diff --git a/2001/CVE-2001-0817.md b/2001/CVE-2001-0817.md index 2879e5d39..ab66eebac 100644 --- a/2001/CVE-2001-0817.md +++ b/2001/CVE-2001-0817.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner +- https://github.com/ryanalieh/openSSH-scanner diff --git a/2002/CVE-2002-0083.md b/2002/CVE-2002-0083.md index 9862e4f36..3c1c757c7 100644 --- a/2002/CVE-2002-0083.md +++ b/2002/CVE-2002-0083.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner +- https://github.com/ryanalieh/openSSH-scanner diff --git a/2003/CVE-2003-0190.md b/2003/CVE-2003-0190.md index bea1b32bc..3ef8b7d9a 100644 --- a/2003/CVE-2003-0190.md +++ b/2003/CVE-2003-0190.md @@ -20,5 +20,7 @@ OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediat - https://github.com/Live-Hack-CVE/CVE-2003-0190 - https://github.com/Live-Hack-CVE/CVE-2003-1562 - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner - https://github.com/octane23/CASE-STUDY-1 +- https://github.com/ryanalieh/openSSH-scanner diff --git a/2006/CVE-2006-5051.md b/2006/CVE-2006-5051.md index 87ae5e797..62c4db889 100644 --- a/2006/CVE-2006-5051.md +++ b/2006/CVE-2006-5051.md @@ -21,10 +21,12 @@ Signal handler race condition in OpenSSH before 4.4 allows remote attackers to c - https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix - https://github.com/azurejoga/CVE-2024-6387-how-to-fix - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner - https://github.com/giterlizzi/secdb-feeds - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/ryanalieh/openSSH-scanner - https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH - https://github.com/sardine-web/CVE-2024-6387_Check diff --git a/2008/CVE-2008-4109.md b/2008/CVE-2008-4109.md index 4a5171a83..cc7a5a747 100644 --- a/2008/CVE-2008-4109.md +++ b/2008/CVE-2008-4109.md @@ -20,7 +20,9 @@ A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 o - https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix - https://github.com/azurejoga/CVE-2024-6387-how-to-fix - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion +- https://github.com/ryanalieh/openSSH-scanner - https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH diff --git a/2008/CVE-2008-5161.md b/2008/CVE-2008-5161.md index afd1f370c..c2ee311f8 100644 --- a/2008/CVE-2008-5161.md +++ b/2008/CVE-2008-5161.md @@ -28,12 +28,14 @@ Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Conne - https://github.com/Wernigerode23/Uiazvimosty - https://github.com/Zhivarev/13-01-hw - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner - https://github.com/ekiojp/hanase - https://github.com/joshgarlandreese/WordPressRedTeam_BlueTeam - https://github.com/kaio6fellipe/ssh-enum - https://github.com/mahaoffsec/OpenSSH_4.7p1-Exploit - https://github.com/pankajjarial-dev/OpenSSH_4.7p1 - https://github.com/pankajjarial360/OpenSSH_4.7p1 +- https://github.com/ryanalieh/openSSH-scanner - https://github.com/saib2018/Wordpress_Red_Blue_Teaming - https://github.com/scmanjarrez/CVEScannerV2 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems diff --git a/2010/CVE-2010-1387.md b/2010/CVE-2010-1387.md new file mode 100644 index 000000000..51a450818 --- /dev/null +++ b/2010/CVE-2010-1387.md @@ -0,0 +1,17 @@ +### [CVE-2010-1387](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. + +### POC + +#### Reference +- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7061 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2012/CVE-2012-0814.md b/2012/CVE-2012-0814.md index 1d53d5739..5a427b1d9 100644 --- a/2012/CVE-2012-0814.md +++ b/2012/CVE-2012-0814.md @@ -26,7 +26,9 @@ No PoCs from references. - https://github.com/Wernigerode23/Uiazvimosty - https://github.com/Zhivarev/13-01-hw - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner - https://github.com/kaio6fellipe/ssh-enum +- https://github.com/ryanalieh/openSSH-scanner - https://github.com/scmanjarrez/CVEScannerV2 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems - https://github.com/syadg123/pigat diff --git a/2012/CVE-2012-0816.md b/2012/CVE-2012-0816.md index d2d330ac6..d04f91e04 100644 --- a/2012/CVE-2012-0816.md +++ b/2012/CVE-2012-0816.md @@ -14,4 +14,6 @@ No PoCs from references. #### Github - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner +- https://github.com/ryanalieh/openSSH-scanner diff --git a/2013/CVE-2013-4548.md b/2013/CVE-2013-4548.md index 800ac1be0..815bbcd3a 100644 --- a/2013/CVE-2013-4548.md +++ b/2013/CVE-2013-4548.md @@ -14,4 +14,6 @@ The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6 #### Github - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner +- https://github.com/ryanalieh/openSSH-scanner diff --git a/2014/CVE-2014-2532.md b/2014/CVE-2014-2532.md index e5c96a025..ce2693f17 100644 --- a/2014/CVE-2014-2532.md +++ b/2014/CVE-2014-2532.md @@ -17,5 +17,7 @@ sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv line #### Github - https://github.com/averyth3archivist/nmap-network-reconnaissance - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner +- https://github.com/ryanalieh/openSSH-scanner - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough diff --git a/2015/CVE-2015-5600.md b/2015/CVE-2015-5600.md index 3a5e379c5..558f560fd 100644 --- a/2015/CVE-2015-5600.md +++ b/2015/CVE-2015-5600.md @@ -23,7 +23,9 @@ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 - https://github.com/Live-Hack-CVE/CVE-2015-5600 - https://github.com/ahm3dhany/IDS-Evasion - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner - https://github.com/pboonman196/Final_Project_CyberBootcamp +- https://github.com/ryanalieh/openSSH-scanner - https://github.com/scmanjarrez/CVEScannerV2 - https://github.com/sjourdan/clair-lab - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough diff --git a/2015/CVE-2015-6563.md b/2015/CVE-2015-6563.md index 971a4401a..dde16384d 100644 --- a/2015/CVE-2015-6563.md +++ b/2015/CVE-2015-6563.md @@ -19,6 +19,8 @@ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms acc - https://github.com/CyCognito/manual-detection - https://github.com/Live-Hack-CVE/CVE-2015-6563 - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner +- https://github.com/ryanalieh/openSSH-scanner - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough - https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough diff --git a/2015/CVE-2015-6564.md b/2015/CVE-2015-6564.md index e271b0157..4af956ee9 100644 --- a/2015/CVE-2015-6564.md +++ b/2015/CVE-2015-6564.md @@ -18,6 +18,8 @@ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c - https://github.com/CyCognito/manual-detection - https://github.com/Live-Hack-CVE/CVE-2015-6564 - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner +- https://github.com/ryanalieh/openSSH-scanner - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough - https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough diff --git a/2016/CVE-2016-0777.md b/2016/CVE-2016-0777.md index 8605825e8..c3b7cddc7 100644 --- a/2016/CVE-2016-0777.md +++ b/2016/CVE-2016-0777.md @@ -26,6 +26,7 @@ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, - https://github.com/WinstonN/fabric2 - https://github.com/akshayprasad/Linux_command_crash_course - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner - https://github.com/chuongvuvan/awesome-ssh - https://github.com/cpcloudnl/ssh-config - https://github.com/dblume/dotfiles @@ -40,6 +41,7 @@ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, - https://github.com/moul/awesome-ssh - https://github.com/phx/cvescan - https://github.com/project7io/nmap +- https://github.com/ryanalieh/openSSH-scanner - https://github.com/threepistons/puppet-module-ssh - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough - https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough diff --git a/2016/CVE-2016-10009.md b/2016/CVE-2016-10009.md index a64c27296..e61fd7014 100644 --- a/2016/CVE-2016-10009.md +++ b/2016/CVE-2016-10009.md @@ -16,12 +16,14 @@ Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH befor #### Github - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner - https://github.com/bioly230/THM_Skynet - https://github.com/biswajitde/dsm_ips - https://github.com/gabrieljcs/ips-assessment-reports - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/phx/cvescan - https://github.com/retr0-13/cveScannerV2 +- https://github.com/ryanalieh/openSSH-scanner - https://github.com/scmanjarrez/CVEScannerV2 - https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough diff --git a/2016/CVE-2016-10012.md b/2016/CVE-2016-10012.md index 1fad6ddc9..73e7bcf28 100644 --- a/2016/CVE-2016-10012.md +++ b/2016/CVE-2016-10012.md @@ -15,9 +15,11 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner - https://github.com/bioly230/THM_Skynet - https://github.com/phx/cvescan - https://github.com/retr0-13/cveScannerV2 +- https://github.com/ryanalieh/openSSH-scanner - https://github.com/scmanjarrez/CVEScannerV2 - https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough diff --git a/2016/CVE-2016-3115.md b/2016/CVE-2016-3115.md index 7a10fdb62..d6eb32dde 100644 --- a/2016/CVE-2016-3115.md +++ b/2016/CVE-2016-3115.md @@ -23,11 +23,13 @@ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7 - https://github.com/ARPSyndicate/cvemon - https://github.com/RedHatSatellite/satellite-host-cve - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner - https://github.com/bioly230/THM_Skynet - https://github.com/biswajitde/dsm_ips - https://github.com/gabrieljcs/ips-assessment-reports - https://github.com/kaio6fellipe/ssh-enum - https://github.com/phx/cvescan +- https://github.com/ryanalieh/openSSH-scanner - https://github.com/scmanjarrez/CVEScannerV2 - https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough diff --git a/2016/CVE-2016-6210.md b/2016/CVE-2016-6210.md index 108b69184..2b6406150 100644 --- a/2016/CVE-2016-6210.md +++ b/2016/CVE-2016-6210.md @@ -18,6 +18,7 @@ sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password has - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Live-Hack-CVE/CVE-2016-6210 - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner - https://github.com/bioly230/THM_Skynet - https://github.com/cocomelonc/vulnexipy - https://github.com/eric-conrad/enumer8 @@ -26,6 +27,7 @@ sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password has - https://github.com/lnick2023/nicenice - https://github.com/phx/cvescan - https://github.com/qazbnm456/awesome-cve-poc +- https://github.com/ryanalieh/openSSH-scanner - https://github.com/samh4cks/CVE-2016-6210-OpenSSH-User-Enumeration - https://github.com/sash3939/IS_Vulnerabilities_attacks - https://github.com/scmanjarrez/CVEScannerV2 diff --git a/2018/CVE-2018-15473.md b/2018/CVE-2018-15473.md index eb4be0495..c8657ba78 100644 --- a/2018/CVE-2018-15473.md +++ b/2018/CVE-2018-15473.md @@ -75,6 +75,7 @@ OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not dela - https://github.com/ba56789/WebMap - https://github.com/bakery312/Vulhub-Reproduce - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner - https://github.com/bioly230/THM_Skynet - https://github.com/coollce/CVE-2018-15473_burte - https://github.com/cved-sources/cve-2018-15473 @@ -112,6 +113,7 @@ OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not dela - https://github.com/pyperanger/CVE-2018-15473_exploit - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/r3dxpl0it/CVE-2018-15473 +- https://github.com/ryanalieh/openSSH-scanner - https://github.com/sa7mon/vulnchest - https://github.com/saifmbarki/wMapp - https://github.com/scmanjarrez/CVEScannerV2 diff --git a/2019/CVE-2019-11358.md b/2019/CVE-2019-11358.md index 5324252f0..1693fecb3 100644 --- a/2019/CVE-2019-11358.md +++ b/2019/CVE-2019-11358.md @@ -2037,6 +2037,8 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/Sarvesh-Somasundaram/5795UltimateGoal - https://github.com/Satgoy152/FreightFrenzy - https://github.com/ScarlettRobotics/FTC-2021 +- https://github.com/ScarlettRobotics/FTC20718-2023-24 +- https://github.com/ScarlettRobotics/FTC22531-2023-24 - https://github.com/Scarsdale-Robotics/2021-2022-Freight-Frenzy - https://github.com/Scarsdale-Robotics/OpenCV-Tutorial - https://github.com/SchillingW/FTC_2022-2023_8.1.1-master diff --git a/2019/CVE-2019-6111.md b/2019/CVE-2019-6111.md index c3b93f75a..998dc8e2d 100644 --- a/2019/CVE-2019-6111.md +++ b/2019/CVE-2019-6111.md @@ -26,6 +26,7 @@ An issue was discovered in OpenSSH 7.9. Due to the scp implementation being deri - https://github.com/Mohzeela/external-secret - https://github.com/TommasoBilotta/public - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner - https://github.com/bioly230/THM_Skynet - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/firatesatoglu/iot-searchengine @@ -34,6 +35,7 @@ An issue was discovered in OpenSSH 7.9. Due to the scp implementation being deri - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/retr0-13/cveScannerV2 +- https://github.com/ryanalieh/openSSH-scanner - https://github.com/scmanjarrez/CVEScannerV2 - https://github.com/siddharthraopotukuchi/trivy - https://github.com/simiyo/trivy diff --git a/2022/CVE-2022-32759.md b/2022/CVE-2022-32759.md new file mode 100644 index 000000000..f2b538395 --- /dev/null +++ b/2022/CVE-2022-32759.md @@ -0,0 +1,19 @@ +### [CVE-2022-32759](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32759) +![](https://img.shields.io/static/v1?label=Product&message=Security%20Directory%20Integrator&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Security%20Verify%20Directory%20Integrator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2010.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%207.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-613%20Insufficient%20Session%20Expiration&color=brighgreen) + +### Description + +IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc + diff --git a/2022/CVE-2022-43915.md b/2022/CVE-2022-43915.md new file mode 100644 index 000000000..bbe04c059 --- /dev/null +++ b/2022/CVE-2022-43915.md @@ -0,0 +1,17 @@ +### [CVE-2022-43915](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43915) +![](https://img.shields.io/static/v1?label=Product&message=App%20Connect%20Enterprise%20Certified%20Container&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%205.0%2C%207.1%2C%207.2%2C%208.0%2C%208.1%2C%208.2%2C%209.0%2C%209.1%2C%209.2%2C%2010.0%2C%2010.1%2C%2011.0%2C%2011.1%2C%2011.2%2C%2011.3%2C%2011.4%2C%2011.5%2C%2011.6%2C%2012.0%2C%2012.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-732%20Incorrect%20Permission%20Assignment%20for%20Critical%20Resource&color=brighgreen) + +### Description + +IBM App Connect Enterprise Certified Container 5.0, 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, and 12.1 does not limit calls to unshare in running Pods. This can allow a user with access to execute commands in a running Pod to elevate their user privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2023/CVE-2023-0926.md b/2023/CVE-2023-0926.md index d5729ac76..1c26b0129 100644 --- a/2023/CVE-2023-0926.md +++ b/2023/CVE-2023-0926.md @@ -13,5 +13,5 @@ The Custom Permalinks plugin for WordPress is vulnerable to Stored Cross-Site Sc - https://github.com/samiahmedsiddiqui/custom-permalinks/pull/96 #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2023/CVE-2023-3184.md b/2023/CVE-2023-3184.md index a8ece43ef..f89dba4a5 100644 --- a/2023/CVE-2023-3184.md +++ b/2023/CVE-2023-3184.md @@ -12,6 +12,7 @@ A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. #### Reference - http://packetstormsecurity.com/files/172908/Sales-Tracker-Management-System-1.0-HTML-Injection.html - https://github.com/ctflearner/Vulnerability/blob/main/Sales_Tracker_Management_System/stms.md +- https://vuldb.com/?id.231164 #### Github - https://github.com/ctflearner/ctflearner diff --git a/2023/CVE-2023-3189.md b/2023/CVE-2023-3189.md new file mode 100644 index 000000000..17db37456 --- /dev/null +++ b/2023/CVE-2023-3189.md @@ -0,0 +1,17 @@ +### [CVE-2023-3189](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3189) +![](https://img.shields.io/static/v1?label=Product&message=Online%20School%20Fees%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross%20Site%20Scripting&color=brighgreen) + +### Description + +A vulnerability, which was classified as problematic, was found in SourceCodester Online School Fees System 1.0. This affects an unknown part of the file /paysystem/branch.php of the component POST Parameter Handler. The manipulation of the argument branch leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231501 was assigned to this vulnerability. + +### POC + +#### Reference +- https://vuldb.com/?id.231501 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-3383.md b/2023/CVE-2023-3383.md new file mode 100644 index 000000000..ac6008e2c --- /dev/null +++ b/2023/CVE-2023-3383.md @@ -0,0 +1,17 @@ +### [CVE-2023-3383](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3383) +![](https://img.shields.io/static/v1?label=Product&message=Game%20Result%20Matrix%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, was found in SourceCodester Game Result Matrix System 1.0. This affects an unknown part of the file /dipam/athlete-profile.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232239. + +### POC + +#### Reference +- https://vuldb.com/?id.232239 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-3449.md b/2023/CVE-2023-3449.md new file mode 100644 index 000000000..27e49f6c5 --- /dev/null +++ b/2023/CVE-2023-3449.md @@ -0,0 +1,17 @@ +### [CVE-2023-3449](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3449) +![](https://img.shields.io/static/v1?label=Product&message=OA&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.5.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function actionExport of the file ?r=recruit/interview/export&interviews=x of the component Interview Management Export. The manipulation of the argument interviews leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-232546 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +- https://vuldb.com/?id.232546 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-3824.md b/2023/CVE-2023-3824.md index fba05b8ae..487ce1ef9 100644 --- a/2023/CVE-2023-3824.md +++ b/2023/CVE-2023-3824.md @@ -20,6 +20,7 @@ In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2. - https://github.com/NewLockBit/Research-of-CVE-2023-3824-NCA-Lockbit - https://github.com/Nfttkcauzy/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK - https://github.com/Nuki2u/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK +- https://github.com/Starla2u/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK - https://github.com/StayBeautiful-collab/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/jhonnybonny/CVE-2023-3824 diff --git a/2023/CVE-2023-3859.md b/2023/CVE-2023-3859.md index c35ec9f07..7db35e6a9 100644 --- a/2023/CVE-2023-3859.md +++ b/2023/CVE-2023-3859.md @@ -10,7 +10,7 @@ A vulnerability was found in phpscriptpoint Car Listing 1.6 and classified as cr ### POC #### Reference -No PoCs from references. +- https://vuldb.com/?id.235211 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-49287.md b/2023/CVE-2023-49287.md index 00151c3a4..ecf8be6eb 100644 --- a/2023/CVE-2023-49287.md +++ b/2023/CVE-2023-49287.md @@ -16,6 +16,7 @@ TinyDir is a lightweight C directory and file reader. Buffer overflows in the `t #### Github - https://github.com/0xdea/advisories +- https://github.com/DiRaltvein/memory-corruption-examples - https://github.com/ShangzhiXu/CSABlindSpot - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/hnsecurity/vulns diff --git a/2023/CVE-2023-51771.md b/2023/CVE-2023-51771.md index 33ac91cce..864b64e56 100644 --- a/2023/CVE-2023-51771.md +++ b/2023/CVE-2023-51771.md @@ -13,6 +13,7 @@ In MicroHttpServer (aka Micro HTTP Server) through a8ab029, _ParseHeader in lib/ - https://github.com/starnight/MicroHttpServer/issues/8 #### Github +- https://github.com/DiRaltvein/memory-corruption-examples - https://github.com/Halcy0nic/Trophies - https://github.com/skinnyrad/Trophies diff --git a/2023/CVE-2023-6893.md b/2023/CVE-2023-6893.md index d2d6adf3c..4472e6ba6 100644 --- a/2023/CVE-2023-6893.md +++ b/2023/CVE-2023-6893.md @@ -15,6 +15,7 @@ A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_202011 #### Github - https://github.com/Marco-zcl/POC - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/mewhz/poc - https://github.com/wjlin0/poc-doc - https://github.com/wy876/POC - https://github.com/xingchennb/POC- diff --git a/2023/CVE-2023-6895.md b/2023/CVE-2023-6895.md index f489d9d5d..12859f8cb 100644 --- a/2023/CVE-2023-6895.md +++ b/2023/CVE-2023-6895.md @@ -16,6 +16,7 @@ A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_202011 - https://github.com/FuBoLuSec/CVE-2023-6895 - https://github.com/Marco-zcl/POC - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/mewhz/poc - https://github.com/nles-crt/CVE-2023-6895 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile diff --git a/2023/CVE-2023-6987.md b/2023/CVE-2023-6987.md new file mode 100644 index 000000000..e2ea984a1 --- /dev/null +++ b/2023/CVE-2023-6987.md @@ -0,0 +1,17 @@ +### [CVE-2023-6987](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6987) +![](https://img.shields.io/static/v1?label=Product&message=String%20locator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.6.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This required WP_DEBUG to be enabled in order to be exploited. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-2254.md b/2024/CVE-2024-2254.md new file mode 100644 index 000000000..8c2444df5 --- /dev/null +++ b/2024/CVE-2024-2254.md @@ -0,0 +1,17 @@ +### [CVE-2024-2254](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2254) +![](https://img.shields.io/static/v1?label=Product&message=RT%20Easy%20Builder%20%E2%80%93%20Advanced%20addons%20for%20Elementor&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%202.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) + +### Description + +The RT Easy Builder – Advanced addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-24809.md b/2024/CVE-2024-24809.md index c8febd978..3501400d8 100644 --- a/2024/CVE-2024-24809.md +++ b/2024/CVE-2024-24809.md @@ -14,5 +14,5 @@ Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnera - https://github.com/traccar/traccar/security/advisories/GHSA-vhrw-72f6-gwp5 #### Github -No PoCs found on GitHub currently. +- https://github.com/20142995/nuclei-templates diff --git a/2024/CVE-2024-28772.md b/2024/CVE-2024-28772.md new file mode 100644 index 000000000..6803533be --- /dev/null +++ b/2024/CVE-2024-28772.md @@ -0,0 +1,19 @@ +### [CVE-2024-28772](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28772) +![](https://img.shields.io/static/v1?label=Product&message=Security%20Directory%20Integrator&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Security%20Verify%20Directory%20Integrator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2010.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%207.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc + diff --git a/2024/CVE-2024-2887.md b/2024/CVE-2024-2887.md index 978a94303..50b6ad3c1 100644 --- a/2024/CVE-2024-2887.md +++ b/2024/CVE-2024-2887.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/TrojanAZhen/Self_Back - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-3094.md b/2024/CVE-2024-3094.md index 28b2ddfee..a9a19e328 100644 --- a/2024/CVE-2024-3094.md +++ b/2024/CVE-2024-3094.md @@ -101,6 +101,7 @@ Malicious code was discovered in the upstream tarballs of xz, starting with vers - https://github.com/hoanbi1812000/hoanbi1812000 - https://github.com/iakat/stars - https://github.com/iheb2b/CVE-2024-3094-Checker +- https://github.com/initMAX/Zabbix-Templates - https://github.com/initMAX/zabbix-templates - https://github.com/isuruwa/CVE-2024-3094 - https://github.com/jafshare/GithubTrending diff --git a/2024/CVE-2024-32231.md b/2024/CVE-2024-32231.md new file mode 100644 index 000000000..37bac6fef --- /dev/null +++ b/2024/CVE-2024-32231.md @@ -0,0 +1,17 @@ +### [CVE-2024-32231](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32231) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Stash up to v0.25.1 was discovered to contain a SQL injection vulnerability via the sort parameter. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-36542.md b/2024/CVE-2024-36542.md index e538e4d72..a58ce7e5b 100644 --- a/2024/CVE-2024-36542.md +++ b/2024/CVE-2024-36542.md @@ -13,5 +13,5 @@ Insecure permissions in kuma v2.7.0 allows attackers to access sensitive data an - https://gist.github.com/HouqiyuA/e1685843b6f42b47dbf97e2e92e63428 #### Github -No PoCs found on GitHub currently. +- https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc diff --git a/2024/CVE-2024-38213.md b/2024/CVE-2024-38213.md new file mode 100644 index 000000000..6afc7d882 --- /dev/null +++ b/2024/CVE-2024-38213.md @@ -0,0 +1,46 @@ +### [CVE-2024-38213](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38213) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201507&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20Version%2023H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H3&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20680%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7070%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.5936%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4529%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4529%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2527%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3019%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3737%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3737%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.950%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24919%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22023%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-693%3A%20Protection%20Mechanism%20Failure&color=brighgreen) + +### Description + +Windows Mark of the Web Security Feature Bypass Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/giterlizzi/secdb-feeds + diff --git a/2024/CVE-2024-40872.md b/2024/CVE-2024-40872.md new file mode 100644 index 000000000..9a2f5f170 --- /dev/null +++ b/2024/CVE-2024-40872.md @@ -0,0 +1,17 @@ +### [CVE-2024-40872](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40872) +![](https://img.shields.io/static/v1?label=Product&message=Secure%20Access&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2013.07%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-822%20Untrusted%20Pointer%20Dereference&color=brighgreen) + +### Description + +There is an elevation of privilege vulnerability in serverand client components of Absolute Secure Access prior to version 13.07.Attackers with local access and valid desktop user credentials can elevatetheir privilege to system level by passing invalid address data to the vulnerablecomponent. This could be used tomanipulate process tokens to elevate the privilege of a normal process toSystem. The scope is changed, the impact to system confidentiality andintegrity is high, the impact to the availability of the effected component isnone. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc + diff --git a/2024/CVE-2024-40873.md b/2024/CVE-2024-40873.md new file mode 100644 index 000000000..039484a43 --- /dev/null +++ b/2024/CVE-2024-40873.md @@ -0,0 +1,17 @@ +### [CVE-2024-40873](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40873) +![](https://img.shields.io/static/v1?label=Product&message=Secure%20Access&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%2013.07%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) + +### Description + +There is a cross-site scripting vulnerability in the SecureAccess administrative console of Absolute Secure Access prior to version 13.07.Attackers with system administrator permissions can interfere with anothersystem administrator’s use of the publishing UI when the administrators areediting the same management object. The scope is unchanged, there is no loss ofconfidentiality. Impact to system availability is none, impact to systemintegrity is high. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc + diff --git a/2024/CVE-2024-41800.md b/2024/CVE-2024-41800.md index 140d4d07a..856e66b96 100644 --- a/2024/CVE-2024-41800.md +++ b/2024/CVE-2024-41800.md @@ -13,5 +13,5 @@ Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tok - https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use #### Github -No PoCs found on GitHub currently. +- https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc diff --git a/2024/CVE-2024-41801.md b/2024/CVE-2024-41801.md new file mode 100644 index 000000000..6f8b70e14 --- /dev/null +++ b/2024/CVE-2024-41801.md @@ -0,0 +1,17 @@ +### [CVE-2024-41801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41801) +![](https://img.shields.io/static/v1?label=Product&message=openproject&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3C%2014.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-601%3A%20URL%20Redirection%20to%20Untrusted%20Site%20('Open%20Redirect')&color=brighgreen) + +### Description + +OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the "Login required" setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProject user's account. This vulnerability affects default packaged installation of OpenProject without any additional configuration or modules on Apache (such as mod_security, manually setting a host name, having a fallthrough VirtualHost). It might also affect other installations that did not take care to fix the HOST/X-Forwarded-Host headers. Version 14.3.0 includes stronger protections for the hostname from within the application using the HostAuthorization middleware of Rails to reject any requests with a host name that does not match the configured one. Also, all generated links by the application are now ensured to use the built-in hostname. Users who aren't able to upgrade immediately may use mod_security for Apache2 or manually fix the Host and X-Forwarded-Host headers in their proxying application before reaching the application server of OpenProject. Alternatively, they can manually apply the patch to opt-in to host header protections in previous versions of OpenProject. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc + diff --git a/2024/CVE-2024-41806.md b/2024/CVE-2024-41806.md index d61b6c733..4a57cd322 100644 --- a/2024/CVE-2024-41806.md +++ b/2024/CVE-2024-41806.md @@ -13,5 +13,6 @@ The Open edX Platform is a learning management platform. Instructors can upload No PoCs from references. #### Github +- https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-42340.md b/2024/CVE-2024-42340.md new file mode 100644 index 000000000..88bac11de --- /dev/null +++ b/2024/CVE-2024-42340.md @@ -0,0 +1,17 @@ +### [CVE-2024-42340](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42340) +![](https://img.shields.io/static/v1?label=Product&message=CyberArk%20Identity%20Management&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=All%20versions%3C%20Upgrade%20to%20latest%20version%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-602%3A%20Client-Side%20Enforcement%20of%20Server-Side%20Security&color=brighgreen) + +### Description + +CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-42845.md b/2024/CVE-2024-42845.md index 6acc3053b..42eaa7008 100644 --- a/2024/CVE-2024-42845.md +++ b/2024/CVE-2024-42845.md @@ -13,5 +13,6 @@ An eval Injection vulnerability in the component invesalius/reader/dicom.py of I No PoCs from references. #### Github +- https://github.com/alessio-romano/alessio-romano - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-43105.md b/2024/CVE-2024-43105.md index d3d0ca186..a67d35930 100644 --- a/2024/CVE-2024-43105.md +++ b/2024/CVE-2024-43105.md @@ -13,5 +13,6 @@ Mattermost Plugin Channel Export versions <=1.0.0 fail to restrict concurrent ru No PoCs from references. #### Github +- https://github.com/c0rydoras/cves - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-44083.md b/2024/CVE-2024-44083.md new file mode 100644 index 000000000..83f428325 --- /dev/null +++ b/2024/CVE-2024-44083.md @@ -0,0 +1,17 @@ +### [CVE-2024-44083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44083) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-6095.md b/2024/CVE-2024-6095.md index 4551b3c8b..0bc6d071b 100644 --- a/2024/CVE-2024-6095.md +++ b/2024/CVE-2024-6095.md @@ -13,5 +13,6 @@ A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/sev-hack/sev-hack diff --git a/2024/CVE-2024-6387.md b/2024/CVE-2024-6387.md index ba5bb798f..ec3979f4b 100644 --- a/2024/CVE-2024-6387.md +++ b/2024/CVE-2024-6387.md @@ -49,6 +49,7 @@ A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). - https://github.com/azurejoga/CVE-2024-6387-how-to-fix - https://github.com/beac0n/ruroco - https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/bigb0x/OpenSSH-Scanner - https://github.com/cybereagle2001/KQL-Security-Querries - https://github.com/enomothem/PenTestNote - https://github.com/giterlizzi/secdb-feeds @@ -58,6 +59,7 @@ A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). - https://github.com/maycon/stars - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/rxerium/stars +- https://github.com/ryanalieh/openSSH-scanner - https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH - https://github.com/sardine-web/CVE-2024-6387_Check - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-6409.md b/2024/CVE-2024-6409.md index 6e997a59f..829d721cd 100644 --- a/2024/CVE-2024-6409.md +++ b/2024/CVE-2024-6409.md @@ -23,4 +23,6 @@ No PoCs from references. #### Github - https://github.com/EGI-Federation/SVG-advisories +- https://github.com/bigb0x/OpenSSH-Scanner +- https://github.com/ryanalieh/openSSH-scanner diff --git a/2024/CVE-2024-6499.md b/2024/CVE-2024-6499.md new file mode 100644 index 000000000..84fc00d4d --- /dev/null +++ b/2024/CVE-2024-6499.md @@ -0,0 +1,17 @@ +### [CVE-2024-6499](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6499) +![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Button%20Plugin%20MaxButtons&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%209.7.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%20Information%20Exposure&color=brighgreen) + +### Description + +The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 9.7.8. This makes it possible for unauthenticated attackers to obtain the full path to instances, which they may be able to use in combination with other vulnerabilities or to simplify reconnaissance work. On its own, this information is of very limited use. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-6631.md b/2024/CVE-2024-6631.md new file mode 100644 index 000000000..024a88cfd --- /dev/null +++ b/2024/CVE-2024-6631.md @@ -0,0 +1,17 @@ +### [CVE-2024-6631](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6631) +![](https://img.shields.io/static/v1?label=Product&message=ImageRecycle%20pdf%20%26%20image%20compression&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.1.14%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 3.1.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform unauthorized actions, such as updating plugin settings. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7007.md b/2024/CVE-2024-7007.md index 728ce09dc..981f90cd3 100644 --- a/2024/CVE-2024-7007.md +++ b/2024/CVE-2024-7007.md @@ -13,5 +13,5 @@ Positron Broadcast Signal Processor TRA7005 v1.20 is vulnerable to an authentica - https://www.cisa.gov/news-events/ics-advisories/icsa-24-207-02 #### Github -No PoCs found on GitHub currently. +- https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc diff --git a/2024/CVE-2024-7101.md b/2024/CVE-2024-7101.md new file mode 100644 index 000000000..db6c60d2e --- /dev/null +++ b/2024/CVE-2024-7101.md @@ -0,0 +1,17 @@ +### [CVE-2024-7101](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7101) +![](https://img.shields.io/static/v1?label=Product&message=Administra%C3%A7%C3%A3o%20PABX&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.x%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability, which was classified as critical, has been found in ForIP Tecnologia Administração PABX 1.x. This issue affects some unknown processing of the file /login of the component Authentication Form. The manipulation of the argument usuario leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272423. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc + diff --git a/2024/CVE-2024-7351.md b/2024/CVE-2024-7351.md index d02679e4d..b6b287c2d 100644 --- a/2024/CVE-2024-7351.md +++ b/2024/CVE-2024-7351.md @@ -13,5 +13,6 @@ The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-7568.md b/2024/CVE-2024-7568.md new file mode 100644 index 000000000..8470ac0c1 --- /dev/null +++ b/2024/CVE-2024-7568.md @@ -0,0 +1,17 @@ +### [CVE-2024-7568](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7568) +![](https://img.shields.io/static/v1?label=Product&message=Favicon%20Generator%20(CLOSED)&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Favicon Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the output_sub_admin_page_0 function. This makes it possible for unauthenticated attackers to delete arbitrary files on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The plugin author deleted the functionality of the plugin to patch this issue and close the plugin, we recommend seeking an alternative to this plugin. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7593.md b/2024/CVE-2024-7593.md new file mode 100644 index 000000000..351e438b8 --- /dev/null +++ b/2024/CVE-2024-7593.md @@ -0,0 +1,18 @@ +### [CVE-2024-7593](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7593) +![](https://img.shields.io/static/v1?label=Product&message=vTM&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-303%20Incorrect%20Implementation%20of%20Authentication%20Algorithm&color=brighgreen) + +### Description + +Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-7656.md b/2024/CVE-2024-7656.md new file mode 100644 index 000000000..c47bcda4e --- /dev/null +++ b/2024/CVE-2024-7656.md @@ -0,0 +1,18 @@ +### [CVE-2024-7656](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7656) +![](https://img.shields.io/static/v1?label=Product&message=Image%20Hotspot%20by%20DevVN&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%201.2.5%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code%20('Code%20Injection')&color=brighgreen) + +### Description + +The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvn_ihotspot_shortcode_func' function. This makes it possible for authenticated attackers, with Author-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-7971.md b/2024/CVE-2024-7971.md index 792f92a91..47c8e802e 100644 --- a/2024/CVE-2024-7971.md +++ b/2024/CVE-2024-7971.md @@ -13,6 +13,7 @@ Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote at No PoCs from references. #### Github +- https://github.com/dan-mba/python-selenium-news - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-8120.md b/2024/CVE-2024-8120.md new file mode 100644 index 000000000..a2927dd0c --- /dev/null +++ b/2024/CVE-2024-8120.md @@ -0,0 +1,17 @@ +### [CVE-2024-8120](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8120) +![](https://img.shields.io/static/v1?label=Product&message=ImageRecycle%20pdf%20%26%20image%20compression&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.1.14%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.14. This is due to missing or incorrect nonce validation on several functions in the class/class-image-otimizer.php file. This makes it possible for unauthenticated attackers to update plugin settings along with performing other actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-8128.md b/2024/CVE-2024-8128.md new file mode 100644 index 000000000..88342a19d --- /dev/null +++ b/2024/CVE-2024-8128.md @@ -0,0 +1,36 @@ +### [CVE-2024-8128](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8128) +![](https://img.shields.io/static/v1?label=Product&message=DNR-202L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNR-322L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNR-326&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-1100-4&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-120&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-1200-05&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-1550-04&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-315L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-320LW&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-321&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-323&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-325&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-326&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-327L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-340L&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-343&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-345&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=DNS-726-4&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2020240814%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen) + +### Description + +** UNSUPPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. This issue affects the function cgi_add_zip of the file /cgi-bin/webfile_mgr.cgi of the component HTTP POST Request Handler. The manipulation of the argument path leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8146.md b/2024/CVE-2024-8146.md new file mode 100644 index 000000000..2689a1baa --- /dev/null +++ b/2024/CVE-2024-8146.md @@ -0,0 +1,17 @@ +### [CVE-2024-8146](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8146) +![](https://img.shields.io/static/v1?label=Product&message=Pharmacy%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-8147.md b/2024/CVE-2024-8147.md new file mode 100644 index 000000000..420ba7d0b --- /dev/null +++ b/2024/CVE-2024-8147.md @@ -0,0 +1,17 @@ +### [CVE-2024-8147](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8147) +![](https://img.shields.io/static/v1?label=Product&message=Pharmacy%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/github.txt b/github.txt index e1f678c9c..0f505ffb1 100644 --- a/github.txt +++ b/github.txt @@ -380,6 +380,8 @@ CVE-2001-0797 - https://github.com/0xdea/exploits CVE-2001-0797 - https://github.com/Kicksecure/security-misc CVE-2001-0797 - https://github.com/Whonix/security-misc CVE-2001-0817 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2001-0817 - https://github.com/bigb0x/OpenSSH-Scanner +CVE-2001-0817 - https://github.com/ryanalieh/openSSH-scanner CVE-2001-0845 - https://github.com/jhswartz/cvrfdb CVE-2001-0931 - https://github.com/ARPSyndicate/cvemon CVE-2001-0931 - https://github.com/CVEDB/PoC-List @@ -430,6 +432,8 @@ CVE-2002-0082 - https://github.com/Nishant-Pall/Kioptrix-exploit CVE-2002-0082 - https://github.com/piyush-saurabh/exploits CVE-2002-0082 - https://github.com/rosonsec/Exploits CVE-2002-0083 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2002-0083 - https://github.com/bigb0x/OpenSSH-Scanner +CVE-2002-0083 - https://github.com/ryanalieh/openSSH-scanner CVE-2002-0200 - https://github.com/ARPSyndicate/cvemon CVE-2002-0200 - https://github.com/CVEDB/PoC-List CVE-2002-0200 - https://github.com/CVEDB/awesome-cve-repo @@ -624,7 +628,9 @@ CVE-2003-0190 - https://github.com/0xdea/exploits CVE-2003-0190 - https://github.com/Live-Hack-CVE/CVE-2003-0190 CVE-2003-0190 - https://github.com/Live-Hack-CVE/CVE-2003-1562 CVE-2003-0190 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2003-0190 - https://github.com/bigb0x/OpenSSH-Scanner CVE-2003-0190 - https://github.com/octane23/CASE-STUDY-1 +CVE-2003-0190 - https://github.com/ryanalieh/openSSH-scanner CVE-2003-0201 - https://github.com/2davic3/Reporte CVE-2003-0201 - https://github.com/ARPSyndicate/cvemon CVE-2003-0201 - https://github.com/AnyMaster/EQGRP @@ -1804,10 +1810,12 @@ CVE-2006-5051 - https://github.com/ThemeHackers/CVE-2024-6387 CVE-2006-5051 - https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix CVE-2006-5051 - https://github.com/azurejoga/CVE-2024-6387-how-to-fix CVE-2006-5051 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2006-5051 - https://github.com/bigb0x/OpenSSH-Scanner CVE-2006-5051 - https://github.com/giterlizzi/secdb-feeds CVE-2006-5051 - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- CVE-2006-5051 - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion CVE-2006-5051 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2006-5051 - https://github.com/ryanalieh/openSSH-scanner CVE-2006-5051 - https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH CVE-2006-5051 - https://github.com/sardine-web/CVE-2024-6387_Check CVE-2006-5156 - https://github.com/trend-anz/Deep-Security-CVE-to-IPS-Mapper @@ -3055,8 +3063,10 @@ CVE-2008-4109 - https://github.com/TAM-K592/CVE-2024-6387 CVE-2008-4109 - https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix CVE-2008-4109 - https://github.com/azurejoga/CVE-2024-6387-how-to-fix CVE-2008-4109 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2008-4109 - https://github.com/bigb0x/OpenSSH-Scanner CVE-2008-4109 - https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- CVE-2008-4109 - https://github.com/kalvin-net/NoLimit-Secu-RegreSSHion +CVE-2008-4109 - https://github.com/ryanalieh/openSSH-scanner CVE-2008-4109 - https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH CVE-2008-4114 - https://github.com/RodrigoVarasLopez/Download-Scanners-from-Nessus-8.7-using-the-API CVE-2008-4163 - https://github.com/ARPSyndicate/cvemon @@ -3239,12 +3249,14 @@ CVE-2008-5161 - https://github.com/VictorSum/13.1 CVE-2008-5161 - https://github.com/Wernigerode23/Uiazvimosty CVE-2008-5161 - https://github.com/Zhivarev/13-01-hw CVE-2008-5161 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2008-5161 - https://github.com/bigb0x/OpenSSH-Scanner CVE-2008-5161 - https://github.com/ekiojp/hanase CVE-2008-5161 - https://github.com/joshgarlandreese/WordPressRedTeam_BlueTeam CVE-2008-5161 - https://github.com/kaio6fellipe/ssh-enum CVE-2008-5161 - https://github.com/mahaoffsec/OpenSSH_4.7p1-Exploit CVE-2008-5161 - https://github.com/pankajjarial-dev/OpenSSH_4.7p1 CVE-2008-5161 - https://github.com/pankajjarial360/OpenSSH_4.7p1 +CVE-2008-5161 - https://github.com/ryanalieh/openSSH-scanner CVE-2008-5161 - https://github.com/saib2018/Wordpress_Red_Blue_Teaming CVE-2008-5161 - https://github.com/scmanjarrez/CVEScannerV2 CVE-2008-5161 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems @@ -8307,7 +8319,9 @@ CVE-2012-0814 - https://github.com/VictorSum/13.1 CVE-2012-0814 - https://github.com/Wernigerode23/Uiazvimosty CVE-2012-0814 - https://github.com/Zhivarev/13-01-hw CVE-2012-0814 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2012-0814 - https://github.com/bigb0x/OpenSSH-Scanner CVE-2012-0814 - https://github.com/kaio6fellipe/ssh-enum +CVE-2012-0814 - https://github.com/ryanalieh/openSSH-scanner CVE-2012-0814 - https://github.com/scmanjarrez/CVEScannerV2 CVE-2012-0814 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems CVE-2012-0814 - https://github.com/syadg123/pigat @@ -8316,6 +8330,8 @@ CVE-2012-0814 - https://github.com/vioas/Vulnerabilities-and-attacks-on-informat CVE-2012-0814 - https://github.com/zzzWTF/db-13-01 CVE-2012-0815 - https://github.com/rcvalle/vulnerabilities CVE-2012-0816 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2012-0816 - https://github.com/bigb0x/OpenSSH-Scanner +CVE-2012-0816 - https://github.com/ryanalieh/openSSH-scanner CVE-2012-0833 - https://github.com/ARPSyndicate/cvemon CVE-2012-0833 - https://github.com/kyrie-z/cve-spider CVE-2012-0838 - https://github.com/0day666/Vulnerability-verification @@ -10910,6 +10926,8 @@ CVE-2013-4547 - https://github.com/shuangjiang/DVWA-Note CVE-2013-4547 - https://github.com/twfb/DVWA-Note CVE-2013-4547 - https://github.com/woods-sega/woodswiki CVE-2013-4548 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2013-4548 - https://github.com/bigb0x/OpenSSH-Scanner +CVE-2013-4548 - https://github.com/ryanalieh/openSSH-scanner CVE-2013-4558 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2013-4576 - https://github.com/revl-ca/scan-docker-image CVE-2013-4625 - https://github.com/ARPSyndicate/kenzer-templates @@ -12761,6 +12779,8 @@ CVE-2014-2524 - https://github.com/HotDB-Community/HotDB-Engine CVE-2014-2524 - https://github.com/andir/nixos-issue-db-example CVE-2014-2532 - https://github.com/averyth3archivist/nmap-network-reconnaissance CVE-2014-2532 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2014-2532 - https://github.com/bigb0x/OpenSSH-Scanner +CVE-2014-2532 - https://github.com/ryanalieh/openSSH-scanner CVE-2014-2532 - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough CVE-2014-2589 - https://github.com/Live-Hack-CVE/CVE-2014-2589 CVE-2014-2623 - https://github.com/ARPSyndicate/cvemon @@ -18468,7 +18488,9 @@ CVE-2015-5589 - https://github.com/tagua-vm/tagua-vm CVE-2015-5600 - https://github.com/Live-Hack-CVE/CVE-2015-5600 CVE-2015-5600 - https://github.com/ahm3dhany/IDS-Evasion CVE-2015-5600 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2015-5600 - https://github.com/bigb0x/OpenSSH-Scanner CVE-2015-5600 - https://github.com/pboonman196/Final_Project_CyberBootcamp +CVE-2015-5600 - https://github.com/ryanalieh/openSSH-scanner CVE-2015-5600 - https://github.com/scmanjarrez/CVEScannerV2 CVE-2015-5600 - https://github.com/sjourdan/clair-lab CVE-2015-5600 - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough @@ -18840,11 +18862,15 @@ CVE-2015-6563 - https://github.com/ARPSyndicate/cvemon CVE-2015-6563 - https://github.com/CyCognito/manual-detection CVE-2015-6563 - https://github.com/Live-Hack-CVE/CVE-2015-6563 CVE-2015-6563 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2015-6563 - https://github.com/bigb0x/OpenSSH-Scanner +CVE-2015-6563 - https://github.com/ryanalieh/openSSH-scanner CVE-2015-6563 - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough CVE-2015-6563 - https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough CVE-2015-6564 - https://github.com/CyCognito/manual-detection CVE-2015-6564 - https://github.com/Live-Hack-CVE/CVE-2015-6564 CVE-2015-6564 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2015-6564 - https://github.com/bigb0x/OpenSSH-Scanner +CVE-2015-6564 - https://github.com/ryanalieh/openSSH-scanner CVE-2015-6564 - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough CVE-2015-6564 - https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough CVE-2015-6565 - https://github.com/ARPSyndicate/cvemon @@ -20956,6 +20982,7 @@ CVE-2016-0777 - https://github.com/RedHatSatellite/satellite-host-cve CVE-2016-0777 - https://github.com/WinstonN/fabric2 CVE-2016-0777 - https://github.com/akshayprasad/Linux_command_crash_course CVE-2016-0777 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2016-0777 - https://github.com/bigb0x/OpenSSH-Scanner CVE-2016-0777 - https://github.com/chuongvuvan/awesome-ssh CVE-2016-0777 - https://github.com/cpcloudnl/ssh-config CVE-2016-0777 - https://github.com/dblume/dotfiles @@ -20970,6 +20997,7 @@ CVE-2016-0777 - https://github.com/marcospedreiro/sshtron CVE-2016-0777 - https://github.com/moul/awesome-ssh CVE-2016-0777 - https://github.com/phx/cvescan CVE-2016-0777 - https://github.com/project7io/nmap +CVE-2016-0777 - https://github.com/ryanalieh/openSSH-scanner CVE-2016-0777 - https://github.com/threepistons/puppet-module-ssh CVE-2016-0777 - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough CVE-2016-0777 - https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough @@ -21699,12 +21727,14 @@ CVE-2016-1000352 - https://github.com/pctF/vulnerable-app CVE-2016-10005 - https://github.com/ARPSyndicate/cvemon CVE-2016-10006 - https://github.com/ARPSyndicate/cvemon CVE-2016-10009 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2016-10009 - https://github.com/bigb0x/OpenSSH-Scanner CVE-2016-10009 - https://github.com/bioly230/THM_Skynet CVE-2016-10009 - https://github.com/biswajitde/dsm_ips CVE-2016-10009 - https://github.com/gabrieljcs/ips-assessment-reports CVE-2016-10009 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2016-10009 - https://github.com/phx/cvescan CVE-2016-10009 - https://github.com/retr0-13/cveScannerV2 +CVE-2016-10009 - https://github.com/ryanalieh/openSSH-scanner CVE-2016-10009 - https://github.com/scmanjarrez/CVEScannerV2 CVE-2016-10009 - https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough CVE-2016-10010 - https://github.com/ARPSyndicate/cvemon @@ -21718,9 +21748,11 @@ CVE-2016-10011 - https://github.com/phx/cvescan CVE-2016-10011 - https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough CVE-2016-10012 - https://github.com/ARPSyndicate/cvemon CVE-2016-10012 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2016-10012 - https://github.com/bigb0x/OpenSSH-Scanner CVE-2016-10012 - https://github.com/bioly230/THM_Skynet CVE-2016-10012 - https://github.com/phx/cvescan CVE-2016-10012 - https://github.com/retr0-13/cveScannerV2 +CVE-2016-10012 - https://github.com/ryanalieh/openSSH-scanner CVE-2016-10012 - https://github.com/scmanjarrez/CVEScannerV2 CVE-2016-10012 - https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough CVE-2016-1002 - https://github.com/Live-Hack-CVE/CVE-2016-0960 @@ -24179,11 +24211,13 @@ CVE-2016-3113 - https://github.com/N0b1e6/CVE-2016-4977-POC CVE-2016-3115 - https://github.com/ARPSyndicate/cvemon CVE-2016-3115 - https://github.com/RedHatSatellite/satellite-host-cve CVE-2016-3115 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2016-3115 - https://github.com/bigb0x/OpenSSH-Scanner CVE-2016-3115 - https://github.com/bioly230/THM_Skynet CVE-2016-3115 - https://github.com/biswajitde/dsm_ips CVE-2016-3115 - https://github.com/gabrieljcs/ips-assessment-reports CVE-2016-3115 - https://github.com/kaio6fellipe/ssh-enum CVE-2016-3115 - https://github.com/phx/cvescan +CVE-2016-3115 - https://github.com/ryanalieh/openSSH-scanner CVE-2016-3115 - https://github.com/scmanjarrez/CVEScannerV2 CVE-2016-3115 - https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough CVE-2016-3116 - https://github.com/ARPSyndicate/cvemon @@ -27487,6 +27521,7 @@ CVE-2016-6210 - https://github.com/ARPSyndicate/cvemon CVE-2016-6210 - https://github.com/ARPSyndicate/kenzer-templates CVE-2016-6210 - https://github.com/Live-Hack-CVE/CVE-2016-6210 CVE-2016-6210 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2016-6210 - https://github.com/bigb0x/OpenSSH-Scanner CVE-2016-6210 - https://github.com/bioly230/THM_Skynet CVE-2016-6210 - https://github.com/cocomelonc/vulnexipy CVE-2016-6210 - https://github.com/eric-conrad/enumer8 @@ -27495,6 +27530,7 @@ CVE-2016-6210 - https://github.com/justlce/CVE-2016-6210-Exploit CVE-2016-6210 - https://github.com/lnick2023/nicenice CVE-2016-6210 - https://github.com/phx/cvescan CVE-2016-6210 - https://github.com/qazbnm456/awesome-cve-poc +CVE-2016-6210 - https://github.com/ryanalieh/openSSH-scanner CVE-2016-6210 - https://github.com/samh4cks/CVE-2016-6210-OpenSSH-User-Enumeration CVE-2016-6210 - https://github.com/sash3939/IS_Vulnerabilities_attacks CVE-2016-6210 - https://github.com/scmanjarrez/CVEScannerV2 @@ -48577,6 +48613,7 @@ CVE-2018-15473 - https://github.com/angry-bender/SUOPE CVE-2018-15473 - https://github.com/ba56789/WebMap CVE-2018-15473 - https://github.com/bakery312/Vulhub-Reproduce CVE-2018-15473 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2018-15473 - https://github.com/bigb0x/OpenSSH-Scanner CVE-2018-15473 - https://github.com/bioly230/THM_Skynet CVE-2018-15473 - https://github.com/coollce/CVE-2018-15473_burte CVE-2018-15473 - https://github.com/cved-sources/cve-2018-15473 @@ -48614,6 +48651,7 @@ CVE-2018-15473 - https://github.com/provnavigator/prov_navigator CVE-2018-15473 - https://github.com/pyperanger/CVE-2018-15473_exploit CVE-2018-15473 - https://github.com/qazbnm456/awesome-cve-poc CVE-2018-15473 - https://github.com/r3dxpl0it/CVE-2018-15473 +CVE-2018-15473 - https://github.com/ryanalieh/openSSH-scanner CVE-2018-15473 - https://github.com/sa7mon/vulnchest CVE-2018-15473 - https://github.com/saifmbarki/wMapp CVE-2018-15473 - https://github.com/scmanjarrez/CVEScannerV2 @@ -62662,6 +62700,8 @@ CVE-2019-11358 - https://github.com/Sanjay191110/sanjaycenterstage CVE-2019-11358 - https://github.com/Sarvesh-Somasundaram/5795UltimateGoal CVE-2019-11358 - https://github.com/Satgoy152/FreightFrenzy CVE-2019-11358 - https://github.com/ScarlettRobotics/FTC-2021 +CVE-2019-11358 - https://github.com/ScarlettRobotics/FTC20718-2023-24 +CVE-2019-11358 - https://github.com/ScarlettRobotics/FTC22531-2023-24 CVE-2019-11358 - https://github.com/Scarsdale-Robotics/2021-2022-Freight-Frenzy CVE-2019-11358 - https://github.com/Scarsdale-Robotics/OpenCV-Tutorial CVE-2019-11358 - https://github.com/SchillingW/FTC_2022-2023_8.1.1-master @@ -73944,6 +73984,7 @@ CVE-2019-6111 - https://github.com/KorayAgaya/TrivyWeb CVE-2019-6111 - https://github.com/Mohzeela/external-secret CVE-2019-6111 - https://github.com/TommasoBilotta/public CVE-2019-6111 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2019-6111 - https://github.com/bigb0x/OpenSSH-Scanner CVE-2019-6111 - https://github.com/bioly230/THM_Skynet CVE-2019-6111 - https://github.com/developer3000S/PoC-in-GitHub CVE-2019-6111 - https://github.com/firatesatoglu/iot-searchengine @@ -73952,6 +73993,7 @@ CVE-2019-6111 - https://github.com/h4xrOx/Direct-Admin-Vulnerability-Disclosure CVE-2019-6111 - https://github.com/hectorgie/PoC-in-GitHub CVE-2019-6111 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2019-6111 - https://github.com/retr0-13/cveScannerV2 +CVE-2019-6111 - https://github.com/ryanalieh/openSSH-scanner CVE-2019-6111 - https://github.com/scmanjarrez/CVEScannerV2 CVE-2019-6111 - https://github.com/siddharthraopotukuchi/trivy CVE-2019-6111 - https://github.com/simiyo/trivy @@ -136252,6 +136294,7 @@ CVE-2022-32751 - https://github.com/NaInSec/CVE-LIST CVE-2022-32753 - https://github.com/NaInSec/CVE-LIST CVE-2022-32754 - https://github.com/NaInSec/CVE-LIST CVE-2022-32756 - https://github.com/NaInSec/CVE-LIST +CVE-2022-32759 - https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc CVE-2022-32770 - https://github.com/ARPSyndicate/cvemon CVE-2022-32770 - https://github.com/ARPSyndicate/kenzer-templates CVE-2022-32771 - https://github.com/ARPSyndicate/cvemon @@ -143507,6 +143550,7 @@ CVE-2023-0914 - https://github.com/ARPSyndicate/cvemon CVE-2023-0914 - https://github.com/bAuh0lz/Vulnerabilities CVE-2023-0915 - https://github.com/ARPSyndicate/cvemon CVE-2023-0923 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-0926 - https://github.com/20142995/nuclei-templates CVE-2023-0927 - https://github.com/ARPSyndicate/cvemon CVE-2023-0928 - https://github.com/ARPSyndicate/cvemon CVE-2023-0930 - https://github.com/ARPSyndicate/cvemon @@ -151114,6 +151158,7 @@ CVE-2023-3824 - https://github.com/NewLockBit/CVE-2023-3824-PHP-to-RCE-National- CVE-2023-3824 - https://github.com/NewLockBit/Research-of-CVE-2023-3824-NCA-Lockbit CVE-2023-3824 - https://github.com/Nfttkcauzy/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK CVE-2023-3824 - https://github.com/Nuki2u/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK +CVE-2023-3824 - https://github.com/Starla2u/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK CVE-2023-3824 - https://github.com/StayBeautiful-collab/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK CVE-2023-3824 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-3824 - https://github.com/jhonnybonny/CVE-2023-3824 @@ -155157,6 +155202,7 @@ CVE-2023-49262 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-49285 - https://github.com/MegaManSec/Squid-Security-Audit CVE-2023-49286 - https://github.com/MegaManSec/Squid-Security-Audit CVE-2023-49287 - https://github.com/0xdea/advisories +CVE-2023-49287 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-49287 - https://github.com/ShangzhiXu/CSABlindSpot CVE-2023-49287 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-49287 - https://github.com/hnsecurity/vulns @@ -155983,6 +156029,7 @@ CVE-2023-51766 - https://github.com/hannob/smtpsmug CVE-2023-51767 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-51770 - https://github.com/Snakinya/Snakinya CVE-2023-51770 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2023-51771 - https://github.com/DiRaltvein/memory-corruption-examples CVE-2023-51771 - https://github.com/Halcy0nic/Trophies CVE-2023-51771 - https://github.com/skinnyrad/Trophies CVE-2023-51775 - https://github.com/ytono/gcp-arcade @@ -156922,12 +156969,14 @@ CVE-2023-6890 - https://github.com/ahmedvienna/CVEs-and-Vulnerabilities CVE-2023-6890 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-6893 - https://github.com/Marco-zcl/POC CVE-2023-6893 - https://github.com/d4n-sec/d4n-sec.github.io +CVE-2023-6893 - https://github.com/mewhz/poc CVE-2023-6893 - https://github.com/wjlin0/poc-doc CVE-2023-6893 - https://github.com/wy876/POC CVE-2023-6893 - https://github.com/xingchennb/POC- CVE-2023-6895 - https://github.com/FuBoLuSec/CVE-2023-6895 CVE-2023-6895 - https://github.com/Marco-zcl/POC CVE-2023-6895 - https://github.com/d4n-sec/d4n-sec.github.io +CVE-2023-6895 - https://github.com/mewhz/poc CVE-2023-6895 - https://github.com/nles-crt/CVE-2023-6895 CVE-2023-6895 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2023-6895 - https://github.com/tanjiti/sec_profile @@ -156963,6 +157012,7 @@ CVE-2023-6981 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-6982 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-6985 - https://github.com/RandomRobbieBF/CVE-2023-6985 CVE-2023-6985 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2023-6987 - https://github.com/20142995/nuclei-templates CVE-2023-6989 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-6996 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2023-7003 - https://github.com/NaInSec/CVE-LIST @@ -164341,6 +164391,7 @@ CVE-2024-22532 - https://github.com/pwndorei/CVE-2024-22532 CVE-2024-22533 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22534 - https://github.com/austino2000/CVE-2024-22534 CVE-2024-22534 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-2254 - https://github.com/20142995/nuclei-templates CVE-2024-22543 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22544 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-22547 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -165391,6 +165442,7 @@ CVE-2024-24803 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-24804 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-24806 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-24808 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-24809 - https://github.com/20142995/nuclei-templates CVE-2024-24810 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-24813 - https://github.com/NaInSec/CVE-LIST CVE-2024-24814 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -167660,6 +167712,7 @@ CVE-2024-2876 - https://github.com/c0d3zilla/CVE-2024-2876 CVE-2024-2876 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-28764 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-2877 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-28772 - https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc CVE-2024-2879 - https://github.com/JohnNetSouldRU/CVE-2024-2879-POC CVE-2024-2879 - https://github.com/Ostorlab/KEV CVE-2024-2879 - https://github.com/RansomGroupCVE/CVE-2024-22328-POC @@ -167715,6 +167768,7 @@ CVE-2024-28865 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28868 - https://github.com/NaInSec/CVE-LIST CVE-2024-2887 - https://github.com/TrojanAZhen/Self_Back CVE-2024-2887 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-2887 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-28871 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28878 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-28880 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -168831,6 +168885,7 @@ CVE-2024-3094 - https://github.com/hazemkya/CVE-2024-3094-checker CVE-2024-3094 - https://github.com/hoanbi1812000/hoanbi1812000 CVE-2024-3094 - https://github.com/iakat/stars CVE-2024-3094 - https://github.com/iheb2b/CVE-2024-3094-Checker +CVE-2024-3094 - https://github.com/initMAX/Zabbix-Templates CVE-2024-3094 - https://github.com/initMAX/zabbix-templates CVE-2024-3094 - https://github.com/isuruwa/CVE-2024-3094 CVE-2024-3094 - https://github.com/jafshare/GithubTrending @@ -169280,6 +169335,7 @@ CVE-2024-3217 - https://github.com/BassamAssiri/CVE-2024-3217-POC CVE-2024-3217 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-3219 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32205 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-32231 - https://github.com/20142995/nuclei-templates CVE-2024-32236 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-32238 - https://github.com/FuBoLuSec/CVE-2024-32238 CVE-2024-32238 - https://github.com/nomi-sec/PoC-in-GitHub @@ -170243,6 +170299,7 @@ CVE-2024-36522 - https://github.com/enomothem/PenTestNote CVE-2024-36527 - https://github.com/bigb0x/CVE-2024-36527 CVE-2024-36527 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-36539 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-36542 - https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc CVE-2024-36586 - https://github.com/go-compile/security-advisories CVE-2024-36587 - https://github.com/go-compile/security-advisories CVE-2024-36588 - https://github.com/go-compile/security-advisories @@ -170457,6 +170514,7 @@ CVE-2024-38189 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-38189 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-38202 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-38206 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-38213 - https://github.com/giterlizzi/secdb-feeds CVE-2024-3822 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3823 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-3824 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -170955,6 +171013,8 @@ CVE-2024-40789 - https://github.com/leesh3288/leesh3288 CVE-2024-4083 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4085 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4086 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-40872 - https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc +CVE-2024-40873 - https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc CVE-2024-40892 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40898 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-40898 - https://github.com/tanjiti/sec_profile @@ -171060,9 +171120,12 @@ CVE-2024-4172 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41723 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41727 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41774 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-41800 - https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc +CVE-2024-41801 - https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc CVE-2024-41802 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41803 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41804 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-41806 - https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc CVE-2024-41806 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-41816 - https://github.com/20142995/nuclei-templates CVE-2024-41819 - https://github.com/alessio-romano/Sfoffo-Pentesting-Notes @@ -171175,6 +171238,7 @@ CVE-2024-42321 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42322 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4233 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4234 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-42340 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4235 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42354 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42355 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -171242,6 +171306,7 @@ CVE-2024-42766 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42784 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42785 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-42834 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-42845 - https://github.com/alessio-romano/alessio-romano CVE-2024-42845 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-42849 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-42850 - https://github.com/nomi-sec/PoC-in-GitHub @@ -171265,6 +171330,7 @@ CVE-2024-43044 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43044 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-43044 - https://github.com/tanjiti/sec_profile CVE-2024-43045 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-43105 - https://github.com/c0rydoras/cves CVE-2024-43105 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43111 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-43116 - https://github.com/20142995/nuclei-templates @@ -171584,6 +171650,7 @@ CVE-2024-4393 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4405 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4406 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-44073 - https://github.com/brunoerg/bitcoinfuzz +CVE-2024-44083 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-4418 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4433 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4439 - https://github.com/MielPopsssssss/CVE-2024-4439 @@ -171634,6 +171701,7 @@ CVE-2024-4521 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4522 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4523 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4524 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-45242 - https://github.com/actuator/cve CVE-2024-4525 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4526 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-4527 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172087,6 +172155,7 @@ CVE-2024-6028 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6043 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6050 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6070 - https://github.com/20142995/nuclei-templates +CVE-2024-6095 - https://github.com/20142995/nuclei-templates CVE-2024-6095 - https://github.com/sev-hack/sev-hack CVE-2024-6098 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6100 - https://github.com/leesh3288/leesh3288 @@ -172158,6 +172227,7 @@ CVE-2024-6387 - https://github.com/almogopp/OpenSSH-CVE-2024-6387-Fix CVE-2024-6387 - https://github.com/azurejoga/CVE-2024-6387-how-to-fix CVE-2024-6387 - https://github.com/beac0n/ruroco CVE-2024-6387 - https://github.com/bigb0x/CVE-2024-6387 +CVE-2024-6387 - https://github.com/bigb0x/OpenSSH-Scanner CVE-2024-6387 - https://github.com/cybereagle2001/KQL-Security-Querries CVE-2024-6387 - https://github.com/enomothem/PenTestNote CVE-2024-6387 - https://github.com/giterlizzi/secdb-feeds @@ -172167,6 +172237,7 @@ CVE-2024-6387 - https://github.com/lukibahr/stars CVE-2024-6387 - https://github.com/maycon/stars CVE-2024-6387 - https://github.com/nomi-sec/PoC-in-GitHub CVE-2024-6387 - https://github.com/rxerium/stars +CVE-2024-6387 - https://github.com/ryanalieh/openSSH-scanner CVE-2024-6387 - https://github.com/s1d6point7bugcrowd/CVE-2024-6387-Race-Condition-in-Signal-Handling-for-OpenSSH CVE-2024-6387 - https://github.com/sardine-web/CVE-2024-6387_Check CVE-2024-6387 - https://github.com/tanjiti/sec_profile @@ -172176,6 +172247,8 @@ CVE-2024-6390 - https://github.com/20142995/nuclei-templates CVE-2024-6390 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6392 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6409 - https://github.com/EGI-Federation/SVG-advisories +CVE-2024-6409 - https://github.com/bigb0x/OpenSSH-Scanner +CVE-2024-6409 - https://github.com/ryanalieh/openSSH-scanner CVE-2024-6412 - https://github.com/20142995/nuclei-templates CVE-2024-6420 - https://github.com/20142995/nuclei-templates CVE-2024-6462 - https://github.com/20142995/nuclei-templates @@ -172184,10 +172257,12 @@ CVE-2024-6477 - https://github.com/20142995/nuclei-templates CVE-2024-6481 - https://github.com/20142995/nuclei-templates CVE-2024-6481 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6484 - https://github.com/pj-arts/bootstrap-4-eol-fixes +CVE-2024-6493 - https://github.com/20142995/nuclei-templates CVE-2024-6494 - https://github.com/20142995/nuclei-templates CVE-2024-6494 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6496 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6498 - https://github.com/20142995/nuclei-templates +CVE-2024-6499 - https://github.com/20142995/nuclei-templates CVE-2024-6500 - https://github.com/20142995/nuclei-templates CVE-2024-6518 - https://github.com/fluentform/fluentform CVE-2024-6520 - https://github.com/fluentform/fluentform @@ -172210,15 +172285,19 @@ CVE-2024-6568 - https://github.com/20142995/nuclei-templates CVE-2024-6571 - https://github.com/20142995/nuclei-templates CVE-2024-6575 - https://github.com/20142995/nuclei-templates CVE-2024-6589 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6617 - https://github.com/20142995/nuclei-templates CVE-2024-6629 - https://github.com/20142995/nuclei-templates +CVE-2024-6631 - https://github.com/20142995/nuclei-templates CVE-2024-6639 - https://github.com/20142995/nuclei-templates CVE-2024-6639 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6646 - https://github.com/wy876/POC CVE-2024-6646 - https://github.com/wy876/wiki CVE-2024-6651 - https://github.com/20142995/nuclei-templates CVE-2024-6651 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-6665 - https://github.com/20142995/nuclei-templates CVE-2024-6666 - https://github.com/JohnnyBradvo/CVE-2024-6666 CVE-2024-6666 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-6667 - https://github.com/20142995/nuclei-templates CVE-2024-6691 - https://github.com/20142995/nuclei-templates CVE-2024-6692 - https://github.com/20142995/nuclei-templates CVE-2024-6695 - https://github.com/20142995/nuclei-templates @@ -172306,6 +172385,7 @@ CVE-2024-6972 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-6975 - https://github.com/chnzzh/OpenSSL-CVE-lib CVE-2024-6987 - https://github.com/20142995/nuclei-templates CVE-2024-6990 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7007 - https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc CVE-2024-7008 - https://github.com/20142995/nuclei-templates CVE-2024-7027 - https://github.com/20142995/nuclei-templates CVE-2024-7030 - https://github.com/20142995/nuclei-templates @@ -172327,6 +172407,7 @@ CVE-2024-7092 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7094 - https://github.com/20142995/nuclei-templates CVE-2024-7094 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7094 - https://github.com/nomi-sec/PoC-in-GitHub +CVE-2024-7101 - https://github.com/ericyoc/prob_vuln_assess_space_iot_sys_poc CVE-2024-7120 - https://github.com/Ostorlab/KEV CVE-2024-7120 - https://github.com/komodoooo/Some-things CVE-2024-7127 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172406,6 +172487,7 @@ CVE-2024-7340 - https://github.com/20142995/nuclei-templates CVE-2024-7347 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7348 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7350 - https://github.com/20142995/nuclei-templates +CVE-2024-7351 - https://github.com/20142995/nuclei-templates CVE-2024-7351 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7353 - https://github.com/20142995/nuclei-templates CVE-2024-7353 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172501,6 +172583,7 @@ CVE-2024-7556 - https://github.com/20142995/nuclei-templates CVE-2024-7559 - https://github.com/20142995/nuclei-templates CVE-2024-7560 - https://github.com/20142995/nuclei-templates CVE-2024-7561 - https://github.com/20142995/nuclei-templates +CVE-2024-7568 - https://github.com/20142995/nuclei-templates CVE-2024-7574 - https://github.com/20142995/nuclei-templates CVE-2024-7578 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7579 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172514,6 +172597,7 @@ CVE-2024-7589 - https://github.com/tanjiti/sec_profile CVE-2024-7590 - https://github.com/20142995/nuclei-templates CVE-2024-7590 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7592 - https://github.com/ch4n3-yoon/ch4n3-yoon +CVE-2024-7593 - https://github.com/20142995/nuclei-templates CVE-2024-7610 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7621 - https://github.com/20142995/nuclei-templates CVE-2024-7624 - https://github.com/20142995/nuclei-templates @@ -172525,6 +172609,7 @@ CVE-2024-7647 - https://github.com/20142995/nuclei-templates CVE-2024-7648 - https://github.com/20142995/nuclei-templates CVE-2024-7649 - https://github.com/20142995/nuclei-templates CVE-2024-7651 - https://github.com/20142995/nuclei-templates +CVE-2024-7656 - https://github.com/20142995/nuclei-templates CVE-2024-7656 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7689 - https://github.com/20142995/nuclei-templates CVE-2024-7690 - https://github.com/20142995/nuclei-templates @@ -172584,6 +172669,7 @@ CVE-2024-7966 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7967 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7968 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7969 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-7971 - https://github.com/dan-mba/python-selenium-news CVE-2024-7971 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7971 - https://github.com/tanjiti/sec_profile CVE-2024-7972 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172597,6 +172683,7 @@ CVE-2024-7979 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7980 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7981 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-7986 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8011 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8033 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8034 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8035 - https://github.com/fkie-cad/nvd-json-data-feeds @@ -172604,7 +172691,10 @@ CVE-2024-8071 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8072 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8112 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-8113 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8120 - https://github.com/20142995/nuclei-templates CVE-2024-8128 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8146 - https://github.com/fkie-cad/nvd-json-data-feeds +CVE-2024-8147 - https://github.com/fkie-cad/nvd-json-data-feeds CVE-2024-87654 - https://github.com/runwuf/clickhouse-test CVE-2024-98765 - https://github.com/runwuf/clickhouse-test CVE-2024-99999 - https://github.com/kolewttd/wtt diff --git a/references.txt b/references.txt index e867e7b20..7c9fa4360 100644 --- a/references.txt +++ b/references.txt @@ -17656,6 +17656,7 @@ CVE-2010-1369 - http://www.exploit-db.com/exploits/11589 CVE-2010-1370 - http://packetstormsecurity.org/0812-exploits/preclass-sqlxss.txt CVE-2010-1371 - http://packetstormsecurity.org/0812-exploits/preclass-sqlxss.txt CVE-2010-1372 - http://packetstormsecurity.org/1002-exploits/joomlahdflvplayer-sql.txt +CVE-2010-1387 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7061 CVE-2010-1422 - https://bugzilla.mozilla.org/show_bug.cgi?id=552255 CVE-2010-1429 - https://www.exploit-db.com/exploits/44009/ CVE-2010-1431 - http://seclists.org/fulldisclosure/2010/Apr/272 @@ -92103,6 +92104,7 @@ CVE-2023-3179 - https://wpscan.com/vulnerability/542caa40-b199-4397-90bb-4fdb693 CVE-2023-3182 - https://wpscan.com/vulnerability/655a68ee-9447-41ca-899e-986a419fb7ed CVE-2023-3184 - http://packetstormsecurity.com/files/172908/Sales-Tracker-Management-System-1.0-HTML-Injection.html CVE-2023-3184 - https://github.com/ctflearner/Vulnerability/blob/main/Sales_Tracker_Management_System/stms.md +CVE-2023-3184 - https://vuldb.com/?id.231164 CVE-2023-31851 - https://github.com/CalfCrusher/CVE-2023-31851 CVE-2023-31852 - https://github.com/CalfCrusher/CVE-2023-31852 CVE-2023-31853 - https://github.com/CalfCrusher/CVE-2023-31853 @@ -92114,6 +92116,7 @@ CVE-2023-31871 - https://gist.github.com/picar0jsu/a8e623639da34f36202ce5e436668 CVE-2023-31873 - http://packetstormsecurity.com/files/172530/Gin-Markdown-Editor-0.7.4-Arbitrary-Code-Execution.html CVE-2023-31874 - http://packetstormsecurity.com/files/172535/Yank-Note-3.52.1-Arbitrary-Code-Execution.html CVE-2023-3188 - https://huntr.dev/bounties/0d0d526a-1c39-4e6a-b081-d3914468e495 +CVE-2023-3189 - https://vuldb.com/?id.231501 CVE-2023-31893 - https://medium.com/@shooterRX/dns-recursion-leads-to-dos-attack-vivo-play-iptv-cve-2023-31893-b5ac45f38f CVE-2023-3190 - https://huntr.dev/bounties/5562c4c4-0475-448f-a451-7c4666bc7180 CVE-2023-31902 - https://www.exploit-db.com/exploits/51010 @@ -92458,6 +92461,7 @@ CVE-2023-33817 - https://github.com/leekenghwa/CVE-2023-33817---SQL-Injection-fo CVE-2023-33829 - http://packetstormsecurity.com/files/172588/SCM-Manager-1.60-Cross-Site-Scripting.html CVE-2023-33829 - https://bitbucket.org/sdorra/docker-scm-manager/src/master/ CVE-2023-33829 - https://github.com/n3gox/Stored-XSS-on-SCM-Manager-1.60 +CVE-2023-3383 - https://vuldb.com/?id.232239 CVE-2023-33849 - https://www.ibm.com/support/pages/node/7001687 CVE-2023-3385 - https://gitlab.com/gitlab-org/gitlab/-/issues/416161 CVE-2023-33863 - http://packetstormsecurity.com/files/172804/RenderDoc-1.26-Local-Privilege-Escalation-Remote-Code-Execution.html @@ -92584,6 +92588,7 @@ CVE-2023-34457 - https://github.com/MechanicalSoup/MechanicalSoup/security/advis CVE-2023-34467 - https://jira.xwiki.org/browse/XWIKI-20333 CVE-2023-34468 - http://packetstormsecurity.com/files/174398/Apache-NiFi-H2-Connection-String-Remote-Code-Execution.html CVE-2023-34488 - https://github.com/emqx/nanomq/issues/1181 +CVE-2023-3449 - https://vuldb.com/?id.232546 CVE-2023-34494 - https://github.com/emqx/nanomq/issues/1180 CVE-2023-34553 - https://ashallen.net/wireless-smart-lock-vulnerability-disclosure CVE-2023-34561 - https://www.youtube.com/watch?v=DMxucOWfLPc @@ -93267,6 +93272,7 @@ CVE-2023-38507 - https://github.com/strapi/strapi/security/advisories/GHSA-24q2- CVE-2023-3853 - https://vuldb.com/?id.235205 CVE-2023-38543 - https://northwave-cybersecurity.com/vulnerability-notice/denial-of-service-in-ivanti-secure-access-client-driver CVE-2023-38573 - https://talosintelligence.com/vulnerability_reports/TALOS-2023-1839 +CVE-2023-3859 - https://vuldb.com/?id.235211 CVE-2023-38617 - https://packetstormsecurity.com/files/173143/Office-Suite-Premium-10.9.1.42602-Cross-Site-Scripting.html CVE-2023-38633 - http://seclists.org/fulldisclosure/2023/Jul/43 CVE-2023-38633 - https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/