mirror of
https://github.com/0xMarcio/cve.git
synced 2025-06-19 17:30:12 +00:00
Update CVE sources 2024-08-08 18:49
This commit is contained in:
0xMarcio
parent
b590cdbb21
commit
4bc2a1b403
@ -14,4 +14,5 @@ No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/vdanen/vex-reader
|
||||
|
||||
|
||||
17
2006/CVE-2006-3211.md
Normal file
17
2006/CVE-2006-3211.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2006-3211](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3211)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://securityreason.com/securityalert/1141
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -20,6 +20,7 @@ Signal handler race condition in OpenSSH before 4.4 allows remote attackers to c
|
||||
- https://github.com/ThemeHackers/CVE-2024-6387
|
||||
- https://github.com/azurejoga/CVE-2024-6387-how-to-fix
|
||||
- https://github.com/bigb0x/CVE-2024-6387
|
||||
- https://github.com/giterlizzi/secdb-feeds
|
||||
- https://github.com/invaderslabs/regreSSHion-CVE-2024-6387-
|
||||
- https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
@ -10,6 +10,7 @@ The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.ubuntu.com/usn/usn-647-1
|
||||
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9643
|
||||
|
||||
#### Github
|
||||
|
||||
@ -11,6 +11,7 @@ The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2,
|
||||
|
||||
#### Reference
|
||||
- http://www.redhat.com/support/errata/RHSA-2008-0879.html
|
||||
- http://www.ubuntu.com/usn/usn-647-1
|
||||
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9679
|
||||
|
||||
#### Github
|
||||
|
||||
@ -10,6 +10,7 @@ The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attacke
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.ubuntu.com/usn/usn-647-1
|
||||
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9529
|
||||
|
||||
#### Github
|
||||
|
||||
@ -11,6 +11,7 @@ Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.1
|
||||
|
||||
#### Reference
|
||||
- http://www.redhat.com/support/errata/RHSA-2008-0879.html
|
||||
- http://www.ubuntu.com/usn/usn-647-1
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -11,6 +11,7 @@ Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and
|
||||
|
||||
#### Reference
|
||||
- http://www.redhat.com/support/errata/RHSA-2008-0879.html
|
||||
- http://www.ubuntu.com/usn/usn-647-1
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -11,6 +11,7 @@ Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x
|
||||
|
||||
#### Reference
|
||||
- http://www.redhat.com/support/errata/RHSA-2008-0879.html
|
||||
- http://www.ubuntu.com/usn/usn-647-1
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -11,6 +11,7 @@ Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow r
|
||||
|
||||
#### Reference
|
||||
- http://www.redhat.com/support/errata/RHSA-2008-0879.html
|
||||
- http://www.ubuntu.com/usn/usn-647-1
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -11,6 +11,7 @@ Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow r
|
||||
|
||||
#### Reference
|
||||
- http://www.redhat.com/support/errata/RHSA-2008-0879.html
|
||||
- http://www.ubuntu.com/usn/usn-647-1
|
||||
- https://bugzilla.mozilla.org/show_bug.cgi?id=441995
|
||||
|
||||
#### Github
|
||||
|
||||
@ -11,6 +11,7 @@ Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.1
|
||||
|
||||
#### Reference
|
||||
- http://www.redhat.com/support/errata/RHSA-2008-0879.html
|
||||
- http://www.ubuntu.com/usn/usn-647-1
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2008/CVE-2008-4066.md
Normal file
17
2008/CVE-2008-4066.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2008-4066](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4066)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug."
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.ubuntu.com/usn/usn-647-1
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -11,6 +11,7 @@ Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x bef
|
||||
|
||||
#### Reference
|
||||
- http://www.redhat.com/support/errata/RHSA-2008-0879.html
|
||||
- http://www.ubuntu.com/usn/usn-647-1
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -11,6 +11,7 @@ Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x bef
|
||||
|
||||
#### Reference
|
||||
- http://www.redhat.com/support/errata/RHSA-2008-0879.html
|
||||
- http://www.ubuntu.com/usn/usn-647-1
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2008/CVE-2008-4070.md
Normal file
17
2008/CVE-2008-4070.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2008-4070](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4070)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages."
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.ubuntu.com/usn/usn-647-1
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2009/CVE-2009-1042.md
Normal file
17
2009/CVE-2009-1042.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2009-1042](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1042)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2009/CVE-2009-1043.md
Normal file
17
2009/CVE-2009-1043.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2009-1043](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1043)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -10,6 +10,7 @@ Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889
|
||||
- https://bugzilla.mozilla.org/show_bug.cgi?id=484320
|
||||
|
||||
#### Github
|
||||
|
||||
@ -12,6 +12,7 @@ js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonk
|
||||
#### Reference
|
||||
- http://blog.mozilla.com/security/2009/07/14/critical-javascript-vulnerability-in-firefox-35/
|
||||
- http://isc.sans.org/diary.html?storyid=6796
|
||||
- http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761
|
||||
- http://www.kb.cert.org/vuls/id/443060
|
||||
- https://www.exploit-db.com/exploits/40936/
|
||||
|
||||
|
||||
17
2009/CVE-2009-2966.md
Normal file
17
2009/CVE-2009-2966.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2009-2966](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2966)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.h-online.com/security/Kaspersky-confirm-and-close-DoS-vulnerability--/news/114077
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2009/CVE-2009-3878.md
Normal file
17
2009/CVE-2009-3878.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2009-3878](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3878)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.h-online.com/security/news/item/Alleged-critical-vulnerability-in-Sun-Java-System-Web-Server-839598.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2009/CVE-2009-3978.md
Normal file
17
2009/CVE-2009-3978.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2009-3978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3978)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.h-online.com/open/news/item/Mozilla-fixes-critical-bugs-with-Firefox-3-5-5-852070.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2010/CVE-2010-0221.md
Normal file
17
2010/CVE-2010-0221.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2010-0221](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0221)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2010/CVE-2010-0222.md
Normal file
17
2010/CVE-2010-0222.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2010-0222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0222)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2010/CVE-2010-0224.md
Normal file
17
2010/CVE-2010-0224.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2010-0224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0224)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2010/CVE-2010-0225.md
Normal file
17
2010/CVE-2010-0225.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2010-0225](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0225)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2010/CVE-2010-0227.md
Normal file
17
2010/CVE-2010-0227.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2010-0227](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0227)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2010/CVE-2010-0228.md
Normal file
17
2010/CVE-2010-0228.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2010-0228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0228)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2010/CVE-2010-0832.md
Normal file
17
2010/CVE-2010-0832.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2010-0832](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0832)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.h-online.com/security/news/item/Ubuntu-closes-root-hole-1034618.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -11,6 +11,7 @@ The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows rem
|
||||
|
||||
#### Reference
|
||||
- http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
|
||||
- http://www.h-online.com/security/news/item/Critical-PHP-vulnerability-being-fixed-1427316.html
|
||||
- https://gist.github.com/1725489
|
||||
|
||||
#### Github
|
||||
|
||||
17
2012/CVE-2012-1557.md
Normal file
17
2012/CVE-2012-1557.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2012-1557](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1557)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.h-online.com/security/news/item/Bug-in-Plesk-administration-software-is-being-actively-exploited-1446587.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -21,6 +21,7 @@ The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0
|
||||
- https://github.com/CVEDB/PoC-List
|
||||
- https://github.com/CVEDB/awesome-cve-repo
|
||||
- https://github.com/L34kl0ve/WNMAP
|
||||
- https://github.com/burnt11235/burnt11235
|
||||
- https://github.com/hantwister/o5logon-fetch
|
||||
- https://github.com/jakuta-tech/WNMAP
|
||||
- https://github.com/quentinhardy/odat
|
||||
|
||||
@ -16,6 +16,7 @@ No PoCs from references.
|
||||
- https://github.com/0x90/wifi-arsenal
|
||||
- https://github.com/0xbitx/wifi-hacking-tools
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/Bitsonwheels/macos-wifi-hacking-tools
|
||||
- https://github.com/CVEDB/PoC-List
|
||||
- https://github.com/CVEDB/awesome-cve-repo
|
||||
- https://github.com/Gafikari/wifi-hacking-tools
|
||||
|
||||
@ -10,6 +10,7 @@ A vulnerability classified as critical has been found in Hindu Matrimonial Scrip
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://vuldb.com/?id.95409
|
||||
- https://www.exploit-db.com/exploits/41044/
|
||||
|
||||
#### Github
|
||||
|
||||
@ -47,6 +47,7 @@ Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in In
|
||||
- https://github.com/SexyBeast233/SecBooks
|
||||
- https://github.com/ThanHuuTuan/CVE-2017-7269
|
||||
- https://github.com/Tyro-Shan/gongkaishouji
|
||||
- https://github.com/VanishedPeople/CVE-2017-7269
|
||||
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
|
||||
- https://github.com/ZTK-009/Penetration_PoC
|
||||
- https://github.com/ZTK-009/RedTeamer
|
||||
|
||||
@ -96,6 +96,7 @@ TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in
|
||||
- https://github.com/weeka10/-hktalent-TOP
|
||||
- https://github.com/withmasday/HTC
|
||||
- https://github.com/wj158/snowwolf-script
|
||||
- https://github.com/wmasday/HTC
|
||||
- https://github.com/wr0x00/Lizard
|
||||
- https://github.com/wr0x00/Lsploit
|
||||
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
|
||||
|
||||
@ -10,6 +10,7 @@ An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://wiki.freepbx.org/display/FOP/2020-01-09+XSS+Injection+vulnerability+in+Superfecta+Module
|
||||
- https://wiki.freepbx.org/display/FOP/List+of+Securities+Vulnerabilities
|
||||
|
||||
#### Github
|
||||
|
||||
@ -14,6 +14,7 @@ In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
- https://github.com/ARPSyndicate/kenzer-templates
|
||||
- https://github.com/Elsfa7-110/kenzer-templates
|
||||
- https://github.com/d4n-sec/d4n-sec.github.io
|
||||
|
||||
@ -13,6 +13,7 @@ Affected versions of Atlassian Jira Server and Data Center allow remote, unauthe
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/ARPSyndicate/kenzer-templates
|
||||
- https://github.com/Elsfa7-110/kenzer-templates
|
||||
|
||||
@ -13,6 +13,7 @@ PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site sc
|
||||
- https://gist.github.com/leommxj/0a32afeeaac960682c5b7c9ca8ed070d
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/ARPSyndicate/kenzer-templates
|
||||
- https://github.com/Elsfa7-110/kenzer-templates
|
||||
|
||||
@ -14,6 +14,7 @@ No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/0xT11/CVE-POC
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/ARPSyndicate/kenzer-templates
|
||||
- https://github.com/EdgeSecurityTeam/Vulnerability
|
||||
|
||||
@ -14,6 +14,7 @@ Improper input validation of octal strings in netmask npm package v1.0.6 and bel
|
||||
- https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thousands-of-applications/
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/ARPSyndicate/kenzer-templates
|
||||
- https://github.com/DNTYO/F5_Vulnerability
|
||||
|
||||
@ -14,6 +14,7 @@ No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/0day404/vulnerability-poc
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/ARPSyndicate/kenzer-templates
|
||||
- https://github.com/EdgeSecurityTeam/Vulnerability
|
||||
|
||||
@ -14,5 +14,5 @@ The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place
|
||||
- https://wpscan.com/vulnerability/7e40e506-ad02-44ca-9d21-3634f3907aad/
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
|
||||
@ -13,5 +13,5 @@ The Real Media Library WordPress plugin before 4.18.29 does not sanitise and esc
|
||||
- https://wpscan.com/vulnerability/adf09e29-baf5-4426-a281-6763c107d348
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
|
||||
@ -15,7 +15,11 @@ No PoCs from references.
|
||||
#### Github
|
||||
- https://github.com/Dikens88/hopp
|
||||
- https://github.com/Snoopy-Sec/Localroot-ALL-CVE
|
||||
- https://github.com/aobakwewastaken/aobakwewastaken
|
||||
- https://github.com/carmilea/carmilea
|
||||
- https://github.com/google/buzzer
|
||||
- https://github.com/google/security-research
|
||||
- https://github.com/kherrick/hacker-news
|
||||
- https://github.com/phixion/phixion
|
||||
- https://github.com/shannonmullins/hopp
|
||||
|
||||
|
||||
21
2023/CVE-2023-31355.md
Normal file
21
2023/CVE-2023-31355.md
Normal file
@ -0,0 +1,21 @@
|
||||
### [CVE-2023-31355](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31355)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/Freax13/cve-2024-21980-poc
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
@ -1,6 +1,5 @@
|
||||
### [CVE-2023-3597](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3597)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
17
2023/CVE-2023-39517.md
Normal file
17
2023/CVE-2023-39517.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2023-39517](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39517)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (`packages/renderer/htmlUtils.ts::sanitizeHtml`) preserves `<map>` `<area>` links. However, unlike `<a>` links, the `target` and `href` attributes are not removed. Additionally, because the note preview pane isn't sandboxed to prevent top navigation, links with `target` set to `_top` can replace the toplevel electron page. Because any toplevel electron page, with Joplin's setup, has access to `require` and can require node libraries, a malicious replacement toplevel page can import `child_process` and execute arbitrary shell commands. This issue has been fixed in commit 7c52c3e9a81a52ef1b42a951f9deb9d378d59b0f which is included in release version 2.12.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/laurent22/joplin/security/advisories/GHSA-2h88-m32f-qh5m
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -14,6 +14,7 @@ TorchServe is a tool for serving and scaling PyTorch models in production. Torch
|
||||
|
||||
#### Github
|
||||
- https://github.com/OligoCyberSecurity/ShellTorchChecker
|
||||
- https://github.com/giterlizzi/secdb-feeds
|
||||
- https://github.com/leoambrus/CheckersNomisec
|
||||
- https://github.com/mdisec/mdisec-twitch-yayinlari
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
@ -14,5 +14,6 @@ EDK2's Network Package is susceptible to an out-of-bounds read vulnerability whe
|
||||
|
||||
#### Github
|
||||
- https://github.com/1490kdrm/vuln_BIOs
|
||||
- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
|
||||
- https://github.com/quarkslab/pixiefail
|
||||
|
||||
|
||||
@ -15,5 +15,6 @@
|
||||
#### Github
|
||||
- https://github.com/1490kdrm/vuln_BIOs
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
|
||||
- https://github.com/quarkslab/pixiefail
|
||||
|
||||
|
||||
@ -14,5 +14,6 @@ EDK2's Network Package is susceptible to an out-of-bounds read vulnerability whe
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
|
||||
- https://github.com/quarkslab/pixiefail
|
||||
|
||||
|
||||
@ -15,5 +15,6 @@
|
||||
#### Github
|
||||
- https://github.com/1490kdrm/vuln_BIOs
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
|
||||
- https://github.com/quarkslab/pixiefail
|
||||
|
||||
|
||||
@ -14,5 +14,6 @@
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
|
||||
- https://github.com/quarkslab/pixiefail
|
||||
|
||||
|
||||
@ -15,5 +15,6 @@
|
||||
#### Github
|
||||
- https://github.com/1490kdrm/vuln_BIOs
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
|
||||
- https://github.com/quarkslab/pixiefail
|
||||
|
||||
|
||||
@ -14,5 +14,6 @@
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
|
||||
- https://github.com/quarkslab/pixiefail
|
||||
|
||||
|
||||
@ -14,4 +14,5 @@ No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/1490kdrm/vuln_BIOs
|
||||
- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
|
||||
|
||||
|
||||
@ -14,4 +14,5 @@ No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/1490kdrm/vuln_BIOs
|
||||
- https://github.com/opencomputeproject/OCP-OSF-Aptio_Community_Edition
|
||||
|
||||
|
||||
17
2023/CVE-2023-47238.md
Normal file
17
2023/CVE-2023-47238.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2023-47238](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47238)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
@ -10,6 +10,7 @@ A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Inte
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/llixixi/cve/blob/main/s45_upload_%20updatelib.md
|
||||
- https://vuldb.com/?id.241640
|
||||
|
||||
#### Github
|
||||
|
||||
@ -20,9 +20,11 @@ A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables compon
|
||||
- https://github.com/Alicey0719/docker-POC_CVE-2024-1086
|
||||
- https://github.com/BachoSeven/stellestelline
|
||||
- https://github.com/CCIEVoice2009/CVE-2024-1086
|
||||
- https://github.com/Disturbante/Linux-Pentest
|
||||
- https://github.com/EGI-Federation/SVG-advisories
|
||||
- https://github.com/GhostTroops/TOP
|
||||
- https://github.com/Hiimsonkul/Hiimsonkul
|
||||
- https://github.com/Jappie3/starred
|
||||
- https://github.com/Notselwyn/CVE-2024-1086
|
||||
- https://github.com/Notselwyn/exploits
|
||||
- https://github.com/Notselwyn/notselwyn
|
||||
|
||||
32
2024/CVE-2024-21302.md
Normal file
32
2024/CVE-2024-21302.md
Normal file
@ -0,0 +1,32 @@
|
||||
### [CVE-2024-21302](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21302)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Summary:Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS) including a subset of Azure Virtual Machine SKUS; enabling an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
21
2024/CVE-2024-21978.md
Normal file
21
2024/CVE-2024-21978.md
Normal file
@ -0,0 +1,21 @@
|
||||
### [CVE-2024-21978](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21978)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/Freax13/cve-2024-21978-poc
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
21
2024/CVE-2024-21980.md
Normal file
21
2024/CVE-2024-21980.md
Normal file
@ -0,0 +1,21 @@
|
||||
### [CVE-2024-21980](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21980)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/Freax13/cve-2024-21980-poc
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
17
2024/CVE-2024-2800.md
Normal file
17
2024/CVE-2024-2800.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-2800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2800)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@ -52,6 +52,7 @@ No PoCs from references.
|
||||
#### Github
|
||||
- https://github.com/0xMarcio/cve
|
||||
- https://github.com/GhostTroops/TOP
|
||||
- https://github.com/Jappie3/starred
|
||||
- https://github.com/blkph0x/CVE_2024_30078_POC_WIFI
|
||||
- https://github.com/enomothem/PenTestNote
|
||||
- https://github.com/lvyitian/CVE-2024-30078-
|
||||
|
||||
17
2024/CVE-2024-3035.md
Normal file
17
2024/CVE-2024-3035.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-3035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3035)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@ -36,6 +36,7 @@ Malicious code was discovered in the upstream tarballs of xz, starting with vers
|
||||
- https://github.com/HaveFun83/awesome-stars
|
||||
- https://github.com/Horizon-Software-Development/CVE-2024-3094
|
||||
- https://github.com/JVS23/cybsec-project-2024
|
||||
- https://github.com/Jappie3/starred
|
||||
- https://github.com/JonathanSiemering/stars
|
||||
- https://github.com/Juul/xz-backdoor-scan
|
||||
- https://github.com/MagpieRYL/CVE-2024-3094-backdoor-env-container
|
||||
|
||||
17
2024/CVE-2024-3114.md
Normal file
17
2024/CVE-2024-3114.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-3114](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3114)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
### [CVE-2024-3219](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3219)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
@ -10,7 +10,7 @@ A vulnerability, which was classified as critical, has been found in SourceCodes
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
- https://vuldb.com/?id.259463
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@ -20,6 +20,7 @@ A command injection as a result of arbitrary file creation vulnerability in the
|
||||
- https://github.com/0x0d3ad/CVE-2024-3400
|
||||
- https://github.com/0xMarcio/cve
|
||||
- https://github.com/0xr2r/CVE-2024-3400-Palo-Alto-OS-Command-Injection
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
- https://github.com/AdaniKamal/CVE-2024-3400
|
||||
- https://github.com/CONDITIONBLACK/CVE-2024-3400-POC
|
||||
- https://github.com/CerTusHack/CVE-2024-3400-PoC
|
||||
|
||||
@ -15,6 +15,7 @@
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
17
2024/CVE-2024-37664.md
Normal file
17
2024/CVE-2024-37664.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-37664](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37664)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the router.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/ouuan/router-vuln-report/blob/master/nat-rst/redmi-rb03-nat-rst.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-38166.md
Normal file
17
2024/CVE-2024-38166.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38166](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38166)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
30
2024/CVE-2024-38202.md
Normal file
30
2024/CVE-2024-38202.md
Normal file
@ -0,0 +1,30 @@
|
||||
### [CVE-2024-38202](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38202)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
SummaryMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Backup, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.Microsoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.This CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.DetailsA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Backup potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.Microsoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now – Microsoft Security Response Center.Microsoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems.Recommended ActionsThe following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available.Configure “Audit Object Access” settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors.Audit File System - Windows 10 | Microsoft LearnApply a basic audit policy on a file or folder - Windows 10 | Microsoft LearnAudit users with permission to perform Backup and Restore operations to ensure only the appropriate users can perform these operations.Audit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft LearnImplement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Backup files and perform Restore operations to appropriate users, for example administrators only.Access Control overview | Microsoft LearnDiscretionary Access Control Lists (DACL)Auditing sensitive privileges used to identify access, modification, or replacement of Backup related files could help indicate attempts to exploit this vulnerability.Audit Sensitive Privilege Use - Windows 10 | Microsoft Learn
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-38206.md
Normal file
17
2024/CVE-2024-38206.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38206](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38206)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
An authenticated attacker can bypass Server-Side Request Forgery (SSRF) protection in Microsoft Copilot Studio to leak sensitive information over a network.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-38527.md
Normal file
17
2024/CVE-2024-38527.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38527](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38527)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdown features, such as `**` for bolded text. However, the markdown text is currently not sanitized before rendering, allowing an attacker to enter a malicious payload for the comment which leads to XSS. This puts existing applications that use ZenUML unsandboxed at risk of arbitrary JavaScript execution when rendering user-controlled diagrams. This vulnerability was patched in version 3.23.25,
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@ -20,4 +20,5 @@ No PoCs from references.
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://github.com/tanjiti/sec_profile
|
||||
- https://github.com/wy876/POC
|
||||
|
||||
|
||||
17
2024/CVE-2024-38881.md
Normal file
17
2024/CVE-2024-38881.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38881)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Rainbow Table Password cracking attack due to the use of one-way hashes without salts when storing user passwords.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-38882.md
Normal file
17
2024/CVE-2024-38882.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38882)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform command line execution through SQL Injection due to improper neutralization of special elements used in an OS command.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-38883.md
Normal file
17
2024/CVE-2024-38883.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38883](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38883)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Drop Encryption Level attack due to the selection of a less-secure algorithm during negotiation.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-38884.md
Normal file
17
2024/CVE-2024-38884.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38884)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly implemented security checks for standard authentication mechanisms
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-38886.md
Normal file
17
2024/CVE-2024-38886.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38886](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38886)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Traffic Injection attack due to improper verification of the source of a communication channel.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-38887.md
Normal file
17
2024/CVE-2024-38887.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38887](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38887)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary privileges.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-38888.md
Normal file
17
2024/CVE-2024-38888.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38888](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38888)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform a Password Brute Forcing attack due to improper restriction of excessive authentication attempts.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-38889.md
Normal file
17
2024/CVE-2024-38889.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38889](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38889)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform SQL Injection due to improper neutralization of special elements used in an SQL command.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-38890.md
Normal file
17
2024/CVE-2024-38890.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38890](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38890)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-38891.md
Normal file
17
2024/CVE-2024-38891.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38891](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38891)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform a Sniffing Network Traffic attack due to the cleartext transmission of sensitive information.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://packetstormsecurity.com/files/179892/Caterease-Software-SQL-Injection-Command-Injection-Bypass.html
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2024/CVE-2024-3958.md
Normal file
17
2024/CVE-2024-3958.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-3958](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3958)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-41989.md
Normal file
17
2024/CVE-2024-41989.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-41989](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41989)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter is subject to significant memory consumption when given a string representation of a number in scientific notation with a large exponent.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-41990.md
Normal file
17
2024/CVE-2024-41990.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-41990](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41990)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-41991.md
Normal file
17
2024/CVE-2024-41991.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-41991](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41991)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
17
2024/CVE-2024-42005.md
Normal file
17
2024/CVE-2024-42005.md
Normal file
@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42005](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42005)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
19
2024/CVE-2024-42033.md
Normal file
19
2024/CVE-2024-42033.md
Normal file
@ -0,0 +1,19 @@
|
||||
### [CVE-2024-42033](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42033)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Access control vulnerability in the security verification modulempact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
19
2024/CVE-2024-42034.md
Normal file
19
2024/CVE-2024-42034.md
Normal file
@ -0,0 +1,19 @@
|
||||
### [CVE-2024-42034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42034)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
LaunchAnywhere vulnerability in the account module.Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
19
2024/CVE-2024-42035.md
Normal file
19
2024/CVE-2024-42035.md
Normal file
@ -0,0 +1,19 @@
|
||||
### [CVE-2024-42035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42035)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Permission control vulnerability in the App Multiplier moduleImpact:Successful exploitation of this vulnerability may affect functionality and confidentiality.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
19
2024/CVE-2024-42036.md
Normal file
19
2024/CVE-2024-42036.md
Normal file
@ -0,0 +1,19 @@
|
||||
### [CVE-2024-42036](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42036)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Access permission verification vulnerability in the Notepad moduleImpact: Successful exploitation of this vulnerability may affect service confidentiality.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user