-2018-4416 - https://github.com/erupmi/CVE-2018-4416 CVE-2018-4416 - https://github.com/erupmi/CVE-2018-4416-exploit +CVE-2018-4416 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-4416 - https://github.com/raystyle/SafariTour CVE-2018-4416 - https://github.com/tunz/js-vuln-db CVE-2018-4418 - https://github.com/didi/kemon @@ -52862,6 +53126,7 @@ CVE-2018-4431 - https://github.com/hectorgie/PoC-in-GitHub CVE-2018-4431 - https://github.com/houjingyi233/macOS-iOS-system-security CVE-2018-4431 - https://github.com/ktiOSz/PoC_iOS12 CVE-2018-4437 - https://github.com/SoftSec-KAIST/CodeAlchemist +CVE-2018-4438 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-4438 - https://github.com/tunz/js-vuln-db CVE-2018-4441 - https://github.com/0xT11/CVE-POC CVE-2018-4441 - https://github.com/ARPSyndicate/cvemon @@ -52874,10 +53139,13 @@ CVE-2018-4441 - https://github.com/hectorgie/PoC-in-GitHub CVE-2018-4441 - https://github.com/howmuch515/howmuch515 CVE-2018-4441 - https://github.com/jakubolsaki/ja CVE-2018-4441 - https://github.com/ktiOSz/kexploit620FW- +CVE-2018-4441 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-4441 - https://github.com/sploitem/WebKitPwn CVE-2018-4441 - https://github.com/tunz/js-vuln-db +CVE-2018-4442 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-4442 - https://github.com/tunz/js-vuln-db CVE-2018-4443 - https://github.com/niklasb/sploits +CVE-2018-4443 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-4443 - https://github.com/tunz/js-vuln-db CVE-2018-4464 - https://github.com/SoftSec-KAIST/CodeAlchemist CVE-2018-4844 - https://github.com/ARPSyndicate/cvemon @@ -53773,6 +54041,7 @@ CVE-2018-6055 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-6055 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-6056 - https://github.com/ARPSyndicate/cvemon CVE-2018-6056 - https://github.com/lnick2023/nicenice +CVE-2018-6056 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-6056 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-6056 - https://github.com/tunz/js-vuln-db CVE-2018-6056 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -53780,11 +54049,13 @@ CVE-2018-6060 - https://github.com/ZihanYe/web-browser-vulnerabilities CVE-2018-6061 - https://github.com/ARPSyndicate/cvemon CVE-2018-6061 - https://github.com/IMULMUL/WebAssemblyCVE CVE-2018-6061 - https://github.com/lnick2023/nicenice +CVE-2018-6061 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-6061 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-6061 - https://github.com/tunz/js-vuln-db CVE-2018-6061 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-6064 - https://github.com/ARPSyndicate/cvemon CVE-2018-6064 - https://github.com/lnick2023/nicenice +CVE-2018-6064 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-6064 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-6064 - https://github.com/tunz/js-vuln-db CVE-2018-6064 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -53793,6 +54064,7 @@ CVE-2018-6065 - https://github.com/Ostorlab/KEV CVE-2018-6065 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2018-6065 - https://github.com/b1tg/CVE-2018-6065-exploit CVE-2018-6065 - https://github.com/lnick2023/nicenice +CVE-2018-6065 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-6065 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-6065 - https://github.com/tunz/js-vuln-db CVE-2018-6065 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -53813,9 +54085,11 @@ CVE-2018-6088 - https://github.com/0xCyberY/CVE-T4PDF CVE-2018-6088 - https://github.com/ARPSyndicate/cvemon CVE-2018-6092 - https://github.com/ARPSyndicate/cvemon CVE-2018-6092 - https://github.com/IMULMUL/WebAssemblyCVE +CVE-2018-6092 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-6092 - https://github.com/tunz/js-vuln-db CVE-2018-6106 - https://github.com/ARPSyndicate/cvemon CVE-2018-6106 - https://github.com/lnick2023/nicenice +CVE-2018-6106 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-6106 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-6106 - https://github.com/tunz/js-vuln-db CVE-2018-6106 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -53823,6 +54097,7 @@ CVE-2018-6118 - https://github.com/allpaca/chrome-sbx-db CVE-2018-6120 - https://github.com/0xCyberY/CVE-T4PDF CVE-2018-6120 - https://github.com/ARPSyndicate/cvemon CVE-2018-6122 - https://github.com/IMULMUL/WebAssemblyCVE +CVE-2018-6122 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-6122 - https://github.com/tunz/js-vuln-db CVE-2018-6123 - https://github.com/ZihanYe/web-browser-vulnerabilities CVE-2018-6127 - https://github.com/allpaca/chrome-sbx-db @@ -53834,13 +54109,17 @@ CVE-2018-6128 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-6128 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-6131 - https://github.com/ARPSyndicate/cvemon CVE-2018-6131 - https://github.com/IMULMUL/WebAssemblyCVE +CVE-2018-6136 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-6136 - https://github.com/tunz/js-vuln-db CVE-2018-6142 - https://github.com/0xCyberY/CVE-T4PDF CVE-2018-6142 - https://github.com/ARPSyndicate/cvemon +CVE-2018-6142 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-6142 - https://github.com/tunz/js-vuln-db +CVE-2018-6143 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-6143 - https://github.com/tunz/js-vuln-db CVE-2018-6144 - https://github.com/0xCyberY/CVE-T4PDF CVE-2018-6144 - https://github.com/ARPSyndicate/cvemon +CVE-2018-6149 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-6149 - https://github.com/tunz/js-vuln-db CVE-2018-6170 - https://github.com/0xCyberY/CVE-T4PDF CVE-2018-6170 - https://github.com/ARPSyndicate/cvemon @@ -54950,6 +55229,7 @@ CVE-2018-7600 - https://github.com/Ra7mo0on/PayloadsAllTheThings CVE-2018-7600 - https://github.com/S3cur3Th1sSh1t/Pentest-Tools CVE-2018-7600 - https://github.com/SPuerBRead/kun CVE-2018-7600 - https://github.com/SecPentester/CVE-7600-2018 +CVE-2018-7600 - https://github.com/SenukDias/OSCP_cheat CVE-2018-7600 - https://github.com/SexyBeast233/SecBooks CVE-2018-7600 - https://github.com/Sh4dowX404Unknown/Drupalgeddon2 CVE-2018-7600 - https://github.com/SirElmard/ethical_hacking @@ -55653,6 +55933,7 @@ CVE-2018-8137 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-8137 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-8139 - https://github.com/ARPSyndicate/cvemon CVE-2018-8139 - https://github.com/lnick2023/nicenice +CVE-2018-8139 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-8139 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-8139 - https://github.com/tunz/js-vuln-db CVE-2018-8139 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -55660,6 +55941,7 @@ CVE-2018-8140 - https://github.com/ARPSyndicate/cvemon CVE-2018-8140 - https://github.com/lnick2023/nicenice CVE-2018-8140 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-8140 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 +CVE-2018-8145 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-8145 - https://github.com/tunz/js-vuln-db CVE-2018-8164 - https://github.com/0xT11/CVE-POC CVE-2018-8164 - https://github.com/ARPSyndicate/cvemon @@ -55845,6 +56127,7 @@ CVE-2018-8222 - https://github.com/ARPSyndicate/cvemon CVE-2018-8222 - https://github.com/mattifestation/mattifestation CVE-2018-8225 - https://github.com/ARPSyndicate/cvemon CVE-2018-8225 - https://github.com/tomoyamachi/gocarts +CVE-2018-8229 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-8229 - https://github.com/tunz/js-vuln-db CVE-2018-8234 - https://github.com/ARPSyndicate/cvemon CVE-2018-8234 - https://github.com/lnick2023/nicenice @@ -55871,6 +56154,7 @@ CVE-2018-8274 - https://github.com/ARPSyndicate/cvemon CVE-2018-8274 - https://github.com/tomoyamachi/gocarts CVE-2018-8275 - https://github.com/ARPSyndicate/cvemon CVE-2018-8275 - https://github.com/tomoyamachi/gocarts +CVE-2018-8279 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-8279 - https://github.com/tunz/js-vuln-db CVE-2018-8284 - https://github.com/0xT11/CVE-POC CVE-2018-8284 - https://github.com/ARPSyndicate/cvemon @@ -55879,11 +56163,14 @@ CVE-2018-8284 - https://github.com/lnick2023/nicenice CVE-2018-8284 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-8284 - https://github.com/quantiti/CVE-2018-8284-Sharepoint-RCE CVE-2018-8284 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 +CVE-2018-8288 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-8288 - https://github.com/tunz/js-vuln-db +CVE-2018-8291 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-8291 - https://github.com/tunz/js-vuln-db CVE-2018-8292 - https://github.com/StasJS/TrivyDepsFalsePositive CVE-2018-8298 - https://github.com/Ostorlab/KEV CVE-2018-8298 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +CVE-2018-8298 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-8298 - https://github.com/tunz/js-vuln-db CVE-2018-8302 - https://github.com/ARPSyndicate/cvemon CVE-2018-8302 - https://github.com/FDlucifer/Proxy-Attackchain @@ -55899,6 +56186,7 @@ CVE-2018-8353 - https://github.com/lnick2023/nicenice CVE-2018-8353 - https://github.com/marckwei/temp CVE-2018-8353 - https://github.com/merlinepedra/DONATO CVE-2018-8353 - https://github.com/merlinepedra25/DONATO +CVE-2018-8353 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-8353 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-8353 - https://github.com/tunz/js-vuln-db CVE-2018-8353 - https://github.com/whereisr0da/CVE-2018-8353-POC @@ -55908,6 +56196,7 @@ CVE-2018-8355 - https://github.com/0xT11/CVE-POC CVE-2018-8355 - https://github.com/ARPSyndicate/cvemon CVE-2018-8355 - https://github.com/hectorgie/PoC-in-GitHub CVE-2018-8355 - https://github.com/lnick2023/nicenice +CVE-2018-8355 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-8355 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-8355 - https://github.com/tunz/js-vuln-db CVE-2018-8355 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -55953,6 +56242,7 @@ CVE-2018-8383 - https://github.com/lnick2023/nicenice CVE-2018-8383 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-8383 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-8384 - https://github.com/chenghungpan/test_data +CVE-2018-8384 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-8384 - https://github.com/tunz/js-vuln-db CVE-2018-8385 - https://github.com/0xT11/CVE-POC CVE-2018-8385 - https://github.com/ARPSyndicate/cvemon @@ -55968,6 +56258,7 @@ CVE-2018-8389 - https://github.com/0xT11/CVE-POC CVE-2018-8389 - https://github.com/ARPSyndicate/cvemon CVE-2018-8389 - https://github.com/hectorgie/PoC-in-GitHub CVE-2018-8389 - https://github.com/lnick2023/nicenice +CVE-2018-8389 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-8389 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-8389 - https://github.com/sharmasandeepkr/cve-2018-8389 CVE-2018-8389 - https://github.com/tunz/js-vuln-db @@ -56111,6 +56402,7 @@ CVE-2018-8453 - https://github.com/Jkrasher/WindowsThreatResearch_JKrasher CVE-2018-8453 - https://github.com/LegendSaber/exp_x64 CVE-2018-8453 - https://github.com/Micr067/windows-kernel-exploits CVE-2018-8453 - https://github.com/Mkv4/cve-2018-8453-exp +CVE-2018-8453 - https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources CVE-2018-8453 - https://github.com/NitroA/windowsexpoitationresources CVE-2018-8453 - https://github.com/NullArray/WinKernel-Resources CVE-2018-8453 - https://github.com/Ondrik8/exploit @@ -56166,11 +56458,13 @@ CVE-2018-8465 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-8465 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-8466 - https://github.com/ARPSyndicate/cvemon CVE-2018-8466 - https://github.com/lnick2023/nicenice +CVE-2018-8466 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-8466 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-8466 - https://github.com/tunz/js-vuln-db CVE-2018-8466 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 CVE-2018-8467 - https://github.com/ARPSyndicate/cvemon CVE-2018-8467 - https://github.com/lnick2023/nicenice +CVE-2018-8467 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-8467 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-8467 - https://github.com/tunz/js-vuln-db CVE-2018-8467 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -56336,6 +56630,7 @@ CVE-2018-8589 - https://github.com/0xcyberpj/windows-exploitation CVE-2018-8589 - https://github.com/0xpetros/windows-privilage-escalation CVE-2018-8589 - https://github.com/ARPSyndicate/cvemon CVE-2018-8589 - https://github.com/FULLSHADE/WindowsExploitationResources +CVE-2018-8589 - https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources CVE-2018-8589 - https://github.com/NitroA/windowsexpoitationresources CVE-2018-8589 - https://github.com/NullArray/WinKernel-Resources CVE-2018-8589 - https://github.com/Ondrik8/exploit @@ -56361,6 +56656,7 @@ CVE-2018-8617 - https://github.com/SpiralBL0CK/cve-2018-8617-aab-r-w- CVE-2018-8617 - https://github.com/bb33bb/cve-2018-8617-aab-r-w- CVE-2018-8617 - https://github.com/ommadawn46/Chakra-TypeConfusions CVE-2018-8617 - https://github.com/ommadawn46/chakra-type-confusions +CVE-2018-8617 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-8617 - https://github.com/tunz/js-vuln-db CVE-2018-8625 - https://github.com/googleprojectzero/domato CVE-2018-8625 - https://github.com/marckwei/temp @@ -56370,6 +56666,7 @@ CVE-2018-8631 - https://github.com/googleprojectzero/domato CVE-2018-8631 - https://github.com/marckwei/temp CVE-2018-8631 - https://github.com/merlinepedra/DONATO CVE-2018-8631 - https://github.com/merlinepedra25/DONATO +CVE-2018-8631 - https://github.com/otravidaahora2t/js-vuln-db CVE-2018-8631 - https://github.com/tunz/js-vuln-db CVE-2018-8639 - https://github.com/0xT11/CVE-POC CVE-2018-8639 - https://github.com/ARPSyndicate/cvemon @@ -57465,6 +57762,7 @@ CVE-2019-0539 - https://github.com/lnick2023/nicenice CVE-2019-0539 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2019-0539 - https://github.com/ommadawn46/Chakra-TypeConfusions CVE-2019-0539 - https://github.com/ommadawn46/chakra-type-confusions +CVE-2019-0539 - https://github.com/otravidaahora2t/js-vuln-db CVE-2019-0539 - https://github.com/paulveillard/cybersecurity-windows-exploitation CVE-2019-0539 - https://github.com/qazbnm456/awesome-cve-poc CVE-2019-0539 - https://github.com/tunz/js-vuln-db @@ -57508,6 +57806,7 @@ CVE-2019-0567 - https://github.com/lnick2023/nicenice CVE-2019-0567 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2019-0567 - https://github.com/ommadawn46/Chakra-TypeConfusions CVE-2019-0567 - https://github.com/ommadawn46/chakra-type-confusions +CVE-2019-0567 - https://github.com/otravidaahora2t/js-vuln-db CVE-2019-0567 - https://github.com/qazbnm456/awesome-cve-poc CVE-2019-0567 - https://github.com/r1mit/awesome-browser-security CVE-2019-0567 - https://github.com/tunz/js-vuln-db @@ -57518,6 +57817,7 @@ CVE-2019-0568 - https://github.com/developer3000S/PoC-in-GitHub CVE-2019-0568 - https://github.com/hectorgie/PoC-in-GitHub CVE-2019-0568 - https://github.com/lnick2023/nicenice CVE-2019-0568 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2019-0568 - https://github.com/otravidaahora2t/js-vuln-db CVE-2019-0568 - https://github.com/qazbnm456/awesome-cve-poc CVE-2019-0568 - https://github.com/tunz/js-vuln-db CVE-2019-0568 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -57832,6 +58132,7 @@ CVE-2019-0708 - https://github.com/MedoX71T/PENTESTING-BIBLE CVE-2019-0708 - https://github.com/Micle5858/PENTESTING-BIBLE CVE-2019-0708 - https://github.com/Micr067/Pentest_Note CVE-2019-0708 - https://github.com/Mr-xn/Penetration_Testing_POC +CVE-2019-0708 - https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources CVE-2019-0708 - https://github.com/NAXG/cve_2019_0708_bluekeep_rce CVE-2019-0708 - https://github.com/NetW0rK1le3r/PENTESTING-BIBLE CVE-2019-0708 - https://github.com/NetW0rK1le3r/awesome-hacking-lists @@ -58454,6 +58755,7 @@ CVE-2019-0859 - https://github.com/0xpetros/windows-privilage-escalation CVE-2019-0859 - https://github.com/Ascotbe/Kernelhub CVE-2019-0859 - https://github.com/Cruxer8Mech/Idk CVE-2019-0859 - https://github.com/FULLSHADE/WindowsExploitationResources +CVE-2019-0859 - https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources CVE-2019-0859 - https://github.com/NitroA/windowsexpoitationresources CVE-2019-0859 - https://github.com/NullArray/WinKernel-Resources CVE-2019-0859 - https://github.com/Ondrik8/exploit @@ -58570,6 +58872,7 @@ CVE-2019-0913 - https://github.com/ZealerV/vu1hub CVE-2019-0913 - https://github.com/dpredrag/RCE-test- CVE-2019-0928 - https://github.com/AudioStakes/CVESummaryGenerator CVE-2019-0930 - https://github.com/ARPSyndicate/cvemon +CVE-2019-0930 - https://github.com/otravidaahora2t/js-vuln-db CVE-2019-0930 - https://github.com/tunz/js-vuln-db CVE-2019-0938 - https://github.com/alphaSeclab/sec-daily-2019 CVE-2019-0940 - https://github.com/HackOvert/awesome-bugs @@ -60048,6 +60351,7 @@ CVE-2019-1132 - https://github.com/20142995/sectool CVE-2019-1132 - https://github.com/Cruxer8Mech/Idk CVE-2019-1132 - https://github.com/ExpLife0011/awesome-windows-kernel-security-development CVE-2019-1132 - https://github.com/FULLSHADE/WindowsExploitationResources +CVE-2019-1132 - https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources CVE-2019-1132 - https://github.com/NitroA/windowsexpoitationresources CVE-2019-1132 - https://github.com/NullArray/WinKernel-Resources CVE-2019-1132 - https://github.com/Ondrik8/exploit @@ -62259,6 +62563,7 @@ CVE-2019-11358 - https://github.com/Teameureka1/FtcRobotController-master CVE-2019-11358 - https://github.com/Tech-Turtles/CenterStage CVE-2019-11358 - https://github.com/Tech-Turtles/Power-Play CVE-2019-11358 - https://github.com/Tech-X-CNDV/CenterStage +CVE-2019-11358 - https://github.com/Tech-X-CNDV/codCenterStage CVE-2019-11358 - https://github.com/Techarinos/FTC CVE-2019-11358 - https://github.com/Techno-Goats-9224/FtcRobotController CVE-2019-11358 - https://github.com/Techno-Goats-9224/FtcRobotController-master-9224 @@ -63888,6 +64193,7 @@ CVE-2019-11358 - https://github.com/sta-titansrobotics/2021-22-FreightFrenzy CVE-2019-11358 - https://github.com/standerryan/Marburn-2122 CVE-2019-11358 - https://github.com/stcline/FtcRobotController-master CVE-2019-11358 - https://github.com/stemosofc/RobotFTCstemOS +CVE-2019-11358 - https://github.com/stormbots-9415/UltimateGoal CVE-2019-11358 - https://github.com/suchirchikkava/FTC-2022-2023-Season CVE-2019-11358 - https://github.com/suchirchikkava/FTC-2023-2024-CenterStage-Season CVE-2019-11358 - https://github.com/sundar-krishnan/BotzNBolts-FTC-2020-2021 @@ -64150,6 +64456,7 @@ CVE-2019-11358 - https://github.com/yuhsb-lionotics/FreightFrenzyHeavy CVE-2019-11358 - https://github.com/yuhsb-lionotics/UltimateGoal13475 CVE-2019-11358 - https://github.com/yuhsb-lionotics/UltimateGoal5361 CVE-2019-11358 - https://github.com/yuhwanlee/TinyRobot +CVE-2019-11358 - https://github.com/yummy-licorice/RobotCode CVE-2019-11358 - https://github.com/yuvvan/GForce_Base CVE-2019-11358 - https://github.com/yyhJohn/FTC-2022 CVE-2019-11358 - https://github.com/yyhJohn/FTC-2022-1 @@ -66781,6 +67088,7 @@ CVE-2019-14234 - https://github.com/hxysaury/saury-vulnhub CVE-2019-14234 - https://github.com/kvesta/vesta CVE-2019-14234 - https://github.com/lnick2023/nicenice CVE-2019-14234 - https://github.com/malvika-thakur/CVE-2019-14234 +CVE-2019-14234 - https://github.com/q99266/saury-vulnhub CVE-2019-14234 - https://github.com/qazbnm456/awesome-cve-poc CVE-2019-14234 - https://github.com/reph0r/Poc-Exp-Tools CVE-2019-14234 - https://github.com/reph0r/Shooting-Range @@ -66874,6 +67182,7 @@ CVE-2019-14287 - https://github.com/MariliaMeira/CVE-2019-14287 CVE-2019-14287 - https://github.com/R0seSecurity/Linux_Priviledge_Escalation CVE-2019-14287 - https://github.com/RoqueNight/Linux-Privilege-Escalation-Basics CVE-2019-14287 - https://github.com/SachinthaDeSilva-cmd/Exploit-CVE-2019-14287 +CVE-2019-14287 - https://github.com/SenukDias/OSCP_cheat CVE-2019-14287 - https://github.com/SexyBeast233/SecBooks CVE-2019-14287 - https://github.com/ShianTrish/sudo-Security-Bypass-vulnerability-CVE-2019-14287 CVE-2019-14287 - https://github.com/Sindadziy/cve-2019-14287 @@ -67512,6 +67821,7 @@ CVE-2019-15107 - https://github.com/password520/Penetration_PoC CVE-2019-15107 - https://github.com/password520/RedTeamer CVE-2019-15107 - https://github.com/psw01/CVE-2019-15107_webminRCE CVE-2019-15107 - https://github.com/puckiestyle/CVE-2019-15107 +CVE-2019-15107 - https://github.com/q99266/saury-vulnhub CVE-2019-15107 - https://github.com/qazbnm456/awesome-cve-poc CVE-2019-15107 - https://github.com/ruthvikvegunta/CVE-2019-15107 CVE-2019-15107 - https://github.com/seeu-inspace/easyg @@ -68726,6 +69036,7 @@ CVE-2019-16869 - https://github.com/Anonymous-Phunter/PHunter CVE-2019-16869 - https://github.com/CGCL-codes/PHunter CVE-2019-16869 - https://github.com/LibHunter/LibHunter CVE-2019-16869 - https://github.com/cezapata/appconfiguration-sample +CVE-2019-16869 - https://github.com/ytono/gcp-arcade CVE-2019-16880 - https://github.com/Artisan-Lab/Rust-memory-safety-bugs CVE-2019-16881 - https://github.com/Artisan-Lab/Rust-memory-safety-bugs CVE-2019-16882 - https://github.com/Artisan-Lab/Rust-memory-safety-bugs @@ -68741,6 +69052,7 @@ CVE-2019-16884 - https://github.com/fenixsecurelabs/core-nexus CVE-2019-16884 - https://github.com/h4ckm310n/Container-Vulnerability-Exploit CVE-2019-16884 - https://github.com/hacking-kubernetes/hacking-kubernetes.info CVE-2019-16884 - https://github.com/iridium-soda/container-escape-exploits +CVE-2019-16884 - https://github.com/openSUSE/libpathrs CVE-2019-16884 - https://github.com/phoenixvlabs/core-nexus CVE-2019-16884 - https://github.com/phxvlabsio/core-nexus CVE-2019-16884 - https://github.com/sivahpe/trivy-test @@ -69865,6 +70177,7 @@ CVE-2019-18634 - https://github.com/R0seSecurity/Linux_Priviledge_Escalation CVE-2019-18634 - https://github.com/Retr0-ll/2023-littleTerm CVE-2019-18634 - https://github.com/Retr0-ll/littleterm CVE-2019-18634 - https://github.com/RoqueNight/Linux-Privilege-Escalation-Basics +CVE-2019-18634 - https://github.com/SenukDias/OSCP_cheat CVE-2019-18634 - https://github.com/SirElmard/ethical_hacking CVE-2019-18634 - https://github.com/Srinunaik000/Srinunaik000 CVE-2019-18634 - https://github.com/TCM-Course-Resources/Linux-Privilege-Escalation-Resources @@ -69895,6 +70208,7 @@ CVE-2019-18634 - https://github.com/migueltc13/KoTH-Tools CVE-2019-18634 - https://github.com/nitishbadole/oscp-note-3 CVE-2019-18634 - https://github.com/notnue/Linux-Privilege-Escalation CVE-2019-18634 - https://github.com/oscpname/OSCP_cheat +CVE-2019-18634 - https://github.com/paras1te-x/CVE-2019-18634 CVE-2019-18634 - https://github.com/pmihsan/Sudo-PwdFeedback-Buffer-Overflow CVE-2019-18634 - https://github.com/ptef/CVE-2019-18634 CVE-2019-18634 - https://github.com/retr0-13/Linux-Privilege-Escalation-Basics @@ -70009,6 +70323,7 @@ CVE-2019-18845 - https://github.com/474172261/KDU CVE-2019-18845 - https://github.com/ARPSyndicate/cvemon CVE-2019-18845 - https://github.com/FULLSHADE/WindowsExploitationResources CVE-2019-18845 - https://github.com/FuzzySecurity/Sharp-Suite +CVE-2019-18845 - https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources CVE-2019-18845 - https://github.com/NitroA/windowsexpoitationresources CVE-2019-18845 - https://github.com/NullArray/WinKernel-Resources CVE-2019-18845 - https://github.com/Ondrik8/exploit @@ -70908,6 +71223,7 @@ CVE-2019-19920 - https://github.com/Live-Hack-CVE/CVE-2019-19920 CVE-2019-19921 - https://github.com/43622283/awesome-cloud-native-security CVE-2019-19921 - https://github.com/Metarget/awesome-cloud-native-security CVE-2019-19921 - https://github.com/atesemre/awesome-cloud-native-security +CVE-2019-19921 - https://github.com/openSUSE/libpathrs CVE-2019-19921 - https://github.com/shakyaraj9569/Documentation CVE-2019-19921 - https://github.com/sivahpe/trivy-test CVE-2019-19922 - https://github.com/Live-Hack-CVE/CVE-2019-19922 @@ -71451,6 +71767,7 @@ CVE-2019-2215 - https://github.com/yud121212/Linux_Privilege_Escalation CVE-2019-2219 - https://github.com/7homasSutter/SimpleSpyware CVE-2019-2219 - https://github.com/7homasSutter/SimpleySpyware CVE-2019-2219 - https://github.com/jocker35/SimpleSpyware +CVE-2019-2222 - https://github.com/qianxiao996/BurpSuite-FrameScan CVE-2019-2225 - https://github.com/wrlu/Vulnerabilities CVE-2019-2232 - https://github.com/ARPSyndicate/cvemon CVE-2019-2232 - https://github.com/virtualpatch/virtualpatch_evaluation @@ -71505,6 +71822,7 @@ CVE-2019-25072 - https://github.com/Live-Hack-CVE/CVE-2019-25072 CVE-2019-25073 - https://github.com/Live-Hack-CVE/CVE-2019-25073 CVE-2019-25075 - https://github.com/ARPSyndicate/cvemon CVE-2019-25076 - https://github.com/Live-Hack-CVE/CVE-2019-25076 +CVE-2019-25078 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2019-25137 - https://github.com/Ickarah/CVE-2019-25137-Version-Research CVE-2019-25160 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2019-25161 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -71591,6 +71909,7 @@ CVE-2019-2618 - https://github.com/he1dan/cve-2019-2618 CVE-2019-2618 - https://github.com/hectorgie/PoC-in-GitHub CVE-2019-2618 - https://github.com/hktalent/TOP CVE-2019-2618 - https://github.com/hktalent/bug-bounty +CVE-2019-2618 - https://github.com/huan-cdm/secure_tools_link CVE-2019-2618 - https://github.com/ianxtianxt/cve-2019-2618 CVE-2019-2618 - https://github.com/iceberg-N/WL_Scan_GO CVE-2019-2618 - https://github.com/jas502n/cve-2019-2618 @@ -71757,6 +72076,7 @@ CVE-2019-2725 - https://github.com/hectorgie/PoC-in-GitHub CVE-2019-2725 - https://github.com/hktalent/TOP CVE-2019-2725 - https://github.com/hktalent/bug-bounty CVE-2019-2725 - https://github.com/hmoytx/weblogicscan +CVE-2019-2725 - https://github.com/huan-cdm/secure_tools_link CVE-2019-2725 - https://github.com/huike007/penetration_poc CVE-2019-2725 - https://github.com/huike007/poc CVE-2019-2725 - https://github.com/ianxtianxt/CVE-2019-2725 @@ -71874,6 +72194,7 @@ CVE-2019-2729 - https://github.com/forhub2021/weblogicScanner CVE-2019-2729 - https://github.com/hectorgie/PoC-in-GitHub CVE-2019-2729 - https://github.com/hktalent/TOP CVE-2019-2729 - https://github.com/hmoytx/weblogicscan +CVE-2019-2729 - https://github.com/huan-cdm/secure_tools_link CVE-2019-2729 - https://github.com/jbmihoub/all-poc CVE-2019-2729 - https://github.com/jiangsir404/POC-S CVE-2019-2729 - https://github.com/jweny/pocassistdb @@ -71976,6 +72297,7 @@ CVE-2019-2890 - https://github.com/hack-parthsharma/Pentest-Tools CVE-2019-2890 - https://github.com/hanc00l/some_pocsuite CVE-2019-2890 - https://github.com/hectorgie/PoC-in-GitHub CVE-2019-2890 - https://github.com/hktalent/TOP +CVE-2019-2890 - https://github.com/huan-cdm/secure_tools_link CVE-2019-2890 - https://github.com/ianxtianxt/CVE-2019-2890 CVE-2019-2890 - https://github.com/iceberg-N/WL_Scan_GO CVE-2019-2890 - https://github.com/jared1981/More-Pentest-Tools @@ -72935,6 +73257,7 @@ CVE-2019-5736 - https://github.com/Retr0-ll/2023-littleTerm CVE-2019-5736 - https://github.com/Retr0-ll/littleterm CVE-2019-5736 - https://github.com/RyanNgWH/CVE-2019-5736-POC CVE-2019-5736 - https://github.com/SamP10/BetDocker +CVE-2019-5736 - https://github.com/SenukDias/OSCP_cheat CVE-2019-5736 - https://github.com/SexyBeast233/SecBooks CVE-2019-5736 - https://github.com/ShadowFl0w/Cloud-Native-Security-Test CVE-2019-5736 - https://github.com/SirElmard/ethical_hacking @@ -73057,6 +73380,7 @@ CVE-2019-5737 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2019-5747 - https://github.com/ARPSyndicate/cvemon CVE-2019-5755 - https://github.com/Kiprey/Skr_Learning CVE-2019-5755 - https://github.com/Self-Study-Committee/Skr_Learning +CVE-2019-5755 - https://github.com/otravidaahora2t/js-vuln-db CVE-2019-5755 - https://github.com/tunz/js-vuln-db CVE-2019-5756 - https://github.com/0xCyberY/CVE-T4PDF CVE-2019-5756 - https://github.com/ARPSyndicate/cvemon @@ -73079,9 +73403,11 @@ CVE-2019-5782 - https://github.com/hwiwonl/dayone CVE-2019-5782 - https://github.com/i0gan/cve CVE-2019-5782 - https://github.com/m1ghtym0/browser-pwn CVE-2019-5782 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2019-5782 - https://github.com/otravidaahora2t/js-vuln-db CVE-2019-5782 - https://github.com/seal9055/cyber_attack_simulation CVE-2019-5782 - https://github.com/tianstcht/v8-exploit CVE-2019-5782 - https://github.com/tunz/js-vuln-db +CVE-2019-5784 - https://github.com/otravidaahora2t/js-vuln-db CVE-2019-5784 - https://github.com/tunz/js-vuln-db CVE-2019-5786 - https://github.com/0xT11/CVE-POC CVE-2019-5786 - https://github.com/ARPSyndicate/cvemon @@ -73304,6 +73630,7 @@ CVE-2019-6207 - https://github.com/maldiohead/CVE-2019-6207 CVE-2019-6207 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2019-6212 - https://github.com/ARPSyndicate/cvemon CVE-2019-6212 - https://github.com/sslab-gatech/freedom +CVE-2019-6215 - https://github.com/otravidaahora2t/js-vuln-db CVE-2019-6215 - https://github.com/tunz/js-vuln-db CVE-2019-6216 - https://github.com/ARPSyndicate/cvemon CVE-2019-6216 - https://github.com/alphaSeclab/sec-daily-2019 @@ -73528,6 +73855,7 @@ CVE-2019-6447 - https://github.com/N3H4L/CVE-2019-6447 CVE-2019-6447 - https://github.com/Nehal-Zaman/CVE-2019-6447 CVE-2019-6447 - https://github.com/Osuni-99/CVE-2019-6447 CVE-2019-6447 - https://github.com/SandaRuFdo/ES-File-Explorer-Open-Port-Vulnerability---CVE-2019-6447 +CVE-2019-6447 - https://github.com/SenukDias/OSCP_cheat CVE-2019-6447 - https://github.com/SirElmard/ethical_hacking CVE-2019-6447 - https://github.com/VinuKalana/CVE-2019-6447-Android-Vulnerability-in-ES-File-Explorer CVE-2019-6447 - https://github.com/amjadkhan345/esfile @@ -74019,6 +74347,7 @@ CVE-2019-7304 - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits CVE-2019-7304 - https://github.com/Ly0nt4r/OSCP CVE-2019-7304 - https://github.com/Mr-Tree-S/POC_EXP CVE-2019-7304 - https://github.com/SecuritySi/CVE-2019-7304_DirtySock +CVE-2019-7304 - https://github.com/SenukDias/OSCP_cheat CVE-2019-7304 - https://github.com/SirElmard/ethical_hacking CVE-2019-7304 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE CVE-2019-7304 - https://github.com/VieVaWaldi/DirtySock @@ -74081,6 +74410,7 @@ CVE-2019-7314 - https://github.com/JeroenRobben/aflnet-netfuzzlib CVE-2019-7314 - https://github.com/LeeHun9/AFLNeTrans CVE-2019-7314 - https://github.com/Speciale-Projekt/legening CVE-2019-7314 - https://github.com/aflnet/aflnet +CVE-2019-7314 - https://github.com/amonnymouse/aflnet CVE-2019-7314 - https://github.com/calmxkk/aflnet CVE-2019-7314 - https://github.com/cozy131/aflnet CVE-2019-7314 - https://github.com/dnagarju/Aflnet @@ -74651,6 +74981,7 @@ CVE-2019-8460 - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough CVE-2019-8506 - https://github.com/Ostorlab/KEV CVE-2019-8506 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2019-8506 - https://github.com/hwiwonl/dayone +CVE-2019-8506 - https://github.com/otravidaahora2t/js-vuln-db CVE-2019-8506 - https://github.com/tunz/js-vuln-db CVE-2019-8507 - https://github.com/alphaSeclab/sec-daily-2019 CVE-2019-8507 - https://github.com/houjingyi233/macOS-iOS-system-security @@ -74668,6 +74999,7 @@ CVE-2019-8518 - https://github.com/RUB-SysSec/JIT-Picker CVE-2019-8518 - https://github.com/alphaSeclab/sec-daily-2019 CVE-2019-8518 - https://github.com/googleprojectzero/fuzzilli CVE-2019-8518 - https://github.com/lnick2023/nicenice +CVE-2019-8518 - https://github.com/otravidaahora2t/js-vuln-db CVE-2019-8518 - https://github.com/qazbnm456/awesome-cve-poc CVE-2019-8518 - https://github.com/tunz/js-vuln-db CVE-2019-8518 - https://github.com/xbl3/awesome-cve-poc_qazbnm456 @@ -74695,6 +75027,7 @@ CVE-2019-8548 - https://github.com/ARPSyndicate/cvemon CVE-2019-8549 - https://github.com/houjingyi233/macOS-iOS-system-security CVE-2019-8558 - https://github.com/RUB-SysSec/JIT-Picker CVE-2019-8558 - https://github.com/googleprojectzero/fuzzilli +CVE-2019-8558 - https://github.com/otravidaahora2t/js-vuln-db CVE-2019-8558 - https://github.com/tunz/js-vuln-db CVE-2019-8558 - https://github.com/zhangjiahui-buaa/MasterThesis CVE-2019-8559 - https://github.com/ARPSyndicate/cvemon @@ -75161,6 +75494,7 @@ CVE-2019-9193 - https://github.com/ngadminq/Bei-Gai-penetration-test-guide CVE-2019-9193 - https://github.com/paulotrindadec/CVE-2019-9193 CVE-2019-9193 - https://github.com/petitfleur/prov_navigator CVE-2019-9193 - https://github.com/provnavigator/prov_navigator +CVE-2019-9193 - https://github.com/q99266/saury-vulnhub CVE-2019-9193 - https://github.com/superfish9/pt CVE-2019-9193 - https://github.com/trganda/dockerv CVE-2019-9193 - https://github.com/w181496/Web-CTF-Cheatsheet @@ -75559,6 +75893,7 @@ CVE-2019-9791 - https://github.com/RUB-SysSec/JIT-Picker CVE-2019-9791 - https://github.com/Sp0pielar/CVE-2019-9791 CVE-2019-9791 - https://github.com/ZihanYe/web-browser-vulnerabilities CVE-2019-9791 - https://github.com/googleprojectzero/fuzzilli +CVE-2019-9791 - https://github.com/otravidaahora2t/js-vuln-db CVE-2019-9791 - https://github.com/tunz/js-vuln-db CVE-2019-9791 - https://github.com/ulexec/Exploits CVE-2019-9791 - https://github.com/zhangjiahui-buaa/MasterThesis @@ -75608,6 +75943,7 @@ CVE-2019-9813 - https://github.com/ARPSyndicate/cvemon CVE-2019-9813 - https://github.com/RUB-SysSec/JIT-Picker CVE-2019-9813 - https://github.com/ZihanYe/web-browser-vulnerabilities CVE-2019-9813 - https://github.com/googleprojectzero/fuzzilli +CVE-2019-9813 - https://github.com/otravidaahora2t/js-vuln-db CVE-2019-9813 - https://github.com/tunz/js-vuln-db CVE-2019-9813 - https://github.com/zhangjiahui-buaa/MasterThesis CVE-2019-9816 - https://github.com/RUB-SysSec/JIT-Picker @@ -77320,6 +77656,7 @@ CVE-2020-0787 - https://github.com/yisan1/hh CVE-2020-0790 - https://github.com/404notf0und/CVE-Flow CVE-2020-0791 - https://github.com/ARPSyndicate/cvemon CVE-2020-0796 - https://github.com/0day404/vulnerability-poc +CVE-2020-0796 - https://github.com/0x25bit/CVE-2020-0796-PoC CVE-2020-0796 - https://github.com/0xMarcio/cve CVE-2020-0796 - https://github.com/0xT11/CVE-POC CVE-2020-0796 - https://github.com/0xcyberpj/windows-exploitation @@ -77414,6 +77751,7 @@ CVE-2020-0796 - https://github.com/MizaruIT/PENTAD-TOOLKIT CVE-2020-0796 - https://github.com/MizaruIT/PENTADAY_TOOLKIT CVE-2020-0796 - https://github.com/Mr-xn/Penetration_Testing_POC CVE-2020-0796 - https://github.com/Murasame-nc/CVE-2020-0796-LPE-POC +CVE-2020-0796 - https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources CVE-2020-0796 - https://github.com/NetW0rK1le3r/awesome-hacking-lists CVE-2020-0796 - https://github.com/NitroA/windowsexpoitationresources CVE-2020-0796 - https://github.com/NoTsPepino/Shodan-Dorking @@ -77433,6 +77771,7 @@ CVE-2020-0796 - https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Che CVE-2020-0796 - https://github.com/S3cur3Th1sSh1t/WinPwn CVE-2020-0796 - https://github.com/SEHandler/CVE-2020-0796 CVE-2020-0796 - https://github.com/SecWiki/windows-kernel-exploits +CVE-2020-0796 - https://github.com/SenukDias/OSCP_cheat CVE-2020-0796 - https://github.com/SexurityAnalyst/WinPwn CVE-2020-0796 - https://github.com/SexyBeast233/SecBooks CVE-2020-0796 - https://github.com/SirElmard/ethical_hacking @@ -78840,6 +79179,7 @@ CVE-2020-1054 - https://github.com/Iamgublin/CVE-2020-1054 CVE-2020-1054 - https://github.com/KaLendsi/CVE-2020-1054 CVE-2020-1054 - https://github.com/LegendSaber/exp_x64 CVE-2020-1054 - https://github.com/Mr-xn/Penetration_Testing_POC +CVE-2020-1054 - https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources CVE-2020-1054 - https://github.com/NitroA/windowsexpoitationresources CVE-2020-1054 - https://github.com/NullArray/WinKernel-Resources CVE-2020-1054 - https://github.com/Ostorlab/KEV @@ -80064,6 +80404,7 @@ CVE-2020-11651 - https://github.com/lovechinacoco/https-github.com-mai-lang-chai CVE-2020-11651 - https://github.com/lovelyjuice/cve-2020-11651-exp-plus CVE-2020-11651 - https://github.com/merlinxcy/ToolBox CVE-2020-11651 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2020-11651 - https://github.com/orgTestCodacy11KRepos110MB/repo-1492-Dork-Admin CVE-2020-11651 - https://github.com/password520/Penetration_PoC CVE-2020-11651 - https://github.com/puckiestyle/cve-2020-11651 CVE-2020-11651 - https://github.com/rapyuta-robotics/clean-script @@ -80134,6 +80475,7 @@ CVE-2020-11652 - https://github.com/lions2012/Penetration_Testing_POC CVE-2020-11652 - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection CVE-2020-11652 - https://github.com/n3masyst/n3masyst CVE-2020-11652 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2020-11652 - https://github.com/orgTestCodacy11KRepos110MB/repo-1492-Dork-Admin CVE-2020-11652 - https://github.com/password520/Penetration_PoC CVE-2020-11652 - https://github.com/rapyuta-robotics/clean-script CVE-2020-11652 - https://github.com/rossengeorgiev/salt-security-backports @@ -80680,6 +81022,7 @@ CVE-2020-12137 - https://github.com/Live-Hack-CVE/CVE-2020-12137 CVE-2020-12138 - https://github.com/0xcyberpj/windows-exploitation CVE-2020-12138 - https://github.com/0xpetros/windows-privilage-escalation CVE-2020-12138 - https://github.com/FULLSHADE/WindowsExploitationResources +CVE-2020-12138 - https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources CVE-2020-12138 - https://github.com/NitroA/windowsexpoitationresources CVE-2020-12138 - https://github.com/NullArray/WinKernel-Resources CVE-2020-12138 - https://github.com/Ondrik8/exploit @@ -82990,6 +83333,7 @@ CVE-2020-1472 - https://github.com/S3cur3Th1sSh1t/WinPwn CVE-2020-1472 - https://github.com/SaharAttackit/CVE-2020-1472 CVE-2020-1472 - https://github.com/Saidul-M-Khan/PENTESTING-BIBLE CVE-2020-1472 - https://github.com/SecuraBV/CVE-2020-1472 +CVE-2020-1472 - https://github.com/SenukDias/OSCP_cheat CVE-2020-1472 - https://github.com/SexurityAnalyst/WinPwn CVE-2020-1472 - https://github.com/SexyBeast233/SecBooks CVE-2020-1472 - https://github.com/Shiva108/ADBasher @@ -83126,6 +83470,7 @@ CVE-2020-1472 - https://github.com/lyshark/Windows-exploits CVE-2020-1472 - https://github.com/m1ddl3w4r3/SharpCollection CVE-2020-1472 - https://github.com/maikelnight/zerologon CVE-2020-1472 - https://github.com/merlinepedra25/AM0N-Eye +CVE-2020-1472 - https://github.com/michaelpoznecki/zerologon CVE-2020-1472 - https://github.com/midpipps/CVE-2020-1472-Easy CVE-2020-1472 - https://github.com/mingchen-script/CVE-2020-1472-visualizer CVE-2020-1472 - https://github.com/mishmashclone/Flangvik-SharpCollection @@ -83262,6 +83607,7 @@ CVE-2020-14750 - https://github.com/djytmdj/Tool_Summary CVE-2020-14750 - https://github.com/gnarkill78/CSA_S2_2024 CVE-2020-14750 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-14750 - https://github.com/hktalent/TOP +CVE-2020-14750 - https://github.com/huan-cdm/secure_tools_link CVE-2020-14750 - https://github.com/jas502n/CVE-2020-14882 CVE-2020-14750 - https://github.com/jbmihoub/all-poc CVE-2020-14750 - https://github.com/kkhacklabs/CVE-2020-14750 @@ -83552,6 +83898,7 @@ CVE-2020-14882 - https://github.com/hanc00l/some_pocsuite CVE-2020-14882 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-14882 - https://github.com/hktalent/TOP CVE-2020-14882 - https://github.com/hktalent/bug-bounty +CVE-2020-14882 - https://github.com/huan-cdm/secure_tools_link CVE-2020-14882 - https://github.com/huike007/penetration_poc CVE-2020-14882 - https://github.com/iceberg-N/WL_Scan_GO CVE-2020-14882 - https://github.com/ihebski/A-Red-Teamer-diaries @@ -83680,6 +84027,7 @@ CVE-2020-14883 - https://github.com/forhub2021/weblogicScanner CVE-2020-14883 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-14883 - https://github.com/hktalent/TOP CVE-2020-14883 - https://github.com/hktalent/bug-bounty +CVE-2020-14883 - https://github.com/huan-cdm/secure_tools_link CVE-2020-14883 - https://github.com/jas502n/CVE-2020-14882 CVE-2020-14883 - https://github.com/jbmihoub/all-poc CVE-2020-14883 - https://github.com/langu-xyz/JavaVulnMap @@ -84574,6 +84922,7 @@ CVE-2020-15999 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-15999 - https://github.com/maarlo/CVE-2020-15999 CVE-2020-15999 - https://github.com/marcinguy/CVE-2020-15999 CVE-2020-15999 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2020-15999 - https://github.com/oxfemale/CVE-2020-15999 CVE-2020-15999 - https://github.com/readloud/Awesome-Stars CVE-2020-15999 - https://github.com/seifrajhi/Docker-Image-Building-Best-Practices CVE-2020-15999 - https://github.com/soosmile/POC @@ -85505,6 +85854,7 @@ CVE-2020-17519 - https://github.com/Ostorlab/KEV CVE-2020-17519 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2020-17519 - https://github.com/Osyanina/westone-CVE-2020-17519-scanner CVE-2020-17519 - https://github.com/QmF0c3UK/CVE-2020-17519 +CVE-2020-17519 - https://github.com/SenukDias/OSCP_cheat CVE-2020-17519 - https://github.com/SexyBeast233/SecBooks CVE-2020-17519 - https://github.com/SirElmard/ethical_hacking CVE-2020-17519 - https://github.com/StarCrossPortal/scalpel @@ -86017,6 +86367,7 @@ CVE-2020-1938 - https://github.com/password520/RedTeamer CVE-2020-1938 - https://github.com/pathakabhi24/Pentest-Tools CVE-2020-1938 - https://github.com/pinkieli/GitHub-Chinese-Top-Charts CVE-2020-1938 - https://github.com/pjgmonteiro/Pentest-tools +CVE-2020-1938 - https://github.com/q99266/saury-vulnhub CVE-2020-1938 - https://github.com/qazbnm456/awesome-cve-poc CVE-2020-1938 - https://github.com/qingyuanfeiniao/Chinese-Top-Charts CVE-2020-1938 - https://github.com/readloud/Awesome-Stars @@ -86389,6 +86740,7 @@ CVE-2020-2034 - https://github.com/ARPSyndicate/cvemon CVE-2020-2034 - https://github.com/blackhatethicalhacking/CVE-2020-2034-POC CVE-2020-2034 - https://github.com/developer3000S/PoC-in-GitHub CVE-2020-2034 - https://github.com/hectorgie/PoC-in-GitHub +CVE-2020-2034 - https://github.com/nitish778191/fitness_app CVE-2020-2034 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2020-2034 - https://github.com/noperator/panos-scanner CVE-2020-2034 - https://github.com/r0eXpeR/supplier @@ -87915,6 +88267,7 @@ CVE-2020-2551 - https://github.com/hktalent/CVE_2020_2546 CVE-2020-2551 - https://github.com/hktalent/CreateOneMinJar CVE-2020-2551 - https://github.com/hktalent/TOP CVE-2020-2551 - https://github.com/hktalent/bug-bounty +CVE-2020-2551 - https://github.com/huan-cdm/secure_tools_link CVE-2020-2551 - https://github.com/huike007/penetration_poc CVE-2020-2551 - https://github.com/huike007/poc CVE-2020-2551 - https://github.com/hungslab/awd-tools @@ -88549,6 +88902,7 @@ CVE-2020-2604 - https://github.com/PalindromeLabs/Java-Deserialization-CVEs CVE-2020-26042 - https://github.com/superlink996/chunqiuyunjingbachang CVE-2020-26048 - https://github.com/hxysaury/The-Road-to-Safety CVE-2020-26048 - https://github.com/hxysaury/saury-vulnhub +CVE-2020-26048 - https://github.com/q99266/saury-vulnhub CVE-2020-26050 - https://github.com/ARPSyndicate/cvemon CVE-2020-26050 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2020-26061 - https://github.com/ARPSyndicate/cvemon @@ -92405,6 +92759,7 @@ CVE-2020-5410 - https://github.com/ax1sX/SpringSecurity CVE-2020-5410 - https://github.com/d4n-sec/d4n-sec.github.io CVE-2020-5410 - https://github.com/dead5nd/config-demo CVE-2020-5410 - https://github.com/developer3000S/PoC-in-GitHub +CVE-2020-5410 - https://github.com/drwiiche/resource CVE-2020-5410 - https://github.com/dudek-marcin/Poc-Exp CVE-2020-5410 - https://github.com/enomothem/PenTestNote CVE-2020-5410 - https://github.com/hasee2018/Penetration_Testing_POC @@ -93349,6 +93704,7 @@ CVE-2020-6514 - https://github.com/ARPSyndicate/cvemon CVE-2020-6514 - https://github.com/HassanAzze/CVE-2020-6514 CVE-2020-6514 - https://github.com/R0jhack/CVE-2020-6514 CVE-2020-6514 - https://github.com/developer3000S/PoC-in-GitHub +CVE-2020-6514 - https://github.com/hasan-khalil/CVE-2020-6514 CVE-2020-6514 - https://github.com/hectorgie/PoC-in-GitHub CVE-2020-6514 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2020-6514 - https://github.com/rojhack/CVE-2020-6514 @@ -95201,6 +95557,7 @@ CVE-2020-8804 - https://github.com/ARPSyndicate/cvemon CVE-2020-8808 - https://github.com/0xcyberpj/windows-exploitation CVE-2020-8808 - https://github.com/0xpetros/windows-privilage-escalation CVE-2020-8808 - https://github.com/FULLSHADE/WindowsExploitationResources +CVE-2020-8808 - https://github.com/MustafaNafizDurukan/WindowsKernelExploitationResources CVE-2020-8808 - https://github.com/NitroA/windowsexpoitationresources CVE-2020-8808 - https://github.com/NullArray/WinKernel-Resources CVE-2020-8808 - https://github.com/Ondrik8/exploit @@ -97655,6 +98012,7 @@ CVE-2021-1675 - https://github.com/S3cur3Th1sSh1t/WinPwn CVE-2021-1675 - https://github.com/SYRTI/POC_to_review CVE-2021-1675 - https://github.com/SaintsConnor/Exploits CVE-2021-1675 - https://github.com/SecuProject/NetworkInfoGather +CVE-2021-1675 - https://github.com/SenukDias/OSCP_cheat CVE-2021-1675 - https://github.com/SexurityAnalyst/WinPwn CVE-2021-1675 - https://github.com/SexyBeast233/SecBooks CVE-2021-1675 - https://github.com/SirElmard/ethical_hacking @@ -97802,6 +98160,7 @@ CVE-2021-1675 - https://github.com/real-acmkan/docker-printernightmare CVE-2021-1675 - https://github.com/retr0-13/Active-Directory-Exploitation-Cheat-Sheet CVE-2021-1675 - https://github.com/retr0-13/PrintNightmare CVE-2021-1675 - https://github.com/retr0-13/WinPwn +CVE-2021-1675 - https://github.com/rettbl/Useful CVE-2021-1675 - https://github.com/revanmalang/OSCP CVE-2021-1675 - https://github.com/rnbochsr/atlas CVE-2021-1675 - https://github.com/rodrigosilvaluz/JUST_WALKING_DOG @@ -98675,6 +99034,8 @@ CVE-2021-2086 - https://github.com/dlehgus1023/CVE CVE-2021-2086 - https://github.com/dlehgus1023/VirtualBox_IO-Fuzz CVE-2021-2086 - https://github.com/dlehgus1023/dlehgus1023 CVE-2021-2086 - https://github.com/erepspinos/CVE +CVE-2021-2086 - https://github.com/l33d0hyun/CVE +CVE-2021-2086 - https://github.com/l33d0hyun/l33d0hyun CVE-2021-21014 - https://github.com/ARPSyndicate/cvemon CVE-2021-21014 - https://github.com/HoangKien1020/CVE-2021-21014 CVE-2021-21014 - https://github.com/NaInSec/CVE-PoC-in-GitHub @@ -99745,6 +100106,7 @@ CVE-2021-21972 - https://github.com/R1card0-tutu/Red CVE-2021-21972 - https://github.com/Ratlesv/LadonGo CVE-2021-21972 - https://github.com/SYRTI/POC_to_review CVE-2021-21972 - https://github.com/Schira4396/VcenterKiller +CVE-2021-21972 - https://github.com/SenukDias/OSCP_cheat CVE-2021-21972 - https://github.com/SexyBeast233/SecBooks CVE-2021-21972 - https://github.com/SirElmard/ethical_hacking CVE-2021-21972 - https://github.com/SofianeHamlaoui/Conti-Clear @@ -100458,6 +100820,7 @@ CVE-2021-22204 - https://github.com/PenTestical/CVE-2021-22204 CVE-2021-22204 - https://github.com/PolGs/htb-meta CVE-2021-22204 - https://github.com/PwnAwan/MindMaps2 CVE-2021-22204 - https://github.com/SYRTI/POC_to_review +CVE-2021-22204 - https://github.com/SenukDias/OSCP_cheat CVE-2021-22204 - https://github.com/SexyBeast233/SecBooks CVE-2021-22204 - https://github.com/SirElmard/ethical_hacking CVE-2021-22204 - https://github.com/Sm4rty-1/awesome-blogs @@ -101028,6 +101391,7 @@ CVE-2021-22986 - https://github.com/lions2012/Penetration_Testing_POC CVE-2021-22986 - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection CVE-2021-22986 - https://github.com/luck-ying/Library-POC CVE-2021-22986 - https://github.com/manas3c/CVE-POC +CVE-2021-22986 - https://github.com/microvorld/CVE-2021-22986 CVE-2021-22986 - https://github.com/n1sh1th/CVE-POC CVE-2021-22986 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2021-22986 - https://github.com/openx-org/BLEN @@ -102934,6 +103298,7 @@ CVE-2021-26085 - https://github.com/Loginsoft-Research/Linux-Exploit-Detection CVE-2021-26085 - https://github.com/Ly0nt4r/OSCP CVE-2021-26085 - https://github.com/Ostorlab/KEV CVE-2021-26085 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +CVE-2021-26085 - https://github.com/SenukDias/OSCP_cheat CVE-2021-26085 - https://github.com/SirElmard/ethical_hacking CVE-2021-26085 - https://github.com/Threekiii/Awesome-POC CVE-2021-26085 - https://github.com/d4n-sec/d4n-sec.github.io @@ -104517,6 +104882,7 @@ CVE-2021-27550 - https://github.com/0xCyberY/CVE-T4PDF CVE-2021-27550 - https://github.com/ARPSyndicate/cvemon CVE-2021-27550 - https://github.com/dlehgus1023/CVE CVE-2021-27550 - https://github.com/erepspinos/CVE +CVE-2021-27550 - https://github.com/l33d0hyun/CVE CVE-2021-27556 - https://github.com/p1ay8y3ar/cve_monitor CVE-2021-27561 - https://github.com/ARPSyndicate/cvemon CVE-2021-27561 - https://github.com/ARPSyndicate/kenzer-templates @@ -104740,6 +105106,7 @@ CVE-2021-27928 - https://github.com/LalieA/CVE-2021-27928 CVE-2021-27928 - https://github.com/Ly0nt4r/OSCP CVE-2021-27928 - https://github.com/NaInSec/CVE-PoC-in-GitHub CVE-2021-27928 - https://github.com/SYRTI/POC_to_review +CVE-2021-27928 - https://github.com/SenukDias/OSCP_cheat CVE-2021-27928 - https://github.com/Shenkongyin/CUC-2023 CVE-2021-27928 - https://github.com/SirElmard/ethical_hacking CVE-2021-27928 - https://github.com/WhooAmii/POC_to_review @@ -104938,6 +105305,7 @@ CVE-2021-28165 - https://github.com/nidhi7598/jetty-9.4.31_CVE-2021-28165 CVE-2021-28165 - https://github.com/uthrasri/CVE-2021-28165 CVE-2021-28166 - https://github.com/PBearson/FUME-Fuzzing-MQTT-Brokers CVE-2021-28169 - https://github.com/20142995/Goby +CVE-2021-28169 - https://github.com/20142995/nuclei-templates CVE-2021-28169 - https://github.com/ARPSyndicate/cvemon CVE-2021-28169 - https://github.com/ARPSyndicate/kenzer-templates CVE-2021-28169 - https://github.com/Awrrays/FrameVul @@ -105447,6 +105815,7 @@ CVE-2021-29425 - https://github.com/kenlavbah/log4jnotes CVE-2021-29425 - https://github.com/raner/projo CVE-2021-29425 - https://github.com/scordero1234/java_sec_demo-main CVE-2021-29425 - https://github.com/seal-community/patches +CVE-2021-29425 - https://github.com/ytono/gcp-arcade CVE-2021-29436 - https://github.com/indevi0us/indevi0us CVE-2021-29440 - https://github.com/ARPSyndicate/cvemon CVE-2021-29440 - https://github.com/CsEnox/CVE-2021-29440 @@ -106716,6 +107085,7 @@ CVE-2021-31207 - https://github.com/laoqin1234/https-github.com-HackingCost-AD_P CVE-2021-31207 - https://github.com/merlinepedra/RedTeam_toolkit CVE-2021-31207 - https://github.com/merlinepedra25/RedTeam_toolkit CVE-2021-31207 - https://github.com/mithridates1313/ProxyShell_POC +CVE-2021-31207 - https://github.com/nitish778191/fitness_app CVE-2021-31207 - https://github.com/pen4uin/awesome-vulnerability-research CVE-2021-31207 - https://github.com/pen4uin/vulnerability-research CVE-2021-31207 - https://github.com/pen4uin/vulnerability-research-list @@ -106804,6 +107174,7 @@ CVE-2021-3129 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detec CVE-2021-3129 - https://github.com/SNCKER/CVE-2021-3129 CVE-2021-3129 - https://github.com/SYRTI/POC_to_review CVE-2021-3129 - https://github.com/SecPros-Team/laravel-CVE-2021-3129-EXP +CVE-2021-3129 - https://github.com/SenukDias/OSCP_cheat CVE-2021-3129 - https://github.com/SexyBeast233/SecBooks CVE-2021-3129 - https://github.com/SirElmard/ethical_hacking CVE-2021-3129 - https://github.com/Threekiii/Awesome-POC @@ -107104,6 +107475,7 @@ CVE-2021-3156 - https://github.com/Sabhareesh2002/Cat-picture---Tryhackme CVE-2021-3156 - https://github.com/SamTruss/LMU-CVE-2021-3156 CVE-2021-3156 - https://github.com/SantiagoSerrao/ScannerCVE-2021-3156 CVE-2021-3156 - https://github.com/Self-Study-Committee/Skr_Learning +CVE-2021-3156 - https://github.com/SenukDias/OSCP_cheat CVE-2021-3156 - https://github.com/SexyBeast233/SecBooks CVE-2021-3156 - https://github.com/SirElmard/ethical_hacking CVE-2021-3156 - https://github.com/Spektrainfiniti/MP @@ -107821,6 +108193,7 @@ CVE-2021-3229 - https://github.com/trhacknon/Pocingit CVE-2021-3229 - https://github.com/whoforget/CVE-POC CVE-2021-3229 - https://github.com/youwizard/CVE-POC CVE-2021-3229 - https://github.com/zecool/cve +CVE-2021-32292 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2021-32305 - https://github.com/20142995/Goby CVE-2021-32305 - https://github.com/ARPSyndicate/cvemon CVE-2021-32305 - https://github.com/ARPSyndicate/kenzer-templates @@ -107872,6 +108245,7 @@ CVE-2021-32483 - https://github.com/kosmosec/CVE-numbers CVE-2021-32489 - https://github.com/ARPSyndicate/cvemon CVE-2021-32489 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2021-32494 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2021-32495 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2021-32495 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2021-32527 - https://github.com/4RG0S/2021-Summer-Some-Day-Exploit CVE-2021-32537 - https://github.com/0vercl0k/0vercl0k @@ -108075,6 +108449,8 @@ CVE-2021-32824 - https://github.com/Whoopsunix/PPPVULNS CVE-2021-32839 - https://github.com/ARPSyndicate/cvemon CVE-2021-32839 - https://github.com/HeikkiLu/cybersecuritymooc-project1 CVE-2021-32840 - https://github.com/ARPSyndicate/cvemon +CVE-2021-32845 - https://github.com/DiRaltvein/memory-corruption-examples +CVE-2021-32846 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2021-32849 - https://github.com/0day404/vulnerability-poc CVE-2021-32849 - https://github.com/0x0021h/expbox CVE-2021-32849 - https://github.com/ARPSyndicate/cvemon @@ -108343,6 +108719,7 @@ CVE-2021-3327 - https://github.com/developer3000S/PoC-in-GitHub CVE-2021-33285 - https://github.com/ARPSyndicate/cvemon CVE-2021-33286 - https://github.com/ARPSyndicate/cvemon CVE-2021-33294 - https://github.com/fokypoky/places-list +CVE-2021-33304 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2021-3331 - https://github.com/Ross46/Follina CVE-2021-33357 - https://github.com/20142995/Goby CVE-2021-33357 - https://github.com/ARPSyndicate/cvemon @@ -108634,6 +109011,7 @@ CVE-2021-3378 - https://github.com/whoforget/CVE-POC CVE-2021-3378 - https://github.com/youwizard/CVE-POC CVE-2021-3378 - https://github.com/zecool/cve CVE-2021-33796 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2021-33797 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2021-33798 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2021-33807 - https://github.com/ARPSyndicate/cvemon CVE-2021-33807 - https://github.com/ARPSyndicate/kenzer-templates @@ -108773,6 +109151,7 @@ CVE-2021-34071 - https://github.com/ARPSyndicate/cvemon CVE-2021-34071 - https://github.com/cemonatk/onefuzzyway CVE-2021-3409 - https://github.com/sereok3/buffer-overflow-writeups CVE-2021-34110 - https://github.com/ARPSyndicate/cvemon +CVE-2021-34119 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2021-34141 - https://github.com/ARPSyndicate/cvemon CVE-2021-34141 - https://github.com/Daybreak2019/PolyCruise CVE-2021-34141 - https://github.com/awen-li/PolyCruise @@ -108869,6 +109248,8 @@ CVE-2021-34280 - https://github.com/ARPSyndicate/cvemon CVE-2021-34280 - https://github.com/dlehgus1023/CVE CVE-2021-34280 - https://github.com/dlehgus1023/dlehgus1023 CVE-2021-34280 - https://github.com/erepspinos/CVE +CVE-2021-34280 - https://github.com/l33d0hyun/CVE +CVE-2021-34280 - https://github.com/l33d0hyun/l33d0hyun CVE-2021-34352 - https://github.com/p1ay8y3ar/cve_monitor CVE-2021-34369 - https://github.com/ARPSyndicate/cvemon CVE-2021-34370 - https://github.com/ARPSyndicate/cvemon @@ -109014,6 +109395,7 @@ CVE-2021-34473 - https://github.com/lions2012/Penetration_Testing_POC CVE-2021-34473 - https://github.com/merlinepedra/RedTeam_toolkit CVE-2021-34473 - https://github.com/merlinepedra25/RedTeam_toolkit CVE-2021-34473 - https://github.com/mithridates1313/ProxyShell_POC +CVE-2021-34473 - https://github.com/nitish778191/fitness_app CVE-2021-34473 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2021-34473 - https://github.com/osogi/NTO_2022 CVE-2021-34473 - https://github.com/p2-98/CVE-2021-34473 @@ -109164,6 +109546,7 @@ CVE-2021-34523 - https://github.com/laoqin1234/https-github.com-HackingCost-AD_P CVE-2021-34523 - https://github.com/merlinepedra/RedTeam_toolkit CVE-2021-34523 - https://github.com/merlinepedra25/RedTeam_toolkit CVE-2021-34523 - https://github.com/mithridates1313/ProxyShell_POC +CVE-2021-34523 - https://github.com/nitish778191/fitness_app CVE-2021-34523 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2021-34523 - https://github.com/pen4uin/awesome-vulnerability-research CVE-2021-34523 - https://github.com/pen4uin/vulnerability-research @@ -109249,6 +109632,7 @@ CVE-2021-34527 - https://github.com/S3cur3Th1sSh1t/WinPwn CVE-2021-34527 - https://github.com/SSBhaumik/Printnightmare-safetool CVE-2021-34527 - https://github.com/SYRTI/POC_to_review CVE-2021-34527 - https://github.com/SecuProject/NetworkInfoGather +CVE-2021-34527 - https://github.com/SenukDias/OSCP_cheat CVE-2021-34527 - https://github.com/SexurityAnalyst/WinPwn CVE-2021-34527 - https://github.com/Shadowven/Vulnerability_Reproduction CVE-2021-34527 - https://github.com/SirElmard/ethical_hacking @@ -109620,6 +110004,7 @@ CVE-2021-3493 - https://github.com/Ostorlab/KEV CVE-2021-3493 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2021-3493 - https://github.com/ProbiusOfficial/Awsome-Sec.CTF-Videomaker CVE-2021-3493 - https://github.com/SYRTI/POC_to_review +CVE-2021-3493 - https://github.com/SenukDias/OSCP_cheat CVE-2021-3493 - https://github.com/Senz4wa/CVE-2021-3493 CVE-2021-3493 - https://github.com/SexyBeast233/SecBooks CVE-2021-3493 - https://github.com/SirElmard/ethical_hacking @@ -109692,6 +110077,8 @@ CVE-2021-3493 - https://github.com/zecool/cve CVE-2021-3497 - https://github.com/ARPSyndicate/cvemon CVE-2021-34973 - https://github.com/dlehgus1023/CVE CVE-2021-34973 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2021-34973 - https://github.com/l33d0hyun/CVE +CVE-2021-34973 - https://github.com/l33d0hyun/l33d0hyun CVE-2021-3498 - https://github.com/ARPSyndicate/cvemon CVE-2021-34982 - https://github.com/IamAlch3mist/Awesome-Embedded-Systems-Vulnerability-Research CVE-2021-34992 - https://github.com/ARPSyndicate/cvemon @@ -109968,6 +110355,8 @@ CVE-2021-35540 - https://github.com/ARPSyndicate/cvemon CVE-2021-35540 - https://github.com/dlehgus1023/CVE CVE-2021-35540 - https://github.com/dlehgus1023/VirtualBox_IO-Fuzz CVE-2021-35540 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2021-35540 - https://github.com/l33d0hyun/CVE +CVE-2021-35540 - https://github.com/l33d0hyun/l33d0hyun CVE-2021-35550 - https://github.com/ARPSyndicate/cvemon CVE-2021-35556 - https://github.com/ARPSyndicate/cvemon CVE-2021-35559 - https://github.com/ARPSyndicate/cvemon @@ -110052,6 +110441,7 @@ CVE-2021-3560 - https://github.com/RACHO-PRG/Linux_Escalada_Privilegios CVE-2021-3560 - https://github.com/RicterZ/CVE-2021-3560-Authentication-Agent CVE-2021-3560 - https://github.com/STEALTH-Z/CVE-2021-3560 CVE-2021-3560 - https://github.com/SYRTI/POC_to_review +CVE-2021-3560 - https://github.com/SenukDias/OSCP_cheat CVE-2021-3560 - https://github.com/SirElmard/ethical_hacking CVE-2021-3560 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE CVE-2021-3560 - https://github.com/TieuLong21Prosper/CVE-2021-3560 @@ -110694,6 +111084,7 @@ CVE-2021-36934 - https://github.com/RNBBarrett/CrewAI-examples CVE-2021-36934 - https://github.com/RP01XXX/internalpentesting CVE-2021-36934 - https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet CVE-2021-36934 - https://github.com/SYRTI/POC_to_review +CVE-2021-36934 - https://github.com/SenukDias/OSCP_cheat CVE-2021-36934 - https://github.com/SexyBeast233/SecBooks CVE-2021-36934 - https://github.com/SirElmard/ethical_hacking CVE-2021-36934 - https://github.com/Sp00p64/PyNightmare @@ -110782,6 +111173,7 @@ CVE-2021-36942 - https://github.com/OriolOriolOriol/ADTech CVE-2021-36942 - https://github.com/Ostorlab/KEV CVE-2021-36942 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2021-36942 - https://github.com/Royalboy2000/codeRDPbreaker +CVE-2021-36942 - https://github.com/SenukDias/OSCP_cheat CVE-2021-36942 - https://github.com/SirElmard/ethical_hacking CVE-2021-36942 - https://github.com/XiaoliChan/PetitPotam-V2 CVE-2021-36942 - https://github.com/cfalta/MicrosoftWontFixList @@ -111235,6 +111627,7 @@ CVE-2021-37750 - https://github.com/ARPSyndicate/cvemon CVE-2021-37750 - https://github.com/leonov-av/scanvus CVE-2021-37761 - https://github.com/ARPSyndicate/cvemon CVE-2021-37761 - https://github.com/r0eXpeR/supplier +CVE-2021-37778 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2021-37778 - https://github.com/firmianay/security-issues CVE-2021-37806 - https://github.com/2lambda123/CVE-mitre CVE-2021-37806 - https://github.com/2lambda123/Windows10Exploits @@ -112431,6 +112824,7 @@ CVE-2021-4034 - https://github.com/Rezilion/mi-x CVE-2021-4034 - https://github.com/Rijha/pwnkitt CVE-2021-4034 - https://github.com/Rvn0xsy/CVE-2021-4034 CVE-2021-4034 - https://github.com/Sakura-nee/CVE-2021-4034 +CVE-2021-4034 - https://github.com/SenukDias/OSCP_cheat CVE-2021-4034 - https://github.com/Senz4wa/CVE-2021-4034 CVE-2021-4034 - https://github.com/Silencecyber/cve-2021-4034 CVE-2021-4034 - https://github.com/SirElmard/ethical_hacking @@ -112611,6 +113005,7 @@ CVE-2021-4034 - https://github.com/phvilasboas/CVE-2021-4034 CVE-2021-4034 - https://github.com/promise2k/OSCP CVE-2021-4034 - https://github.com/ps-interactive/lab_cve-2021-4034-polkit-emulation-and-detection CVE-2021-4034 - https://github.com/pyhrr0/pwnkit +CVE-2021-4034 - https://github.com/q99266/saury-vulnhub CVE-2021-4034 - https://github.com/raigoj/local CVE-2021-4034 - https://github.com/revanmalang/OSCP CVE-2021-4034 - https://github.com/rhysmcneill/CVE-2021-403 @@ -113806,6 +114201,7 @@ CVE-2021-41379 - https://github.com/Octoberfest7/OSEP-Tools CVE-2021-41379 - https://github.com/Octoberfest7/Tools CVE-2021-41379 - https://github.com/Ostorlab/KEV CVE-2021-41379 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +CVE-2021-41379 - https://github.com/SenukDias/OSCP_cheat CVE-2021-41379 - https://github.com/SirElmard/ethical_hacking CVE-2021-41379 - https://github.com/cyb3rpeace/InstallerFileTakeOver CVE-2021-41379 - https://github.com/devopscoder331/CVE_InstallerFileTakeOver @@ -114229,6 +114625,7 @@ CVE-2021-41773 - https://github.com/Ruviixx/proyecto-ps CVE-2021-41773 - https://github.com/RyouYoo/CVE-2021-41773 CVE-2021-41773 - https://github.com/SYRTI/POC_to_review CVE-2021-41773 - https://github.com/Sakura-nee/CVE-2021-41773 +CVE-2021-41773 - https://github.com/SenukDias/OSCP_cheat CVE-2021-41773 - https://github.com/Shadow-warrior0/Apache_path_traversal CVE-2021-41773 - https://github.com/Shadowven/Vulnerability_Reproduction CVE-2021-41773 - https://github.com/SirElmard/ethical_hacking @@ -114375,6 +114772,7 @@ CVE-2021-41773 - https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-41773-and- CVE-2021-41773 - https://github.com/provnavigator/prov_navigator CVE-2021-41773 - https://github.com/puckiestyle/CVE-2021-41773 CVE-2021-41773 - https://github.com/pwn3z/CVE-2021-41773-Apache-RCE +CVE-2021-41773 - https://github.com/q99266/saury-vulnhub CVE-2021-41773 - https://github.com/qwutony/CVE-2021-41773 CVE-2021-41773 - https://github.com/r00tVen0m/CVE-2021-41773 CVE-2021-41773 - https://github.com/randomAnalyst/PoC-Fetcher @@ -114618,6 +115016,7 @@ CVE-2021-42013 - https://github.com/Ostorlab/KEV CVE-2021-42013 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2021-42013 - https://github.com/Rubikcuv5/cve-2021-42013 CVE-2021-42013 - https://github.com/SYRTI/POC_to_review +CVE-2021-42013 - https://github.com/SenukDias/OSCP_cheat CVE-2021-42013 - https://github.com/Shadow-warrior0/Apache_path_traversal CVE-2021-42013 - https://github.com/Shadowven/Vulnerability_Reproduction CVE-2021-42013 - https://github.com/SirElmard/ethical_hacking @@ -114690,6 +115089,7 @@ CVE-2021-42013 - https://github.com/pen4uin/vulnerability-research CVE-2021-42013 - https://github.com/pen4uin/vulnerability-research-list CVE-2021-42013 - https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-41773-and-CVE-2021-42013-exploitation-attempt CVE-2021-42013 - https://github.com/pwn3z/CVE-2021-41773-Apache-RCE +CVE-2021-42013 - https://github.com/q99266/saury-vulnhub CVE-2021-42013 - https://github.com/quentin33980/ToolBox-qgt CVE-2021-42013 - https://github.com/ralvares/security-demos CVE-2021-42013 - https://github.com/randomAnalyst/PoC-Fetcher @@ -114929,6 +115329,7 @@ CVE-2021-42278 - https://github.com/ReAbout/web-sec CVE-2021-42278 - https://github.com/Ridter/noPac CVE-2021-42278 - https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet CVE-2021-42278 - https://github.com/SYRTI/POC_to_review +CVE-2021-42278 - https://github.com/SenukDias/OSCP_cheat CVE-2021-42278 - https://github.com/Singhsanjeev617/A-Red-Teamer-diaries CVE-2021-42278 - https://github.com/SirElmard/ethical_hacking CVE-2021-42278 - https://github.com/Threekiii/Awesome-Redteam @@ -115082,6 +115483,7 @@ CVE-2021-42287 - https://github.com/Ridter/noPac CVE-2021-42287 - https://github.com/RkDx/MyRuby CVE-2021-42287 - https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet CVE-2021-42287 - https://github.com/SYRTI/POC_to_review +CVE-2021-42287 - https://github.com/SenukDias/OSCP_cheat CVE-2021-42287 - https://github.com/Singhsanjeev617/A-Red-Teamer-diaries CVE-2021-42287 - https://github.com/SirElmard/ethical_hacking CVE-2021-42287 - https://github.com/Strokekilla/Rubeus @@ -115248,6 +115650,7 @@ CVE-2021-42321 - https://github.com/NaInSec/CVE-PoC-in-GitHub CVE-2021-42321 - https://github.com/Ostorlab/KEV CVE-2021-42321 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2021-42321 - https://github.com/SYRTI/POC_to_review +CVE-2021-42321 - https://github.com/SenukDias/OSCP_cheat CVE-2021-42321 - https://github.com/SirElmard/ethical_hacking CVE-2021-42321 - https://github.com/SohelParashar/.Net-Deserialization-Cheat-Sheet CVE-2021-42321 - https://github.com/TrojanAZhen/Self_Back @@ -115418,6 +115821,7 @@ CVE-2021-42550 - https://github.com/scordero1234/java_sec_demo-main CVE-2021-42550 - https://github.com/thl-cmk/CVE-log4j-check_mk-plugin CVE-2021-42550 - https://github.com/trhacknon/CVE-2021-44228-Scanner CVE-2021-42550 - https://github.com/trhacknon/log4shell-finder +CVE-2021-42550 - https://github.com/ytono/gcp-arcade CVE-2021-42551 - https://github.com/ARPSyndicate/cvemon CVE-2021-42551 - https://github.com/ARPSyndicate/kenzer-templates CVE-2021-42551 - https://github.com/compr00t/nuclei-templates @@ -115614,7 +116018,9 @@ CVE-2021-42671 - https://github.com/soosmile/POC CVE-2021-42671 - https://github.com/trhacknon/Pocingit CVE-2021-42671 - https://github.com/zecool/cve CVE-2021-42678 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2021-42678 - https://github.com/l33d0hyun/l33d0hyun CVE-2021-42679 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2021-42679 - https://github.com/l33d0hyun/l33d0hyun CVE-2021-42694 - https://github.com/ARPSyndicate/cvemon CVE-2021-42694 - https://github.com/hffaust/CVE-2021-42574_and_CVE-2021-42694 CVE-2021-42694 - https://github.com/js-on/CVE-2021-42694 @@ -116997,6 +117403,7 @@ CVE-2021-44228 - https://github.com/Saravana-Infosec/Test CVE-2021-44228 - https://github.com/Saravana-Infosec/log4j CVE-2021-44228 - https://github.com/Schira4396/VcenterKiller CVE-2021-44228 - https://github.com/Sennovate-Inc/GluuLog4jScanner +CVE-2021-44228 - https://github.com/SenukDias/OSCP_cheat CVE-2021-44228 - https://github.com/Sh0ckFR/log4j-CVE-2021-44228-Public-IoCs CVE-2021-44228 - https://github.com/Shakilll/nulcei-templates-collection CVE-2021-44228 - https://github.com/ShaneKingBlog/org.shaneking.demo.cve.y2021.s44228 @@ -117779,6 +118186,7 @@ CVE-2021-44228 - https://github.com/pwnipc/Log4jExploitDemo CVE-2021-44228 - https://github.com/pwnlog/PAD CVE-2021-44228 - https://github.com/pwnlog/PuroAD CVE-2021-44228 - https://github.com/pwnlog/PurpAD +CVE-2021-44228 - https://github.com/q99266/saury-vulnhub CVE-2021-44228 - https://github.com/qingtengyun/cve-2021-44228-qingteng-online-patch CVE-2021-44228 - https://github.com/qingtengyun/cve-2021-44228-qingteng-patch CVE-2021-44228 - https://github.com/quoll/mulgara @@ -119346,12 +119754,18 @@ CVE-2021-45975 - https://github.com/last-byte/last-byte CVE-2021-45978 - https://github.com/ARPSyndicate/cvemon CVE-2021-45978 - https://github.com/dlehgus1023/CVE CVE-2021-45978 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2021-45978 - https://github.com/l33d0hyun/CVE +CVE-2021-45978 - https://github.com/l33d0hyun/l33d0hyun CVE-2021-45979 - https://github.com/ARPSyndicate/cvemon CVE-2021-45979 - https://github.com/dlehgus1023/CVE CVE-2021-45979 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2021-45979 - https://github.com/l33d0hyun/CVE +CVE-2021-45979 - https://github.com/l33d0hyun/l33d0hyun CVE-2021-45980 - https://github.com/ARPSyndicate/cvemon CVE-2021-45980 - https://github.com/dlehgus1023/CVE CVE-2021-45980 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2021-45980 - https://github.com/l33d0hyun/CVE +CVE-2021-45980 - https://github.com/l33d0hyun/l33d0hyun CVE-2021-45983 - https://github.com/ARPSyndicate/cvemon CVE-2021-45986 - https://github.com/ARPSyndicate/cvemon CVE-2021-45986 - https://github.com/pjqwudi/my_vuln @@ -119966,6 +120380,7 @@ CVE-2022-0126 - https://github.com/tdunlap607/gsd-analysis CVE-2022-0128 - https://github.com/ARPSyndicate/cvemon CVE-2022-0129 - https://github.com/ARPSyndicate/cvemon CVE-2022-0129 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-0129 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-0132 - https://github.com/ARPSyndicate/cvemon CVE-2022-0132 - https://github.com/Haxatron/Haxatron CVE-2022-0133 - https://github.com/ARPSyndicate/cvemon @@ -120530,6 +120945,7 @@ CVE-2022-0516 - https://github.com/ARPSyndicate/cvemon CVE-2022-0517 - https://github.com/ARPSyndicate/cvemon CVE-2022-0517 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2022-0517 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-0517 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-0529 - https://github.com/ARPSyndicate/cvemon CVE-2022-0529 - https://github.com/ByteHackr/unzip_poc CVE-2022-0529 - https://github.com/NaInSec/CVE-PoC-in-GitHub @@ -121128,6 +121544,7 @@ CVE-2022-0847 - https://github.com/Qwertozavr/PR1_3.2 CVE-2022-0847 - https://github.com/Qwertozavr/PR1_TRPP CVE-2022-0847 - https://github.com/RACHO-PRG/Linux_Escalada_Privilegios CVE-2022-0847 - https://github.com/SYRTI/POC_to_review +CVE-2022-0847 - https://github.com/SenukDias/OSCP_cheat CVE-2022-0847 - https://github.com/Shadowven/Vulnerability_Reproduction CVE-2022-0847 - https://github.com/Shotokhan/cve_2022_0847_shellcode CVE-2022-0847 - https://github.com/SirElmard/ethical_hacking @@ -121309,6 +121726,7 @@ CVE-2022-0847 - https://github.com/revanmalang/OSCP CVE-2022-0847 - https://github.com/rexpository/linux-privilege-escalation CVE-2022-0847 - https://github.com/s3mPr1linux/CVE_2022_0847 CVE-2022-0847 - https://github.com/sa-infinity8888/Dirty-Pipe-CVE-2022-0847 +CVE-2022-0847 - https://github.com/sarthakpriyadarshi/Obsidian-OSCP-Notes CVE-2022-0847 - https://github.com/sarutobi12/sarutobi12 CVE-2022-0847 - https://github.com/scopion/dirty-pipe CVE-2022-0847 - https://github.com/si1ent-le/CVE-2022-0847 @@ -122456,6 +122874,7 @@ CVE-2022-1637 - https://github.com/davidboukari/yum-rpm-dnf CVE-2022-1638 - https://github.com/ARPSyndicate/cvemon CVE-2022-1638 - https://github.com/davidboukari/yum-rpm-dnf CVE-2022-1638 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-1638 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-1639 - https://github.com/ARPSyndicate/cvemon CVE-2022-1639 - https://github.com/davidboukari/yum-rpm-dnf CVE-2022-1640 - https://github.com/ARPSyndicate/cvemon @@ -124382,6 +124801,7 @@ CVE-2022-21999 - https://github.com/NaInSec/CVE-PoC-in-GitHub CVE-2022-21999 - https://github.com/Ostorlab/KEV CVE-2022-21999 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2022-21999 - https://github.com/SYRTI/POC_to_review +CVE-2022-21999 - https://github.com/SenukDias/OSCP_cheat CVE-2022-21999 - https://github.com/SirElmard/ethical_hacking CVE-2022-21999 - https://github.com/WhooAmii/POC_to_review CVE-2022-21999 - https://github.com/ahmetfurkans/CVE-2022-22718 @@ -124421,6 +124841,7 @@ CVE-2022-21999 - https://github.com/zecool/cve CVE-2022-2200 - https://github.com/mistymntncop/CVE-2022-1802 CVE-2022-22004 - https://github.com/ARPSyndicate/cvemon CVE-2022-22004 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-22004 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-22005 - https://github.com/ARPSyndicate/cvemon CVE-2022-22005 - https://github.com/Creamy-Chicken-Soup/writeups-about-analysis-CVEs-and-Exploits-on-the-Windows CVE-2022-22012 - https://github.com/ARPSyndicate/cvemon @@ -125315,6 +125736,7 @@ CVE-2022-22947 - https://github.com/onewinner/VulToolsKit CVE-2022-22947 - https://github.com/open-source-agenda/new-open-source-projects CVE-2022-22947 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main CVE-2022-22947 - https://github.com/pen4uin/java-memshell-generator-release +CVE-2022-22947 - https://github.com/q99266/saury-vulnhub CVE-2022-22947 - https://github.com/qq87234770/CVE-2022-22947 CVE-2022-22947 - https://github.com/reph0r/poc-exp CVE-2022-22947 - https://github.com/reph0r/poc-exp-tools @@ -125581,6 +126003,7 @@ CVE-2022-22963 - https://github.com/Qualys/spring4scanwin CVE-2022-22963 - https://github.com/RanDengShiFu/CVE-2022-22963 CVE-2022-22963 - https://github.com/SYRTI/POC_to_review CVE-2022-22963 - https://github.com/SealPaPaPa/SpringCloudFunction-Research +CVE-2022-22963 - https://github.com/SenukDias/OSCP_cheat CVE-2022-22963 - https://github.com/SirElmard/ethical_hacking CVE-2022-22963 - https://github.com/SnailDev/github-hot-hub CVE-2022-22963 - https://github.com/SourM1lk/CVE-2022-22963-Exploit @@ -125931,6 +126354,7 @@ CVE-2022-22965 - https://github.com/nBp1Ng/SpringFramework-Vul CVE-2022-22965 - https://github.com/netcode/Spring4shell-CVE-2022-22965-POC CVE-2022-22965 - https://github.com/netlas-io/netlas-cookbook CVE-2022-22965 - https://github.com/netsentriesdev/spring4Shell-Safe-Exploit +CVE-2022-22965 - https://github.com/nitish778191/fitness_app CVE-2022-22965 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-22965 - https://github.com/nu0l/CVE-2022-22965 CVE-2022-22965 - https://github.com/nu1r/yak-module-Nu @@ -126306,6 +126730,7 @@ CVE-2022-23119 - https://github.com/0xZipp0/OSCP CVE-2022-23119 - https://github.com/0xsyr0/OSCP CVE-2022-23119 - https://github.com/ARPSyndicate/cvemon CVE-2022-23119 - https://github.com/Ly0nt4r/OSCP +CVE-2022-23119 - https://github.com/SenukDias/OSCP_cheat CVE-2022-23119 - https://github.com/SirElmard/ethical_hacking CVE-2022-23119 - https://github.com/e-hakson/OSCP CVE-2022-23119 - https://github.com/eljosep/OSCP-Guide @@ -126322,6 +126747,7 @@ CVE-2022-23120 - https://github.com/0xZipp0/OSCP CVE-2022-23120 - https://github.com/0xsyr0/OSCP CVE-2022-23120 - https://github.com/ARPSyndicate/cvemon CVE-2022-23120 - https://github.com/Ly0nt4r/OSCP +CVE-2022-23120 - https://github.com/SenukDias/OSCP_cheat CVE-2022-23120 - https://github.com/SirElmard/ethical_hacking CVE-2022-23120 - https://github.com/e-hakson/OSCP CVE-2022-23120 - https://github.com/eljosep/OSCP-Guide @@ -126465,6 +126891,7 @@ CVE-2022-23181 - https://github.com/sr-monika/sprint-rest CVE-2022-23183 - https://github.com/karimhabush/cyberowl CVE-2022-23202 - https://github.com/ARPSyndicate/cvemon CVE-2022-23202 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-23202 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-23218 - https://github.com/ARPSyndicate/cvemon CVE-2022-23219 - https://github.com/ARPSyndicate/cvemon CVE-2022-23220 - https://github.com/ARPSyndicate/cvemon @@ -127660,8 +128087,10 @@ CVE-2022-24355 - https://github.com/Tig3rHu/MessageForV CVE-2022-24355 - https://github.com/flex0geek/cves-exploits CVE-2022-24356 - https://github.com/ARPSyndicate/cvemon CVE-2022-24356 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-24356 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-24370 - https://github.com/ARPSyndicate/cvemon CVE-2022-24370 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-24370 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-24373 - https://github.com/karimhabush/cyberowl CVE-2022-24374 - https://github.com/wild0ni0n/wild0ni0n CVE-2022-24375 - https://github.com/claroty/opcua-exploit-framework @@ -127810,6 +128239,7 @@ CVE-2022-24528 - https://github.com/youwizard/CVE-POC CVE-2022-24528 - https://github.com/zecool/cve CVE-2022-24543 - https://github.com/ARPSyndicate/cvemon CVE-2022-24543 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-24543 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-24548 - https://github.com/ARPSyndicate/cvemon CVE-2022-24562 - https://github.com/ARPSyndicate/cvemon CVE-2022-24562 - https://github.com/tomerpeled92/CVE @@ -128064,6 +128494,7 @@ CVE-2022-24714 - https://github.com/karimhabush/cyberowl CVE-2022-24715 - https://github.com/0xsyr0/OSCP CVE-2022-24715 - https://github.com/ARPSyndicate/cvemon CVE-2022-24715 - https://github.com/JacobEbben/CVE-2022-24715 +CVE-2022-24715 - https://github.com/SenukDias/OSCP_cheat CVE-2022-24715 - https://github.com/SirElmard/ethical_hacking CVE-2022-24715 - https://github.com/cxdxnt/CVE-2022-24715 CVE-2022-24715 - https://github.com/d4rkb0n3/CVE-2022-24715-go @@ -128299,8 +128730,10 @@ CVE-2022-24948 - https://github.com/karimhabush/cyberowl CVE-2022-24948 - https://github.com/muneebaashiq/MBProjects CVE-2022-24954 - https://github.com/ARPSyndicate/cvemon CVE-2022-24954 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-24954 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-24955 - https://github.com/ARPSyndicate/cvemon CVE-2022-24955 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-24955 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-24958 - https://github.com/ARPSyndicate/cvemon CVE-2022-24960 - https://github.com/0xCyberY/CVE-T4PDF CVE-2022-24960 - https://github.com/ARPSyndicate/cvemon @@ -129556,6 +129989,7 @@ CVE-2022-26134 - https://github.com/SIFalcon/confluencePot CVE-2022-26134 - https://github.com/SNCKER/CVE-2022-26134 CVE-2022-26134 - https://github.com/SYRTI/POC_to_review CVE-2022-26134 - https://github.com/Sakura-nee/CVE-2022-26134 +CVE-2022-26134 - https://github.com/SenukDias/OSCP_cheat CVE-2022-26134 - https://github.com/SirElmard/ethical_hacking CVE-2022-26134 - https://github.com/StarCrossPortal/scalpel CVE-2022-26134 - https://github.com/SummerSec/SpringExploit @@ -129597,6 +130031,7 @@ CVE-2022-26134 - https://github.com/d-rn/vulBox CVE-2022-26134 - https://github.com/d4n-sec/d4n-sec.github.io CVE-2022-26134 - https://github.com/dabaibuai/dabai CVE-2022-26134 - https://github.com/demining/Log4j-Vulnerability +CVE-2022-26134 - https://github.com/domsum03/Researched-Top-APT-Groups CVE-2022-26134 - https://github.com/e-hakson/OSCP CVE-2022-26134 - https://github.com/eljosep/OSCP-Guide CVE-2022-26134 - https://github.com/enomothem/PenTestNote @@ -129609,6 +130044,7 @@ CVE-2022-26134 - https://github.com/hab1b0x/CVE-2022-26134 CVE-2022-26134 - https://github.com/hev0x/CVE-2022-26134 CVE-2022-26134 - https://github.com/hktalent/TOP CVE-2022-26134 - https://github.com/hktalent/bug-bounty +CVE-2022-26134 - https://github.com/huan-cdm/secure_tools_link CVE-2022-26134 - https://github.com/huimzjty/vulwiki CVE-2022-26134 - https://github.com/iluaster/getdrive_PoC CVE-2022-26134 - https://github.com/incogbyte/CVE_2022_26134-detect @@ -129936,6 +130372,7 @@ CVE-2022-26318 - https://github.com/youwizard/CVE-POC CVE-2022-26318 - https://github.com/zecool/cve CVE-2022-26319 - https://github.com/ARPSyndicate/cvemon CVE-2022-26319 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-26319 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-26320 - https://github.com/ARPSyndicate/cvemon CVE-2022-26320 - https://github.com/google/paranoid_crypto CVE-2022-26329 - https://github.com/ARPSyndicate/cvemon @@ -129954,6 +130391,7 @@ CVE-2022-26336 - https://github.com/ARPSyndicate/cvemon CVE-2022-26336 - https://github.com/karimhabush/cyberowl CVE-2022-26337 - https://github.com/ARPSyndicate/cvemon CVE-2022-26337 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-26337 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-26352 - https://github.com/20142995/Goby CVE-2022-26352 - https://github.com/ARPSyndicate/cvemon CVE-2022-26352 - https://github.com/ARPSyndicate/kenzer-templates @@ -131068,10 +131506,12 @@ CVE-2022-27842 - https://github.com/ARPSyndicate/cvemon CVE-2022-27842 - https://github.com/DNSLab-Advisories/Security-Issue CVE-2022-27842 - https://github.com/dlehgus1023/dlehgus1023 CVE-2022-27842 - https://github.com/karimhabush/cyberowl +CVE-2022-27842 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-27843 - https://github.com/ARPSyndicate/cvemon CVE-2022-27843 - https://github.com/DNSLab-Advisories/Security-Issue CVE-2022-27843 - https://github.com/dlehgus1023/dlehgus1023 CVE-2022-27843 - https://github.com/karimhabush/cyberowl +CVE-2022-27843 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-27844 - https://github.com/ARPSyndicate/cvemon CVE-2022-27844 - https://github.com/daffainfo/CVE CVE-2022-27848 - https://github.com/ARPSyndicate/cvemon @@ -131709,8 +132149,10 @@ CVE-2022-28541 - https://github.com/ARPSyndicate/cvemon CVE-2022-28541 - https://github.com/DNSLab-Advisories/Security-Issue CVE-2022-28541 - https://github.com/dlehgus1023/dlehgus1023 CVE-2022-28541 - https://github.com/karimhabush/cyberowl +CVE-2022-28541 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-28542 - https://github.com/karimhabush/cyberowl CVE-2022-28550 - https://github.com/ARPSyndicate/cvemon +CVE-2022-28550 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2022-28550 - https://github.com/Marsman1996/pocs CVE-2022-2856 - https://github.com/ARPSyndicate/cvemon CVE-2022-2856 - https://github.com/Ostorlab/KEV @@ -131902,6 +132344,7 @@ CVE-2022-28773 - https://github.com/karimhabush/cyberowl CVE-2022-28779 - https://github.com/ARPSyndicate/cvemon CVE-2022-28779 - https://github.com/DNSLab-Advisories/Security-Issue CVE-2022-28779 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-28779 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-2879 - https://github.com/ARPSyndicate/cvemon CVE-2022-2879 - https://github.com/MrKsey/AdGuardHome CVE-2022-2879 - https://github.com/henriquebesing/container-security @@ -132143,6 +132586,7 @@ CVE-2022-29009 - https://github.com/youwizard/CVE-POC CVE-2022-29009 - https://github.com/zecool/cve CVE-2022-29011 - https://github.com/tuando243/tuando243 CVE-2022-29014 - https://github.com/ARPSyndicate/kenzer-templates +CVE-2022-29021 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2022-29036 - https://github.com/ARPSyndicate/cvemon CVE-2022-29047 - https://github.com/ARPSyndicate/cvemon CVE-2022-29049 - https://github.com/jenkinsci-cert/nvd-cwe @@ -133610,6 +134054,7 @@ CVE-2022-30556 - https://github.com/bioly230/THM_Skynet CVE-2022-30556 - https://github.com/firatesatoglu/shodanSearch CVE-2022-30556 - https://github.com/kasem545/vulnsearch CVE-2022-30557 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-30557 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-30563 - https://github.com/ARPSyndicate/cvemon CVE-2022-30563 - https://github.com/Asoh42/2022hw-vuln CVE-2022-30580 - https://github.com/ARPSyndicate/cvemon @@ -133706,6 +134151,7 @@ CVE-2022-30719 - https://github.com/ARPSyndicate/cvemon CVE-2022-3072 - https://github.com/ARPSyndicate/cvemon CVE-2022-3072 - https://github.com/scgajge12/scgajge12.github.io CVE-2022-30744 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-30744 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-3075 - https://github.com/Ostorlab/KEV CVE-2022-3075 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2022-3075 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -133866,6 +134312,7 @@ CVE-2022-30972 - https://github.com/karimhabush/cyberowl CVE-2022-30990 - https://github.com/karimhabush/cyberowl CVE-2022-30998 - https://github.com/ARPSyndicate/cvemon CVE-2022-31001 - https://github.com/ARPSyndicate/cvemon +CVE-2022-31003 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2022-31006 - https://github.com/karimhabush/cyberowl CVE-2022-31007 - https://github.com/ARPSyndicate/cvemon CVE-2022-31007 - https://github.com/gregscharf/CVE-2022-31007-Python-POC @@ -134011,6 +134458,7 @@ CVE-2022-31199 - https://github.com/Ostorlab/KEV CVE-2022-31199 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2022-31213 - https://github.com/ARPSyndicate/cvemon CVE-2022-31214 - https://github.com/0xsyr0/OSCP +CVE-2022-31214 - https://github.com/SenukDias/OSCP_cheat CVE-2022-31214 - https://github.com/SirElmard/ethical_hacking CVE-2022-31214 - https://github.com/kgwanjala/oscp-cheatsheet CVE-2022-31214 - https://github.com/linuskoester/writeups @@ -135073,6 +135521,7 @@ CVE-2022-32786 - https://github.com/jhftss/POC CVE-2022-32787 - https://github.com/ARPSyndicate/cvemon CVE-2022-32787 - https://github.com/dlehgus1023/dlehgus1023 CVE-2022-32787 - https://github.com/houjingyi233/macOS-iOS-system-security +CVE-2022-32787 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-32788 - https://github.com/ARPSyndicate/cvemon CVE-2022-32788 - https://github.com/tr3ss/gofetch CVE-2022-32795 - https://github.com/ARPSyndicate/cvemon @@ -135082,6 +135531,7 @@ CVE-2022-32802 - https://github.com/ARPSyndicate/cvemon CVE-2022-32816 - https://github.com/ARPSyndicate/cvemon CVE-2022-32816 - https://github.com/dlehgus1023/dlehgus1023 CVE-2022-32816 - https://github.com/houjingyi233/macOS-iOS-system-security +CVE-2022-32816 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-32819 - https://github.com/ARPSyndicate/cvemon CVE-2022-32821 - https://github.com/ARPSyndicate/cvemon CVE-2022-32821 - https://github.com/tanjiti/sec_profile @@ -135384,6 +135834,7 @@ CVE-2022-33682 - https://github.com/karimhabush/cyberowl CVE-2022-33683 - https://github.com/karimhabush/cyberowl CVE-2022-3370 - https://github.com/karimhabush/cyberowl CVE-2022-33711 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-33711 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-33719 - https://github.com/ARPSyndicate/cvemon CVE-2022-3373 - https://github.com/karimhabush/cyberowl CVE-2022-33740 - https://github.com/ARPSyndicate/cvemon @@ -135873,6 +136324,7 @@ CVE-2022-34918 - https://github.com/Mr-xn/Penetration_Testing_POC CVE-2022-34918 - https://github.com/NaInSec/CVE-PoC-in-GitHub CVE-2022-34918 - https://github.com/SYRTI/POC_to_review CVE-2022-34918 - https://github.com/Sechack06/CVE-2022-34918 +CVE-2022-34918 - https://github.com/SenukDias/OSCP_cheat CVE-2022-34918 - https://github.com/SirElmard/ethical_hacking CVE-2022-34918 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE CVE-2022-34918 - https://github.com/WhooAmii/POC_to_review @@ -137049,6 +137501,7 @@ CVE-2022-36804 - https://github.com/whoforget/CVE-POC CVE-2022-36804 - https://github.com/youwizard/CVE-POC CVE-2022-36804 - https://github.com/zecool/cve CVE-2022-36840 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-36840 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-36879 - https://github.com/ARPSyndicate/cvemon CVE-2022-36880 - https://github.com/ARPSyndicate/cvemon CVE-2022-36880 - https://github.com/ly1g3/webmin-usermin-vulnerabilities @@ -137391,8 +137844,11 @@ CVE-2022-37332 - https://github.com/youwizard/CVE-POC CVE-2022-37333 - https://github.com/karimhabush/cyberowl CVE-2022-3736 - https://github.com/karimhabush/cyberowl CVE-2022-37376 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-37376 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-37377 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-37377 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-37378 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-37378 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-37393 - https://github.com/ARPSyndicate/cvemon CVE-2022-37393 - https://github.com/karimhabush/cyberowl CVE-2022-3742 - https://github.com/another1024/another1024 @@ -138301,6 +138757,7 @@ CVE-2022-3942 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-3942 - https://github.com/whoforget/CVE-POC CVE-2022-3942 - https://github.com/youwizard/CVE-POC CVE-2022-39421 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-39421 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-39422 - https://github.com/karimhabush/cyberowl CVE-2022-39423 - https://github.com/ARPSyndicate/cvemon CVE-2022-39423 - https://github.com/karimhabush/cyberowl @@ -138352,6 +138809,7 @@ CVE-2022-39844 - https://github.com/ARPSyndicate/cvemon CVE-2022-39844 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-39844 - https://github.com/ycdxsb/ycdxsb CVE-2022-39845 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-39845 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-3989 - https://github.com/cyllective/CVEs CVE-2022-39915 - https://github.com/Live-Hack-CVE/CVE-2022-39915 CVE-2022-3992 - https://github.com/Urban4/CVE-2022-3992 @@ -138776,6 +139234,7 @@ CVE-2022-40684 - https://github.com/mhd108/CVE-2022-40684 CVE-2022-40684 - https://github.com/mjutsu/Bug-bounty CVE-2022-40684 - https://github.com/mohamedbenchikh/CVE-2022-40684 CVE-2022-40684 - https://github.com/murchie85/twitterCyberMonitor +CVE-2022-40684 - https://github.com/nitish778191/fitness_app CVE-2022-40684 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-40684 - https://github.com/notareaperbutDR34P3r/CVE-2022-40684-Rust CVE-2022-40684 - https://github.com/oxmanasse/Bug-bounty @@ -138968,6 +139427,7 @@ CVE-2022-41040 - https://github.com/manas3c/Bug-bounty CVE-2022-41040 - https://github.com/manas3c/CVE-POC CVE-2022-41040 - https://github.com/michelderooij/michelderooij CVE-2022-41040 - https://github.com/mjutsu/Bug-bounty +CVE-2022-41040 - https://github.com/nitish778191/fitness_app CVE-2022-41040 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-41040 - https://github.com/numanturle/CVE-2022-41040 CVE-2022-41040 - https://github.com/oxmanasse/Bug-bounty @@ -139055,6 +139515,7 @@ CVE-2022-41082 - https://github.com/lions2012/Penetration_Testing_POC CVE-2022-41082 - https://github.com/manas3c/CVE-POC CVE-2022-41082 - https://github.com/michelderooij/michelderooij CVE-2022-41082 - https://github.com/mr-r3b00t/NotProxyShellHunter +CVE-2022-41082 - https://github.com/nitish778191/fitness_app CVE-2022-41082 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-41082 - https://github.com/notareaperbutDR34P3r/http-vuln-CVE-2022-41082 CVE-2022-41082 - https://github.com/notareaperbutDR34P3r/vuln-CVE-2022-41082 @@ -139551,6 +140012,7 @@ CVE-2022-42004 - https://github.com/sr-monika/sprint-rest CVE-2022-42010 - https://github.com/fokypoky/places-list CVE-2022-42011 - https://github.com/fokypoky/places-list CVE-2022-42012 - https://github.com/fokypoky/places-list +CVE-2022-4202 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2022-4203 - https://github.com/ARPSyndicate/cvemon CVE-2022-4203 - https://github.com/Tuttu7/Yum-command CVE-2022-4203 - https://github.com/a23au/awe-base-images @@ -139789,6 +140251,7 @@ CVE-2022-42789 - https://github.com/FFRI/AotPoisoning CVE-2022-42789 - https://github.com/kohnakagawa/kohnakagawa CVE-2022-42799 - https://github.com/ARPSyndicate/cvemon CVE-2022-42799 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-42799 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-42805 - https://github.com/0x36/weightBufs CVE-2022-42805 - https://github.com/ARPSyndicate/cvemon CVE-2022-42805 - https://github.com/DRACULA-HACK/test @@ -139803,7 +140266,9 @@ CVE-2022-42821 - https://github.com/ARPSyndicate/cvemon CVE-2022-42821 - https://github.com/houjingyi233/macOS-iOS-system-security CVE-2022-42821 - https://github.com/yo-yo-yo-jbo/yo-yo-yo-jbo.github.io CVE-2022-42823 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-42823 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-42824 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-42824 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-42825 - https://github.com/ARPSyndicate/cvemon CVE-2022-42827 - https://github.com/Ostorlab/KEV CVE-2022-42827 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors @@ -140892,6 +141357,7 @@ CVE-2022-45673 - https://github.com/jiceylc/VulnerabilityProjectRecords CVE-2022-45674 - https://github.com/ARPSyndicate/cvemon CVE-2022-45674 - https://github.com/iceyjchen/VulnerabilityProjectRecords CVE-2022-45674 - https://github.com/jiceylc/VulnerabilityProjectRecords +CVE-2022-4568 - https://github.com/ytono/gcp-arcade CVE-2022-45688 - https://github.com/ARPSyndicate/cvemon CVE-2022-45688 - https://github.com/Unspecifyed/SoftwareSecurity CVE-2022-45688 - https://github.com/ceopaludetto/owasp-to-xml @@ -141018,6 +141484,7 @@ CVE-2022-45935 - https://github.com/Threekiii/CVE CVE-2022-45988 - https://github.com/ARPSyndicate/cvemon CVE-2022-45988 - https://github.com/happy0717/CVE-2022-45988 CVE-2022-45988 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2022-4603 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2022-46080 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-46080 - https://github.com/yerodin/CVE-2022-46080 CVE-2022-46087 - https://github.com/ARPSyndicate/cvemon @@ -141076,6 +141543,7 @@ CVE-2022-46169 - https://github.com/Ostorlab/known_exploited_vulnerbilities_dete CVE-2022-46169 - https://github.com/Rickster5555/EH2-PoC CVE-2022-46169 - https://github.com/Safarchand/CVE-2022-46169 CVE-2022-46169 - https://github.com/Safe3/CVS +CVE-2022-46169 - https://github.com/SenukDias/OSCP_cheat CVE-2022-46169 - https://github.com/SirElmard/ethical_hacking CVE-2022-46169 - https://github.com/TasosY2K/camera-exploit-tool CVE-2022-46169 - https://github.com/Threekiii/Awesome-POC @@ -141315,6 +141783,7 @@ CVE-2022-46696 - https://github.com/googleprojectzero/fuzzilli CVE-2022-46696 - https://github.com/zhangjiahui-buaa/MasterThesis CVE-2022-46698 - https://github.com/ARPSyndicate/cvemon CVE-2022-46698 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-46698 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-46699 - https://github.com/ARPSyndicate/cvemon CVE-2022-46699 - https://github.com/googleprojectzero/fuzzilli CVE-2022-46699 - https://github.com/zhangjiahui-buaa/MasterThesis @@ -141355,6 +141824,7 @@ CVE-2022-46864 - https://github.com/me2nuk/me2nuk CVE-2022-46871 - https://github.com/ARPSyndicate/cvemon CVE-2022-46872 - https://github.com/ARPSyndicate/cvemon CVE-2022-46875 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2022-46875 - https://github.com/l33d0hyun/l33d0hyun CVE-2022-46877 - https://github.com/ARPSyndicate/cvemon CVE-2022-46879 - https://github.com/ARPSyndicate/cvemon CVE-2022-46882 - https://github.com/ARPSyndicate/cvemon @@ -141459,6 +141929,7 @@ CVE-2022-47437 - https://github.com/ARPSyndicate/cvemon CVE-2022-47437 - https://github.com/me2nuk/me2nuk CVE-2022-47441 - https://github.com/ARPSyndicate/cvemon CVE-2022-47441 - https://github.com/me2nuk/me2nuk +CVE-2022-47445 - https://github.com/me2nuk/me2nuk CVE-2022-47449 - https://github.com/ARPSyndicate/cvemon CVE-2022-47449 - https://github.com/me2nuk/me2nuk CVE-2022-47502 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -141473,6 +141944,7 @@ CVE-2022-47529 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2022-47550 - https://github.com/ndaprela/bugs CVE-2022-47577 - https://github.com/ARPSyndicate/cvemon CVE-2022-47588 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2022-47589 - https://github.com/me2nuk/me2nuk CVE-2022-47604 - https://github.com/NaInSec/CVE-LIST CVE-2022-47615 - https://github.com/RandomRobbieBF/CVE-2022-47615 CVE-2022-47629 - https://github.com/ARPSyndicate/cvemon @@ -142661,6 +143133,7 @@ CVE-2023-1822 - https://github.com/ARPSyndicate/cvemon CVE-2023-1829 - https://github.com/EGI-Federation/SVG-advisories CVE-2023-1829 - https://github.com/N1ghtu/RWCTF6th-RIPTC CVE-2023-1829 - https://github.com/Threekiii/CVE +CVE-2023-1829 - https://github.com/cvestone/CtfCollections CVE-2023-1829 - https://github.com/lanleft/CVE-2023-1829 CVE-2023-1829 - https://github.com/lanleft/CVE2023-1829 CVE-2023-1829 - https://github.com/nomi-sec/PoC-in-GitHub @@ -142875,6 +143348,7 @@ CVE-2023-2033 - https://github.com/KK-Designs/UpdateHub CVE-2023-2033 - https://github.com/NexovaDev/UpdateHub CVE-2023-2033 - https://github.com/Ostorlab/KEV CVE-2023-2033 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +CVE-2023-2033 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2023-2033 - https://github.com/RENANZG/My-Forensics CVE-2023-2033 - https://github.com/Threekiii/CVE CVE-2023-2033 - https://github.com/WalccDev/CVE-2023-2033 @@ -143289,6 +143763,7 @@ CVE-2023-21344 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-2136 - https://github.com/ARPSyndicate/cvemon CVE-2023-2136 - https://github.com/Ostorlab/KEV CVE-2023-2136 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +CVE-2023-2136 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2023-2136 - https://github.com/RENANZG/My-Forensics CVE-2023-2136 - https://github.com/Threekiii/CVE CVE-2023-2136 - https://github.com/ayman-m/rosetta @@ -143442,6 +143917,7 @@ CVE-2023-21746 - https://github.com/ARPSyndicate/cvemon CVE-2023-21746 - https://github.com/Etoile1024/Pentest-Common-Knowledge CVE-2023-21746 - https://github.com/MarikalAbhijeet/Localpotatoexploit CVE-2023-21746 - https://github.com/Muhammad-Ali007/LocalPotato_CVE-2023-21746 +CVE-2023-21746 - https://github.com/SenukDias/OSCP_cheat CVE-2023-21746 - https://github.com/SirElmard/ethical_hacking CVE-2023-21746 - https://github.com/blu3ming/LocalPotato CVE-2023-21746 - https://github.com/chudamax/LocalPotatoExamples @@ -143504,6 +143980,7 @@ CVE-2023-21768 - https://github.com/Malwareman007/CVE-2023-21768 CVE-2023-21768 - https://github.com/Mr-xn/Penetration_Testing_POC CVE-2023-21768 - https://github.com/Rosayxy/Recreate-cve-2023-21768 CVE-2023-21768 - https://github.com/SamuelTulach/nullmap +CVE-2023-21768 - https://github.com/SenukDias/OSCP_cheat CVE-2023-21768 - https://github.com/SirElmard/ethical_hacking CVE-2023-21768 - https://github.com/TayoG/44con2023-resources CVE-2023-21768 - https://github.com/Threekiii/CVE @@ -143536,6 +144013,7 @@ CVE-2023-21808 - https://github.com/SohelParashar/.Net-Deserialization-Cheat-She CVE-2023-21812 - https://github.com/kolewttd/wtt CVE-2023-21817 - https://github.com/0xsyr0/OSCP CVE-2023-21817 - https://github.com/ARPSyndicate/cvemon +CVE-2023-21817 - https://github.com/SenukDias/OSCP_cheat CVE-2023-21817 - https://github.com/SirElmard/ethical_hacking CVE-2023-21817 - https://github.com/kgwanjala/oscp-cheatsheet CVE-2023-21817 - https://github.com/oscpname/OSCP_cheat @@ -143850,6 +144328,7 @@ CVE-2023-22518 - https://github.com/d4n-sec/d4n-sec.github.io CVE-2023-22518 - https://github.com/davidfortytwo/CVE-2023-22518 CVE-2023-22518 - https://github.com/ditekshen/ansible-cve-2023-22518 CVE-2023-22518 - https://github.com/duggytuxy/malicious_ip_addresses +CVE-2023-22518 - https://github.com/nitish778191/fitness_app CVE-2023-22518 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-22518 - https://github.com/sanjai-AK47/CVE-2023-22518 CVE-2023-22518 - https://github.com/securitycipher/daily-bugbounty-writeups @@ -143969,6 +144448,7 @@ CVE-2023-22622 - https://github.com/ARPSyndicate/cvemon CVE-2023-22622 - https://github.com/alopresto/epss_api_demo CVE-2023-22622 - https://github.com/alopresto6m/epss_api_demo CVE-2023-22622 - https://github.com/michael-david-fry/wp-cron-smash +CVE-2023-22622 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-22655 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-22672 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-22680 - https://github.com/karimhabush/cyberowl @@ -144007,6 +144487,7 @@ CVE-2023-22809 - https://github.com/CVEDB/top CVE-2023-22809 - https://github.com/Chan9Yan9/CVE-2023-22809 CVE-2023-22809 - https://github.com/KayCHENvip/vulnerability-poc CVE-2023-22809 - https://github.com/M4fiaB0y/CVE-2023-22809 +CVE-2023-22809 - https://github.com/SenukDias/OSCP_cheat CVE-2023-22809 - https://github.com/SirElmard/ethical_hacking CVE-2023-22809 - https://github.com/Threekiii/Awesome-POC CVE-2023-22809 - https://github.com/Threekiii/CVE @@ -144331,7 +144812,9 @@ CVE-2023-23504 - https://github.com/zeroc00I/CVE-2023-23504 CVE-2023-23513 - https://github.com/houjingyi233/macOS-iOS-system-security CVE-2023-23514 - https://github.com/ARPSyndicate/cvemon CVE-2023-23517 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2023-23517 - https://github.com/l33d0hyun/l33d0hyun CVE-2023-23518 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2023-23518 - https://github.com/l33d0hyun/l33d0hyun CVE-2023-23522 - https://github.com/1wc/1wc CVE-2023-23522 - https://github.com/ARPSyndicate/cvemon CVE-2023-23525 - https://github.com/ARPSyndicate/cvemon @@ -144385,6 +144868,7 @@ CVE-2023-23590 - https://github.com/VulnTotal-Team/vehicle_cves CVE-2023-23595 - https://github.com/ARPSyndicate/cvemon CVE-2023-23595 - https://github.com/colemanjp/XXE-Vulnerability-in-Bluecat-Device-Registration-Portal-DRP CVE-2023-23607 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-23609 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-23614 - https://github.com/4n4nk3/4n4nk3 CVE-2023-23614 - https://github.com/ARPSyndicate/cvemon CVE-2023-23618 - https://github.com/9069332997/session-1-full-stack @@ -144477,6 +144961,7 @@ CVE-2023-23752 - https://github.com/Pushkarup/CVE-2023-23752 CVE-2023-23752 - https://github.com/Rival420/CVE-2023-23752 CVE-2023-23752 - https://github.com/RootKRD/CVE-2023 CVE-2023-23752 - https://github.com/Saboor-Hakimi/CVE-2023-23752 +CVE-2023-23752 - https://github.com/SenukDias/OSCP_cheat CVE-2023-23752 - https://github.com/SrcVme50/Devvortex CVE-2023-23752 - https://github.com/Sweelg/CVE-2023-23752 CVE-2023-23752 - https://github.com/ThatNotEasy/CVE-2023-23752 @@ -144920,6 +145405,7 @@ CVE-2023-25049 - https://github.com/ARPSyndicate/cvemon CVE-2023-25049 - https://github.com/yaudahbanh/CVE-Archive CVE-2023-25051 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-25063 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-25076 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-25076 - https://github.com/dlundquist/sniproxy CVE-2023-25078 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-25135 - https://github.com/ARPSyndicate/cvemon @@ -144962,6 +145448,7 @@ CVE-2023-25139 - https://github.com/ortelius/ms-sbom-export CVE-2023-25139 - https://github.com/ortelius/ms-scorecard CVE-2023-25139 - https://github.com/ortelius/ms-textfile-crud CVE-2023-25143 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2023-25143 - https://github.com/l33d0hyun/l33d0hyun CVE-2023-25152 - https://github.com/ARPSyndicate/cvemon CVE-2023-25157 - https://github.com/0x2458bughunt/CVE-2023-25157 CVE-2023-25157 - https://github.com/0x783kb/Security-operation-book @@ -145093,6 +145580,7 @@ CVE-2023-25487 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-25500 - https://github.com/muneebaashiq/MBProjects CVE-2023-2553 - https://github.com/tht1997/tht1997 CVE-2023-25563 - https://github.com/emotest1/emo_emo +CVE-2023-25564 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-25573 - https://github.com/0day404/vulnerability-poc CVE-2023-25573 - https://github.com/20142995/sectool CVE-2023-25573 - https://github.com/KayCHENvip/vulnerability-poc @@ -145135,6 +145623,7 @@ CVE-2023-25690 - https://github.com/GGontijo/CTF-s CVE-2023-25690 - https://github.com/GhostTroops/TOP CVE-2023-25690 - https://github.com/H4lo/awesome-IoT-security-article CVE-2023-25690 - https://github.com/Mr-xn/Penetration_Testing_POC +CVE-2023-25690 - https://github.com/SenukDias/OSCP_cheat CVE-2023-25690 - https://github.com/SirElmard/ethical_hacking CVE-2023-25690 - https://github.com/bioly230/THM_Skynet CVE-2023-25690 - https://github.com/dhmosfunk/CVE-2023-25690-POC @@ -145179,6 +145668,7 @@ CVE-2023-25735 - https://github.com/googleprojectzero/fuzzilli CVE-2023-25735 - https://github.com/zhangjiahui-buaa/MasterThesis CVE-2023-25740 - https://github.com/ARPSyndicate/cvemon CVE-2023-25741 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2023-25741 - https://github.com/l33d0hyun/l33d0hyun CVE-2023-25751 - https://github.com/googleprojectzero/fuzzilli CVE-2023-25751 - https://github.com/zhangjiahui-buaa/MasterThesis CVE-2023-25754 - https://github.com/elifesciences/github-repo-security-alerts @@ -145223,6 +145713,8 @@ CVE-2023-25976 - https://github.com/ARPSyndicate/cvemon CVE-2023-25976 - https://github.com/yaudahbanh/CVE-Archive CVE-2023-2598 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE CVE-2023-2598 - https://github.com/aneasystone/github-trending +CVE-2023-2598 - https://github.com/bsauce/kernel-exploit-factory +CVE-2023-2598 - https://github.com/bsauce/kernel-security-learning CVE-2023-2598 - https://github.com/johe123qwe/github-trending CVE-2023-2598 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-2598 - https://github.com/sampsonv/github-trending @@ -145253,10 +145745,12 @@ CVE-2023-26048 - https://github.com/Trinadh465/jetty_9.4.31_CVE-2023-26048 CVE-2023-26048 - https://github.com/hshivhare67/Jetty-v9.4.31_CVE-2023-26048 CVE-2023-26048 - https://github.com/muneebaashiq/MBProjects CVE-2023-26048 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-26048 - https://github.com/ytono/gcp-arcade CVE-2023-26049 - https://github.com/hshivhare67/Jetty_v9.4.31_CVE-2023-26049 CVE-2023-26049 - https://github.com/muneebaashiq/MBProjects CVE-2023-26049 - https://github.com/nidhi7598/jetty-9.4.31_CVE-2023-26049 CVE-2023-26049 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-26049 - https://github.com/ytono/gcp-arcade CVE-2023-26067 - https://github.com/CharonDefalt/printer-exploit-toronto CVE-2023-26067 - https://github.com/RosePwns/Lexmark-RCE CVE-2023-26067 - https://github.com/horizon3ai/CVE-2023-26067 @@ -145425,6 +145919,7 @@ CVE-2023-2640 - https://github.com/OllaPapito/gameoverlay CVE-2023-2640 - https://github.com/PuguhDy/CVE-Root-Ubuntu CVE-2023-2640 - https://github.com/SanjayRagavendar/Ubuntu-GameOver-Lay CVE-2023-2640 - https://github.com/SanjayRagavendar/UbuntuPrivilegeEscalationV1 +CVE-2023-2640 - https://github.com/SenukDias/OSCP_cheat CVE-2023-2640 - https://github.com/SirElmard/ethical_hacking CVE-2023-2640 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE CVE-2023-2640 - https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation @@ -145630,6 +146125,7 @@ CVE-2023-27069 - https://github.com/ARPSyndicate/cvemon CVE-2023-27070 - https://github.com/ARPSyndicate/cvemon CVE-2023-27100 - https://github.com/DarokNET/CVE-2023-27100 CVE-2023-27100 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-27103 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-27105 - https://github.com/HexaVector/4bf46f12 CVE-2023-27121 - https://github.com/tanjiti/sec_profile CVE-2023-27130 - https://github.com/Srpopty/Corax @@ -145794,6 +146290,7 @@ CVE-2023-27422 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-27424 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-27426 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-27427 - https://github.com/vulsio/go-cve-dictionary +CVE-2023-27429 - https://github.com/me2nuk/me2nuk CVE-2023-2744 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-2744 - https://github.com/pashayogi/CVE-2023-2744 CVE-2023-27447 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -146124,6 +146621,7 @@ CVE-2023-28200 - https://github.com/0x3c3e/codeql-queries CVE-2023-28200 - https://github.com/0x3c3e/pocs CVE-2023-28200 - https://github.com/houjingyi233/macOS-iOS-system-security CVE-2023-28201 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2023-28201 - https://github.com/l33d0hyun/l33d0hyun CVE-2023-28204 - https://github.com/Ostorlab/KEV CVE-2023-28204 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2023-28205 - https://github.com/Ostorlab/KEV @@ -146520,6 +147018,7 @@ CVE-2023-28873 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-28874 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-28879 - https://github.com/0xsyr0/OSCP CVE-2023-28879 - https://github.com/ARPSyndicate/cvemon +CVE-2023-28879 - https://github.com/SenukDias/OSCP_cheat CVE-2023-28879 - https://github.com/SirElmard/ethical_hacking CVE-2023-28879 - https://github.com/fardeen-ahmed/Bug-bounty-Writeups CVE-2023-28879 - https://github.com/kgwanjala/oscp-cheatsheet @@ -146566,6 +147065,7 @@ CVE-2023-29017 - https://github.com/silenstack/sast-rules CVE-2023-29017 - https://github.com/timb-machine-mirrors/seongil-wi-CVE-2023-29017 CVE-2023-29048 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-29049 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-2905 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-29050 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-29051 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-29052 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -146793,14 +147293,17 @@ CVE-2023-2953 - https://github.com/fusion-scan/fusion-scan.github.io CVE-2023-2953 - https://github.com/jp-cpe/retrieve-cvss-scores CVE-2023-2953 - https://github.com/marklogic/marklogic-kubernetes CVE-2023-29531 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2023-29531 - https://github.com/l33d0hyun/l33d0hyun CVE-2023-29535 - https://github.com/googleprojectzero/fuzzilli CVE-2023-29535 - https://github.com/zhangjiahui-buaa/MasterThesis +CVE-2023-29539 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2023-29539 - https://github.com/em1ga3l/cve-msrc-extractor CVE-2023-2954 - https://github.com/tht1997/tht1997 CVE-2023-29543 - https://github.com/googleprojectzero/fuzzilli CVE-2023-29543 - https://github.com/zhangjiahui-buaa/MasterThesis CVE-2023-29544 - https://github.com/googleprojectzero/fuzzilli CVE-2023-29544 - https://github.com/zhangjiahui-buaa/MasterThesis +CVE-2023-29546 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2023-29549 - https://github.com/googleprojectzero/fuzzilli CVE-2023-29549 - https://github.com/zhangjiahui-buaa/MasterThesis CVE-2023-29552 - https://github.com/Ostorlab/KEV @@ -146908,6 +147411,7 @@ CVE-2023-30019 - https://github.com/j4k0m/godkiller CVE-2023-30033 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-30033 - https://github.com/phucodeexp/CVE-2023-30033 CVE-2023-30058 - https://github.com/Rabb1tQ/HillstoneCVEs +CVE-2023-30078 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-3009 - https://github.com/mnqazi/CVE-2023-3009 CVE-2023-3009 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-30092 - https://github.com/nawed20002/CVE-2023-30092 @@ -147050,6 +147554,7 @@ CVE-2023-30729 - https://github.com/aapooksman/certmitm CVE-2023-30736 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-30737 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-30738 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-30746 - https://github.com/me2nuk/me2nuk CVE-2023-30757 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-3076 - https://github.com/im-hanzou/MSAPer CVE-2023-3076 - https://github.com/nomi-sec/PoC-in-GitHub @@ -147063,6 +147568,7 @@ CVE-2023-30777 - https://github.com/xu-xiang/awesome-security-vul-llm CVE-2023-30779 - https://github.com/hackintoanetwork/hackintoanetwork CVE-2023-3079 - https://github.com/Ostorlab/KEV CVE-2023-3079 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +CVE-2023-3079 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2023-3079 - https://github.com/RENANZG/My-Forensics CVE-2023-3079 - https://github.com/Threekiii/CVE CVE-2023-3079 - https://github.com/Uniguri/CVE-1day @@ -147237,6 +147743,7 @@ CVE-2023-31541 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-31546 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-31546 - https://github.com/ran9ege/CVE-2023-31546 CVE-2023-31548 - https://github.com/10splayaSec/CVE-Disclosures +CVE-2023-31568 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-31584 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-31584 - https://github.com/rootd4ddy/CVE-2023-31584 CVE-2023-31584 - https://github.com/rootd4ddy/CVE-2023-43838 @@ -147438,6 +147945,7 @@ CVE-2023-32233 - https://github.com/Liuk3r/CVE-2023-32233 CVE-2023-32233 - https://github.com/Mr-xn/Penetration_Testing_POC CVE-2023-32233 - https://github.com/PIDAN-HEIDASHUAI/CVE-2023-32233 CVE-2023-32233 - https://github.com/RogelioPumajulca/TEST-CVE-2023-32233 +CVE-2023-32233 - https://github.com/SenukDias/OSCP_cheat CVE-2023-32233 - https://github.com/SirElmard/ethical_hacking CVE-2023-32233 - https://github.com/Threekiii/CVE CVE-2023-32233 - https://github.com/djki5s/tools @@ -147458,6 +147966,7 @@ CVE-2023-32233 - https://github.com/xhref/OSCP CVE-2023-32233 - https://github.com/xyxj1024/xyxj1024.github.io CVE-2023-32235 - https://github.com/VEEXH/Ghost-Path-Traversal-CVE-2023-32235- CVE-2023-32235 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-32236 - https://github.com/me2nuk/me2nuk CVE-2023-3224 - https://github.com/RuiZha0/TCP1PCTF_2023 CVE-2023-3224 - https://github.com/izj007/wechat CVE-2023-3224 - https://github.com/whoami13apt/files2 @@ -147577,6 +148086,7 @@ CVE-2023-32407 - https://github.com/houjingyi233/macOS-iOS-system-security CVE-2023-32407 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-32409 - https://github.com/Ostorlab/KEV CVE-2023-32409 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +CVE-2023-32409 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2023-32409 - https://github.com/RENANZG/My-Forensics CVE-2023-3241 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-32410 - https://github.com/p1ay8y3ar/crashdatas @@ -147669,6 +148179,7 @@ CVE-2023-32629 - https://github.com/OllaPapito/gameoverlay CVE-2023-32629 - https://github.com/PuguhDy/CVE-Root-Ubuntu CVE-2023-32629 - https://github.com/SanjayRagavendar/Ubuntu-GameOver-Lay CVE-2023-32629 - https://github.com/SanjayRagavendar/UbuntuPrivilegeEscalationV1 +CVE-2023-32629 - https://github.com/SenukDias/OSCP_cheat CVE-2023-32629 - https://github.com/SirElmard/ethical_hacking CVE-2023-32629 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE CVE-2023-32629 - https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation @@ -147965,6 +148476,7 @@ CVE-2023-33246 - https://github.com/liang2kl/iot-exploits CVE-2023-33246 - https://github.com/luelueking/Java-CVE-Lists CVE-2023-33246 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-33246 - https://github.com/p4d0rn/Java_Zoo +CVE-2023-33246 - https://github.com/q99266/saury-vulnhub CVE-2023-33246 - https://github.com/r3volved/CVEAggregate CVE-2023-33246 - https://github.com/sponkmonk/Ladon_english_update CVE-2023-33246 - https://github.com/v0ita/rocketMq_RCE @@ -148332,7 +148844,9 @@ CVE-2023-34110 - https://github.com/msegoviag/discovered-vulnerabilities CVE-2023-34110 - https://github.com/msegoviag/msegoviag CVE-2023-34117 - https://github.com/Ch0pin/related_work CVE-2023-34124 - https://github.com/getdrive/PoC +CVE-2023-34127 - https://github.com/nitish778191/fitness_app CVE-2023-3413 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-34133 - https://github.com/nitish778191/fitness_app CVE-2023-34149 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-34151 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-34152 - https://github.com/SudoIndividual/CVE-2023-34152 @@ -148427,6 +148941,7 @@ CVE-2023-34362 - https://github.com/kenbuckler/MOVEit-CVE-2023-34362 CVE-2023-34362 - https://github.com/liam-ng/fluffy-computing-machine CVE-2023-34362 - https://github.com/lithuanian-g/cve-2023-34362-iocs CVE-2023-34362 - https://github.com/most-e/Capstone +CVE-2023-34362 - https://github.com/nitish778191/fitness_app CVE-2023-34362 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-34362 - https://github.com/optiv/nvdsearch CVE-2023-34362 - https://github.com/sfewer-r7/CVE-2023-34362 @@ -148458,6 +148973,7 @@ CVE-2023-3446 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-3446 - https://github.com/seal-community/patches CVE-2023-3446 - https://github.com/testing-felickz/docker-scout-demo CVE-2023-3446 - https://github.com/zgimszhd61/openai-sec-test-cve-quickstart +CVE-2023-34462 - https://github.com/ytono/gcp-arcade CVE-2023-34468 - https://github.com/itaispiegel/infosec-workshop CVE-2023-34468 - https://github.com/mbadanoiu/CVE-2023-34468 CVE-2023-34468 - https://github.com/mbadanoiu/CVE-2023-40037 @@ -149077,6 +149593,8 @@ CVE-2023-36465 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-36466 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-36473 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-36475 - https://github.com/KTH-LangSec/server-side-prototype-pollution +CVE-2023-36478 - https://github.com/ytono/gcp-arcade +CVE-2023-36479 - https://github.com/ytono/gcp-arcade CVE-2023-36480 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-36481 - https://github.com/N3vv/N3vv CVE-2023-36481 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -149281,6 +149799,7 @@ CVE-2023-36874 - https://github.com/GhostTroops/TOP CVE-2023-36874 - https://github.com/Octoberfest7/CVE-2023-36874_BOF CVE-2023-36874 - https://github.com/Ostorlab/KEV CVE-2023-36874 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +CVE-2023-36874 - https://github.com/SenukDias/OSCP_cheat CVE-2023-36874 - https://github.com/SirElmard/ethical_hacking CVE-2023-36874 - https://github.com/Threekiii/CVE CVE-2023-36874 - https://github.com/Wh04m1001/CVE-2023-36874 @@ -149538,6 +150057,7 @@ CVE-2023-37755 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-37756 - https://github.com/leekenghwa/CVE-2023-37756-CWE-521-lead-to-malicious-plugin-upload-in-the-i-doit-Pro-25-and-below CVE-2023-37756 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-3776 - https://github.com/N1ghtu/RWCTF6th-RIPTC +CVE-2023-3776 - https://github.com/cvestone/CtfCollections CVE-2023-37769 - https://github.com/adegoodyer/kubernetes-admin-toolkit CVE-2023-37769 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-3777 - https://github.com/kylebuch8/vite-project-pfereact @@ -150275,6 +150795,7 @@ CVE-2023-39417 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-39418 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-39419 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-39434 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2023-39434 - https://github.com/l33d0hyun/l33d0hyun CVE-2023-39441 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2023-39443 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-39444 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -150406,6 +150927,7 @@ CVE-2023-39848 - https://github.com/ganate34/diva CVE-2023-39848 - https://github.com/gauravsec/dvwa CVE-2023-39848 - https://github.com/gonzalomamanig/DVWA CVE-2023-39848 - https://github.com/hanvu9998/dvwa1 +CVE-2023-39848 - https://github.com/haysamqq/Damn-Vulnerable-Web-Application-DVWA- CVE-2023-39848 - https://github.com/https-github-com-Sambit-rgb/DVWA CVE-2023-39848 - https://github.com/imayou123/DVWA CVE-2023-39848 - https://github.com/imtiyazhack/DVWA @@ -150547,6 +151069,7 @@ CVE-2023-40160 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-40164 - https://github.com/123papapro/123papapro CVE-2023-40164 - https://github.com/Tonaram/DSS-BufferOverflow CVE-2023-40166 - https://github.com/123papapro/123papapro +CVE-2023-40167 - https://github.com/ytono/gcp-arcade CVE-2023-40175 - https://github.com/narfindustries/http-garden CVE-2023-40176 - https://github.com/netlas-io/netlas-dorks CVE-2023-40184 - https://github.com/seyrenus/trace-release @@ -150597,6 +151120,9 @@ CVE-2023-40280 - https://github.com/NaInSec/CVE-LIST CVE-2023-40280 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-40280 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-40282 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-40284 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-40287 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-40288 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-40289 - https://github.com/netlas-io/netlas-dorks CVE-2023-40294 - https://github.com/Halcy0nic/CVE-2023-40294-and-CVE-2023-40295 CVE-2023-40294 - https://github.com/Halcy0nic/Trophies @@ -150628,6 +151154,7 @@ CVE-2023-4039 - https://github.com/bollwarm/SecToolSet CVE-2023-4039 - https://github.com/fokypoky/places-list CVE-2023-4039 - https://github.com/m-pasima/CI-CD-Security-image-scan CVE-2023-40403 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2023-40403 - https://github.com/l33d0hyun/l33d0hyun CVE-2023-4041 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-4042 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-40424 - https://github.com/zgimszhd61/openai-sec-test-cve-quickstart @@ -150821,12 +151348,14 @@ CVE-2023-41054 - https://github.com/ouuan/ouuan CVE-2023-41056 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-41061 - https://github.com/Ostorlab/KEV CVE-2023-41061 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +CVE-2023-41061 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2023-41061 - https://github.com/RENANZG/My-Forensics CVE-2023-41061 - https://github.com/houjingyi233/macOS-iOS-system-security CVE-2023-41064 - https://github.com/MrR0b0t19/CVE-2023-41064 CVE-2023-41064 - https://github.com/MrR0b0t19/vulnerabilidad-LibWebP-CVE-2023-41064 CVE-2023-41064 - https://github.com/Ostorlab/KEV CVE-2023-41064 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +CVE-2023-41064 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2023-41064 - https://github.com/RENANZG/My-Forensics CVE-2023-41064 - https://github.com/alsaeroth/CVE-2023-41064-POC CVE-2023-41064 - https://github.com/apt0factury/CVE-2023-41064 @@ -150897,6 +151426,7 @@ CVE-2023-41320 - https://github.com/Orange-Cyberdefense/CVE-repository CVE-2023-41332 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-41334 - https://github.com/NaInSec/CVE-LIST CVE-2023-4135 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-41361 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-41362 - https://github.com/SorceryIE/CVE-2023-41362_MyBB_ACP_RCE CVE-2023-41362 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-4137 - https://github.com/JoshuaMart/JoshuaMart @@ -150948,6 +151478,7 @@ CVE-2023-41501 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-41503 - https://github.com/ASR511-OO7/CVE-2023-41503 CVE-2023-41503 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-41504 - https://github.com/ASR511-OO7/CVE-2023-41504 +CVE-2023-41504 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-41504 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-41505 - https://github.com/ASR511-OO7/CVE-2023-41505 CVE-2023-41505 - https://github.com/nomi-sec/PoC-in-GitHub @@ -151165,6 +151696,7 @@ CVE-2023-41990 - https://github.com/Ostorlab/KEV CVE-2023-41990 - https://github.com/msuiche/elegant-bouncer CVE-2023-41991 - https://github.com/Ostorlab/KEV CVE-2023-41991 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +CVE-2023-41991 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2023-41991 - https://github.com/RENANZG/My-Forensics CVE-2023-41991 - https://github.com/XLsn0w/Cydia CVE-2023-41991 - https://github.com/XLsn0w/Cydiapps @@ -151176,6 +151708,7 @@ CVE-2023-41991 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-41991 - https://github.com/opa334/ChOma CVE-2023-41992 - https://github.com/Ostorlab/KEV CVE-2023-41992 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +CVE-2023-41992 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2023-41992 - https://github.com/RENANZG/My-Forensics CVE-2023-41993 - https://github.com/0x06060606/CVE-2023-41993 CVE-2023-41993 - https://github.com/Ibinou/Ty @@ -151183,6 +151716,7 @@ CVE-2023-41993 - https://github.com/IvanIVGrozny/IvanIVGrozny.github.io CVE-2023-41993 - https://github.com/J3Ss0u/CVE-2023-41993 CVE-2023-41993 - https://github.com/Ostorlab/KEV CVE-2023-41993 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +CVE-2023-41993 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2023-41993 - https://github.com/RENANZG/My-Forensics CVE-2023-41993 - https://github.com/ZonghaoLi777/githubTrending CVE-2023-41993 - https://github.com/aneasystone/github-trending @@ -151200,6 +151734,7 @@ CVE-2023-42004 - https://github.com/CycloneDX/sbom-utility CVE-2023-4202 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-4203 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-4206 - https://github.com/EGI-Federation/SVG-advisories +CVE-2023-4206 - https://github.com/cvestone/CtfCollections CVE-2023-4206 - https://github.com/hshivhare67/Kernel_4.1.15_CVE-2023-4206_CVE-2023-4207_CVE-2023-4208 CVE-2023-4206 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-4207 - https://github.com/hshivhare67/Kernel_4.1.15_CVE-2023-4206_CVE-2023-4207_CVE-2023-4208 @@ -151331,6 +151866,7 @@ CVE-2023-4259 - https://github.com/0xdea/advisories CVE-2023-4259 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-4259 - https://github.com/hnsecurity/vulns CVE-2023-4260 - https://github.com/0xdea/advisories +CVE-2023-4260 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-4260 - https://github.com/hnsecurity/vulns CVE-2023-4261 - https://github.com/0xdea/advisories CVE-2023-4261 - https://github.com/hnsecurity/vulns @@ -151418,6 +151954,7 @@ CVE-2023-42793 - https://github.com/hotplugin0x01/CVE-2023-42793 CVE-2023-42793 - https://github.com/johnossawy/CVE-2023-42793_POC CVE-2023-42793 - https://github.com/junnythemarksman/CVE-2023-42793 CVE-2023-42793 - https://github.com/netlas-io/netlas-dorks +CVE-2023-42793 - https://github.com/nitish778191/fitness_app CVE-2023-42793 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-42793 - https://github.com/whitfieldsdad/cisa_kev CVE-2023-42794 - https://github.com/muneebaashiq/MBProjects @@ -151470,9 +152007,11 @@ CVE-2023-42882 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-42886 - https://github.com/kohnakagawa/kohnakagawa CVE-2023-42916 - https://github.com/Ostorlab/KEV CVE-2023-42916 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +CVE-2023-42916 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2023-42916 - https://github.com/RENANZG/My-Forensics CVE-2023-42917 - https://github.com/Ostorlab/KEV CVE-2023-42917 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +CVE-2023-42917 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2023-42917 - https://github.com/RENANZG/My-Forensics CVE-2023-42920 - https://github.com/NaInSec/CVE-LIST CVE-2023-42926 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -151522,6 +152061,7 @@ CVE-2023-4317 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-43177 - https://github.com/Mohammaddvd/CVE-2024-4040 CVE-2023-43177 - https://github.com/Ostorlab/KEV CVE-2023-43177 - https://github.com/Y4tacker/JavaSec +CVE-2023-43177 - https://github.com/entroychang/CVE-2024-4040 CVE-2023-43177 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-43177 - https://github.com/tanjiti/sec_profile CVE-2023-43177 - https://github.com/the-emmons/CVE-2023-43177 @@ -151690,6 +152230,7 @@ CVE-2023-43622 - https://github.com/visudade/CVE-2023-43622 CVE-2023-43641 - https://github.com/0xKilty/RE-learning-resources CVE-2023-43641 - https://github.com/0xlino/0xlino CVE-2023-43641 - https://github.com/CraigTeelFugro/CraigTeelFugro +CVE-2023-43641 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-43641 - https://github.com/goupadhy/UK-Digital-AppInnovation-NewsLetter CVE-2023-43641 - https://github.com/kherrick/hacker-news CVE-2023-43641 - https://github.com/kherrick/lobsters @@ -151739,6 +152280,7 @@ CVE-2023-43764 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-43765 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-43766 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-43767 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-43768 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-43770 - https://github.com/Ostorlab/KEV CVE-2023-43770 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-43770 - https://github.com/knight0x07/CVE-2023-43770-PoC @@ -152011,6 +152553,7 @@ CVE-2023-44467 - https://github.com/zgimszhd61/llm-security-quickstart CVE-2023-4447 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-44479 - https://github.com/parkttule/parkttule CVE-2023-44483 - https://github.com/phax/ph-xmldsig +CVE-2023-44483 - https://github.com/ytono/gcp-arcade CVE-2023-44484 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-44485 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-44486 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -152071,6 +152614,7 @@ CVE-2023-44487 - https://github.com/tanjiti/sec_profile CVE-2023-44487 - https://github.com/terrorist/HTTP-2-Rapid-Reset-Client CVE-2023-44487 - https://github.com/testing-felickz/docker-scout-demo CVE-2023-44487 - https://github.com/wolfc/snakeinmyboot +CVE-2023-44487 - https://github.com/ytono/gcp-arcade CVE-2023-44487 - https://github.com/zengzzzzz/golang-trending-archive CVE-2023-44487 - https://github.com/zhaohuabing/cve-agent CVE-2023-44487 - https://github.com/zhaoolee/garss @@ -152081,6 +152625,7 @@ CVE-2023-4450 - https://github.com/chennbnbnb/JDoop-release CVE-2023-4450 - https://github.com/hxysaury/saury-vulnhub CVE-2023-4450 - https://github.com/ilikeoyt/CVE-2023-4450-Attack CVE-2023-4450 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-4450 - https://github.com/q99266/saury-vulnhub CVE-2023-4450 - https://github.com/tanjiti/sec_profile CVE-2023-4451 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-4455 - https://github.com/tht1997/tht1997 @@ -152473,6 +153018,7 @@ CVE-2023-45813 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-45815 - https://github.com/ArchiveBox/ArchiveBox CVE-2023-45816 - https://github.com/kip93/kip93 CVE-2023-4582 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2023-4582 - https://github.com/l33d0hyun/l33d0hyun CVE-2023-45827 - https://github.com/d3ng03/PP-Auto-Detector CVE-2023-45827 - https://github.com/rscbug/prototype_pollution CVE-2023-45828 - https://github.com/RandomRobbieBF/CVE-2023-45828 @@ -152744,6 +153290,7 @@ CVE-2023-46589 - https://github.com/muneebaashiq/MBProjects CVE-2023-46589 - https://github.com/seal-community/patches CVE-2023-46595 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-46596 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-46602 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-46602 - https://github.com/xsscx/DemoIccMAX CVE-2023-46602 - https://github.com/xsscx/xnuimagefuzzer CVE-2023-46603 - https://github.com/xsscx/DemoIccMAX @@ -152855,6 +153402,7 @@ CVE-2023-46747 - https://github.com/getdrive/PoC CVE-2023-46747 - https://github.com/hktalent/TOP CVE-2023-46747 - https://github.com/irgoncalves/awesome-security-articles CVE-2023-46747 - https://github.com/maniak-academy/Mitigate-CVE-2023-46747 +CVE-2023-46747 - https://github.com/nitish778191/fitness_app CVE-2023-46747 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-46747 - https://github.com/nvansluis/test_cve-2023-46747 CVE-2023-46747 - https://github.com/sanjai-AK47/CVE-2023-22518 @@ -153258,7 +153806,9 @@ CVE-2023-48084 - https://github.com/bucketcat/CVE-2023-48084 CVE-2023-48084 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-48104 - https://github.com/E1tex/CVE-2023-48104 CVE-2023-48104 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-48106 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-48106 - https://github.com/fdu-sec/NestFuzz +CVE-2023-48107 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-48107 - https://github.com/fdu-sec/NestFuzz CVE-2023-48118 - https://github.com/el-dud3rino/CVE-Disclosures CVE-2023-4812 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -153439,6 +153989,7 @@ CVE-2023-48882 - https://github.com/DiliLearngent/BugReport CVE-2023-48901 - https://github.com/NaInSec/CVE-LIST CVE-2023-48902 - https://github.com/NaInSec/CVE-LIST CVE-2023-48903 - https://github.com/NaInSec/CVE-LIST +CVE-2023-48903 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-48909 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-48925 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-48928 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -153488,6 +154039,7 @@ CVE-2023-49070 - https://github.com/Marco-zcl/POC CVE-2023-49070 - https://github.com/Ostorlab/KEV CVE-2023-49070 - https://github.com/Praison001/Apache-OFBiz-Auth-Bypass-and-RCE-Exploit-CVE-2023-49070-CVE-2023-51467 CVE-2023-49070 - https://github.com/Rishi-45/Bizness-Machine-htb +CVE-2023-49070 - https://github.com/SenukDias/OSCP_cheat CVE-2023-49070 - https://github.com/SrcVme50/Bizness CVE-2023-49070 - https://github.com/Threekiii/Awesome-POC CVE-2023-49070 - https://github.com/Threekiii/CVE @@ -153559,6 +154111,7 @@ CVE-2023-4911 - https://github.com/NishanthAnand21/CVE-2023-4911-PoC CVE-2023-4911 - https://github.com/Ostorlab/KEV CVE-2023-4911 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors CVE-2023-4911 - https://github.com/RickdeJager/CVE-2023-4911 +CVE-2023-4911 - https://github.com/SenukDias/OSCP_cheat CVE-2023-4911 - https://github.com/SirElmard/ethical_hacking CVE-2023-4911 - https://github.com/ZonghaoLi777/githubTrending CVE-2023-4911 - https://github.com/abylinjohnson/linux-kernel-exploits @@ -153587,6 +154140,7 @@ CVE-2023-4911 - https://github.com/revanmalang/OSCP CVE-2023-4911 - https://github.com/richardjennings/scand CVE-2023-4911 - https://github.com/ruycr4ft/CVE-2023-4911 CVE-2023-4911 - https://github.com/samokat-oss/pisc +CVE-2023-4911 - https://github.com/sarthakpriyadarshi/Obsidian-OSCP-Notes CVE-2023-4911 - https://github.com/silent6trinity/looney-tuneables CVE-2023-4911 - https://github.com/silentEAG/awesome-stars CVE-2023-4911 - https://github.com/snurkeburk/Looney-Tunables @@ -153757,6 +154311,7 @@ CVE-2023-4966 - https://github.com/jmussmann/cve-2023-4966-iocs CVE-2023-4966 - https://github.com/mlynchcogent/CVE-2023-4966-POC CVE-2023-4966 - https://github.com/morganwdavis/overread CVE-2023-4966 - https://github.com/nanoRoot1/Herramientas-de-Seguridad-Digital +CVE-2023-4966 - https://github.com/nitish778191/fitness_app CVE-2023-4966 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-4966 - https://github.com/s-bt/CVE-2023-4966 CVE-2023-4966 - https://github.com/sanjai-AK47/CVE-2023-4966 @@ -153765,6 +154320,7 @@ CVE-2023-4966 - https://github.com/tanjiti/sec_profile CVE-2023-4966 - https://github.com/venkycs/cy8 CVE-2023-4966 - https://github.com/whitfieldsdad/cisa_kev CVE-2023-4966 - https://github.com/whoami13apt/files2 +CVE-2023-4967 - https://github.com/nitish778191/fitness_app CVE-2023-49684 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-49685 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-49686 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -153870,6 +154426,7 @@ CVE-2023-49982 - https://github.com/geraldoalcantara/CVE-2023-49982 CVE-2023-49982 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-49983 - https://github.com/geraldoalcantara/CVE-2023-49983 CVE-2023-49983 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-49984 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-49984 - https://github.com/geraldoalcantara/CVE-2023-49984 CVE-2023-49984 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-49985 - https://github.com/geraldoalcantara/CVE-2023-49985 @@ -154071,6 +154628,7 @@ CVE-2023-5072 - https://github.com/hinat0y/Dataset7 CVE-2023-5072 - https://github.com/hinat0y/Dataset8 CVE-2023-5072 - https://github.com/hinat0y/Dataset9 CVE-2023-5072 - https://github.com/vaikas/pombump +CVE-2023-5072 - https://github.com/ytono/gcp-arcade CVE-2023-50734 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-50735 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-50736 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -154140,6 +154698,7 @@ CVE-2023-50951 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-50955 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-50957 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-50959 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-50965 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-50965 - https://github.com/Halcy0nic/Trophies CVE-2023-50965 - https://github.com/skinnyrad/Trophies CVE-2023-50966 - https://github.com/NaInSec/CVE-LIST @@ -154319,6 +154878,7 @@ CVE-2023-51467 - https://github.com/Marco-zcl/POC CVE-2023-51467 - https://github.com/Ostorlab/KEV CVE-2023-51467 - https://github.com/Praison001/Apache-OFBiz-Auth-Bypass-and-RCE-Exploit-CVE-2023-49070-CVE-2023-51467 CVE-2023-51467 - https://github.com/Rishi-45/Bizness-Machine-htb +CVE-2023-51467 - https://github.com/SenukDias/OSCP_cheat CVE-2023-51467 - https://github.com/Subha-BOO7/Exploit_CVE-2023-51467 CVE-2023-51467 - https://github.com/Threekiii/Awesome-POC CVE-2023-51467 - https://github.com/Threekiii/CVE @@ -154465,6 +155025,7 @@ CVE-2023-51770 - https://github.com/Snakinya/Snakinya CVE-2023-51770 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-51771 - https://github.com/Halcy0nic/Trophies CVE-2023-51771 - https://github.com/skinnyrad/Trophies +CVE-2023-51775 - https://github.com/ytono/gcp-arcade CVE-2023-5178 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-5178 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-5178 - https://github.com/rockrid3r/CVE-2023-5178 @@ -154541,6 +155102,7 @@ CVE-2023-5217 - https://github.com/Jereanny14/jereanny14.github.io CVE-2023-5217 - https://github.com/Keeper-Security/gitbook-release-notes CVE-2023-5217 - https://github.com/Ostorlab/KEV CVE-2023-5217 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +CVE-2023-5217 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2023-5217 - https://github.com/RENANZG/My-Forensics CVE-2023-5217 - https://github.com/Threekiii/CVE CVE-2023-5217 - https://github.com/Trinadh465/platform_external_libvpx_v1.4.0_CVE-2023-5217 @@ -154652,7 +155214,9 @@ CVE-2023-52426 - https://github.com/fokypoky/places-list CVE-2023-52426 - https://github.com/testing-felickz/docker-scout-demo CVE-2023-52427 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-52428 - https://github.com/Azure/kafka-sink-azure-kusto +CVE-2023-52428 - https://github.com/ytono/gcp-arcade CVE-2023-52429 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-52430 - https://github.com/trailofbits/publications CVE-2023-52433 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-52434 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-52435 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -155156,6 +155720,7 @@ CVE-2023-6378 - https://github.com/hinat0y/Dataset7 CVE-2023-6378 - https://github.com/hinat0y/Dataset8 CVE-2023-6378 - https://github.com/hinat0y/Dataset9 CVE-2023-6378 - https://github.com/vaikas/pombump +CVE-2023-6378 - https://github.com/ytono/gcp-arcade CVE-2023-6379 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-6379 - https://github.com/msegoviag/msegoviag CVE-2023-6380 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -155360,6 +155925,7 @@ CVE-2023-6851 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-6852 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-6853 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-6856 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2023-6856 - https://github.com/l33d0hyun/l33d0hyun CVE-2023-6857 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-6858 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-6859 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -155448,6 +156014,7 @@ CVE-2023-7016 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-7017 - https://github.com/NaInSec/CVE-LIST CVE-2023-7017 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-7024 - https://github.com/Ostorlab/KEV +CVE-2023-7024 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2023-7024 - https://github.com/RENANZG/My-Forensics CVE-2023-7027 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-7028 - https://github.com/0xMarcio/cve @@ -155464,6 +156031,7 @@ CVE-2023-7028 - https://github.com/Miraitowa70/POC-notes CVE-2023-7028 - https://github.com/Mr-xn/Penetration_Testing_POC CVE-2023-7028 - https://github.com/Ostorlab/KEV CVE-2023-7028 - https://github.com/RandomRobbieBF/CVE-2023-7028 +CVE-2023-7028 - https://github.com/SenukDias/OSCP_cheat CVE-2023-7028 - https://github.com/Shimon03/CVE-2023-7028-Account-Take-Over-Gitlab CVE-2023-7028 - https://github.com/TheRedDevil1/CVE-2023-7028 CVE-2023-7028 - https://github.com/Trackflaw/CVE-2023-7028-Docker @@ -160302,6 +160870,7 @@ CVE-2024-0010 - https://github.com/afine-com/research CVE-2024-0014 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-0015 - https://github.com/UmVfX1BvaW50/CVE-2024-0015 CVE-2024-0015 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-0023 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-0029 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-0030 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-0031 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -160315,11 +160884,14 @@ CVE-2024-0038 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-0039 - https://github.com/41yn14/CVE-2024-0039-Exploit CVE-2024-0039 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-0040 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-0040 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-0041 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-0043 - https://github.com/cisagov/vulnrichment +CVE-2024-0044 - https://github.com/0xMarcio/cve CVE-2024-0044 - https://github.com/GhostTroops/TOP CVE-2024-0044 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-0044 - https://github.com/tanjiti/sec_profile +CVE-2024-0049 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-0054 - https://github.com/NaInSec/CVE-LIST CVE-2024-0055 - https://github.com/NaInSec/CVE-LIST CVE-2024-0056 - https://github.com/NaInSec/CVE-LIST @@ -160480,6 +161052,7 @@ CVE-2024-0305 - https://github.com/wjlin0/poc-doc CVE-2024-0305 - https://github.com/wy876/POC CVE-2024-0305 - https://github.com/wy876/wiki CVE-2024-0305 - https://github.com/xingchennb/POC- +CVE-2024-0321 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2024-0321 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-0322 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-0323 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -160845,6 +161418,7 @@ CVE-2024-1086 - https://github.com/Hiimsonkul/Hiimsonkul CVE-2024-1086 - https://github.com/Notselwyn/CVE-2024-1086 CVE-2024-1086 - https://github.com/Notselwyn/exploits CVE-2024-1086 - https://github.com/Notselwyn/notselwyn +CVE-2024-1086 - https://github.com/SenukDias/OSCP_cheat CVE-2024-1086 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE CVE-2024-1086 - https://github.com/TigerIsMyPet/KernelExploit CVE-2024-1086 - https://github.com/YgorAlberto/ygoralberto.github.io @@ -160888,6 +161462,7 @@ CVE-2024-1108 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1109 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1110 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1112 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-1112 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-1113 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1114 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1115 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -161107,6 +161682,7 @@ CVE-2024-1531 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1532 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1538 - https://github.com/NaInSec/CVE-LIST CVE-2024-1540 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-1544 - https://github.com/wolfSSL/Arduino-wolfSSL CVE-2024-1544 - https://github.com/wolfSSL/wolfssl CVE-2024-1545 - https://github.com/byan-2/wolfssl CVE-2024-1545 - https://github.com/lego-pirates/wolfssl @@ -161218,6 +161794,7 @@ CVE-2024-1708 - https://github.com/W01fh4cker/ScreenConnect-AuthBypass-RCE CVE-2024-1708 - https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708 CVE-2024-1708 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1708 - https://github.com/netlas-io/netlas-dorks +CVE-2024-1708 - https://github.com/nitish778191/fitness_app CVE-2024-1708 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-1708 - https://github.com/tr1pl3ight/POCv2.0-for-CVE-2024-1709 CVE-2024-1708 - https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc @@ -161230,6 +161807,7 @@ CVE-2024-1709 - https://github.com/cjybao/CVE-2024-1709-and-CVE-2024-1708 CVE-2024-1709 - https://github.com/codeb0ss/CVE-2024-1709-PoC CVE-2024-1709 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-1709 - https://github.com/myseq/vcheck-cli +CVE-2024-1709 - https://github.com/nitish778191/fitness_app CVE-2024-1709 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-1709 - https://github.com/securitycipher/daily-bugbounty-writeups CVE-2024-1709 - https://github.com/sxyrxyy/CVE-2024-1709-ConnectWise-ScreenConnect-Authentication-Bypass @@ -161556,6 +162134,7 @@ CVE-2024-20661 - https://github.com/NaInSec/CVE-LIST CVE-2024-20662 - https://github.com/NaInSec/CVE-LIST CVE-2024-20663 - https://github.com/NaInSec/CVE-LIST CVE-2024-20664 - https://github.com/NaInSec/CVE-LIST +CVE-2024-20666 - https://github.com/HYZ3K/CVE-2024-20666 CVE-2024-20666 - https://github.com/MHimken/WinRE-Customization CVE-2024-20666 - https://github.com/NaInSec/CVE-LIST CVE-2024-20666 - https://github.com/invaderslabs/CVE-2024-20666 @@ -161716,8 +162295,10 @@ CVE-2024-2086 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-20860 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-20861 - https://github.com/dlehgus1023/dlehgus1023 CVE-2024-20861 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-20861 - https://github.com/l33d0hyun/l33d0hyun CVE-2024-20862 - https://github.com/dlehgus1023/dlehgus1023 CVE-2024-20862 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-20862 - https://github.com/l33d0hyun/l33d0hyun CVE-2024-20863 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-20864 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-20865 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -161792,6 +162373,7 @@ CVE-2024-20983 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-20984 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-20985 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-20986 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-21006 - https://github.com/20142995/sectool CVE-2024-21006 - https://github.com/momika233/CVE-2024-21006 CVE-2024-21006 - https://github.com/netlas-io/netlas-dorks CVE-2024-21006 - https://github.com/nomi-sec/PoC-in-GitHub @@ -161886,6 +162468,7 @@ CVE-2024-21338 - https://github.com/gogobuster/CVE-2024-21338-POC CVE-2024-21338 - https://github.com/hakaioffsec/CVE-2024-21338 CVE-2024-21338 - https://github.com/johe123qwe/github-trending CVE-2024-21338 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-21338 - https://github.com/tanjiti/sec_profile CVE-2024-21338 - https://github.com/varwara/CVE-2024-21338 CVE-2024-2134 - https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities CVE-2024-2134 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -162052,18 +162635,28 @@ CVE-2024-21484 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-21484 - https://github.com/kjur/jsrsasign CVE-2024-21484 - https://github.com/zibuthe7j11/repellat-sapiente-quas CVE-2024-21485 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-2149 - https://github.com/trailofbits/publications CVE-2024-21490 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-21490 - https://github.com/patrikx3/redis-ui CVE-2024-21491 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-21492 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-21492 - https://github.com/trailofbits/publications CVE-2024-21493 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-21493 - https://github.com/trailofbits/publications CVE-2024-21494 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-21494 - https://github.com/trailofbits/publications CVE-2024-21495 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-21495 - https://github.com/trailofbits/publications CVE-2024-21496 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-21496 - https://github.com/trailofbits/publications CVE-2024-21497 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-21497 - https://github.com/trailofbits/publications CVE-2024-21498 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-21498 - https://github.com/trailofbits/publications CVE-2024-21499 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-21499 - https://github.com/trailofbits/publications CVE-2024-21500 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-21500 - https://github.com/trailofbits/publications CVE-2024-21501 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-21502 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-21503 - https://github.com/NaInSec/CVE-LIST @@ -162510,6 +163103,7 @@ CVE-2024-22196 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22197 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22198 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-22199 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-22201 - https://github.com/ytono/gcp-arcade CVE-2024-22206 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22211 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22212 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -162871,6 +163465,7 @@ CVE-2024-23060 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23061 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2307 - https://github.com/NaInSec/CVE-LIST CVE-2024-2307 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-23079 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2308 - https://github.com/NaInSec/CVE-LIST CVE-2024-2308 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23080 - https://github.com/vin01/bogus-cves @@ -162974,12 +163569,14 @@ CVE-2024-23280 - https://github.com/NaInSec/CVE-LIST CVE-2024-23280 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23281 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23282 - https://github.com/dlehgus1023/dlehgus1023 +CVE-2024-23282 - https://github.com/l33d0hyun/l33d0hyun CVE-2024-23283 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23284 - https://github.com/NaInSec/CVE-LIST CVE-2024-23284 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23285 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23286 - https://github.com/dlehgus1023/dlehgus1023 CVE-2024-23286 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-23286 - https://github.com/l33d0hyun/l33d0hyun CVE-2024-23287 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23288 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23289 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -163020,6 +163617,7 @@ CVE-2024-23331 - https://github.com/seal-community/patches CVE-2024-23331 - https://github.com/vignesh7701/CodeEditor-Beta CVE-2024-23333 - https://github.com/NaInSec/CVE-LIST CVE-2024-23334 - https://github.com/Ostorlab/KEV +CVE-2024-23334 - https://github.com/SecureDoughnut/Tinkoff-CTF-2024-lohness CVE-2024-23334 - https://github.com/brian-edgar-re/poc-cve-2024-23334 CVE-2024-23334 - https://github.com/ggPonchik/Tinkoff-CTF-2024-lohness CVE-2024-23334 - https://github.com/jhonnybonny/CVE-2024-23334 @@ -163039,6 +163637,7 @@ CVE-2024-23343 - https://github.com/Sim4n6/Sim4n6 CVE-2024-23349 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23351 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23354 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-23384 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23439 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23440 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-23446 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -163417,6 +164016,7 @@ CVE-2024-24050 - https://github.com/NaInSec/CVE-LIST CVE-2024-2408 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2024-2408 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-24092 - https://github.com/ASR511-OO7/CVE-2024-24092 +CVE-2024-24092 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-24092 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-24093 - https://github.com/ASR511-OO7/CVE-2024-24093 CVE-2024-24093 - https://github.com/nomi-sec/PoC-in-GitHub @@ -163453,6 +164053,7 @@ CVE-2024-24105 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-24105 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-24108 - https://github.com/ASR511-OO7/CVE-2024-24108 CVE-2024-24108 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-24110 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-24112 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-24112 - https://github.com/tanjiti/sec_profile CVE-2024-24115 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -163608,6 +164209,7 @@ CVE-2024-2453 - https://github.com/NaInSec/CVE-LIST CVE-2024-24539 - https://github.com/NaInSec/CVE-LIST CVE-2024-24539 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-24549 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-24549 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-24549 - https://github.com/tanjiti/sec_profile CVE-2024-24557 - https://github.com/DanielePeruzzi97/rancher-k3s-docker CVE-2024-24560 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -163718,14 +164320,17 @@ CVE-2024-24785 - https://github.com/testing-felickz/docker-scout-demo CVE-2024-24786 - https://github.com/DanielePeruzzi97/rancher-k3s-docker CVE-2024-24786 - https://github.com/NaInSec/CVE-LIST CVE-2024-24786 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-24786 - https://github.com/ytono/gcp-arcade CVE-2024-24787 - https://github.com/LOURC0D3/CVE-2024-24787-PoC CVE-2024-24787 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-24787 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-24788 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-24788 - https://github.com/tanjiti/sec_profile +CVE-2024-2479 - https://github.com/Johnermac/Johnermac CVE-2024-2479 - https://github.com/NaInSec/CVE-LIST CVE-2024-2479 - https://github.com/SQU4NCH/SQU4NCH CVE-2024-24795 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-2480 - https://github.com/Johnermac/Johnermac CVE-2024-2480 - https://github.com/NaInSec/CVE-LIST CVE-2024-2480 - https://github.com/SQU4NCH/SQU4NCH CVE-2024-24801 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -163845,6 +164450,7 @@ CVE-2024-24919 - https://github.com/lirantal/cve-cvss-calculator CVE-2024-24919 - https://github.com/mr-kasim-mehar/CVE-2024-24919-Exploit CVE-2024-24919 - https://github.com/netlas-io/netlas-dorks CVE-2024-24919 - https://github.com/nexblade12/CVE-2024-24919 +CVE-2024-24919 - https://github.com/nitish778191/fitness_app CVE-2024-24919 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-24919 - https://github.com/nullcult/CVE-2024-24919-Exploit CVE-2024-24919 - https://github.com/numencyber/Vulnerability_PoC @@ -164088,6 +164694,7 @@ CVE-2024-2532 - https://github.com/NaInSec/CVE-LIST CVE-2024-25320 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25327 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2533 - https://github.com/NaInSec/CVE-LIST +CVE-2024-25331 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2534 - https://github.com/NaInSec/CVE-LIST CVE-2024-25343 - https://github.com/ShravanSinghRathore/ShravanSinghRathore CVE-2024-25344 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -164316,6 +164923,7 @@ CVE-2024-2570 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2571 - https://github.com/NaInSec/CVE-LIST CVE-2024-2571 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25710 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-25710 - https://github.com/ytono/gcp-arcade CVE-2024-25711 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25712 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25713 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -164472,6 +165080,8 @@ CVE-2024-25940 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25941 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25942 - https://github.com/NaInSec/CVE-LIST CVE-2024-25943 - https://github.com/chnzzh/iDRAC-CVE-lib +CVE-2024-25947 - https://github.com/chnzzh/iDRAC-CVE-lib +CVE-2024-25948 - https://github.com/chnzzh/iDRAC-CVE-lib CVE-2024-2595 - https://github.com/NaInSec/CVE-LIST CVE-2024-2595 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-25951 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -164704,6 +165314,7 @@ CVE-2024-26305 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-26306 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2024-26307 - https://github.com/NaInSec/CVE-LIST CVE-2024-26308 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-26308 - https://github.com/ytono/gcp-arcade CVE-2024-26309 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2631 - https://github.com/NaInSec/CVE-LIST CVE-2024-2631 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -165087,6 +165698,7 @@ CVE-2024-27198 - https://github.com/juev/links CVE-2024-27198 - https://github.com/labesterOct/CVE-2024-27198 CVE-2024-27198 - https://github.com/marl-ot/DevSecOps-2024 CVE-2024-27198 - https://github.com/netlas-io/netlas-dorks +CVE-2024-27198 - https://github.com/nitish778191/fitness_app CVE-2024-27198 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-27198 - https://github.com/passwa11/CVE-2024-27198-RCE CVE-2024-27198 - https://github.com/rampantspark/CVE-2024-27198 @@ -165114,6 +165726,7 @@ CVE-2024-27199 - https://github.com/jafshare/GithubTrending CVE-2024-27199 - https://github.com/johe123qwe/github-trending CVE-2024-27199 - https://github.com/juev/links CVE-2024-27199 - https://github.com/marl-ot/DevSecOps-2024 +CVE-2024-27199 - https://github.com/nitish778191/fitness_app CVE-2024-27199 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-27199 - https://github.com/passwa11/CVE-2024-27198-RCE CVE-2024-27199 - https://github.com/rampantspark/CVE-2024-27198 @@ -165132,6 +165745,7 @@ CVE-2024-27209 - https://github.com/NaInSec/CVE-LIST CVE-2024-2721 - https://github.com/NaInSec/CVE-LIST CVE-2024-27210 - https://github.com/NaInSec/CVE-LIST CVE-2024-27211 - https://github.com/NaInSec/CVE-LIST +CVE-2024-27211 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27212 - https://github.com/NaInSec/CVE-LIST CVE-2024-27213 - https://github.com/NaInSec/CVE-LIST CVE-2024-27215 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -165244,6 +165858,7 @@ CVE-2024-2742 - https://github.com/NaInSec/CVE-LIST CVE-2024-27438 - https://github.com/NaInSec/CVE-LIST CVE-2024-27439 - https://github.com/NaInSec/CVE-LIST CVE-2024-27439 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-27440 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27441 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27443 - https://github.com/nhiephon/Research CVE-2024-27444 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -165321,6 +165936,7 @@ CVE-2024-27623 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27625 - https://github.com/capture0x/My-CVE CVE-2024-27625 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27626 - https://github.com/capture0x/My-CVE +CVE-2024-27626 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-27627 - https://github.com/capture0x/My-CVE CVE-2024-27627 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2763 - https://github.com/LaPhilosophie/IoT-vulnerable @@ -165936,6 +166552,7 @@ CVE-2024-28745 - https://github.com/NaInSec/CVE-LIST CVE-2024-28745 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28746 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28752 - https://github.com/tanjiti/sec_profile +CVE-2024-28752 - https://github.com/ytono/gcp-arcade CVE-2024-28753 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28754 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28756 - https://github.com/NaInSec/CVE-LIST @@ -165964,6 +166581,7 @@ CVE-2024-2879 - https://github.com/wy876/wiki CVE-2024-28794 - https://github.com/afine-com/research CVE-2024-28795 - https://github.com/afine-com/research CVE-2024-28797 - https://github.com/afine-com/research +CVE-2024-28806 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28816 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28823 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28824 - https://github.com/NaInSec/CVE-LIST @@ -165977,6 +166595,7 @@ CVE-2024-28834 - https://github.com/m-pasima/CI-CD-Security-image-scan CVE-2024-28835 - https://github.com/GitHubForSnap/ssmtp-gael CVE-2024-28835 - https://github.com/GrigGM/05-virt-04-docker-hw CVE-2024-28835 - https://github.com/NaInSec/CVE-LIST +CVE-2024-28835 - https://github.com/trailofbits/publications CVE-2024-28847 - https://github.com/NaInSec/CVE-LIST CVE-2024-28848 - https://github.com/NaInSec/CVE-LIST CVE-2024-28848 - https://github.com/tequilasunsh1ne/OpenMetadata_policies_spel @@ -166052,6 +166671,7 @@ CVE-2024-29019 - https://github.com/NaInSec/CVE-LIST CVE-2024-2902 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-29025 - https://github.com/Azure/kafka-sink-azure-kusto CVE-2024-29025 - https://github.com/th2-net/th2-bom +CVE-2024-29025 - https://github.com/ytono/gcp-arcade CVE-2024-29026 - https://github.com/NaInSec/CVE-LIST CVE-2024-29027 - https://github.com/NaInSec/CVE-LIST CVE-2024-29027 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -166274,6 +166894,7 @@ CVE-2024-29291 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-29296 - https://github.com/Lavender-exe/CVE-2024-29296-PoC CVE-2024-29296 - https://github.com/ThaySolis/CVE-2024-29296 CVE-2024-29296 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-29301 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-29316 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2932 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-29320 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -166283,6 +166904,7 @@ CVE-2024-2935 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-29366 - https://github.com/NaInSec/CVE-LIST CVE-2024-29368 - https://github.com/becpn/mozilocms CVE-2024-29368 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-2937 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-29374 - https://github.com/NaInSec/CVE-LIST CVE-2024-29375 - https://github.com/c0rvane/CVE-2024-29375 CVE-2024-29375 - https://github.com/ismailcemunver/CVE-2024-29375 @@ -166374,7 +166996,9 @@ CVE-2024-2961 - https://github.com/testing-felickz/docker-scout-demo CVE-2024-2961 - https://github.com/tnishiox/cve-2024-2961 CVE-2024-2961 - https://github.com/wjlin0/wjlin0 CVE-2024-2961 - https://github.com/zhaoxiaoha/github-trending +CVE-2024-29637 - https://github.com/Johnermac/Johnermac CVE-2024-29637 - https://github.com/SQU4NCH/SQU4NCH +CVE-2024-29638 - https://github.com/Johnermac/Johnermac CVE-2024-29638 - https://github.com/SQU4NCH/SQU4NCH CVE-2024-29650 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-29660 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -166450,6 +167074,7 @@ CVE-2024-29849 - https://github.com/sinsinology/CVE-2024-29849 CVE-2024-2985 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-29855 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-29857 - https://github.com/cdupuis/aspnetapp +CVE-2024-29857 - https://github.com/ytono/gcp-arcade CVE-2024-29858 - https://github.com/NaInSec/CVE-LIST CVE-2024-29859 - https://github.com/NaInSec/CVE-LIST CVE-2024-2986 - https://github.com/LaPhilosophie/IoT-vulnerable @@ -166527,6 +167152,7 @@ CVE-2024-29943 - https://github.com/mgaudet/SpiderMonkeyBibliography CVE-2024-29943 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-29943 - https://github.com/tanjiti/sec_profile CVE-2024-29944 - https://github.com/NaInSec/CVE-LIST +CVE-2024-29944 - https://github.com/RENANZG/My-Debian-GNU-Linux CVE-2024-29945 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-29946 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-29947 - https://github.com/LOURC0D3/ENVY-gitbook @@ -166540,6 +167166,7 @@ CVE-2024-2996 - https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities CVE-2024-2996 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2997 - https://github.com/Srivishnu-p/CVEs-and-Vulnerabilities CVE-2024-2997 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-2997 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-29972 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-29973 - https://github.com/Ostorlab/KEV CVE-2024-29973 - https://github.com/nomi-sec/PoC-in-GitHub @@ -166619,7 +167246,9 @@ CVE-2024-30161 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-30163 - https://github.com/1Softworks/IPS-SQL-Injection CVE-2024-30165 - https://github.com/p4yl0ad/p4yl0ad CVE-2024-30171 - https://github.com/cdupuis/aspnetapp +CVE-2024-30171 - https://github.com/ytono/gcp-arcade CVE-2024-30172 - https://github.com/cdupuis/aspnetapp +CVE-2024-30172 - https://github.com/ytono/gcp-arcade CVE-2024-30187 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-30200 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-30202 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -166673,6 +167302,7 @@ CVE-2024-30266 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-30269 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3027 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-30270 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-30284 - https://github.com/markyason/markyason.github.io CVE-2024-3030 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3032 - https://github.com/Chocapikk/Chocapikk CVE-2024-3032 - https://github.com/Chocapikk/My-CVEs @@ -167154,6 +167784,7 @@ CVE-2024-31207 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31208 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31209 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31210 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-31211 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-31213 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-31214 - https://github.com/nvn1729/advisories CVE-2024-31215 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -167424,10 +168055,12 @@ CVE-2024-3205 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3208 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3209 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3210 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-32104 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-32105 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32113 - https://github.com/Mr-xn/CVE-2024-32113 CVE-2024-32113 - https://github.com/Mr-xn/Penetration_Testing_POC CVE-2024-32113 - https://github.com/Ostorlab/KEV +CVE-2024-32113 - https://github.com/RacerZ-fighting/RacerZ-fighting CVE-2024-32113 - https://github.com/Threekiii/CVE CVE-2024-32113 - https://github.com/absholi7ly/Apache-OFBiz-Directory-Traversal-exploit CVE-2024-32113 - https://github.com/enomothem/PenTestNote @@ -167445,6 +168078,7 @@ CVE-2024-32152 - https://github.com/bee-san/bee-san CVE-2024-3216 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3217 - https://github.com/BassamAssiri/CVE-2024-3217-POC CVE-2024-3217 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-3219 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32205 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-32236 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32238 - https://github.com/FuBoLuSec/CVE-2024-32238 @@ -167552,6 +168186,7 @@ CVE-2024-3267 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32674 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32679 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32699 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-32700 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-32709 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-32709 - https://github.com/truonghuuphuc/CVE-2024-32709-Poc CVE-2024-32709 - https://github.com/wy876/POC @@ -167639,6 +168274,24 @@ CVE-2024-3298 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32980 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32982 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3299 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33010 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33011 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33012 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33013 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33014 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33015 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33018 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33019 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33020 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33021 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33022 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33023 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33024 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33025 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33026 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33027 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33028 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33034 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33078 - https://github.com/HBLocker/CVE-2024-33078 CVE-2024-33078 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-33103 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -167724,6 +168377,7 @@ CVE-2024-33515 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33516 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33517 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-33518 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-33544 - https://github.com/Ostorlab/KEV CVE-2024-33551 - https://github.com/absholi7ly/WordPress-XStore-theme-SQL-Injection CVE-2024-33559 - https://github.com/absholi7ly/WordPress-XStore-theme-SQL-Injection CVE-2024-33559 - https://github.com/nomi-sec/PoC-in-GitHub @@ -167869,6 +168523,7 @@ CVE-2024-3400 - https://github.com/lirantal/cve-cvss-calculator CVE-2024-3400 - https://github.com/marconesler/CVE-2024-3400 CVE-2024-3400 - https://github.com/momika233/CVE-2024-3400 CVE-2024-3400 - https://github.com/netlas-io/netlas-dorks +CVE-2024-3400 - https://github.com/nitish778191/fitness_app CVE-2024-3400 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3400 - https://github.com/phantomradar/cve-2024-3400-poc CVE-2024-3400 - https://github.com/pwnj0hn/CVE-2024-3400 @@ -167905,12 +168560,17 @@ CVE-2024-34090 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34091 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34092 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34093 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-34094 - https://github.com/markyason/markyason.github.io +CVE-2024-34095 - https://github.com/markyason/markyason.github.io +CVE-2024-34096 - https://github.com/markyason/markyason.github.io +CVE-2024-34097 - https://github.com/markyason/markyason.github.io CVE-2024-34102 - https://github.com/Mr-xn/Penetration_Testing_POC CVE-2024-34102 - https://github.com/Ostorlab/KEV CVE-2024-34102 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-34102 - https://github.com/redwaysecurity/CVEs CVE-2024-3413 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34144 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-34144 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-34145 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34146 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34147 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -167975,6 +168635,7 @@ CVE-2024-3443 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3444 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34446 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-34447 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-34447 - https://github.com/ytono/gcp-arcade CVE-2024-34448 - https://github.com/phulelouch/CVEs CVE-2024-34449 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3445 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -168027,6 +168688,7 @@ CVE-2024-3460 - https://github.com/DojoSecurity/DojoSecurity CVE-2024-3460 - https://github.com/afine-com/research CVE-2024-3461 - https://github.com/DojoSecurity/DojoSecurity CVE-2024-3461 - https://github.com/afine-com/research +CVE-2024-34693 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-34716 - https://github.com/aelmokhtar/CVE-2024-34716_PoC CVE-2024-34716 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-34717 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -168251,6 +168913,7 @@ CVE-2024-36104 - https://github.com/wy876/POC CVE-2024-36104 - https://github.com/wy876/wiki CVE-2024-36105 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-36111 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-36111 - https://github.com/wy876/POC CVE-2024-36120 - https://github.com/SteakEnthusiast/My-CTF-Challenges CVE-2024-3614 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3616 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -168272,6 +168935,7 @@ CVE-2024-36401 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-36401 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main CVE-2024-36401 - https://github.com/tanjiti/sec_profile CVE-2024-36401 - https://github.com/wy876/POC +CVE-2024-36401 - https://github.com/zgimszhd61/CVE-2024-36401 CVE-2024-36405 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-36412 - https://github.com/wy876/POC CVE-2024-36412 - https://github.com/wy876/wiki @@ -168283,12 +168947,14 @@ CVE-2024-36428 - https://github.com/wjlin0/poc-doc CVE-2024-36428 - https://github.com/wy876/POC CVE-2024-36428 - https://github.com/wy876/wiki CVE-2024-36437 - https://github.com/actuator/cve +CVE-2024-36448 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3645 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-36510 - https://github.com/martinstnv/martinstnv CVE-2024-3652 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-36522 - https://github.com/Threekiii/CVE CVE-2024-36522 - https://github.com/enomothem/PenTestNote CVE-2024-36527 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-36539 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-36586 - https://github.com/go-compile/security-advisories CVE-2024-36587 - https://github.com/go-compile/security-advisories CVE-2024-36588 - https://github.com/go-compile/security-advisories @@ -168314,6 +168980,7 @@ CVE-2024-36795 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-36821 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-36837 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-36837 - https://github.com/tanjiti/sec_profile +CVE-2024-36842 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3686 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3687 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3688 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -168353,6 +169020,9 @@ CVE-2024-37080 - https://github.com/tanjiti/sec_profile CVE-2024-37081 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-37081 - https://github.com/tanjiti/sec_profile CVE-2024-37084 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-37085 - https://github.com/gokupwn/pushMyResources +CVE-2024-37085 - https://github.com/h0bbel/h0bbel +CVE-2024-37085 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3714 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-37147 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-37253 - https://github.com/20142995/nuclei-templates @@ -168456,6 +169126,11 @@ CVE-2024-3844 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3845 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3846 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3847 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-38472 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-38473 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-38481 - https://github.com/chnzzh/iDRAC-CVE-lib +CVE-2024-38489 - https://github.com/chnzzh/iDRAC-CVE-lib +CVE-2024-38490 - https://github.com/chnzzh/iDRAC-CVE-lib CVE-2024-38537 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3854 - https://github.com/googleprojectzero/fuzzilli CVE-2024-3854 - https://github.com/zhangjiahui-buaa/MasterThesis @@ -168484,6 +169159,9 @@ CVE-2024-3879 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-3880 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-3881 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-3882 - https://github.com/LaPhilosophie/IoT-vulnerable +CVE-2024-38856 - https://github.com/RacerZ-fighting/RacerZ-fighting +CVE-2024-38856 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-38856 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3889 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3891 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3892 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -168498,6 +169176,7 @@ CVE-2024-3907 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-39071 - https://github.com/Y5neKO/Y5neKO CVE-2024-39072 - https://github.com/Y5neKO/Y5neKO CVE-2024-3908 - https://github.com/LaPhilosophie/IoT-vulnerable +CVE-2024-39081 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3909 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-39090 - https://github.com/arijitdirghangi/arijitdirghangi CVE-2024-3910 - https://github.com/LaPhilosophie/IoT-vulnerable @@ -168510,6 +169189,8 @@ CVE-2024-39248 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-39249 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-39250 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3928 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-39304 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-39306 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3931 - https://github.com/2lambda123/cisagov-vulnrichment CVE-2024-3931 - https://github.com/cisagov/vulnrichment CVE-2024-3931 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -168521,6 +169202,7 @@ CVE-2024-3942 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3951 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3957 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3961 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-39614 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3967 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-39670 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-39671 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -168530,10 +169212,14 @@ CVE-2024-39674 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3968 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-39689 - https://github.com/PBorocz/raindrop-io-py CVE-2024-39689 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-39694 - https://github.com/IdentityServer/IdentityServer4 CVE-2024-3970 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-39700 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3979 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-39844 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3985 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-39863 - https://github.com/ch4n3-yoon/ch4n3-yoon +CVE-2024-39877 - https://github.com/ch4n3-yoon/ch4n3-yoon CVE-2024-39884 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-39899 - https://github.com/nbxiglk0/nbxiglk0 CVE-2024-39908 - https://github.com/lifeparticle/Ruby-Cheatsheet @@ -168543,21 +169229,28 @@ CVE-2024-39911 - https://github.com/wy876/wiki CVE-2024-39914 - https://github.com/wy876/POC CVE-2024-39914 - https://github.com/wy876/wiki CVE-2024-39929 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-39929 - https://github.com/rxerium/stars CVE-2024-39943 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-39943 - https://github.com/wy876/POC CVE-2024-4000 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4003 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4006 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-40096 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4010 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-40110 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40119 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4021 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4024 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4029 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4031 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-40318 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-4032 - https://github.com/GitHubForSnap/matrix-commander-gael +CVE-2024-40324 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4033 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4034 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-40348 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40348 - https://github.com/wy876/POC +CVE-2024-40348 - https://github.com/wy876/wiki CVE-2024-4036 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4040 - https://github.com/1ncendium/CVE-2024-4040 CVE-2024-4040 - https://github.com/Mohammaddvd/CVE-2024-4040 @@ -168570,10 +169263,12 @@ CVE-2024-4040 - https://github.com/Y4tacker/JavaSec CVE-2024-4040 - https://github.com/absholi7ly/absholi7ly CVE-2024-4040 - https://github.com/airbus-cert/CVE-2024-4040 CVE-2024-4040 - https://github.com/enomothem/PenTestNote +CVE-2024-4040 - https://github.com/entroychang/CVE-2024-4040 CVE-2024-4040 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4040 - https://github.com/getdrive/PoC CVE-2024-4040 - https://github.com/gotr00t0day/CVE-2024-4040 CVE-2024-4040 - https://github.com/jakabakos/CVE-2024-4040-CrushFTP-File-Read-vulnerability +CVE-2024-4040 - https://github.com/nitish778191/fitness_app CVE-2024-4040 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4040 - https://github.com/qt2a23/CVE-2024-4040 CVE-2024-4040 - https://github.com/rbih-boulanouar/CVE-2024-4040 @@ -168588,6 +169283,7 @@ CVE-2024-4040 - https://github.com/zgimszhd61/cve-exploit-collection-scanner CVE-2024-4042 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-40422 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40492 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-40498 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40506 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40507 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40508 - https://github.com/nomi-sec/PoC-in-GitHub @@ -168598,6 +169294,8 @@ CVE-2024-40512 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4058 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4059 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4060 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-40617 - https://github.com/H4lo/awesome-IoT-security-article +CVE-2024-40617 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40628 - https://github.com/tanjiti/sec_profile CVE-2024-40629 - https://github.com/tanjiti/sec_profile CVE-2024-4064 - https://github.com/LaPhilosophie/IoT-vulnerable @@ -168607,6 +169305,7 @@ CVE-2024-4066 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4068 - https://github.com/seal-community/patches CVE-2024-40725 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40725 - https://github.com/tanjiti/sec_profile +CVE-2024-40784 - https://github.com/gandalf4a/crash_report CVE-2024-4083 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4085 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4086 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -168618,12 +169317,14 @@ CVE-2024-41003 - https://github.com/google/buzzer CVE-2024-41107 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-41107 - https://github.com/tanjiti/sec_profile CVE-2024-41107 - https://github.com/wy876/POC +CVE-2024-41107 - https://github.com/wy876/wiki CVE-2024-4111 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4111 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41110 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-41110 - https://github.com/tanjiti/sec_profile CVE-2024-4112 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4112 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-41123 - https://github.com/lifeparticle/Ruby-Cheatsheet CVE-2024-4113 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4113 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4114 - https://github.com/LaPhilosophie/IoT-vulnerable @@ -168644,6 +169345,8 @@ CVE-2024-4126 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4127 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4127 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4128 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-41301 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-41302 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4133 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4138 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4139 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -168655,12 +169358,16 @@ CVE-2024-41463 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41464 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41465 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41466 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-41468 - https://github.com/wy876/POC +CVE-2024-41473 - https://github.com/wy876/POC CVE-2024-41550 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41551 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4156 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4162 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-41628 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4163 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4164 - https://github.com/LaPhilosophie/IoT-vulnerable +CVE-2024-41640 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4165 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4166 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-41662 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -168680,12 +169387,20 @@ CVE-2024-4171 - https://github.com/LaPhilosophie/IoT-vulnerable CVE-2024-4171 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4172 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41806 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-41819 - https://github.com/alessio-romano/Sfoffo-Pentesting-Notes +CVE-2024-41819 - https://github.com/alessio-romano/alessio-romano CVE-2024-41827 - https://github.com/tanjiti/sec_profile CVE-2024-4186 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-41943 - https://github.com/alessio-romano/Sfoffo-Pentesting-Notes +CVE-2024-41943 - https://github.com/alessio-romano/alessio-romano +CVE-2024-41946 - https://github.com/lifeparticle/Ruby-Cheatsheet CVE-2024-4199 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4200 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4202 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4203 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42041 - https://github.com/actuator/cve +CVE-2024-42054 - https://github.com/jinsonvarghese/jinsonvarghese +CVE-2024-42055 - https://github.com/jinsonvarghese/jinsonvarghese CVE-2024-4208 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4226 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4231 - https://github.com/nomi-sec/PoC-in-GitHub @@ -168733,6 +169448,7 @@ CVE-2024-4300 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4301 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4313 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4317 - https://github.com/wiltondb/wiltondb +CVE-2024-4320 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4323 - https://github.com/d0rb/CVE-2024-4323 CVE-2024-4323 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4323 - https://github.com/skilfoy/CVE-2024-4323-Exploit-POC @@ -168878,6 +169594,7 @@ CVE-2024-4577 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4577 - https://github.com/huseyinstif/CVE-2024-4577-Nuclei-Template CVE-2024-4577 - https://github.com/it-t4mpan/check_cve_2024_4577.sh CVE-2024-4577 - https://github.com/manuelinfosec/CVE-2024-4577 +CVE-2024-4577 - https://github.com/nitish778191/fitness_app CVE-2024-4577 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4577 - https://github.com/ohhhh693/CVE-2024-4577 CVE-2024-4577 - https://github.com/princew88/CVE-2024-4577 @@ -168912,6 +169629,7 @@ CVE-2024-4601 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4603 - https://github.com/bcgov/jag-cdds CVE-2024-4603 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2024-4603 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-4607 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4609 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4610 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4611 - https://github.com/chnzzh/OpenSSL-CVE-lib @@ -169083,6 +169801,7 @@ CVE-2024-5076 - https://github.com/20142995/nuclei-templates CVE-2024-5077 - https://github.com/20142995/nuclei-templates CVE-2024-5079 - https://github.com/20142995/nuclei-templates CVE-2024-5080 - https://github.com/20142995/nuclei-templates +CVE-2024-5081 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5084 - https://github.com/Chocapikk/CVE-2024-5084 CVE-2024-5084 - https://github.com/Chocapikk/Chocapikk CVE-2024-5084 - https://github.com/KTN1990/CVE-2024-5084 @@ -169104,13 +169823,17 @@ CVE-2024-5114 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5156 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5187 - https://github.com/sunriseXu/sunriseXu CVE-2024-5208 - https://github.com/sev-hack/sev-hack +CVE-2024-5217 - https://github.com/Ostorlab/KEV +CVE-2024-5217 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5218 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5220 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5229 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5246 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5273 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5274 - https://github.com/kip93/kip93 CVE-2024-5274 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5287 - https://github.com/20142995/nuclei-templates +CVE-2024-5288 - https://github.com/wolfSSL/Arduino-wolfSSL CVE-2024-5288 - https://github.com/wolfSSL/wolfssl CVE-2024-5326 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5326 - https://github.com/truonghuuphuc/CVE-2024-5326-Poc @@ -169156,6 +169879,7 @@ CVE-2024-5653 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5654 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5655 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5663 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5670 - https://github.com/tanjiti/sec_profile CVE-2024-5678 - https://github.com/0x41424142/qualyspy CVE-2024-5678 - https://github.com/Dashrath158/CVE-Management-App-using-Flask CVE-2024-5678 - https://github.com/bergel07/FinalProject @@ -169186,6 +169910,7 @@ CVE-2024-5791 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-5802 - https://github.com/20142995/nuclei-templates CVE-2024-5806 - https://github.com/Mr-xn/Penetration_Testing_POC CVE-2024-5806 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-5814 - https://github.com/wolfSSL/Arduino-wolfSSL CVE-2024-5814 - https://github.com/wolfSSL/wolfssl CVE-2024-5818 - https://github.com/20142995/nuclei-templates CVE-2024-5861 - https://github.com/20142995/nuclei-templates @@ -169193,6 +169918,7 @@ CVE-2024-5947 - https://github.com/komodoooo/Some-things CVE-2024-5947 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5961 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-5973 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-5991 - https://github.com/wolfSSL/Arduino-wolfSSL CVE-2024-5991 - https://github.com/wolfSSL/wolfssl CVE-2024-6027 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6028 - https://github.com/nomi-sec/PoC-in-GitHub @@ -169220,11 +169946,15 @@ CVE-2024-6205 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6243 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6244 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6265 - https://github.com/truonghuuphuc/CVE +CVE-2024-6270 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6271 - https://github.com/Jokergazaa/zero-click-exploits CVE-2024-6271 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6342 - https://github.com/yikesoftware/yikesoftware CVE-2024-6343 - https://github.com/yikesoftware/yikesoftware +CVE-2024-6366 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6385 - https://github.com/Ostorlab/KEV +CVE-2024-6387 - https://github.com/0xMarcio/cve +CVE-2024-6387 - https://github.com/CVEDB/awesome-cve-repo CVE-2024-6387 - https://github.com/David-M-Berry/openssh-cve-discovery CVE-2024-6387 - https://github.com/GhostTroops/TOP CVE-2024-6387 - https://github.com/GitHubForSnap/openssh-server-gael @@ -169239,14 +169969,23 @@ CVE-2024-6387 - https://github.com/bigb0x/CVE-2024-6387 CVE-2024-6387 - https://github.com/enomothem/PenTestNote CVE-2024-6387 - https://github.com/giterlizzi/secdb-feeds CVE-2024-6387 - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- +CVE-2024-6387 - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion CVE-2024-6387 - https://github.com/lukibahr/stars CVE-2024-6387 - https://github.com/maycon/stars CVE-2024-6387 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-6387 - https://github.com/rxerium/stars CVE-2024-6387 - https://github.com/sardine-web/CVE-2024-6387_Check CVE-2024-6387 - https://github.com/tanjiti/sec_profile CVE-2024-6387 - https://github.com/teamos-hub/regreSSHion CVE-2024-6387 - https://github.com/trailofbits/codeql-queries +CVE-2024-6390 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6472 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6518 - https://github.com/fluentform/fluentform +CVE-2024-6520 - https://github.com/fluentform/fluentform +CVE-2024-6521 - https://github.com/fluentform/fluentform CVE-2024-65230 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-6529 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-6536 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6553 - https://github.com/20142995/nuclei-templates CVE-2024-6571 - https://github.com/20142995/nuclei-templates CVE-2024-6589 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169256,6 +169995,8 @@ CVE-2024-6646 - https://github.com/wy876/wiki CVE-2024-6666 - https://github.com/JohnnyBradvo/CVE-2024-6666 CVE-2024-6666 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6695 - https://github.com/20142995/nuclei-templates +CVE-2024-6703 - https://github.com/fluentform/fluentform +CVE-2024-6738 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6750 - https://github.com/20142995/nuclei-templates CVE-2024-6751 - https://github.com/20142995/nuclei-templates CVE-2024-6752 - https://github.com/20142995/nuclei-templates @@ -169264,6 +170005,7 @@ CVE-2024-6754 - https://github.com/20142995/nuclei-templates CVE-2024-6755 - https://github.com/20142995/nuclei-templates CVE-2024-6756 - https://github.com/20142995/nuclei-templates CVE-2024-6836 - https://github.com/20142995/nuclei-templates +CVE-2024-6865 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6896 - https://github.com/20142995/nuclei-templates CVE-2024-6930 - https://github.com/20142995/nuclei-templates CVE-2024-6931 - https://github.com/20142995/nuclei-templates @@ -169277,6 +170019,7 @@ CVE-2024-6968 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6969 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6970 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6972 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6975 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2024-7027 - https://github.com/20142995/nuclei-templates CVE-2024-7047 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7057 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -169284,6 +170027,42 @@ CVE-2024-7060 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7080 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7081 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7091 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7120 - https://github.com/komodoooo/Some-things +CVE-2024-7297 - https://github.com/JoshuaMart/JoshuaMart +CVE-2024-7339 - https://github.com/tanjiti/sec_profile +CVE-2024-7383 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7395 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7396 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7397 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7409 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7436 - https://github.com/tanjiti/sec_profile +CVE-2024-7439 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7442 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7443 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7444 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7445 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7446 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7449 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7450 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7451 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7452 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7453 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7454 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7455 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7458 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7459 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7460 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7461 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7462 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7463 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7464 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7465 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7466 - https://github.com/ahmedvienna/CVEs-and-Vulnerabilities +CVE-2024-7466 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7467 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7468 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7469 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7470 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-87654 - https://github.com/runwuf/clickhouse-test CVE-2024-98765 - https://github.com/runwuf/clickhouse-test CVE-2024-99999 - https://github.com/kolewttd/wtt diff --git a/references.txt b/references.txt index 638fd8906..d57b7003f 100644 --- a/references.txt +++ b/references.txt @@ -63,6 +63,7 @@ CVE-2001-0055 - http://www.cisco.com/warp/public/707/CBOS-multiple.shtml CVE-2001-0056 - http://www.cisco.com/warp/public/707/CBOS-multiple.shtml CVE-2001-0057 - http://www.cisco.com/warp/public/707/CBOS-multiple.shtml CVE-2001-0058 - http://www.cisco.com/warp/public/707/CBOS-multiple.shtml +CVE-2001-0080 - http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml CVE-2001-0115 - http://marc.info/?l=bugtraq&m=97934312727101&w=2 CVE-2001-0134 - http://marc.info/?l=bugtraq&m=97967435023835&w=2 CVE-2001-0151 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A90 @@ -575,6 +576,7 @@ CVE-2003-0967 - http://marc.info/?l=bugtraq&m=106944220426970 CVE-2003-0968 - http://marc.info/?l=bugtraq&m=106986437621130&w=2 CVE-2003-0974 - http://marc.info/?l=bugtraq&m=107004362416252&w=2 CVE-2003-0982 - http://www.cisco.com/warp/public/707/cisco-sa-20031210-ACNS-auth.shtml +CVE-2003-0983 - http://www.cisco.com/warp/public/707/cisco-sa-20031210-unity.shtml CVE-2003-0984 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9406 CVE-2003-0985 - http://isec.pl/vulnerabilities/isec-0013-mremap.txt CVE-2003-0985 - http://marc.info/?l=bugtraq&m=107332782121916&w=2 @@ -1427,6 +1429,7 @@ CVE-2005-0184 - http://marc.info/?l=bugtraq&m=110549426300953&w=2 CVE-2005-0186 - http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml CVE-2005-0193 - http://marc.info/?l=bugtraq&m=110642400018425&w=2 CVE-2005-0195 - http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml +CVE-2005-0196 - http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml CVE-2005-0197 - http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml CVE-2005-0202 - http://www.redhat.com/support/errata/RHSA-2005-136.html CVE-2005-0205 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9596 @@ -2864,6 +2867,7 @@ CVE-2006-0167 - http://www.securityfocus.com/archive/1/421863/100/0/threaded CVE-2006-0168 - http://evuln.com/vulns/22/summary.html CVE-2006-0168 - http://www.securityfocus.com/archive/1/421863/100/0/threaded CVE-2006-0169 - http://evuln.com/vulns/23/summary.html +CVE-2006-0179 - http://www.cisco.com/warp/public/707/cisco-response-20060113-ip-phones.shtml CVE-2006-0179 - https://www.exploit-db.com/exploits/1411 CVE-2006-0180 - http://evuln.com/vulns/24/summary.html CVE-2006-0181 - http://www.cisco.com/warp/public/707/cisco-sa-20060111-mars.shtml @@ -3660,6 +3664,7 @@ CVE-2006-2152 - https://www.exploit-db.com/exploits/1723 CVE-2006-2152 - https://www.exploit-db.com/exploits/1725 CVE-2006-2153 - http://securityreason.com/securityalert/830 CVE-2006-2156 - https://www.exploit-db.com/exploits/1738 +CVE-2006-2166 - http://www.cisco.com/warp/public/707/cisco-sa-20060501-cue.shtml CVE-2006-2167 - http://securityreason.com/securityalert/831 CVE-2006-2174 - http://securityreason.com/securityalert/832 CVE-2006-2175 - https://www.exploit-db.com/exploits/1740 @@ -17217,6 +17222,7 @@ CVE-2010-0817 - https://docs.microsoft.com/en-us/security-updates/securitybullet CVE-2010-0819 - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-037 CVE-2010-0825 - https://bugs.launchpad.net/ubuntu/+bug/531569 CVE-2010-0826 - http://www.ubuntu.com/usn/USN-922-1 +CVE-2010-0828 - http://www.ubuntu.com/usn/USN-925-1 CVE-2010-0829 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9718 CVE-2010-0835 - http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html CVE-2010-0836 - http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html @@ -17497,6 +17503,7 @@ CVE-2010-1225 - http://www.coresecurity.com/content/virtual-pc-2007-hypervisor-m CVE-2010-1226 - http://www.exploit-db.com/exploits/11769 CVE-2010-1227 - http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html CVE-2010-1236 - http://flock.com/security/ +CVE-2010-1238 - http://www.ubuntu.com/usn/USN-925-1 CVE-2010-1239 - http://blog.didierstevens.com/2010/03/29/escape-from-pdf/ CVE-2010-1239 - http://blog.didierstevens.com/2010/03/31/escape-from-foxit-reader/ CVE-2010-1240 - http://blog.didierstevens.com/2010/03/29/escape-from-pdf/ @@ -38482,6 +38489,7 @@ CVE-2016-2177 - http://www.oracle.com/technetwork/topics/security/bulletinapr201 CVE-2016-2177 - http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html CVE-2016-2177 - http://www.ubuntu.com/usn/USN-3181-1 CVE-2016-2177 - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 +CVE-2016-2177 - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us CVE-2016-2177 - https://www.tenable.com/security/tns-2016-20 CVE-2016-2178 - http://eprint.iacr.org/2016/594.pdf CVE-2016-2178 - http://seclists.org/fulldisclosure/2017/Jul/31 @@ -38492,6 +38500,7 @@ CVE-2016-2178 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3 CVE-2016-2178 - http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html CVE-2016-2178 - http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html CVE-2016-2178 - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 +CVE-2016-2178 - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us CVE-2016-2178 - https://www.tenable.com/security/tns-2016-20 CVE-2016-2179 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html CVE-2016-2179 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html @@ -38499,6 +38508,7 @@ CVE-2016-2179 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2 CVE-2016-2179 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html CVE-2016-2179 - http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html CVE-2016-2179 - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 +CVE-2016-2179 - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us CVE-2016-2179 - https://www.tenable.com/security/tns-2016-20 CVE-2016-2180 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html CVE-2016-2180 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html @@ -38507,6 +38517,7 @@ CVE-2016-2180 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3 CVE-2016-2180 - http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html CVE-2016-2180 - https://hackerone.com/reports/221789 CVE-2016-2180 - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 +CVE-2016-2180 - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us CVE-2016-2180 - https://www.tenable.com/security/tns-2016-20 CVE-2016-2181 - http://seclists.org/fulldisclosure/2017/Jul/31 CVE-2016-2181 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html @@ -38524,6 +38535,7 @@ CVE-2016-2182 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3 CVE-2016-2182 - http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html CVE-2016-2182 - https://hackerone.com/reports/221788 CVE-2016-2182 - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 +CVE-2016-2182 - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us CVE-2016-2182 - https://www.tenable.com/security/tns-2016-20 CVE-2016-2183 - http://packetstormsecurity.com/files/142756/IBM-Informix-Dynamic-Server-DLL-Injection-Code-Execution.html CVE-2016-2183 - http://seclists.org/fulldisclosure/2017/Jul/31 @@ -40606,6 +40618,7 @@ CVE-2016-6306 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3 CVE-2016-6306 - http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html CVE-2016-6306 - https://hackerone.com/reports/221790 CVE-2016-6306 - https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312 +CVE-2016-6306 - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us CVE-2016-6306 - https://www.oracle.com/security-alerts/cpuapr2020.html CVE-2016-6306 - https://www.oracle.com/security-alerts/cpujan2020.html CVE-2016-6306 - https://www.oracle.com/security-alerts/cpujul2020.html @@ -40626,6 +40639,7 @@ CVE-2016-6308 - https://www.tenable.com/security/tns-2016-20 CVE-2016-6309 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html CVE-2016-6309 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html CVE-2016-6309 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html +CVE-2016-6309 - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us CVE-2016-6309 - https://www.tenable.com/security/tns-2016-20 CVE-2016-6317 - https://hackerone.com/reports/139321 CVE-2016-6321 - http://packetstormsecurity.com/files/139370/GNU-tar-1.29-Extract-Pathname-Bypass.html @@ -40802,6 +40816,7 @@ CVE-2016-7052 - http://www.oracle.com/technetwork/security-advisory/cpujan2018-3 CVE-2016-7052 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html CVE-2016-7052 - http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html CVE-2016-7052 - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html +CVE-2016-7052 - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03856en_us CVE-2016-7052 - https://www.tenable.com/security/tns-2016-19 CVE-2016-7052 - https://www.tenable.com/security/tns-2016-20 CVE-2016-7054 - https://www.exploit-db.com/exploits/40899/ @@ -48486,6 +48501,7 @@ CVE-2018-1000007 - https://www.oracle.com/technetwork/security-advisory/cpuoct20 CVE-2018-1000024 - https://usn.ubuntu.com/3557-1/ CVE-2018-1000026 - https://usn.ubuntu.com/3620-1/ CVE-2018-1000027 - https://usn.ubuntu.com/3557-1/ +CVE-2018-1000030 - https://usn.ubuntu.com/3817-2/ CVE-2018-1000030 - https://www.oracle.com/security-alerts/cpujan2020.html CVE-2018-1000049 - http://packetstormsecurity.com/files/147678/Nanopool-Claymore-Dual-Miner-7.3-Remote-Code-Execution.html CVE-2018-1000049 - http://packetstormsecurity.com/files/148578/Nanopool-Claymore-Dual-Miner-APIs-Remote-Code-Execution.html @@ -48608,6 +48624,7 @@ CVE-2018-1000670 - https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=190 CVE-2018-1000773 - https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/ CVE-2018-1000773 - https://youtu.be/GePBmsNJw6Y?t=1763 CVE-2018-1000801 - https://bugs.kde.org/show_bug.cgi?id=398096 +CVE-2018-1000802 - https://usn.ubuntu.com/3817-2/ CVE-2018-1000805 - https://access.redhat.com/errata/RHBA-2018:3497 CVE-2018-1000811 - https://github.com/bludit/bludit/issues/812 CVE-2018-1000811 - https://www.exploit-db.com/exploits/46060/ @@ -48900,9 +48917,11 @@ CVE-2018-10583 - https://www.exploit-db.com/exploits/44564/ CVE-2018-1059 - https://usn.ubuntu.com/3642-2/ CVE-2018-10594 - https://www.exploit-db.com/exploits/44965/ CVE-2018-10594 - https://www.exploit-db.com/exploits/45574/ +CVE-2018-1060 - https://usn.ubuntu.com/3817-2/ CVE-2018-1060 - https://www.oracle.com/security-alerts/cpujan2020.html CVE-2018-10607 - http://martem.eu/csa/Martem_CSA_Telem_1805184.pdf CVE-2018-10608 - http://packetstormsecurity.com/files/152951/SEL-AcSELerator-Architect-2.2.24-Denial-Of-Service.html +CVE-2018-1061 - https://usn.ubuntu.com/3817-2/ CVE-2018-10618 - https://www.exploit-db.com/exploits/45076/ CVE-2018-10619 - https://www.exploit-db.com/exploits/44892/ CVE-2018-10641 - https://advancedpersistentsecurity.net/cve-2018-10641/ @@ -50565,6 +50584,7 @@ CVE-2018-14633 - https://usn.ubuntu.com/3777-3/ CVE-2018-14634 - http://www.openwall.com/lists/oss-security/2021/07/20/2 CVE-2018-14634 - https://www.exploit-db.com/exploits/45516/ CVE-2018-14634 - https://www.openwall.com/lists/oss-security/2018/09/25/4 +CVE-2018-14647 - https://usn.ubuntu.com/3817-2/ CVE-2018-14665 - http://packetstormsecurity.com/files/154942/Xorg-X11-Server-SUID-modulepath-Privilege-Escalation.html CVE-2018-14665 - http://packetstormsecurity.com/files/155276/Xorg-X11-Server-Local-Privilege-Escalation.html CVE-2018-14665 - https://www.exploit-db.com/exploits/45697/ @@ -65388,6 +65408,7 @@ CVE-2020-14718 - https://www.oracle.com/security-alerts/cpujul2020.html CVE-2020-14719 - https://www.oracle.com/security-alerts/cpujul2020.html CVE-2020-1472 - http://packetstormsecurity.com/files/159190/Zerologon-Proof-Of-Concept.html CVE-2020-1472 - http://packetstormsecurity.com/files/160127/Zerologon-Netlogon-Privilege-Escalation.html +CVE-2020-1472 - https://usn.ubuntu.com/4510-2/ CVE-2020-1472 - https://usn.ubuntu.com/4559-1/ CVE-2020-1472 - https://www.kb.cert.org/vuls/id/490028 CVE-2020-1472 - https://www.oracle.com/security-alerts/cpuApr2021.html @@ -74445,6 +74466,7 @@ CVE-2021-26699 - http://packetstormsecurity.com/files/163527/OX-App-Suite-OX-Gua CVE-2021-26699 - http://seclists.org/fulldisclosure/2021/Jul/33 CVE-2021-26699 - https://seclists.org/fulldisclosure/2021/Jul/33 CVE-2021-26705 - https://www.exploit-db.com/exploits/49621 +CVE-2021-26706 - https://micrium.atlassian.net/wiki/spaces/libdoc138/ CVE-2021-26708 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.13 CVE-2021-26708 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c518adafa39f37858697ac9309c6cf1805581446 CVE-2021-26709 - http://packetstormsecurity.com/files/162133/D-Link-DSL-320B-D1-Pre-Authentication-Buffer-Overflow.html @@ -86228,6 +86250,7 @@ CVE-2022-39197 - https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-str CVE-2022-39197 - https://www.cobaltstrike.com/blog/tag/release/ CVE-2022-3921 - https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f CVE-2022-3922 - https://wpscan.com/vulnerability/78054bd7-cdc2-4b14-9b5c-30f10e802d6b +CVE-2022-39227 - https://www.vicarius.io/vsociety/posts/authentication-bypass-in-python-jwt CVE-2022-3923 - https://wpscan.com/vulnerability/6536946a-7ebf-4f8f-9446-36ec2a2a3ad2 CVE-2022-3925 - https://bulletin.iese.de/post/buddybadges_1-0-0/ CVE-2022-3925 - https://wpscan.com/vulnerability/178499a3-97d1-4ab2-abbe-4a9d2ebc85da @@ -87485,6 +87508,7 @@ CVE-2022-44006 - https://www.syss.de/pentest-blog/vielfaeltige-schwachstellen-in CVE-2022-44007 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-036.txt CVE-2022-44007 - https://www.syss.de/pentest-blog/vielfaeltige-schwachstellen-in-backclick-professional-syss-2022-026-bis-037 CVE-2022-44008 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-037.txt +CVE-2022-44010 - https://clickhouse.com/docs/en/whats-new/security-changelog CVE-2022-44012 - https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-simmeth-system-gmbh-lieferantenmanager/ CVE-2022-44013 - https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-simmeth-system-gmbh-lieferantenmanager/ CVE-2022-44014 - https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-simmeth-system-gmbh-lieferantenmanager/ @@ -89493,6 +89517,7 @@ CVE-2023-2037 - https://vuldb.com/?id.225915 CVE-2023-2042 - https://vuldb.com/?id.225920 CVE-2023-2050 - https://github.com/E1CHO/cve_hub/blob/main/Advanced%20Online%20Voting%20System/Advanced%20Online%20Voting%20System%20-%20vuln%204.pdf CVE-2023-2051 - https://vuldb.com/?id.225936 +CVE-2023-2052 - https://vuldb.com/?id.225937 CVE-2023-2054 - https://vuldb.com/?id.225939 CVE-2023-2055 - https://vuldb.com/?id.225940 CVE-2023-20569 - https://comsec.ethz.ch/research/microarch/inception/ @@ -89518,6 +89543,7 @@ CVE-2023-20902 - https://github.com/goharbor/harbor/security/advisories/GHSA-mq6 CVE-2023-20928 - http://packetstormsecurity.com/files/170855/Android-Binder-VMA-Management-Security-Issues.html CVE-2023-20937 - http://packetstormsecurity.com/files/171239/Android-GKI-Kernels-Contain-Broken-Non-Upstream-Speculative-Page-Faults-MM-Code.html CVE-2023-2097 - https://github.com/E1CHO/cve_hub/blob/main/Vehicle%20Service%20Management%20System/Vehicle%20Service%20Management%20System%20-%20vuln%206.pdf +CVE-2023-2097 - https://vuldb.com/?id.226105 CVE-2023-2102 - https://huntr.dev/bounties/dd7c04a7-a984-4387-9ac4-24596e7ece44 CVE-2023-2103 - https://huntr.dev/bounties/1df09505-9923-43b9-82ef-15d94bc3f9dc CVE-2023-2105 - https://huntr.dev/bounties/de213e0b-a227-4fc3-bbe7-0b33fbf308e1 @@ -91212,6 +91238,7 @@ CVE-2023-28627 - https://github.com/pymedusa/Medusa/security/advisories/GHSA-658 CVE-2023-28628 - https://github.com/lambdaisland/uri/security/advisories/GHSA-cp4w-6x4w-v2h5 CVE-2023-2863 - https://www.youtube.com/watch?v=V0u9C5RVSic CVE-2023-28637 - https://github.com/dataease/dataease/security/advisories/GHSA-8wg2-9gwc-5fx2 +CVE-2023-2865 - https://vuldb.com/?id.229821 CVE-2023-28659 - https://www.tenable.com/security/research/tra-2023-2 CVE-2023-28660 - https://www.tenable.com/security/research/tra-2023-2 CVE-2023-28661 - https://www.tenable.com/security/research/tra-2023-2 @@ -95804,6 +95831,7 @@ CVE-2023-7017 - https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/ CVE-2023-7018 - https://huntr.com/bounties/e1a3e548-e53a-48df-b708-9ee62140963c CVE-2023-7020 - https://github.com/zte12321/cve/blob/main/sql.md CVE-2023-7021 - https://github.com/qq956801985/cve/blob/main/sql.md +CVE-2023-7023 - https://github.com/xiatiandeyu123/cve/blob/main/sql.md CVE-2023-7025 - https://vuldb.com/?id.248578 CVE-2023-7026 - https://github.com/willchen0011/cve/blob/main/upload2.md CVE-2023-7027 - http://packetstormsecurity.com/files/176525/WordPress-POST-SMTP-Mailer-2.8.7-Authorization-Bypass-Cross-Site-Scripting.html @@ -96041,6 +96069,7 @@ CVE-2024-0757 - https://wpscan.com/vulnerability/eccd017c-e442-46b6-b5e6-aec7bbd CVE-2024-0763 - https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5 CVE-2024-0765 - https://huntr.com/bounties/8978ab27-710c-44ce-bfd8-a2ea416dc786 CVE-2024-0769 - https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0769/CVE-2024-0769.md +CVE-2024-0769 - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371 CVE-2024-0772 - https://youtu.be/WIeWeuXbkiY CVE-2024-0773 - https://drive.google.com/drive/folders/1YjJFvxis3gLWX95990Y-nJMbWCQHB02U?usp=sharing CVE-2024-0776 - https://vuldb.com/?id.251678 @@ -96168,6 +96197,8 @@ CVE-2024-1269 - https://github.com/PrecursorYork/Product-Management-System-Using CVE-2024-1273 - https://wpscan.com/vulnerability/9784d7c8-e3aa-42af-ace8-5b2b37ebc9cb/ CVE-2024-1274 - https://wpscan.com/vulnerability/91dba45b-9930-4bfb-a7bf-903c46864e9f/ CVE-2024-1279 - https://wpscan.com/vulnerability/4c537264-0c23-428e-9a11-7a9e74fb6b69/ +CVE-2024-1286 - https://wpscan.com/vulnerability/49dc9ca3-d0ef-4a75-8b51-307e3e44e91b/ +CVE-2024-1287 - https://wpscan.com/vulnerability/169e5756-4e12-4add-82e9-47471c30f08c/ CVE-2024-1290 - https://wpscan.com/vulnerability/a60187d4-9491-435a-bc36-8dd348a1ffa3/ CVE-2024-1292 - https://wpscan.com/vulnerability/56d4fc48-d0dc-4ac6-93cd-f64d4c3c5c07/ CVE-2024-1295 - https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/ @@ -96224,9 +96255,11 @@ CVE-2024-1709 - https://www.huntress.com/blog/vulnerability-reproduced-immediate CVE-2024-1709 - https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/ CVE-2024-1712 - https://wpscan.com/vulnerability/23805a61-9fcd-4744-a60d-05c8cb43ee01/ CVE-2024-1713 - https://github.com/google/security-research/security/advisories/GHSA-r7m9-grw7-vcc4 +CVE-2024-1724 - https://gld.mcphail.uk/posts/explaining-cve-2024-1724/ CVE-2024-1743 - https://wpscan.com/vulnerability/3cb1f707-6093-42a7-a778-2b296bdf1735/ CVE-2024-1745 - https://wpscan.com/vulnerability/b63bbfeb-d6f7-4c33-8824-b86d64d3f598/ CVE-2024-1746 - https://wpscan.com/vulnerability/5f35572a-4129-4fe0-a465-d25f4c3b4419/ +CVE-2024-1747 - https://wpscan.com/vulnerability/17e45d4d-0ee1-4863-a8a4-df8587f448ec/ CVE-2024-1750 - https://vuldb.com/?id.254532 CVE-2024-1752 - https://wpscan.com/vulnerability/7c87fcd2-6ffd-4285-bbf5-36efea70b620/ CVE-2024-1754 - https://wpscan.com/vulnerability/c061e792-e37a-4cf6-b46b-ff111c5a5c84/ @@ -96516,10 +96549,15 @@ CVE-2024-21518 - https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266578 CVE-2024-21519 - https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266579 CVE-2024-2152 - https://github.com/vanitashtml/CVE-Dumps/blob/main/SQL%20Injection%20in%20Mobile%20Management%20Store.md CVE-2024-21520 - https://security.snyk.io/vuln/SNYK-PYTHON-DJANGORESTFRAMEWORK-7252137 +CVE-2024-21521 - https://gist.github.com/dellalibera/98c48fd74bb240adbd7841a5c02aba9e CVE-2024-21521 - https://security.snyk.io/vuln/SNYK-JS-DISCORDJSOPUS-6370643 +CVE-2024-21522 - https://gist.github.com/dellalibera/6bb866ae5d1cc2adaabe27bbd6d2d21e CVE-2024-21522 - https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700 +CVE-2024-21523 - https://gist.github.com/dellalibera/8b4ea6b4db84cba212e6e6e39a6933d1 CVE-2024-21523 - https://security.snyk.io/vuln/SNYK-JS-IMAGES-6421826 +CVE-2024-21524 - https://gist.github.com/dellalibera/0bb022811224f81d998fa61c3175ee67 CVE-2024-21524 - https://security.snyk.io/vuln/SNYK-JS-NODESTRINGBUILDER-6421617 +CVE-2024-21525 - https://gist.github.com/dellalibera/55b87634a6c360e5be22a715f0566c99 CVE-2024-21525 - https://security.snyk.io/vuln/SNYK-JS-NODETWAIN-6421153 CVE-2024-21526 - https://security.snyk.io/vuln/SNYK-JS-SPEAKER-6370676 CVE-2024-21527 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGGOTENBERG-7537081 @@ -96529,6 +96567,10 @@ CVE-2024-2153 - https://github.com/vanitashtml/CVE-Dumps/blob/main/SQL%20Injecti CVE-2024-2154 - https://github.com/vanitashtml/CVE-Dumps/blob/main/Unauthenticated%20SQL%20Injection%20-%20Mobile%20Management%20Store.md CVE-2024-2154 - https://vuldb.com/?id.255586 CVE-2024-21583 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODCOMPONENTSSERVERGOPKGLIB-7452074 +CVE-2024-21583 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODCOMPONENTSWSPROXYPKGPROXY-7452075 +CVE-2024-21583 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSAUTH-7452076 +CVE-2024-21583 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSPUBLICAPISERVER-7452077 +CVE-2024-21583 - https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSSERVER-7452078 CVE-2024-21583 - https://security.snyk.io/vuln/SNYK-JS-GITPODGITPODPROTOCOL-7452079 CVE-2024-2159 - https://wpscan.com/vulnerability/d7fa9849-c82a-4efd-84b6-9245053975ba/ CVE-2024-21623 - https://securitylab.github.com/research/github-actions-untrusted-input/ @@ -96560,6 +96602,7 @@ CVE-2024-21887 - http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secu CVE-2024-2189 - https://wpscan.com/vulnerability/b8661fbe-78b9-4d29-90bf-5b68af468eb6/ CVE-2024-21907 - https://alephsecurity.com/vulns/aleph-2018004 CVE-2024-21907 - https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678 +CVE-2024-2191 - https://gitlab.com/gitlab-org/gitlab/-/issues/444655 CVE-2024-2193 - https://www.vusec.net/projects/ghostrace/ CVE-2024-22002 - https://github.com/0xkickit/iCUE_DllHijack_LPE-CVE-2024-22002 CVE-2024-22049 - https://github.com/advisories/GHSA-5pq7-52mg-hr42 @@ -96588,6 +96631,7 @@ CVE-2024-22211 - https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjh CVE-2024-2231 - https://wpscan.com/vulnerability/119d2d93-3b71-4ce9-b385-4e6f57b162cb/ CVE-2024-22318 - http://packetstormsecurity.com/files/177069/IBM-i-Access-Client-Solutions-Remote-Credential-Theft.html CVE-2024-22318 - http://seclists.org/fulldisclosure/2024/Feb/7 +CVE-2024-2232 - https://wpscan.com/vulnerability/a2df28d3-bf03-4fd3-b231-86e062739899/ CVE-2024-2233 - https://wpscan.com/vulnerability/51d0311a-673b-4538-9427-a48e8c89e38b/ CVE-2024-2234 - https://wpscan.com/vulnerability/37018a3f-895f-48f7-b033-c051e2462830/ CVE-2024-2235 - https://wpscan.com/vulnerability/62c8a564-225e-4202-9bb0-03029fa4fd42/ @@ -97185,6 +97229,8 @@ CVE-2024-25625 - https://github.com/pimcore/admin-ui-classic-bundle/security/adv CVE-2024-25627 - https://github.com/alfio-event/alf.io/security/advisories/GHSA-gpmg-8f92-37cf CVE-2024-25634 - https://github.com/alfio-event/alf.io/security/advisories/GHSA-5wcv-pjc6-mxvv CVE-2024-25635 - https://github.com/alfio-event/alf.io/security/advisories/GHSA-ffr5-g3qg-gp4f +CVE-2024-25638 - https://github.com/dnsjava/dnsjava/commit/bc51df1c455e6c9fb7cbd42fcb6d62d16047818d +CVE-2024-25639 - https://github.com/khoj-ai/khoj/security/advisories/GHSA-h2q2-vch3-72qm CVE-2024-25641 - https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88 CVE-2024-25642 - http://seclists.org/fulldisclosure/2024/May/26 CVE-2024-25648 - https://talosintelligence.com/vulnerability_reports/TALOS-2024-1959 @@ -97415,6 +97461,7 @@ CVE-2024-27453 - https://www.exsiliumsecurity.com/CVE-2024-27453.html CVE-2024-27474 - https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md CVE-2024-27476 - https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md CVE-2024-27477 - https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md +CVE-2024-27489 - https://gist.github.com/yyyyy7777777/a36541cb60d9e55628f78f2a68968212 CVE-2024-2749 - https://wpscan.com/vulnerability/c0640d3a-80b3-4cad-a3cf-fb5d86558e91/ CVE-2024-27515 - https://github.com/mindstellar/Osclass/issues/495 CVE-2024-27516 - https://github.com/LiveHelperChat/livehelperchat/issues/2054 @@ -97576,6 +97623,7 @@ CVE-2024-28417 - https://gitee.com/shavchen214/pwn/issues/I94VFH CVE-2024-28421 - https://gist.github.com/LioTree/003202727a61c0fb3ec3c948ab5e38f9 CVE-2024-28421 - https://github.com/cobub/razor/issues/178 CVE-2024-28429 - https://github.com/itsqian797/cms/blob/main/2.md +CVE-2024-2843 - https://wpscan.com/vulnerability/fec4e077-4c4e-4618-bfe8-61fdba59b696/ CVE-2024-28430 - https://github.com/itsqian797/cms/blob/main/1.md CVE-2024-28431 - https://github.com/itsqian797/cms/blob/main/3.md CVE-2024-28432 - https://github.com/itsqian797/cms/blob/main/4.md @@ -97662,6 +97710,7 @@ CVE-2024-28714 - https://github.com/JiangXiaoBaiJia/cve2/blob/main/a.png CVE-2024-28715 - https://github.com/Lq0ne/CVE-2024-28715 CVE-2024-28716 - https://bugs.launchpad.net/solum/+bug/2047505 CVE-2024-28716 - https://drive.google.com/file/d/11x-6CjWCyap8_W1JpVzun56HQkPNLtWT/view?usp=drive_link +CVE-2024-2872 - https://wpscan.com/vulnerability/15d3150c-673c-4c36-ac5e-85767d78b9eb/ CVE-2024-28732 - https://gist.github.com/ErodedElk/1133d64dde2d92393a065edc9b243792 CVE-2024-28734 - https://packetstormsecurity.com/files/177619/Financials-By-Coda-Cross-Site-Scripting.html CVE-2024-28735 - https://packetstormsecurity.com/files/177620/Financials-By-Coda-Authorization-Bypass.html @@ -97669,6 +97718,9 @@ CVE-2024-28736 - https://packetstormsecurity.com/files/178794/Debezium-UI-2.5-Cr CVE-2024-28741 - https://blog.chebuya.com/posts/discovering-cve-2024-28741-remote-code-execution-on-northstar-c2-agents-via-pre-auth-stored-xss/ CVE-2024-28741 - https://packetstormsecurity.com/files/177542/NorthStar-C2-Agent-1.0-Cross-Site-Scripting-Remote-Command-Execution.html CVE-2024-28756 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-012.txt +CVE-2024-28804 - https://www.gruppotim.it/it/footer/red-team.html +CVE-2024-28805 - https://www.gruppotim.it/it/footer/red-team.html +CVE-2024-28806 - https://www.gruppotim.it/it/footer/red-team.html CVE-2024-28816 - https://github.com/AaravRajSIngh/Chatbot/pull/10 CVE-2024-28823 - https://github.com/awslabs/aws-js-s3-explorer/issues/118 CVE-2024-28834 - https://minerva.crocs.fi.muni.cz/ @@ -97951,11 +98003,13 @@ CVE-2024-31065 - https://github.com/sahildari/cve/blob/master/CVE-2024-31065.md CVE-2024-31065 - https://portswigger.net/web-security/cross-site-scripting/stored CVE-2024-3111 - https://wpscan.com/vulnerability/7c39f3b5-d407-4eb0-aa34-b498fe196c55/ CVE-2024-3112 - https://wpscan.com/vulnerability/fa6f01d6-aa3b-4452-9c5f-49bb227fea9d/ +CVE-2024-3113 - https://wpscan.com/vulnerability/ad85c5c7-f4d1-4374-b3b7-8ee022d27d34/ CVE-2024-3118 - https://vuldb.com/?id.258779 CVE-2024-31212 - https://github.com/instantsoft/icms2/security/advisories/GHSA-qx95-w566-73fw CVE-2024-31213 - https://github.com/instantsoft/icms2/security/advisories/GHSA-6v3c-p92q-prfq CVE-2024-31214 - https://github.com/traccar/traccar/security/advisories/GHSA-3gxq-f2qj-c8v9 CVE-2024-31217 - https://github.com/strapi/strapi/security/advisories/GHSA-pm9q-xj9p-96pm +CVE-2024-31223 - https://github.com/ethyca/fides/security/advisories/GHSA-53q7-4874-24qg CVE-2024-3124 - https://github.com/ctflearner/Android_Findings/blob/main/Smartalarm/Backup.md CVE-2024-3124 - https://vuldb.com/?submit.307752 CVE-2024-3125 - https://github.com/strik3r0x1/Vulns/blob/main/ZTC_GK420d-SXSS.md @@ -98062,6 +98116,7 @@ CVE-2024-32025 - https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-20 CVE-2024-32026 - https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss CVE-2024-32027 - https://securitylab.github.com/advisories/GHSL-2024-019_GHSL-2024-024_kohya_ss CVE-2024-3203 - https://vuldb.com/?submit.304556 +CVE-2024-32030 - https://securitylab.github.com/advisories/GHSL-2023-229_GHSL-2023-230_kafka-ui/ CVE-2024-3204 - https://vuldb.com/?submit.304557 CVE-2024-3205 - https://vuldb.com/?submit.304561 CVE-2024-3207 - https://vuldb.com/?submit.304572 @@ -98217,9 +98272,15 @@ CVE-2024-33332 - https://github.com/wy876/cve/issues/3 CVE-2024-33338 - https://github.com/7akahash1/POC/blob/main/1.md CVE-2024-33345 - https://github.com/n0wstr/IOTVuln/tree/main/DIR-823g/UploadFirmware CVE-2024-33350 - https://github.com/majic-banana/vulnerability/blob/main/POC/taocms-3.0.2%20Arbitrary%20File%20Writing%20Vulnerability.md +CVE-2024-33365 - https://github.com/johnathanhuutri/CVE_report/blob/master/CVE-2024-33365/README.md +CVE-2024-33365 - https://hackmd.io/@JohnathanHuuTri/rJNbEItJC CVE-2024-33373 - https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Password-Policy-Bypass--%7C--Inconsistent-Password-Policy-(CVE%E2%80%902024%E2%80%9033373) +CVE-2024-33373 - https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/ CVE-2024-33374 - https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Incorrect-Access-Control-(CVE%E2%80%902024%E2%80%9033374) +CVE-2024-33374 - https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/ +CVE-2024-33375 - https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/ CVE-2024-33377 - https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Clickjacking-(CVE%E2%80%902024%E2%80%9033377) +CVE-2024-33377 - https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/ CVE-2024-33383 - https://juvl1ne.github.io/2024/04/18/novel-plus-vulnerability/ CVE-2024-33398 - https://github.com/HouqiyuA/k8s-rbac-poc CVE-2024-33423 - https://github.com/adiapera/xss_language_cmsimple_5.15 @@ -98509,6 +98570,8 @@ CVE-2024-3548 - https://wpscan.com/vulnerability/9eef8b29-2c62-4daa-ae90-467ff9b CVE-2024-35492 - https://github.com/zzh-newlearner/MQTT_Crash/blob/main/Mongoose_null_pointer.md CVE-2024-35511 - https://github.com/efekaanakkar/CVE-2024-35511/blob/main/Men%20Salon%20Management%20System%20Using%20PHP%20and%20MySQL.md CVE-2024-3552 - https://wpscan.com/vulnerability/34b03ee4-de81-4fec-9f3d-e1bd5b94d136/ +CVE-2024-35526 - https://bastionsecurity.co.nz/advisories/farcry-core-multiple.html +CVE-2024-35527 - https://bastionsecurity.co.nz/advisories/farcry-core-multiple.html CVE-2024-35545 - https://portswigger.net/web-security/cross-site-scripting/stored CVE-2024-35550 - https://github.com/bearman113/1.md/blob/main/17/csrf.md CVE-2024-35551 - https://github.com/bearman113/1.md/blob/main/16/csrf.md @@ -98545,6 +98608,7 @@ CVE-2024-36105 - https://github.com/dbt-labs/dbt-core/security/advisories/GHSA-p CVE-2024-36107 - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Modified-Since CVE-2024-36108 - https://github.com/casgate/casgate/security/advisories/GHSA-mj5q-rc67-h56c CVE-2024-36109 - https://github.com/sagemathinc/cocalc/security/advisories/GHSA-8w44-hggw-p5rf +CVE-2024-36111 - https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-8q5r-cvcw-4wx7 CVE-2024-36115 - https://github.com/dzikoysk/reposilite/security/advisories/GHSA-9w8w-34vr-65j2 CVE-2024-36118 - https://github.com/metersphere/metersphere/security/advisories/GHSA-qxx2-p3w2-w4r6 CVE-2024-36123 - https://github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-jhm6-qjhq-5mf9 @@ -98562,6 +98626,7 @@ CVE-2024-3631 - https://wpscan.com/vulnerability/c59a8b49-6f3e-452b-ba9b-50b80c5 CVE-2024-3632 - https://wpscan.com/vulnerability/9b11682d-4705-4595-943f-0fa093d0b644/ CVE-2024-3633 - https://wpscan.com/vulnerability/2e0baffb-7ab8-4c17-aa2a-7f28a0be1a41/ CVE-2024-3634 - https://wpscan.com/vulnerability/76e000e0-314f-4e39-8871-68bf8cc95b22/ +CVE-2024-3636 - https://wpscan.com/vulnerability/bab46c28-71aa-4610-9683-361e7b008d37/ CVE-2024-3637 - https://wpscan.com/vulnerability/33f6fea6-c784-40ae-a548-55d41618752d/ CVE-2024-36399 - https://github.com/kanboard/kanboard/security/advisories/GHSA-x8v7-3ghx-65cv CVE-2024-36400 - https://github.com/viz-rs/nano-id/security/advisories/GHSA-9hc7-6w9r-wj94 @@ -98592,11 +98657,14 @@ CVE-2024-36538 - https://gist.github.com/HouqiyuA/f06d1fa07b5287b862c1e0b288f301 CVE-2024-36539 - https://gist.github.com/HouqiyuA/c92f9ec979653dceeea947afd0b47a80 CVE-2024-36540 - https://gist.github.com/HouqiyuA/a4834f3c8450f9d89e2bc4d5c4beef6a CVE-2024-36541 - https://gist.github.com/HouqiyuA/f972d1c152f3b8127af01206f7c2af0d +CVE-2024-36542 - https://gist.github.com/HouqiyuA/e1685843b6f42b47dbf97e2e92e63428 CVE-2024-36547 - https://github.com/da271133/cms/blob/main/32/csrf.md CVE-2024-36548 - https://github.com/da271133/cms/blob/main/31/csrf.md CVE-2024-36549 - https://github.com/da271133/cms/blob/main/30/csrf.md CVE-2024-36550 - https://github.com/da271133/cms/blob/main/29/csrf.md CVE-2024-3657 - https://bugzilla.redhat.com/show_bug.cgi?id=2274401 +CVE-2024-36572 - https://gist.github.com/mestrtee/1771ab4fba733ca898b6e2463dc6ed19 +CVE-2024-36572 - https://github.com/allpro/form-manager/issues/1 CVE-2024-36573 - https://gist.github.com/mestrtee/fd8181bbc180d775f8367a2b9e0ffcd1 CVE-2024-36574 - https://gist.github.com/mestrtee/d5a0c93459599f77557b5bbe78b57325 CVE-2024-36575 - https://gist.github.com/mestrtee/0d830798f20839d634278d7af0155f9e @@ -98626,6 +98694,7 @@ CVE-2024-36678 - https://security.friendsofpresta.org/modules/2024/06/18/pk_them CVE-2024-36679 - https://security.friendsofpresta.org/modules/2024/06/18/livechatpro.html CVE-2024-36680 - https://security.friendsofpresta.org/modules/2024/06/18/pkfacebook.html CVE-2024-36681 - https://security.friendsofpresta.org/modules/2024/06/20/pk_isotope.html +CVE-2024-3669 - https://wpscan.com/vulnerability/3c37c9a9-1424-427a-adc7-c2336a47e9cf/ CVE-2024-36773 - https://github.com/OoLs5/VulDiscovery/blob/main/cve-2024-36773.md CVE-2024-36774 - https://github.com/OoLs5/VulDiscovery/blob/main/poc.docx CVE-2024-36775 - https://github.com/OoLs5/VulDiscovery/blob/main/monstra_xss.pdf @@ -98670,12 +98739,15 @@ CVE-2024-37032 - https://www.vicarius.io/vsociety/posts/probllama-in-ollama-a-ta CVE-2024-3710 - https://wpscan.com/vulnerability/bde10913-4f7e-4590-86eb-33bfa904f95f/ CVE-2024-37153 - https://github.com/evmos/evmos/security/advisories/GHSA-xgr7-jgq3-mhmc CVE-2024-37160 - https://github.com/getformwork/formwork/security/advisories/GHSA-5pxr-7m4j-jjc6 +CVE-2024-37161 - https://github.com/metersphere/metersphere/security/advisories/GHSA-6h7v-q5rp-h6q9 CVE-2024-3720 - https://github.com/scausoft/cve/blob/main/sql.md CVE-2024-3721 - https://github.com/netsecfish/tbk_dvr_command_injection CVE-2024-3721 - https://vuldb.com/?id.260573 CVE-2024-37273 - https://github.com/HackAllSec/CVEs/tree/main/Jan%20Arbitrary%20File%20Upload%20vulnerability +CVE-2024-37298 - https://github.com/gorilla/schema/security/advisories/GHSA-3669-72x9-r9p3 CVE-2024-37301 - https://github.com/adfinis/document-merge-service/security/advisories/GHSA-v5gf-r78h-55q6 CVE-2024-37308 - https://github.com/XjSv/Cooked/security/advisories/GHSA-9vfv-c966-jwrv +CVE-2024-37310 - https://github.com/EVerest/everest-core/security/advisories/GHSA-8g9q-7qr9-vc96 CVE-2024-3735 - https://vuldb.com/?submit.311153 CVE-2024-37386 - https://advisories.stormshield.eu/2024-017 CVE-2024-37393 - https://www.optistream.io/blogs/tech/securenvoy-cve-2024-37393 @@ -98699,12 +98771,17 @@ CVE-2024-37623 - https://github.com/rainrocka/xinhu/issues/5 CVE-2024-37624 - https://github.com/rainrocka/xinhu/issues/6 CVE-2024-37625 - https://github.com/zhimengzhe/iBarn/issues/20 CVE-2024-37629 - https://github.com/summernote/summernote/issues/4642 +CVE-2024-37631 - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK/A3700R/UploadCustomModule/README.md CVE-2024-37632 - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK/A3700R/loginAuth/README.md CVE-2024-37633 - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK/A3700R/setWiFiGuestCfg/README.md CVE-2024-37634 - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK/A3700R/setWiFiEasyCfg/README.md CVE-2024-37637 - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK/A3700R/setWizardCfg/README.md +CVE-2024-37639 - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TOTOLINK/A3700R/setIpPortFilterRules/README.md +CVE-2024-37640 - https://github.com/s4ndw1ch136/IOT-vuln-reports/tree/main/TOTOLINK/A3700R/setWiFiEasyGuestCfg +CVE-2024-37641 - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TRENDnet/TEW-814DAP/formNewSchedule/README.md CVE-2024-37642 - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TRENDnet/TEW-814DAP/formSystemCheck/README.md CVE-2024-37643 - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TRENDnet/TEW-814DAP/formPasswordAuth/README.md +CVE-2024-37645 - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/TRENDnet/TEW-814DAP/formSysLog/README.md CVE-2024-3765 - https://github.com/netsecfish/xiongmai_incorrect_access_control CVE-2024-3765 - https://github.com/netsecfish/xiongmai_incorrect_access_control/blob/main/pocCheck3-en.py CVE-2024-37661 - https://github.com/ouuan/router-vuln-report/blob/master/icmp-redirect/tl-7dr5130-redirect.md @@ -98720,30 +98797,46 @@ CVE-2024-3768 - https://vuldb.com/?id.260615 CVE-2024-3769 - https://github.com/BurakSevben/CVEs/blob/main/Student%20Record%20System%203.20/Student%20Record%20System%20-%20Authentication%20Bypass.md CVE-2024-3770 - https://github.com/BurakSevben/CVEs/blob/main/Student%20Record%20System%203.20/Student%20Record%20System%20-%20SQL%20Injection%20-%203.md CVE-2024-3771 - https://github.com/BurakSevben/CVEs/blob/main/Student%20Record%20System%203.20/Student%20Record%20System%20-%20SQL%20Injection%20-%204.md +CVE-2024-37726 - https://github.com/carsonchan12345/CVE-2024-37726-MSI-Center-Local-Privilege-Escalation +CVE-2024-37742 - https://github.com/Eteblue/CVE-2024-37742 CVE-2024-37791 - https://github.com/duxphp/DuxCMS3/issues/5 CVE-2024-37799 - https://github.com/himanshubindra/CVEs/blob/main/CVE-2024-37799 +CVE-2024-37800 - https://github.com/SandeepRajauriya/CVEs/blob/main/CVE-2024-37800 CVE-2024-37803 - https://github.com/himanshubindra/CVEs/blob/main/CVE-2024-37803 +CVE-2024-37829 - https://github.com/sysentr0py/CVEs/tree/main/CVE-2024-37829 +CVE-2024-37830 - https://github.com/sysentr0py/CVEs/tree/main/CVE-2024-37830 CVE-2024-37840 - https://github.com/ganzhi-qcy/cve/issues/4 CVE-2024-37843 - https://blog.smithsecurity.biz/craft-cms-unauthenticated-sqli-via-graphql CVE-2024-37848 - https://github.com/Lanxiy7th/lx_CVE_report-/issues/13 CVE-2024-37849 - https://github.com/ganzhi-qcy/cve/issues/3 +CVE-2024-37856 - https://packetstormsecurity.com/files/179078/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html +CVE-2024-37857 - https://packetstormsecurity.com/files/179080/Lost-And-Found-Information-System-1.0-SQL-Injection.html +CVE-2024-37858 - https://packetstormsecurity.com/files/179079/Lost-And-Found-Information-System-1.0-SQL-Injection.html +CVE-2024-37859 - https://packetstormsecurity.com/files/179081/Lost-And-Found-Information-System-1.0-Cross-Site-Scripting.html CVE-2024-37877 - https://github.com/f4rs1ght/vuln-research/tree/main/CVE-2024-37877 CVE-2024-37880 - https://github.com/antoonpurnal/clangover CVE-2024-37880 - https://pqshield.com/pqshield-plugs-timing-leaks-in-kyber-ml-kem-to-improve-pqc-implementation-maturity/ CVE-2024-37889 - https://github.com/TreyWW/MyFinances/security/advisories/GHSA-4884-3gvp-3wj2 CVE-2024-37890 - https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q +CVE-2024-37895 - https://github.com/lobehub/lobe-chat/security/advisories/GHSA-p36r-qxgx-jq2v CVE-2024-37896 - https://github.com/flipped-aurora/gin-vue-admin/security/advisories/GHSA-gf3r-h744-mqgp CVE-2024-37904 - https://github.com/stacklok/minder/security/advisories/GHSA-hpcg-xjq5-g666 +CVE-2024-37906 - https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3 CVE-2024-3797 - https://github.com/BurakSevben/CVEs/blob/main/QR%20Code%20Bookmark%20System/QR%20Code%20Bookmark%20System%20-%20SQL%20Injection.md CVE-2024-3798 - https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2342 CVE-2024-3799 - https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2342 CVE-2024-3822 - https://wpscan.com/vulnerability/ff5411b1-9e04-4e72-a502-e431d774642a/ CVE-2024-3823 - https://wpscan.com/vulnerability/a138215c-4b8c-4182-978f-d21ce25070d3/ CVE-2024-3824 - https://wpscan.com/vulnerability/749ae334-b1d1-421e-a04c-35464c961a4a/ +CVE-2024-38288 - https://github.com/google/security-research/security/advisories/GHSA-gx6g-8mvx-3q5c +CVE-2024-38289 - https://github.com/google/security-research/security/advisories/GHSA-vx5j-8pgx-v42v CVE-2024-3834 - https://issues.chromium.org/issues/326607008 CVE-2024-38347 - https://github.com/SandeepRajauriya/CVEs/blob/main/CVE-2024-38347 CVE-2024-38348 - https://github.com/SandeepRajauriya/CVEs/blob/main/CVE-2024-38348 +CVE-2024-38353 - https://github.com/hackmdio/codimd/security/advisories/GHSA-2764-jppc-p2hm +CVE-2024-38354 - https://github.com/hackmdio/codimd/security/advisories/GHSA-22jv-vch8-2vp9 CVE-2024-38358 - https://github.com/wasmerio/wasmer/security/advisories/GHSA-55f3-3qvg-8pv5 +CVE-2024-38359 - https://delvingbitcoin.org/t/dos-disclosure-lnd-onion-bomb/979 CVE-2024-3837 - https://issues.chromium.org/issues/41491379 CVE-2024-38394 - https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780 CVE-2024-38394 - https://gitlab.gnome.org/GNOME/gnome-settings-daemon/-/issues/780#note_2047914 @@ -98762,8 +98855,15 @@ CVE-2024-3846 - https://issues.chromium.org/issues/40064754 CVE-2024-38460 - https://sonarsource.atlassian.net/browse/SONAR-21559 CVE-2024-38469 - https://github.com/zhimengzhe/iBarn/issues/20 CVE-2024-38470 - https://github.com/zhimengzhe/iBarn/issues/20 +CVE-2024-3850 - https://www.cisa.gov/news-events/ics-advisories/icsa-24-156-01 +CVE-2024-38514 - https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web/security/advisories/GHSA-gph5-rx77-3pjg CVE-2024-38519 - https://securitylab.github.com/advisories/GHSL-2024-089_youtube-dl/ CVE-2024-38519 - https://securitylab.github.com/advisories/GHSL-2024-090_yt-dlp +CVE-2024-38520 - https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq +CVE-2024-38521 - https://github.com/scidsg/hushline/security/advisories/GHSA-4v8c-r6h2-fhh3 +CVE-2024-38522 - https://github.com/scidsg/hushline/security/advisories/GHSA-r85c-95x7-4h7q +CVE-2024-38523 - https://github.com/scidsg/hushline/security/advisories/GHSA-4c38-hhxx-9mhx +CVE-2024-38529 - https://github.com/Admidio/admidio/security/advisories/GHSA-g872-jwwr-vggm CVE-2024-3873 - https://vuldb.com/?submit.312623 CVE-2024-3874 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W20E/formSetRemoteWebManage.md CVE-2024-3875 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromNatlimit.md @@ -98775,27 +98875,102 @@ CVE-2024-3880 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W3 CVE-2024-3881 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/frmL7ProtForm.md CVE-2024-3882 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W30E/fromRouteStatic.md CVE-2024-3882 - https://vuldb.com/?id.260916 +CVE-2024-38892 - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/Wavlink/WN551K1/ExportLogs.sh/README.md +CVE-2024-38894 - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/Wavlink/WN551K1/touchlist_sync.cgi/README.md +CVE-2024-38895 - https://github.com/s4ndw1ch136/IOT-vuln-reports/tree/main/Wavlink/WN551K1/live_mfg.shtml +CVE-2024-38897 - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/Wavlink/WN551K1/live_check.shtml/README.md +CVE-2024-38903 - https://github.com/s4ndw1ch136/IOT-vuln-reports/blob/main/H3C/Magic%20R230/UDPserver_97F/README.md +CVE-2024-38949 - https://github.com/strukturag/libde265/issues/460 +CVE-2024-38950 - https://github.com/strukturag/libde265/issues/460 +CVE-2024-38972 - https://github.com/minhquan202/Vuln-Netbox +CVE-2024-38983 - https://gist.github.com/mestrtee/f82d0c3a8fe3a125f06425caef5d22ed +CVE-2024-38984 - https://gist.github.com/mestrtee/97a9a7d73fc8b38fcf01322239dd5fb1 +CVE-2024-38986 - https://gist.github.com/mestrtee/b20c3aee8bea16e1863933778da6e4cb +CVE-2024-38987 - https://gist.github.com/mestrtee/29636943e6989e67f38251580cbcea73 +CVE-2024-38987 - https://github.com/AgeOfLearning/aofl/issues/35 +CVE-2024-38990 - https://gist.github.com/mestrtee/ae5f6b0d8f5d7de716e6af6d189b2169 +CVE-2024-38991 - https://gist.github.com/mestrtee/8851413e3b33a96f191f0e9c81706532 +CVE-2024-38992 - https://gist.github.com/mestrtee/10c88b9069229979ac7e52e0efc98055 +CVE-2024-38993 - https://gist.github.com/mestrtee/9a2b522d59c53f31f45c1edb96459693 +CVE-2024-38994 - https://gist.github.com/mestrtee/02091aa86c6c14c29b9703642439dd03 +CVE-2024-38996 - https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa +CVE-2024-38996 - https://gist.github.com/mestrtee/c1590660750744f25e86ba1bf240844b +CVE-2024-38996 - https://gist.github.com/mestrtee/f8037d492dab0d77bca719e05d31c08b +CVE-2024-38997 - https://gist.github.com/mestrtee/840f5d160aab4151bd0451cfb822e6b5 +CVE-2024-38998 - https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a +CVE-2024-38999 - https://gist.github.com/mestrtee/9acae342285bd2998fa09ebcb1e6d30a +CVE-2024-39000 - https://gist.github.com/mestrtee/840f5d160aab4151bd0451cfb822e6b5 +CVE-2024-39001 - https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa +CVE-2024-39001 - https://gist.github.com/mestrtee/c1590660750744f25e86ba1bf240844b +CVE-2024-39001 - https://gist.github.com/mestrtee/f8037d492dab0d77bca719e05d31c08b +CVE-2024-39002 - https://gist.github.com/mestrtee/9a2b522d59c53f31f45c1edb96459693 +CVE-2024-39003 - https://gist.github.com/mestrtee/02091aa86c6c14c29b9703642439dd03 +CVE-2024-39008 - https://gist.github.com/mestrtee/f09a507c8d59fbbb7fd40880cd9b87ed +CVE-2024-39010 - https://gist.github.com/mestrtee/af7a746df91ab5e944bd7a186816c262 +CVE-2024-39011 - https://gist.github.com/mestrtee/693ef1c8b0a5ff1ae19f253381711f3e +CVE-2024-39012 - https://gist.github.com/mestrtee/acfbd724a4b73bfb5d030575b653453c +CVE-2024-39013 - https://gist.github.com/mestrtee/a2be744675af5ece3240c19fd04fc5e1 +CVE-2024-39014 - https://gist.github.com/mestrtee/0501db31c1a6864a169e47097f26ac57 +CVE-2024-39015 - https://gist.github.com/mestrtee/7ab061d9eb901cc89652e7666ca3ef52 +CVE-2024-39016 - https://gist.github.com/mestrtee/865a957857a096221fe6f8b258b282ac +CVE-2024-39017 - https://gist.github.com/mestrtee/039e3e337642e6bb7f36aeddfde41b8b +CVE-2024-39018 - https://gist.github.com/mestrtee/be75c60307b2292884cc03cebd361f3f +CVE-2024-39019 - https://github.com/da271133/cms2/blob/main/44/csrf.md +CVE-2024-39020 - https://github.com/da271133/cms2/blob/main/46/csrf.md +CVE-2024-39021 - https://github.com/da271133/cms2/blob/main/45/csrf.md +CVE-2024-39022 - https://github.com/da271133/cms2/blob/main/47/csrf.md +CVE-2024-39023 - https://github.com/da271133/cms2/blob/main/48/csrf.md +CVE-2024-39027 - https://github.com/seacms-net/CMS/issues/17 CVE-2024-3903 - https://wpscan.com/vulnerability/0a0e7bd4-948d-47c9-9219-380bda9f3034/ +CVE-2024-39031 - https://github.com/toneemarqus/CVE-2024-39031 +CVE-2024-39036 - https://github.com/seacms-net/CMS/issues/18 CVE-2024-3905 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/R7WebsSecurityHandler.md CVE-2024-3906 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formQuickIndex.md +CVE-2024-39063 - https://github.com/sysentr0py/CVEs/tree/main/CVE-2024-39063 +CVE-2024-39069 - https://github.com/AungSoePaing/CVE-2024-39069 CVE-2024-39069 - https://youtu.be/oMIobV2M0T8 CVE-2024-3907 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formSetCfm.md CVE-2024-3908 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formWriteFacMac.md CVE-2024-3909 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/formexeCommand.md CVE-2024-3909 - https://vuldb.com/?id.261145 +CVE-2024-39090 - https://github.com/arijitdirghanji/My-CVEs/blob/main/CVE-2024-39090.md CVE-2024-3910 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC500/fromDhcpListClient_page.md CVE-2024-3910 - https://vuldb.com/?id.261146 +CVE-2024-39119 - https://github.com/2477231995/cms/blob/main/1.md +CVE-2024-39123 - https://github.com/pentesttoolscom/vulnerability-research/tree/master/CVE-2024-39123 +CVE-2024-39129 - https://github.com/wangf1978/DumpTS/issues/19 +CVE-2024-39130 - https://github.com/wangf1978/DumpTS/issues/20 +CVE-2024-39132 - https://github.com/wangf1978/DumpTS/issues/22 CVE-2024-39133 - https://github.com/gdraheim/zziplib/issues/164 CVE-2024-39134 - https://github.com/gdraheim/zziplib/issues/165 +CVE-2024-39153 - https://github.com/Thirtypenny77/cms2/blob/main/50/csrf.md +CVE-2024-39154 - https://github.com/Thirtypenny77/cms2/blob/main/54/csrf.md +CVE-2024-39155 - https://github.com/Thirtypenny77/cms2/blob/main/56/csrf.md +CVE-2024-39156 - https://github.com/Thirtypenny77/cms2/blob/main/55/csrf.md +CVE-2024-39157 - https://github.com/Thirtypenny77/cms2/blob/main/57/csrf.md +CVE-2024-39158 - https://github.com/Thirtypenny77/cms2/blob/main/58/csrf.md CVE-2024-3917 - https://wpscan.com/vulnerability/88162016-9fc7-4194-9e81-44c50991f6e9/ +CVE-2024-39171 - https://github.com/751897386/PHPVibe_vulnerability_Directory-Traversal CVE-2024-3918 - https://wpscan.com/vulnerability/2074d0f5-4165-4130-9391-37cb21e8aa1b/ CVE-2024-3919 - https://wpscan.com/vulnerability/4e38c7d9-5b6a-4dfc-8f22-3ff30565ce43/ CVE-2024-3920 - https://wpscan.com/vulnerability/2fb28c77-3c35-4a2f-91ed-823d0d011048/ +CVE-2024-39202 - https://gist.github.com/Swind1er/40c33f1b1549028677cb4e2e5ef69109 CVE-2024-39206 - https://www.proactivelabs.com.au/2024/06/19/cloudberry.html CVE-2024-3921 - https://wpscan.com/vulnerability/3c114e14-9113-411d-91f3-2e2daeb40739/ +CVE-2024-39236 - https://github.com/Aaron911/PoC/blob/main/Gradio.md +CVE-2024-39236 - https://github.com/advisories/GHSA-9v2f-6vcg-3hgv +CVE-2024-39248 - https://github.com/jasonthename/CVE-2024-39248 CVE-2024-39248 - https://packetstormsecurity.com/files/179219 +CVE-2024-39249 - https://github.com/zunak/CVE-2024-39249 +CVE-2024-39249 - https://github.com/zunak/CVE-2024-39249/issues/1 +CVE-2024-39250 - https://github.com/efrann/CVE-2024-39250 +CVE-2024-39251 - https://github.com/Souhardya/Exploit-PoCs/tree/main/ThundeRobot_Control_center CVE-2024-3928 - https://github.com/ggfzx/OCP-Security-Misconfiguration/tree/main +CVE-2024-39304 - https://github.com/ChurchCRM/CRM/security/advisories/GHSA-2rh6-gr3h-83j9 +CVE-2024-39307 - https://github.com/Kareadita/Kavita/security/advisories/GHSA-r4qc-3w52-2v84 CVE-2024-3932 - https://vuldb.com/?submit.314381 +CVE-2024-39321 - https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9 +CVE-2024-39326 - https://github.com/NationalSecurityAgency/skills-service/security/advisories/GHSA-9624-qwxr-jr4j CVE-2024-3937 - https://wpscan.com/vulnerability/0cd5b288-05b3-48b7-9245-f59ce7377861/ CVE-2024-39373 - https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-01 CVE-2024-39374 - https://www.cisa.gov/news-events/ics-advisories/icsa-24-179-01 @@ -98809,42 +98984,127 @@ CVE-2024-3963 - https://wpscan.com/vulnerability/827d738e-5369-431e-8438-b5c4d8c CVE-2024-3964 - https://wpscan.com/vulnerability/ff468772-3e6a-439c-a4d7-94bd2ce1a964/ CVE-2024-3965 - https://wpscan.com/vulnerability/0e1ba2b3-5849-42f6-b503-8b3b520e4a79/ CVE-2024-3966 - https://wpscan.com/vulnerability/9f0a575f-862d-4f2e-8d25-82c6f58dd11a/ +CVE-2024-39678 - https://github.com/XjSv/Cooked/security/advisories/GHSA-pp3h-ghxf-r9pc +CVE-2024-39679 - https://github.com/XjSv/Cooked/security/advisories/GHSA-2jh3-9939-c4rc +CVE-2024-39680 - https://github.com/XjSv/Cooked/security/advisories/GHSA-f2mc-hcp9-6xgr +CVE-2024-39681 - https://github.com/XjSv/Cooked/security/advisories/GHSA-q7p9-2x5h-vxm7 +CVE-2024-39682 - https://github.com/XjSv/Cooked/security/advisories/GHSA-fx69-f77x-84gr CVE-2024-39685 - https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/ CVE-2024-39686 - https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/ +CVE-2024-39687 - https://github.com/dahlia/fedify/security/advisories/GHSA-p9cg-vqcc-grcx CVE-2024-39688 - https://securitylab.github.com/advisories/GHSL-2024-045_GHSL-2024-047_fishaudio_Bert-VITS2/ +CVE-2024-39699 - https://github.com/directus/directus/security/advisories/GHSA-8p72-rcq4-h6pw +CVE-2024-39701 - https://github.com/directus/directus/security/advisories/GHSA-hxgm-ghmv-xjjm +CVE-2024-39705 - https://github.com/nltk/nltk/issues/3266 CVE-2024-3971 - https://wpscan.com/vulnerability/5dec5719-105d-4989-a97f-bda04d223322/ CVE-2024-3972 - https://wpscan.com/vulnerability/55dfb9b5-d590-478b-bd1f-d420b79037fa/ CVE-2024-3977 - https://wpscan.com/vulnerability/25851386-eccf-49cb-afbf-c25286c9b19e/ CVE-2024-3978 - https://wpscan.com/vulnerability/a9f47d11-47ac-4998-a82a-dc2f3b0decdf/ CVE-2024-3979 - https://github.com/COVESA/vsomeip/files/14904610/details.zip CVE-2024-3979 - https://github.com/COVESA/vsomeip/issues/663 +CVE-2024-39828 - https://github.com/ggod2/sandboxels_xss_test +CVE-2024-39828 - https://github.com/ggod2/sandboxels_xss_test/blob/main/README.md +CVE-2024-3983 - https://wpscan.com/vulnerability/e4059d66-07b9-4f1a-a461-d6e8f0e98eec/ CVE-2024-39840 - https://memorycorruption.net/posts/rce-lua-factorio/ +CVE-2024-39853 - https://gist.github.com/mestrtee/840f5d160aab4151bd0451cfb822e6b5 +CVE-2024-3986 - https://wpscan.com/vulnerability/76c78f8e-e3da-47d9-9bf4-70e9dd125b82/ +CVE-2024-39895 - https://github.com/directus/directus/security/advisories/GHSA-7hmh-pfrp-vcx4 +CVE-2024-39899 - https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-mqqj-fx8h-437j +CVE-2024-39904 - https://github.com/vnotex/vnote/security/advisories/GHSA-vhh5-8wcv-68gj +CVE-2024-39907 - https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-5grx-v727-qmq6 +CVE-2024-39909 - https://github.com/openclarity/kubeclarity/security/advisories/GHSA-5248-h45p-9pgw +CVE-2024-39912 - https://github.com/web-auth/webauthn-framework/security/advisories/GHSA-875x-g8p7-5w27 +CVE-2024-39914 - https://github.com/FOGProject/fogproject/security/advisories/GHSA-7h44-6vq6-cq8j +CVE-2024-39915 - https://github.com/sni/Thruk/security/advisories/GHSA-r7gx-h738-4w6f +CVE-2024-39916 - https://github.com/FOGProject/fogproject/security/advisories/GHSA-3xjr-xf9v-hwjh +CVE-2024-39918 - https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-vvmv-wrvp-9gjr +CVE-2024-39919 - https://github.com/jasonraimondi/url-to-png/security/advisories/GHSA-342q-2mc2-5gmp CVE-2024-3992 - https://wpscan.com/vulnerability/e9fe3101-8033-4eee-8b37-06856872e9ef/ CVE-2024-39920 - https://www.snailload.com CVE-2024-39920 - https://www.snailload.com/snailload.pdf CVE-2024-3993 - https://wpscan.com/vulnerability/19cd60dd-8599-4af3-99db-c42de504606c/ +CVE-2024-39962 - https://gist.github.com/Swind1er/40c33f1b1549028677cb4e2e5ef69109 +CVE-2024-39963 - https://gist.github.com/Swind1er/c8e4369c7fdfd750c8ad01a276105c57 CVE-2024-3999 - https://wpscan.com/vulnerability/6a8a1deb-6836-40f1-856b-7b3e4ba867d6/ +CVE-2024-40035 - https://github.com/pangchunyuhack/cms/blob/main/60/csrf.md +CVE-2024-40036 - https://github.com/pangchunyuhack/cms/blob/main/61/csrf.md +CVE-2024-40039 - https://github.com/pangchunyuhack/cms/blob/main/62/csrf.md CVE-2024-4005 - https://wpscan.com/vulnerability/02ca09f8-4080-4969-992d-0e6afb29bc62/ +CVE-2024-40060 - https://gist.github.com/F3iG0n9/4d0d7c863eea6874eeeb26a3073aa5f8 +CVE-2024-40110 - https://github.com/w3bn00b3r/Unauthenticated-Remote-Code-Execution-RCE---Poultry-Farm-Management-System-v1.0/ +CVE-2024-40116 - https://github.com/nepenthe0320/cve_poc/blob/master/Solar-Log%201000%20-%20Unprotected%20Storage%20of%20Credentials CVE-2024-4019 - https://github.com/scausoft/cve/blob/main/rce.md +CVE-2024-40322 - https://github.com/KakeruJ/CVE/blob/main/JFinalCMS_SQL.md +CVE-2024-40328 - https://github.com/Tank992/cms/blob/main/70/csrf.md +CVE-2024-40329 - https://github.com/Tank992/cms/blob/main/67/csrf.md +CVE-2024-40331 - https://github.com/Tank992/cms/blob/main/66/csrf.md +CVE-2024-40332 - https://github.com/Tank992/cms/blob/main/65/csrf.md +CVE-2024-40334 - https://github.com/Tank992/cms/blob/main/69/csrf.md +CVE-2024-40392 - https://github.com/CveSecLook/cve/issues/46 +CVE-2024-40393 - https://github.com/CveSecLook/cve/issues/47 +CVE-2024-40394 - https://github.com/CveSecLook/cve/issues/48 CVE-2024-4040 - https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ CVE-2024-4040 - https://www.rapid7.com/blog/post/2024/04/23/etr-unauthenticated-crushftp-zero-day-enables-complete-server-compromise/ +CVE-2024-40400 - https://github.com/marcantondahmen/automad/issues/106 +CVE-2024-40402 - https://github.com/CveSecLook/cve/issues/49 +CVE-2024-40420 - https://github.com/A3h1nt/CVEs/blob/main/OpenCart/Readme.md CVE-2024-40430 - https://alexsecurity.rocks/posts/cve-2024-40430/ +CVE-2024-40430 - https://github.com/github/advisory-database/pull/4645 +CVE-2024-40492 - https://github.com/minendie/POC_CVE-2024-40492 CVE-2024-40502 - https://packetstormsecurity.com/files/179583/Hospital-Management-System-Project-In-ASP.Net-MVC-1-SQL-Injection.html CVE-2024-4057 - https://wpscan.com/vulnerability/da4d4d87-07b3-4f7d-bcbd-d29968a30b4f/ +CVE-2024-40576 - https://github.com/jubilianite/CVEs/blob/main/CVE-2024-40576.md +CVE-2024-40576 - https://github.com/jubilianite/CVEs/security/advisories/GHSA-674x-j9wj-qvpp CVE-2024-4061 - https://wpscan.com/vulnerability/175a9f3a-1f8d-44d1-8a12-e037251b025d/ CVE-2024-40614 - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-047.txt +CVE-2024-40626 - https://github.com/outline/outline/security/advisories/GHSA-888c-mvg8-v6wh +CVE-2024-40627 - https://github.com/busykoala/fastapi-opa/security/advisories/GHSA-5f5c-8rvc-j8wf +CVE-2024-40632 - https://github.com/linkerd/linkerd2/security/advisories/GHSA-6v94-gj6x-jqj7 +CVE-2024-40634 - https://github.com/argoproj/argo-cd/security/advisories/GHSA-jmvp-698c-4x3w +CVE-2024-40636 - https://github.com/SteeltoeOSS/security-advisories/security/advisories/GHSA-vmcp-66r5-3pcp CVE-2024-4064 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/R7WebsSecurityHandler.md +CVE-2024-40641 - https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-c3q9-c27p-cw9h +CVE-2024-40645 - https://github.com/FOGProject/fogproject/security/advisories/GHSA-59mq-q8g5-2f4f CVE-2024-4065 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/formSetRebootTimer.md CVE-2024-4066 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC8/fromAdvSetMacMtuWan.md CVE-2024-4067 - https://github.com/micromatch/micromatch/issues/243 CVE-2024-4068 - https://github.com/micromatch/braces/issues/35 CVE-2024-4068 - https://github.com/micromatch/braces/pull/37 +CVE-2024-40726 - https://github.com/minhquan202/Vuln-Netbox +CVE-2024-40727 - https://github.com/minhquan202/Vuln-Netbox +CVE-2024-40728 - https://github.com/minhquan202/Vuln-Netbox +CVE-2024-40729 - https://github.com/minhquan202/Vuln-Netbox +CVE-2024-40730 - https://github.com/minhquan202/Vuln-Netbox +CVE-2024-40731 - https://github.com/minhquan202/Vuln-Netbox +CVE-2024-40732 - https://github.com/minhquan202/Vuln-Netbox +CVE-2024-40733 - https://github.com/minhquan202/Vuln-Netbox +CVE-2024-40734 - https://github.com/minhquan202/Vuln-Netbox +CVE-2024-40735 - https://github.com/minhquan202/Vuln-Netbox +CVE-2024-40736 - https://github.com/minhquan202/Vuln-Netbox +CVE-2024-40737 - https://github.com/minhquan202/Vuln-Netbox +CVE-2024-40738 - https://github.com/minhquan202/Vuln-Netbox +CVE-2024-40739 - https://github.com/minhquan202/Vuln-Netbox +CVE-2024-40740 - https://github.com/minhquan202/Vuln-Netbox +CVE-2024-40741 - https://github.com/minhquan202/Vuln-Netbox +CVE-2024-40742 - https://github.com/minhquan202/Vuln-Netbox CVE-2024-40767 - https://launchpad.net/bugs/2071734 +CVE-2024-4090 - https://wpscan.com/vulnerability/aedcb986-0f2b-4852-baf1-6cb61e83e109/ CVE-2024-4094 - https://wpscan.com/vulnerability/04b2feba-e009-4fce-8539-5dfdb4300433/ +CVE-2024-4096 - https://wpscan.com/vulnerability/4dba5e9e-24be-458a-9150-7c7a958e66cb/ CVE-2024-4105 - https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf CVE-2024-4106 - https://web-material3.yokogawa.com/1/36059/files/YSAR-24-0001-E.pdf CVE-2024-4111 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/TX9/SetLEDCfg.md +CVE-2024-41112 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ +CVE-2024-41113 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ +CVE-2024-41114 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ +CVE-2024-41115 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ +CVE-2024-41116 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ +CVE-2024-41117 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ +CVE-2024-41118 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ +CVE-2024-41119 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ CVE-2024-4112 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/TX9/formSetVirtualSer.md +CVE-2024-41120 - https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/ +CVE-2024-41127 - https://securitylab.github.com/advisories/GHSL-2024-167_monkeytype CVE-2024-4113 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/TX9/fromSetSysTime.md CVE-2024-4114 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/TX9/setSmartPowerManagement.md CVE-2024-4115 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W15Ev1.0/formAddDnsForward.md @@ -98864,6 +99124,8 @@ CVE-2024-4127 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W1 CVE-2024-4140 - https://github.com/rjbs/Email-MIME/issues/66 CVE-2024-4145 - https://wpscan.com/vulnerability/7d5b8764-c82d-4969-a707-f38b63bcadca/ CVE-2024-4149 - https://wpscan.com/vulnerability/0256ec2a-f1a9-4110-9978-ee88f9e24237/ +CVE-2024-41597 - https://gist.github.com/DefensiumDevelopers/608be4d10b016dce0566925368a8b08c#file-cve-2024-41597-md +CVE-2024-41637 - https://blog.0xzon.dev/2024-07-27-CVE-2024-41637/ CVE-2024-4164 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/G3V15/formModifyPppAuthWhiteMac.md CVE-2024-4165 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/G3V15/modifyDhcpRule.md CVE-2024-4166 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_41E858_GO.md @@ -98876,8 +99138,13 @@ CVE-2024-4171 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W3 CVE-2024-4172 - https://github.com/bigbigbigbaby/cms2/blob/main/1.md CVE-2024-4180 - https://wpscan.com/vulnerability/b2a92316-e404-4a5e-8426-f88df6e87550/ CVE-2024-4201 - https://gitlab.com/gitlab-org/gitlab/-/issues/458229 +CVE-2024-42029 - https://github.com/hyprwm/xdg-desktop-portal-hyprland/issues/242 +CVE-2024-42054 - https://github.com/CervantesSec/cervantes/commit/78631a034d0fb3323a53fb7428b2022b29a0d2cd +CVE-2024-42055 - https://github.com/CervantesSec/cervantes/commit/78631a034d0fb3323a53fb7428b2022b29a0d2cd CVE-2024-4217 - https://wpscan.com/vulnerability/55cb43bf-7c8f-4df7-b4de-bf2bb1c2766d/ CVE-2024-4224 - https://takeonme.org/cves/CVE-2024-4224.html +CVE-2024-42348 - https://github.com/FOGProject/fogproject/security/advisories/GHSA-456c-4gw3-c9xw +CVE-2024-42349 - https://github.com/FOGProject/fogproject/security/advisories/GHSA-697m-3c4p-g29h CVE-2024-4236 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1803/formSetSysToolDDNS.md CVE-2024-4237 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/R7WebsSecurityHandler.md CVE-2024-4238 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/formSetDeviceName_devName.md @@ -98925,6 +99192,7 @@ CVE-2024-4474 - https://wpscan.com/vulnerability/71954c60-6a5b-4cac-9920-6d9b787 CVE-2024-4475 - https://wpscan.com/vulnerability/f0c7fa00-da6e-4f07-875f-7b85759a54b3/ CVE-2024-4477 - https://wpscan.com/vulnerability/ab551552-944c-4e2a-9355-7011cbe553b0/ CVE-2024-4480 - https://wpscan.com/vulnerability/c1e5dee9-c540-4cc1-8b94-c6d1650b52d3/ +CVE-2024-4483 - https://wpscan.com/vulnerability/8f2ac76c-f3f8-41f9-a32a-f414825cf6f1/ CVE-2024-4491 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formGetDiagnoseInfo.md CVE-2024-4492 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formOfflineSet.md CVE-2024-4493 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formSetAutoPing.md @@ -99025,6 +99293,7 @@ CVE-2024-4855 - https://gitlab.com/wireshark/wireshark/-/issues/19784 CVE-2024-4856 - https://wpscan.com/vulnerability/6cf90a27-55e2-4b2c-9df1-5fa34c1bd9d1/ CVE-2024-4857 - https://wpscan.com/vulnerability/bf1b8434-b361-4666-9058-d9f08c09d083/ CVE-2024-4860 - https://www.tenable.com/security/research/tra-2024-16 +CVE-2024-4879 - https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit CVE-2024-4886 - https://wpscan.com/vulnerability/76e8591f-120c-4cd7-b9a2-79f8d4d98aa8/ CVE-2024-4899 - https://wpscan.com/vulnerability/15346ae9-9a29-4968-a6a9-81d1116ac448/ CVE-2024-4900 - https://wpscan.com/vulnerability/a56ad272-e2ed-4064-9b5d-114a834dd8b3/ @@ -99050,6 +99319,7 @@ CVE-2024-4928 - https://github.com/Hefei-Coffee/cve/blob/main/sql8.md CVE-2024-4929 - https://github.com/Hefei-Coffee/cve/blob/main/csrf.md CVE-2024-4934 - https://wpscan.com/vulnerability/a2270ee1-3211-4b16-b3d7-6cdd732f7155/ CVE-2024-4946 - https://github.com/CveSecLook/cve/issues/29 +CVE-2024-4950 - https://issues.chromium.org/issues/40065403 CVE-2024-4957 - https://wpscan.com/vulnerability/0a560ed4-7dec-4274-b4a4-39dea0c0d67e/ CVE-2024-4959 - https://wpscan.com/vulnerability/449e4da8-beae-4ff6-9ddc-0e17781c0391/ CVE-2024-4966 - https://github.com/CveSecLook/cve/issues/30 @@ -99090,6 +99360,7 @@ CVE-2024-5076 - https://wpscan.com/vulnerability/01cbc841-a30f-4df5-ab7f-0c2c746 CVE-2024-5077 - https://wpscan.com/vulnerability/00fcbcf3-41ee-45e7-a0a9-0d46cb7ef859/ CVE-2024-5079 - https://wpscan.com/vulnerability/bdb5509e-80ab-4e47-83a4-9347796eec40/ CVE-2024-5080 - https://wpscan.com/vulnerability/15f78aad-001c-4219-aa7e-46537e1357a2/ +CVE-2024-5081 - https://wpscan.com/vulnerability/4f02bdb5-5cf6-4519-9586-fd4fb3d45dea/ CVE-2024-5093 - https://github.com/BurakSevben/CVEs/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20Authentication%20Bypass.md CVE-2024-5094 - https://github.com/BurakSevben/CVEs/blob/main/House%20Rental%20Management%20System/House%20Rental%20Management%20System%20-%20SQL%20Injection%20-%202.md CVE-2024-5097 - https://github.com/rockersiyuan/CVE/blob/main/SourceCodester%20Simple%20Inventory%20System%20CSRF.md @@ -99120,12 +99391,14 @@ CVE-2024-5167 - https://wpscan.com/vulnerability/67bb5ab8-4493-4f5b-a989-4157667 CVE-2024-5169 - https://wpscan.com/vulnerability/f0de62e3-5e85-43f3-8e3e-e816dafb1406/ CVE-2024-5172 - https://wpscan.com/vulnerability/65d84e69-0548-4c7d-bcde-5777d72da555/ CVE-2024-5199 - https://wpscan.com/vulnerability/a2cb8d7d-6d7c-42e9-b3db-cb3959bfd41b/ +CVE-2024-5217 - https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit CVE-2024-5276 - https://www.tenable.com/security/research/tra-2024-25 CVE-2024-5280 - https://wpscan.com/vulnerability/bbc214ba-4e97-4b3a-a21b-2931a9e36973/ CVE-2024-5281 - https://wpscan.com/vulnerability/3c0bdb0f-a06a-47a8-9198-a2bf2678b8f1/ CVE-2024-5282 - https://wpscan.com/vulnerability/bf3fb97e-12fa-4b37-b28b-1771ddb5ceb1/ CVE-2024-5283 - https://wpscan.com/vulnerability/3e1adcd3-7c46-45e8-9e2b-2ede0d79c943/ CVE-2024-5284 - https://wpscan.com/vulnerability/a601a267-e781-439f-9c76-b4c841e819e5/ +CVE-2024-5285 - https://wpscan.com/vulnerability/792f3904-88bd-47d1-9049-afccdd74853a/ CVE-2024-5286 - https://wpscan.com/vulnerability/a0b3069c-59d3-41ea-9b48-f5a4cf9ca45f/ CVE-2024-5287 - https://wpscan.com/vulnerability/b4fd535c-a273-419d-9e2e-be1cbd822793/ CVE-2024-5310 - https://gitee.com/heyewei/JFinalcms/issues/I8VHM2 @@ -99190,6 +99463,7 @@ CVE-2024-5575 - https://wpscan.com/vulnerability/65d1abb7-92e9-4cc4-a1d0-84985b4 CVE-2024-5585 - https://github.com/php/php-src/security/advisories/GHSA-9fcc-425m-g385 CVE-2024-5588 - https://github.com/Lanxiy7th/lx_CVE_report-/issues/12 CVE-2024-5590 - https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-uploadiscuser.md +CVE-2024-5595 - https://wpscan.com/vulnerability/f2b8f092-4fc0-4edc-ba0f-d4312c2e5dec/ CVE-2024-5604 - https://wpscan.com/vulnerability/29985150-8d49-4a3f-8411-5d7263b424d8/ CVE-2024-5606 - https://wpscan.com/vulnerability/e3eee6bc-1f69-4be1-b323-0c9b5fe7535e/ CVE-2024-5626 - https://wpscan.com/vulnerability/6b03f450-4982-4f6c-a6f1-f7e85b1deec1/ @@ -99214,23 +99488,32 @@ CVE-2024-5729 - https://wpscan.com/vulnerability/0352f6f5-cdfd-4cef-9ed5-fdc1cbc CVE-2024-5730 - https://wpscan.com/vulnerability/17482b2c-c9ba-480a-8000-879baf835af7/ CVE-2024-5733 - https://github.com/kingshao0312/cve/issues/1 CVE-2024-5734 - https://github.com/kingshao0312/cve/issues/2 +CVE-2024-5737 - https://github.com/afine-com/CVE-2024-5737 +CVE-2024-5737 - https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5737 CVE-2024-5744 - https://wpscan.com/vulnerability/ba50e25c-7250-4025-a72f-74f8eb756246/ CVE-2024-5745 - https://github.com/L1OudFd8cl09/CVE/blob/main/07_06_2024_a.md CVE-2024-5758 - https://research.cleantalk.org/cve-2024-4305/ CVE-2024-5758 - https://wpscan.com/vulnerability/635be98d-4c17-4e75-871f-9794d85a2eb1/ +CVE-2024-5765 - https://wpscan.com/vulnerability/0b73f84c-611e-4681-b362-35e721478ba4/ CVE-2024-5767 - https://wpscan.com/vulnerability/e4ba26b4-5f4f-4c9e-aa37-885b30ef8088/ CVE-2024-5772 - https://github.com/charliecatsec/cve1/blob/main/NS-ASG-sql-deleteiscuser.md CVE-2024-5773 - https://github.com/L1OudFd8cl09/CVE/issues/3 CVE-2024-5774 - https://github.com/CveSecLook/cve/issues/43 CVE-2024-5775 - https://github.com/CveSecLook/cve/issues/44 CVE-2024-5802 - https://wpscan.com/vulnerability/cd37f702-9144-4c98-9b08-c63e510cd97f/ +CVE-2024-5807 - https://wpscan.com/vulnerability/badb16b5-8c06-4170-b605-ea7af8982c1f/ +CVE-2024-5808 - https://wpscan.com/vulnerability/1783bbce-3cc3-4a7e-a491-b713cee8278b/ +CVE-2024-5809 - https://wpscan.com/vulnerability/0af9fbcf-5f0e-4f7f-ae60-b46e704cf0a5/ CVE-2024-5811 - https://wpscan.com/vulnerability/bf6c2e28-51ef-443b-b1c2-d555c7e12f7f/ CVE-2024-5851 - https://vuldb.com/?submit.347385 +CVE-2024-5882 - https://wpscan.com/vulnerability/5e8d7808-8f3e-4fc9-a1e7-e108da031ca7/ +CVE-2024-5883 - https://wpscan.com/vulnerability/a1894884-c739-4ef4-8d9c-392171ab3d68/ CVE-2024-5894 - https://github.com/Hefei-Coffee/cve/blob/main/sql10.md CVE-2024-5895 - https://github.com/Hefei-Coffee/cve/blob/main/sql11.md CVE-2024-5896 - https://github.com/Hefei-Coffee/cve/blob/main/sql12.md CVE-2024-5898 - https://github.com/guiyxli/cve/issues/1 CVE-2024-5973 - https://wpscan.com/vulnerability/59abfb7c-d5ea-45f2-ab9a-4391978e3805/ +CVE-2024-5975 - https://wpscan.com/vulnerability/68f81943-b007-49c8-be9c-d0405b2ba4cf/ CVE-2024-5976 - https://github.com/Xu-Mingming/cve/blob/main/sql.md CVE-2024-5981 - https://github.com/LiuYongXiang-git/cve/issues/1 CVE-2024-5983 - https://github.com/LiuYongXiang-git/cve/issues/2 @@ -99243,6 +99526,7 @@ CVE-2024-6011 - https://drive.google.com/file/d/1SFQXlRUQw7THm_Vay_pFH3pIX1cjH4A CVE-2024-6013 - https://github.com/gabriel202212/cve/issues/1 CVE-2024-6015 - https://github.com/chenwulin-bit/cve/issues/1 CVE-2024-6016 - https://github.com/chenwulin-bit/cve/issues/2 +CVE-2024-6021 - https://wpscan.com/vulnerability/9d83cffd-7dcd-4301-8d4d-3043b14e05b5/ CVE-2024-6022 - https://wpscan.com/vulnerability/871a93b5-ec67-4fe0-bc39-e5485477fbeb/ CVE-2024-6023 - https://wpscan.com/vulnerability/6e812189-2980-453d-931d-1f785e8dbcc0/ CVE-2024-6024 - https://wpscan.com/vulnerability/3d2cdb4f-b7e1-4691-90d1-cddde7f5858e/ @@ -99263,9 +99547,11 @@ CVE-2024-6094 - https://wpscan.com/vulnerability/019b3f34-7b85-4728-8dd7-ca472d6 CVE-2024-6111 - https://github.com/wangyuan-ui/CVE/issues/1 CVE-2024-6113 - https://github.com/wangyuan-ui/CVE/issues/3 CVE-2024-6114 - https://github.com/wangyuan-ui/CVE/issues/4 +CVE-2024-6127 - https://vulncheck.com/advisories/empire-unauth-rce CVE-2024-6130 - https://wpscan.com/vulnerability/bbed2968-4bd6-49ae-bd61-8a1f751e7041/ CVE-2024-6138 - https://wpscan.com/vulnerability/9ef2a8d8-39d5-45d3-95de-e7bac4b7382d/ CVE-2024-6164 - https://wpscan.com/vulnerability/40bd880e-67a1-4180-b197-8dcadaa0ace4/ +CVE-2024-6165 - https://wpscan.com/vulnerability/b9e6648a-9d19-4e73-ad6c-f727802d8dd5/ CVE-2024-6184 - https://github.com/L1OudFd8cl09/CVE/blob/main/11_06_2024_a.md CVE-2024-6187 - https://github.com/L1OudFd8cl09/CVE/blob/main/11_06_2024_d.md CVE-2024-6188 - https://kiwiyumi.com/post/tracksys-export-source-code/ @@ -99273,43 +99559,238 @@ CVE-2024-6190 - https://github.com/HryspaHodor/CVE/issues/2 CVE-2024-6191 - https://github.com/HryspaHodor/CVE/issues/3 CVE-2024-6192 - https://github.com/HryspaHodor/CVE/issues/4 CVE-2024-6194 - https://github.com/HryspaHodor/CVE/issues/6 +CVE-2024-6196 - https://github.com/2768210355/cve/issues/1 CVE-2024-6205 - https://wpscan.com/vulnerability/7e2c5032-2917-418c-aee3-092bdb78a087/ CVE-2024-6212 - https://docs.google.com/document/d/1tl9-EAxUR64Og9zS-nyUx3YtG1V32Monkvq-h39tjpw/edit?usp=sharing CVE-2024-6218 - https://github.com/HryspaHodor/CVE/issues/7 +CVE-2024-6223 - https://wpscan.com/vulnerability/cf7d1cea-0bf4-4b9e-bab4-71d5719a7c30/ +CVE-2024-6224 - https://wpscan.com/vulnerability/54457f1b-6572-4de0-9100-3433c715c5ce/ +CVE-2024-6226 - https://wpscan.com/vulnerability/e42ce8dc-51d4-471d-b3bb-ad2a6b735d02/ +CVE-2024-6230 - https://wpscan.com/vulnerability/311e3c15-0f58-4f3b-91f8-0c62c0eea55e/ CVE-2024-6231 - https://wpscan.com/vulnerability/75ad1d8f-edc3-4eb3-b4c0-73832c0a4ca0/ CVE-2024-6243 - https://wpscan.com/vulnerability/f4097877-ba19-4738-a994-9593b9a5a635/ CVE-2024-6244 - https://wpscan.com/vulnerability/73ba55a5-6cff-40fc-9686-30c50f060732/ CVE-2024-6267 - https://docs.google.com/document/d/1upC4101Ob9UW7fGC_valsEa45Q5xuBgcKZhs1Q-WoBM/edit?usp=sharing +CVE-2024-6270 - https://wpscan.com/vulnerability/3d0a6edc-61e8-42fb-8b93-ef083146bd9c/ CVE-2024-6271 - https://wpscan.com/vulnerability/44d9d085-34cb-490f-a3f5-f9eafae85ab8/ +CVE-2024-6272 - https://wpscan.com/vulnerability/146b94df-7fc6-4da3-9ef1-d2875ae3fa9e/ CVE-2024-6273 - https://docs.google.com/document/d/14ExrgXqPQlgvjw2poqNzYzAOi-C5tda-XBJF513yzag/edit?usp=sharing +CVE-2024-6273 - https://github.com/sgr-xd/CVEs/blob/main/CVE-2024-6273.md CVE-2024-6289 - https://wpscan.com/vulnerability/fd6d0362-df1d-4416-b8b5-6e5d0ce84793/ +CVE-2024-6308 - https://github.com/L1OudFd8cl09/CVE/blob/main/25_06_2024_a.md CVE-2024-6334 - https://wpscan.com/vulnerability/6c09083c-6960-4369-8c5c-ad20e34aaa8b/ +CVE-2024-6362 - https://wpscan.com/vulnerability/d2e2d06b-0f07-40b9-9b87-3373f62ae1a9/ +CVE-2024-6366 - https://wpscan.com/vulnerability/5b90cbdd-52cc-4e7b-bf39-bea0dd59e19e/ +CVE-2024-6373 - https://github.com/Abyssun/abyssun-/issues/1 CVE-2024-6387 - http://www.openwall.com/lists/oss-security/2024/07/03/5 +CVE-2024-6387 - http://www.openwall.com/lists/oss-security/2024/07/28/2 CVE-2024-6387 - https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server +CVE-2024-6387 - https://santandersecurityresearch.github.io/blog/sshing_the_masses.html CVE-2024-6387 - https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html +CVE-2024-6390 - https://wpscan.com/vulnerability/00586687-33c7-4d84-b606-0478b1063d24/ +CVE-2024-6408 - https://wpscan.com/vulnerability/31aaeffb-a752-4941-9d0f-1b374fbc7abb/ +CVE-2024-6412 - https://wpscan.com/vulnerability/9eb0dad6-3c19-4fe4-a20d-d45b51410444/ +CVE-2024-6417 - https://github.com/xyj123a/cve/blob/main/sql.md CVE-2024-6420 - https://wpscan.com/vulnerability/dfda6577-81aa-4397-a2d6-1d736f9ebd44/ +CVE-2024-6477 - https://wpscan.com/vulnerability/346c855a-4d42-4a87-aac9-e5bfc2242b16/ CVE-2024-6484 - https://www.herodevs.com/vulnerability-directory/cve-2024-6484 CVE-2024-6485 - https://www.herodevs.com/vulnerability-directory/cve-2024-6485 +CVE-2024-6487 - https://wpscan.com/vulnerability/eeec9608-a7b2-4926-bac2-4c81a65dd473/ +CVE-2024-6490 - https://wpscan.com/vulnerability/5a56e5aa-841d-4be5-84da-4c3b7602f053/ +CVE-2024-6496 - https://wpscan.com/vulnerability/d598eabd-a87a-4e3e-be46-a5c5cc3f130e/ +CVE-2024-6498 - https://wpscan.com/vulnerability/eed58889-4be8-48df-9ef6-269df451e79e/ CVE-2024-6507 - https://research.jfrog.com/vulnerabilities/deeplake-kaggle-command-injection-jfsa-2024-001035320/ +CVE-2024-6523 - https://gist.github.com/whiteman007/c8bf92b0294cd2f0cda6bfaca36f8f28 CVE-2024-6523 - https://vuldb.com/?submit.364104 +CVE-2024-6526 - https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/263 +CVE-2024-6526 - https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/issues/263#issuecomment-2199387443 +CVE-2024-6529 - https://wpscan.com/vulnerability/1a346c9a-cc1a-46b1-b27a-a77a38449933/ CVE-2024-6531 - https://www.herodevs.com/vulnerability-directory/cve-2024-6531 +CVE-2024-6536 - https://wpscan.com/vulnerability/ee40c1c6-4186-4b97-866c-fb0e76cedeb8/ +CVE-2024-6652 - https://github.com/littletree7/cve/issues/1 +CVE-2024-6695 - https://wpscan.com/vulnerability/4afa5c85-ce27-4ca7-bba2-61fb39c53a5b/ +CVE-2024-6710 - https://wpscan.com/vulnerability/1afcf9d4-c2f9-4d47-8d9e-d7fa6ae2358d/ +CVE-2024-6716 - https://gitlab.com/libtiff/libtiff/-/issues/620 CVE-2024-6729 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6729 CVE-2024-6731 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6731 CVE-2024-6732 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6732 +CVE-2024-6745 - https://github.com/xzyxiaohaha/cve/issues/2 CVE-2024-6783 - https://www.herodevs.com/vulnerability-directory/cve-2024-6783---vue-client-side-xss CVE-2024-6802 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6802 CVE-2024-6807 - https://reports-kunull.vercel.app/CVE%20research/2024/cve-2024-6807 +CVE-2024-6808 - https://github.com/qianqiusujiu/cve/issues/1 CVE-2024-6911 - http://seclists.org/fulldisclosure/2024/Jul/13 CVE-2024-6911 - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-perten-processplus/ CVE-2024-6912 - http://seclists.org/fulldisclosure/2024/Jul/13 CVE-2024-6912 - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-perten-processplus/ CVE-2024-6913 - http://seclists.org/fulldisclosure/2024/Jul/13 CVE-2024-6913 - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-perten-processplus/ +CVE-2024-6932 - https://github.com/Hebing123/cve/issues/42 +CVE-2024-6934 - https://github.com/DeepMountains/Mirage/blob/main/CVE-2.md +CVE-2024-6938 - https://github.com/siyuan-note/siyuan/issues/11650 +CVE-2024-6938 - https://github.com/siyuan-note/siyuan/issues/11949 +CVE-2024-6939 - https://github.com/rainrocka/xinhu/issues/7 +CVE-2024-6942 - https://github.com/thinksaas/ThinkSAAS/issues/37 +CVE-2024-6947 - https://github.com/DeepMountains/Mirage/blob/main/CVE5-3.md +CVE-2024-6949 - https://github.com/DeepMountains/Mirage/blob/main/CVE4-2.md +CVE-2024-6957 - https://github.com/DeepMountains/Mirage/blob/main/CVE6-3.md CVE-2024-6960 - https://research.jfrog.com/vulnerabilities/h2o-model-deserialization-rce-jfsa-2024-001035518/ CVE-2024-6961 - https://research.jfrog.com/vulnerabilities/guardrails-rail-xxe-jfsa-2024-001035519/ +CVE-2024-6963 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/O3V2.0/formexeCommand.md +CVE-2024-6966 - https://github.com/HermesCui/CVE/issues/1 +CVE-2024-6967 - https://github.com/rtsjx-cve/cve/blob/main/sql.md +CVE-2024-7007 - https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-02 CVE-2024-7065 - https://github.com/topsky979/Security-Collections/blob/main/1700810/README.md CVE-2024-7066 - https://vuldb.com/?id.272347 CVE-2024-7067 - https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18 CVE-2024-7067 - https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2192470359 CVE-2024-7067 - https://github.com/kirilkirkov/Ecommerce-Laravel-Bootstrap/issues/18#issuecomment-2206863135 +CVE-2024-7069 - https://github.com/pineapple65/cve/blob/main/sql.md +CVE-2024-7080 - https://github.com/Xu-Mingming/cve/blob/main/bianli.md CVE-2024-7081 - https://github.com/zgg012/cve/issues/1 +CVE-2024-7106 - https://github.com/topsky979/Security-Collections/blob/main/cve3/README.md +CVE-2024-7114 - https://github.com/topsky979/Security-Collections/tree/main/cve5 +CVE-2024-7115 - https://github.com/topsky979/Security-Collections/tree/main/cve6 +CVE-2024-7116 - https://github.com/topsky979/Security-Collections/tree/main/cve7 +CVE-2024-7117 - https://github.com/topsky979/Security-Collections/tree/main/cve8 +CVE-2024-7118 - https://github.com/topsky979/Security-Collections/tree/main/cve9 +CVE-2024-7119 - https://github.com/topsky979/Security-Collections/tree/main/cve10 +CVE-2024-7160 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWanCfg.md +CVE-2024-7161 - https://github.com/HuaQiPro/seacms/issues/30 +CVE-2024-7162 - https://github.com/HuaQiPro/seacms/issues/29 +CVE-2024-7163 - https://github.com/HuaQiPro/seacms/issues/28 +CVE-2024-7164 - https://gist.github.com/topsky979/d53eab0322b187bfe151b3f1f31958e2 +CVE-2024-7165 - https://gist.github.com/topsky979/efe8fa56e557bf3244909f348d5874f7 +CVE-2024-7166 - https://gist.github.com/topsky979/8ab4ff5ffb2a555694931d14329f5a5d +CVE-2024-7167 - https://gist.github.com/topsky979/69a797bc0b33fc19144a727a0be31685 +CVE-2024-7168 - https://gist.github.com/topsky979/14187eec46d6bc04772eadae7ac4e930 +CVE-2024-7169 - https://gist.github.com/topsky979/421c916be6ab09dc990896b07185ec89 +CVE-2024-7170 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3000RU/product.md +CVE-2024-7171 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/NTPSyncWithHost.md +CVE-2024-7172 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/getSaveConfig.md +CVE-2024-7173 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/loginauth.md +CVE-2024-7174 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setDeviceName.md +CVE-2024-7175 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setDiagnosisCfg.md +CVE-2024-7176 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setIpQosRules.md +CVE-2024-7177 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setLanguageCfg.md +CVE-2024-7178 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setMacQos.md +CVE-2024-7179 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setParentalRules.md +CVE-2024-7180 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setPortForwardRules.md +CVE-2024-7181 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setTelnetCfg.md +CVE-2024-7182 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUpgradeFW.md +CVE-2024-7183 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUploadSetting.md +CVE-2024-7184 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setUrlFilterRules.md +CVE-2024-7185 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setWebWlanIdx.md +CVE-2024-7186 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/setWiFiAclAddConfig.md +CVE-2024-7187 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3600R/UploadCustomModule.md +CVE-2024-7188 - https://github.com/bigb0x/CVEs/blob/main/quicklancer-2-4.md +CVE-2024-7189 - https://github.com/L1OudFd8cl09/CVE/blob/main/25_07_2024_a.md +CVE-2024-7190 - https://github.com/DeepMountains/Mirage/blob/main/CVE7-4.md +CVE-2024-7191 - https://github.com/DeepMountains/Mirage/blob/main/CVE7-5.md +CVE-2024-7194 - https://github.com/DeepMountains/Mirage/blob/main/CVE7-1.md +CVE-2024-7195 - https://github.com/DeepMountains/Mirage/blob/main/CVE7-2.md +CVE-2024-7196 - https://gist.github.com/topsky979/7c314add775caa87b4db700e0bef7f35 +CVE-2024-7197 - https://gist.github.com/topsky979/756e52cd9cd53ddc78801d322c69b5f2 +CVE-2024-7198 - https://gist.github.com/topsky979/424d2ac58623b0fb4d5232a4ecbe5110 +CVE-2024-7199 - https://gist.github.com/topsky979/75ba3db98584b13d65d874e4fcac154b +CVE-2024-7200 - https://gist.github.com/topsky979/e8b6651dd46922157920c8ed2305efd5 +CVE-2024-7212 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A7000R/loginauth_password.md +CVE-2024-7213 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A7000R/setWizardCfg.md +CVE-2024-7214 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/LR350/setWanCfg.md +CVE-2024-7215 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/LR1200/NTPSyncWithHost.md +CVE-2024-7216 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/LR1200/shadow.md +CVE-2024-7217 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CA300-PoE/loginauth_password.md +CVE-2024-7218 - https://gist.github.com/topsky979/86480890cc621c240c86e95a3de9ecc4 +CVE-2024-7219 - https://gist.github.com/topsky979/03c7fe20c80455b4884ae9e6c3f3d978 +CVE-2024-7220 - https://gist.github.com/topsky979/5cd0b6a43815a0615b8493cde5c4dacf +CVE-2024-7221 - https://gist.github.com/topsky979/1e98c4d1a3ba1ed73aab46d360c1c4b8 +CVE-2024-7222 - https://gist.github.com/topsky979/9f3d490a2bfdb5794dffc2f4aed72250 +CVE-2024-7223 - https://gist.github.com/topsky979/4c28743586769e73fe37007ed92cc1a7 +CVE-2024-7224 - https://gist.github.com/topsky979/76bc2c8ce4871ad8bb60c52e47c4fb5b +CVE-2024-7225 - https://github.com/Xu-Mingming/cve/blob/main/xss2.md +CVE-2024-7226 - https://github.com/Xu-Mingming/cve/blob/main/CSRF2.md +CVE-2024-7273 - https://github.com/DeepMountains/Mirage/blob/main/CVE8-1.md +CVE-2024-7274 - https://github.com/DeepMountains/Mirage/blob/main/CVE8-2.md +CVE-2024-7275 - https://github.com/DeepMountains/Mirage/blob/main/CVE8-3.md +CVE-2024-7276 - https://github.com/DeepMountains/Mirage/blob/main/CVE8-4.md +CVE-2024-7277 - https://github.com/DeepMountains/Mirage/blob/main/CVE8-5.md +CVE-2024-7278 - https://github.com/DeepMountains/Mirage/blob/main/CVE8-6.md +CVE-2024-7279 - https://gist.github.com/topsky979/8eb5a3711f4802b2b05ae3702addb61e +CVE-2024-7280 - https://gist.github.com/topsky979/c4e972f03739833ad2d111493f44138b +CVE-2024-7281 - https://gist.github.com/topsky979/13cfd55966ffe12c8904de995400fc33 +CVE-2024-7282 - https://gist.github.com/topsky979/16181c02e770952091a36784da530eab +CVE-2024-7283 - https://gist.github.com/topsky979/0cda40ceee628634e4bc984cc5651b51 +CVE-2024-7284 - https://gist.github.com/topsky979/16da371a38fd91d64765fd16ed3d049e +CVE-2024-7285 - https://gist.github.com/topsky979/e2fa238262fcafdd8e301c32ee9f8e3a +CVE-2024-7286 - https://gist.github.com/topsky979/da1899833a862fb19fcc146b6725a67b +CVE-2024-7287 - https://gist.github.com/topsky979/d4684a6cf3ca446bb7c71c51ff6152ba +CVE-2024-7288 - https://gist.github.com/topsky979/f495fd0ec7cdda5c7c6059a0b2224b64 +CVE-2024-7289 - https://gist.github.com/topsky979/7f65e9704b8650e6bee74190f96d21e3 +CVE-2024-7290 - https://gist.github.com/topsky979/e40f691866138ea1abf3ca452c4ae3ac +CVE-2024-7297 - https://www.tenable.com/security/research/tra-2024-26 +CVE-2024-7299 - https://vuldb.com/?id.273167 +CVE-2024-7299 - https://vuldb.com/?submit.379971 +CVE-2024-7300 - https://vuldb.com/?id.273168 +CVE-2024-7300 - https://vuldb.com/?submit.380678 +CVE-2024-7303 - https://github.com/cl4irv0yance/CVEs/issues/1 +CVE-2024-7306 - https://gist.github.com/topsky979/0d5ec3fac4f1fc895478344be5521575 +CVE-2024-7307 - https://gist.github.com/topsky979/df642bf14cce32c58d4805b6f6cf44e0 +CVE-2024-7308 - https://gist.github.com/topsky979/c11fd2c1b9027831031de2e58cbf5ff3 +CVE-2024-7311 - https://github.com/23588hk/cve/issues/1 +CVE-2024-7314 - https://github.com/vulhub/vulhub/tree/master/aj-report/CNVD-2024-15077 +CVE-2024-7320 - https://github.com/cl4irv0yance/CVEs/issues/3 +CVE-2024-7321 - https://github.com/cl4irv0yance/CVEs/issues/4 +CVE-2024-7327 - https://vuldb.com/?id.273250 +CVE-2024-7331 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3300R/UploadCustomModule.md +CVE-2024-7332 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP450/product.md +CVE-2024-7333 - https://github.com/135a/IoT-vulnerable/blob/main/TOTOLINK/N350RT/setParentalRules.md +CVE-2024-7334 - https://github.com/ruan-uer/create/blob/main/IoT-vulnerable/TOTOLINK/EX1200/UploadCustomModule.md +CVE-2024-7335 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX200/getSaveConfig.md +CVE-2024-7336 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX200/loginauth.md +CVE-2024-7337 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX1200/loginauth.md +CVE-2024-7338 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/EX1200/setParentalRules.md +CVE-2024-7340 - https://research.jfrog.com/vulnerabilities/wandb-weave-server-remote-arbitrary-file-leak-jfsa-2024-001039248/ +CVE-2024-7342 - https://github.com/Hebing123/cve/issues/62 +CVE-2024-7343 - https://github.com/Hebing123/cve/issues/63 +CVE-2024-7357 - https://github.com/BeaCox/IoT_vuln/tree/main/D-Link/DIR-600/soapcgi_main_injection +CVE-2024-7358 - https://github.com/SaumyajeetDas/Vulnerability/tree/main/GetScreen +CVE-2024-7359 - https://gist.github.com/topsky979/6fbd27f1942d76f0392d883dfd8fef10 +CVE-2024-7359 - https://vuldb.com/?id.273338 +CVE-2024-7360 - https://gist.github.com/topsky979/ac97a335ed9fcf4eefe3c952928a6d0e +CVE-2024-7361 - https://gist.github.com/topsky979/f01eca07fce854bf5de96588126cdd7e +CVE-2024-7362 - https://gist.github.com/topsky979/96f43bd9f1477a56d1c8f8e08f0e5449 +CVE-2024-7363 - https://gist.github.com/topsky979/69455a114e8718af6c611c86fbdc78b5 +CVE-2024-7364 - https://gist.github.com/topsky979/b507afabd4e3da39e7eca6103435ba3a +CVE-2024-7365 - https://gist.github.com/topsky979/18a15150a99566009476d918d79a0bf9 +CVE-2024-7366 - https://gist.github.com/topsky979/c0efd2f3e6e146eb9e110e5e63cb5fbb +CVE-2024-7367 - https://gist.github.com/topsky979/03ae83fd32a94c85f910c8e3a85fa056 +CVE-2024-7368 - https://gist.github.com/topsky979/ad93f7046d905cef9277304dd3ac8061 +CVE-2024-7369 - https://gist.github.com/topsky979/5e805f42f51224bdd52cfd099f44001d +CVE-2024-7370 - https://gist.github.com/topsky979/df0a5328ddb5b43ab7fa933aee500155 +CVE-2024-7371 - https://gist.github.com/topsky979/e45c2b283d29bc0a2f3551ca9cb45999 +CVE-2024-7372 - https://gist.github.com/topsky979/6437f7c2f86d309ca000d0a33885d7bc +CVE-2024-7373 - https://gist.github.com/topsky979/9bcb8b09acce0d5a8a453dfd5093881d +CVE-2024-7374 - https://gist.github.com/topsky979/94ae61ff3fc760ac985dcd5e64da06c4 +CVE-2024-7375 - https://gist.github.com/topsky979/840587360c33d53efb359ff314f7ea24 +CVE-2024-7376 - https://gist.github.com/topsky979/8c36e6a899fc02e8054f67b94e34f6c6 +CVE-2024-7377 - https://gist.github.com/topsky979/4415a08deadd16356484d5ff540e60f9 +CVE-2024-7378 - https://gist.github.com/topsky979/d4cb58afc5fb41f647b1021d1364d846 +CVE-2024-7437 - https://github.com/Fewword/Poc/blob/main/smf/smf-poc1.md +CVE-2024-7438 - https://github.com/Fewword/Poc/blob/main/smf/smf-poc2.md +CVE-2024-7444 - https://github.com/DeepMountains/Mirage/blob/main/CVE10-1.md +CVE-2024-7445 - https://github.com/DeepMountains/Mirage/blob/main/CVE10-2.md +CVE-2024-7446 - https://github.com/DeepMountains/Mirage/blob/main/CVE10-3.md +CVE-2024-7449 - https://github.com/DeepMountains/Mirage/blob/main/CVE11-1.md +CVE-2024-7450 - https://github.com/DeepMountains/Mirage/blob/main/CVE11-2.md +CVE-2024-7451 - https://github.com/DeepMountains/Mirage/blob/main/CVE11-3.md +CVE-2024-7452 - https://github.com/DeepMountains/Mirage/blob/main/CVE11-4.md +CVE-2024-7453 - https://github.com/Hebing123/cve/issues/65 +CVE-2024-7453 - https://github.com/Hebing123/cve/issues/66 +CVE-2024-7455 - https://github.com/Wumshi/cve/issues/3 +CVE-2024-7458 - https://github.com/elunez/eladmin/issues/851 +CVE-2024-7459 - https://gist.github.com/topsky979/26ab4dc35349a3f670fb8688c69a5cad +CVE-2024-7460 - https://gist.github.com/topsky979/b178dd940d98828d1dfd0ccaaaddeb6b +CVE-2024-7462 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/N350R/setWizardCfg.md +CVE-2024-7463 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP900/UploadCustomModule.md +CVE-2024-7464 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP900/setTelnetCfg.md +CVE-2024-7465 - https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/CP450/loginauth.md