Update CVE sources 2024-06-07 04:52

2000/CVE-2000-0114.md

@@ -16,6 +16,7 @@ No PoCs from references.
 - https://github.com/0xPugal/One-Liners
 - https://github.com/0xPugazh/One-Liners
 - https://github.com/ARPSyndicate/kenzer-templates
+- https://github.com/Cappricio-Securities/CVE-2000-0114
 - https://github.com/Live-Hack-CVE/CVE-2000-0114
 - https://github.com/POORVAJA-195/Nuclei-Analysis-main
 - https://github.com/bhavesh-pardhi/One-Liner

2006/CVE-2006-4469.md

@@ -13,5 +13,6 @@ Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote att
 No PoCs from references.
 
 #### Github
+- https://github.com/muchdogesec/cve2stix
 - https://github.com/p1ay8y3ar/cve_monitor
 

2007/CVE-2007-5464.md

@@ -11,6 +11,7 @@ Stack-based buffer overflow in Live for Speed 0.5X10 and earlier allows remote a
 
 #### Reference
 - http://aluigi.altervista.org/adv/lfscbof-adv.txt
+- http://securityreason.com/securityalert/3234
 
 #### Github
 No PoCs found on GitHub currently.

2007/CVE-2007-5686.md

@@ -24,5 +24,6 @@ No PoCs from references.
 - https://github.com/jasona7/ChatCVE
 - https://github.com/joelckwong/anchore
 - https://github.com/mauraneh/WIK-DPS-TP02
+- https://github.com/testing-felickz/docker-scout-demo
 - https://github.com/valancej/anchore-five-minutes
 

2008/CVE-2008-0166.md

@@ -32,7 +32,10 @@ OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating system
 - https://github.com/badkeys/debianopenssl
 - https://github.com/brimstone/stars
 - https://github.com/chnzzh/OpenSSL-CVE-lib
+- https://github.com/demining/Chinese-version-of-Bitcoin-blockchain-cryptanalysis
 - https://github.com/demining/CryptoDeepTools
+- https://github.com/demining/Japanese-version-of-Bitcoin-blockchain-cryptanalysis
+- https://github.com/demining/Korean-version-of-Bitcoin-blockchain-cryptanalysis
 - https://github.com/demining/Vulnerable-to-Debian-OpenSSL-bug-CVE-2008-0166
 - https://github.com/g0tmi1k/debian-ssh
 - https://github.com/google/paranoid_crypto

2008/CVE-2008-0176.md

@@ -0,0 +1,17 @@
+### [CVE-2008-0176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0176)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/Angelina612/CVSS-Severity-Predictor
+

2008/CVE-2008-0590.md

@@ -10,6 +10,7 @@ Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authent
 ### POC
 
 #### Reference
+- http://securityreason.com/securityalert/3609
 - https://www.exploit-db.com/exploits/5044
 
 #### Github

2008/CVE-2008-4250.md

@@ -50,6 +50,7 @@ The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP
 - https://github.com/nanotechz9l/cvesearch
 - https://github.com/nitishbadole/oscp-note-2
 - https://github.com/notsag-dev/htb-legacy
+- https://github.com/pxcs/CVE-29343-Sysmon-list
 - https://github.com/rmsbpro/rmsbpro
 - https://github.com/shashihacks/OSCP
 - https://github.com/shashihacks/OSWE

2009/CVE-2009-2629.md

@@ -13,6 +13,7 @@ Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6
 No PoCs from references.
 
 #### Github
+- https://github.com/alisaesage/Disclosures
 - https://github.com/andrebro242/https-github.com-andrebro242-13-01.md
 - https://github.com/badd1e/Disclosures
 - https://github.com/secure-rewind-and-discard/sdrad_utils

2009/CVE-2009-3555.md

@@ -48,6 +48,7 @@ The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Micr
 - https://github.com/kasem545/vulnsearch
 - https://github.com/matoweb/Enumeration-Script
 - https://github.com/palmerabollo/egov
+- https://github.com/pyllyukko/user.js
 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems
 - https://github.com/withdk/pulse-secure-vpn-mitm-research
 - https://github.com/zzzWTF/db-13-01

2010/CVE-2010-3124.md

@@ -14,4 +14,5 @@ No PoCs from references.
 
 #### Github
 - https://github.com/CVEDB/awesome-cve-repo
+- https://github.com/KOBUKOVUI/DLL_Injection_On_VLC
 

2010/CVE-2010-4597.md

@@ -13,5 +13,5 @@ Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX
 - http://www.exploit-db.com/exploits/15767
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/Angelina612/CVSS-Severity-Predictor
 

2011/CVE-2011-1562.md

@@ -0,0 +1,17 @@
+### [CVE-2011-1562](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1562)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/Angelina612/CVSS-Severity-Predictor
+

2011/CVE-2011-1563.md

@@ -20,5 +20,5 @@ Multiple stack-based buffer overflows in the HMI application in DATAC RealFlex R
 - http://www.exploit-db.com/exploits/17025
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/Angelina612/CVSS-Severity-Predictor
 

2011/CVE-2011-3374.md

@@ -42,5 +42,6 @@ No PoCs from references.
 - https://github.com/simiyo/trivy
 - https://github.com/snyk-labs/helm-snyk
 - https://github.com/t31m0/Vulnerability-Scanner-for-Containers
+- https://github.com/testing-felickz/docker-scout-demo
 - https://github.com/umahari/security
 

2012/CVE-2012-1823.md

@@ -24,6 +24,7 @@ No PoCs from references.
 - https://github.com/CVEDB/PoC-List
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/CyberSavvy/python-pySecurity
+- https://github.com/Fatalitysec/CVE-2012-1823
 - https://github.com/J-16/Pentester-Bootcamp
 - https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups
 - https://github.com/MrScytheLULZ/covid

2012/CVE-2012-2611.md

@@ -13,5 +13,6 @@ The DiagTraceR3Info function in the Dialog processor in disp+work.exe 7010.29.15
 - http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities
 
 #### Github
+- https://github.com/Jean-Francois-C/SAP-Security-Audit
 - https://github.com/martingalloar/martingalloar
 

2013/CVE-2013-0007.md

@@ -13,6 +13,7 @@ Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly pars
 No PoCs from references.
 
 #### Github
+- https://github.com/alisaesage/Disclosures
 - https://github.com/alphaSeclab/sec-daily-2019
 - https://github.com/badd1e/Disclosures
 

2013/CVE-2013-1445.md

@@ -13,5 +13,6 @@ The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly res
 No PoCs from references.
 
 #### Github
+- https://github.com/isidroas/fortuna
 - https://github.com/jdacode/Blockchain-Electronic-Voting-System
 

2013/CVE-2013-2566.md

@@ -38,6 +38,7 @@ The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single
 - https://github.com/mikemackintosh/ruby-qualys
 - https://github.com/nikolay480/devops-netology
 - https://github.com/pashicop/3.9_1
+- https://github.com/pyllyukko/user.js
 - https://github.com/stanmay77/security
 - https://github.com/tzaffi/testssl-report
 - https://github.com/vitaliivakhr/NETOLOGY

2013/CVE-2013-3900.md

@@ -26,6 +26,7 @@ No PoCs from references.
 - https://github.com/SaimSA/Vulnerability-Management-with-Nessus
 - https://github.com/Securenetology/CVE-2013-3900
 - https://github.com/The-Education-and-Skills-Partnership/WinVerifyTrust-Signature-Mitigation
+- https://github.com/ellikt1/Vulnerability-Assessment
 - https://github.com/florylsk/SignatureGate
 - https://github.com/hiba-ahmad1/NessusVulnManagement
 - https://github.com/izj007/wechat

2013/CVE-2013-4378.md

@@ -13,6 +13,7 @@ Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java i
 - http://seclists.org/oss-sec/2013/q3/679
 
 #### Github
+- https://github.com/epicosy/VUL4J-50
 - https://github.com/theratpack/grails-javamelody-sample-app
 - https://github.com/tuhh-softsec/APR4Vul
 

2014/CVE-2014-0160.md

@@ -313,6 +313,7 @@ The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not p
 - https://github.com/feiteira2/Pentest-Tools
 - https://github.com/fireorb/SSL-Scanner
 - https://github.com/fireorb/sslscanner
+- https://github.com/forget-eve/Computer-Safety
 - https://github.com/froyo75/Heartbleed_Dockerfile_with_Nginx
 - https://github.com/fuzzr/example-openssl-1.0.1f
 - https://github.com/gbnv/temp
@@ -433,6 +434,7 @@ The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not p
 - https://github.com/oneplus-x/Awesome-Pentest
 - https://github.com/oneplus-x/Sn1per
 - https://github.com/oneplush/hacking_tutorials
+- https://github.com/orhun/flawz
 - https://github.com/oubaidHL/Security-Pack-
 - https://github.com/ozkanbilge/Payloads
 - https://github.com/paolokalvo/Ferramentas-Cyber-Security

2014/CVE-2014-2024.md

@@ -13,5 +13,5 @@ Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open
 - https://github.com/open-classifieds/openclassifieds2/issues/556
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/pxcs/CVE-29343-Sysmon-list
 

2014/CVE-2014-3566.md

@@ -102,6 +102,7 @@ The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses
 - https://github.com/odolezal/D-Link-DIR-655
 - https://github.com/pashicop/3.9_1
 - https://github.com/puppetlabs/puppetlabs-compliance_profile
+- https://github.com/r0metheus/poodle-attack
 - https://github.com/r3p3r/1N3-MassBleed
 - https://github.com/rameezts/poodle_check
 - https://github.com/rvaralda/aws_poodle_fix

2014/CVE-2014-4060.md

@@ -13,5 +13,6 @@ Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows Media Center T
 No PoCs from references.
 
 #### Github
+- https://github.com/alisaesage/Disclosures
 - https://github.com/badd1e/Disclosures
 

2014/CVE-2014-4210.md

@@ -84,6 +84,7 @@ Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusi
 - https://github.com/password520/RedTeamer
 - https://github.com/pwnagelabs/VEF
 - https://github.com/qi4L/WeblogicScan.go
+- https://github.com/rabbitmask/WeblogicScan
 - https://github.com/rabbitmask/WeblogicScanLot
 - https://github.com/ronoski/j2ee-rscan
 - https://github.com/skyblueflag/WebSecurityStudy

2014/CVE-2014-4880.md

@@ -13,5 +13,5 @@ Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other
 - http://packetstormsecurity.com/files/129187/Hikvision-DVR-RTSP-Request-Remote-Code-Execution.html
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/Samsung/cotopaxi
 

2014/CVE-2014-6271.md

@@ -147,6 +147,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th
 - https://github.com/HttpEduardo/ShellTHEbest
 - https://github.com/Hunter-404/shmilytly
 - https://github.com/IAmATeaPot418/insecure-deployments
+- https://github.com/IZAORICASTm/CHARQITO_NET
 - https://github.com/ImranTheThirdEye/awesome-web-hacking
 - https://github.com/InfoSecDion/Splunk-Incident-Response-Lab
 - https://github.com/JERRY123S/all-poc
@@ -190,6 +191,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th
 - https://github.com/NCSU-DANCE-Research-Group/CDL
 - https://github.com/Nieuport/Awesome-Security
 - https://github.com/Nieuport/PayloadsAllTheThings
+- https://github.com/NikolaKostadinov01/Cyber-Security-Base-project-two
 - https://github.com/OshekharO/Penetration-Testing
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

2014/CVE-2014-6277.md

@@ -18,6 +18,7 @@ GNU Bash through 4.3 bash43-026 does not properly parse function definitions in
 
 #### Github
 - https://github.com/EvanK/shocktrooper
+- https://github.com/IZAORICASTm/CHARQITO_NET
 - https://github.com/MrCl0wnLab/ShellShockHunter
 - https://github.com/demining/ShellShock-Attack
 - https://github.com/giterlizzi/secdb-feeds

2014/CVE-2014-7169.md

@@ -27,6 +27,7 @@ GNU Bash through 4.3 bash43-025 processes trailing strings after certain malform
 - https://github.com/CyberlearnbyVK/redteam-notebook
 - https://github.com/EvanK/shocktrooper
 - https://github.com/Gobinath-B/SHELL-SCHOCK
+- https://github.com/IZAORICASTm/CHARQITO_NET
 - https://github.com/JPedroVentura/Shocker
 - https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups
 - https://github.com/LubinLew/WEB-CVE

2015/CVE-2015-2515.md

@@ -13,5 +13,6 @@ Use-after-free vulnerability in Windows Shell in Microsoft Windows Vista SP2, Wi
 No PoCs from references.
 
 #### Github
+- https://github.com/alisaesage/Disclosures
 - https://github.com/badd1e/Disclosures
 

2015/CVE-2015-2712.md

@@ -14,5 +14,5 @@ The asm.js implementation in Mozilla Firefox before 38.0 does not properly deter
 - https://bugzilla.mozilla.org/show_bug.cgi?id=1152280
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/pyllyukko/user.js
 

2015/CVE-2015-2743.md

@@ -14,5 +14,5 @@ PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x
 - http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/pyllyukko/user.js
 

2015/CVE-2015-3276.md

@@ -15,4 +15,5 @@ The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/chnzzh/OpenSSL-CVE-lib
+- https://github.com/testing-felickz/docker-scout-demo
 

2015/CVE-2015-3306.md

@@ -55,6 +55,7 @@ The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write t
 - https://github.com/lnick2023/nicenice
 - https://github.com/m4udSec/ProFTPD_CVE-2015-3306
 - https://github.com/maxbardreausupdevinci/jokertitoolbox
+- https://github.com/mr-exo/shodan-dorks
 - https://github.com/nodoyuna09/eHacking_LABS
 - https://github.com/nootropics/propane
 - https://github.com/qazbnm456/awesome-cve-poc

2015/CVE-2015-4852.md

@@ -67,6 +67,7 @@ The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.
 - https://github.com/password520/RedTeamer
 - https://github.com/psadmin-io/weblogic-patching-scripts
 - https://github.com/qiqiApink/apkRepair
+- https://github.com/rabbitmask/WeblogicScan
 - https://github.com/roo7break/serialator
 - https://github.com/rosewachera-rw/vulnassessment
 - https://github.com/safe6Sec/WeblogicVuln

2016/CVE-2016-0143.md

@@ -13,5 +13,6 @@ The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 a
 - https://www.exploit-db.com/exploits/39712/
 
 #### Github
+- https://github.com/alisaesage/Disclosures
 - https://github.com/badd1e/Disclosures
 

2016/CVE-2016-0171.md

@@ -15,5 +15,6 @@ The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2
 
 #### Github
 - https://github.com/CyberRoute/rdpscan
+- https://github.com/alisaesage/Disclosures
 - https://github.com/badd1e/Disclosures
 

2016/CVE-2016-0638.md

@@ -57,6 +57,7 @@ Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusi
 - https://github.com/openx-org/BLEN
 - https://github.com/password520/RedTeamer
 - https://github.com/qi4L/WeblogicScan.go
+- https://github.com/rabbitmask/WeblogicScan
 - https://github.com/rabbitmask/WeblogicScanLot
 - https://github.com/safe6Sec/WeblogicVuln
 - https://github.com/safe6Sec/wlsEnv

2016/CVE-2016-10033.md

@@ -172,6 +172,7 @@ The mailSend function in the isMail transport in PHPMailer before 5.2.18 might a
 - https://github.com/morkamimi/poop
 - https://github.com/nFnK/PHPMailer
 - https://github.com/natsootail/alumni
+- https://github.com/nh0k016/Haki-Store
 - https://github.com/nyamleeze/commit_testing
 - https://github.com/opsxcq/exploit-CVE-2016-10033
 - https://github.com/paralelo14/CVE_2016-10033

2016/CVE-2016-10045.md

@@ -123,6 +123,7 @@ The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to
 - https://github.com/morkamimi/poop
 - https://github.com/nFnK/PHPMailer
 - https://github.com/natsootail/alumni
+- https://github.com/nh0k016/Haki-Store
 - https://github.com/nyamleeze/commit_testing
 - https://github.com/pctechsupport123/php
 - https://github.com/pedro823/cve-2016-10033-45

2016/CVE-2016-1409.md

@@ -0,0 +1,17 @@
+### [CVE-2016-1409](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1409)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, aka Bug ID CSCuz66542, as exploited in the wild in May 2016.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/muchdogesec/cve2stix
+

2016/CVE-2016-2107.md

@@ -29,6 +29,7 @@ The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does
 
 #### Github
 - https://github.com/1o24er/Python-
+- https://github.com/20142995/sectool
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/CVEDB/PoC-List
 - https://github.com/CVEDB/awesome-cve-repo

2016/CVE-2016-3088.md

@@ -46,7 +46,9 @@ The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remot
 - https://github.com/hktalent/bug-bounty
 - https://github.com/jiushill/haq5201314
 - https://github.com/jweny/pocassistdb
+- https://github.com/k8gege/Aggressor
 - https://github.com/k8gege/Ladon
+- https://github.com/k8gege/PowerLadon
 - https://github.com/lnick2023/nicenice
 - https://github.com/openx-org/BLEN
 - https://github.com/pravinsrc/NOTES-windows-kernel-links

2016/CVE-2016-3510.md

@@ -87,6 +87,7 @@ Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusi
 - https://github.com/orgTestCodacy11KRepos110MB/repo-5832-java-deserialization-exploits
 - https://github.com/password520/RedTeamer
 - https://github.com/qi4L/WeblogicScan.go
+- https://github.com/rabbitmask/WeblogicScan
 - https://github.com/rabbitmask/WeblogicScanLot
 - https://github.com/ranjan-prp/PayloadsAllTheThings
 - https://github.com/ravijainpro/payloads_xss

2016/CVE-2016-5423.md

@@ -0,0 +1,17 @@
+### [CVE-2016-5423](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5423)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/digoal/blog
+

2016/CVE-2016-6380.md

@@ -0,0 +1,17 @@
+### [CVE-2016-6380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6380)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/muchdogesec/cve2stix
+

2017/CVE-2017-0143.md

@@ -33,6 +33,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2
 - https://github.com/Cyberwatch/cyberwatch_api_powershell
 - https://github.com/ErdemOzgen/ActiveDirectoryAttacks
 - https://github.com/Esther7171/Ice
+- https://github.com/GhostTroops/scan4all
 - https://github.com/Guccifer808/doublepulsar-scanner-golang
 - https://github.com/H3xL00m/MS17-010_CVE-2017-0143
 - https://github.com/HacTF/poc--exp
@@ -102,7 +103,9 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2
 - https://github.com/infosecn1nja/AD-Attack-Defense
 - https://github.com/jeredbare/ms17-010_to_slack
 - https://github.com/k4u5h41/MS17-010_CVE-2017-0143
+- https://github.com/k8gege/Aggressor
 - https://github.com/k8gege/Ladon
+- https://github.com/k8gege/PowerLadon
 - https://github.com/khansiddique/VulnHub-Boot2root-CTFs-Writeups
 - https://github.com/liorsivan/hackthebox-machines
 - https://github.com/lnick2023/nicenice

2017/CVE-2017-0144.md

@@ -39,6 +39,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2
 - https://github.com/Frat1n/Escalibur_Framework
 - https://github.com/FutureComputing4AI/ClarAVy
 - https://github.com/GhostTroops/TOP
+- https://github.com/GhostTroops/scan4all
 - https://github.com/GoDsUnReAL/fun
 - https://github.com/Guccifer808/doublepulsar-scanner-golang
 - https://github.com/Itz-Ayanokoji/All-in-one-termux-tools
@@ -105,7 +106,9 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2
 - https://github.com/jbmihoub/all-poc
 - https://github.com/joyce8/MalDICT
 - https://github.com/just0rg/Security-Interview
+- https://github.com/k8gege/Aggressor
 - https://github.com/k8gege/Ladon
+- https://github.com/k8gege/PowerLadon
 - https://github.com/kdcloverkid/https-github.com-kdcloverkid-awesome-termux-hacking
 - https://github.com/kgwanjala/oscp-cheatsheet
 - https://github.com/kimocoder/eternalblue

2017/CVE-2017-0145.md

@@ -30,6 +30,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2
 - https://github.com/Cyberwatch/cyberwatch_api_powershell
 - https://github.com/ErdemOzgen/ActiveDirectoryAttacks
 - https://github.com/GhostTroops/TOP
+- https://github.com/GhostTroops/scan4all
 - https://github.com/GoDsUnReAL/fun
 - https://github.com/Guccifer808/doublepulsar-scanner-golang
 - https://github.com/Itz-Ayanokoji/All-in-one-termux-tools
@@ -72,6 +73,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2
 - https://github.com/hktalent/scan4all
 - https://github.com/infosecn1nja/AD-Attack-Defense
 - https://github.com/jbmihoub/all-poc
+- https://github.com/k8gege/PowerLadon
 - https://github.com/kdcloverkid/https-github.com-kdcloverkid-awesome-termux-hacking
 - https://github.com/lnick2023/nicenice
 - https://github.com/may215/awesome-termux-hacking

2017/CVE-2017-0146.md

@@ -22,6 +22,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2
 - https://github.com/Cruxer8Mech/Idk
 - https://github.com/Cyberwatch/cyberwatch_api_powershell
 - https://github.com/ErdemOzgen/ActiveDirectoryAttacks
+- https://github.com/GhostTroops/scan4all
 - https://github.com/Guccifer808/doublepulsar-scanner-golang
 - https://github.com/Kiz619ao630/StepwisePolicy3
 - https://github.com/Nieuport/Active-Directory-Kill-Chain-Attack-Defense
@@ -51,6 +52,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2
 - https://github.com/hackeremmen/Active-Directory-Kill-Chain-Attack-Defense-
 - https://github.com/hktalent/scan4all
 - https://github.com/infosecn1nja/AD-Attack-Defense
+- https://github.com/k8gege/PowerLadon
 - https://github.com/lnick2023/nicenice
 - https://github.com/merlinepedra/SCAN4LL
 - https://github.com/merlinepedra25/SCAN4ALL-1

2017/CVE-2017-0147.md

@@ -19,6 +19,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2
 #### Github
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/FutureComputing4AI/ClarAVy
+- https://github.com/GhostTroops/scan4all
 - https://github.com/Guccifer808/doublepulsar-scanner-golang
 - https://github.com/Kiz619ao630/StepwisePolicy3
 - https://github.com/Lynk4/Windows-Server-2008-VAPT

2017/CVE-2017-0148.md

@@ -21,6 +21,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2
 - https://github.com/Cruxer8Mech/Idk
 - https://github.com/Cyberwatch/cyberwatch_api_powershell
 - https://github.com/ErdemOzgen/ActiveDirectoryAttacks
+- https://github.com/GhostTroops/scan4all
 - https://github.com/Guccifer808/doublepulsar-scanner-golang
 - https://github.com/HakaKali/CVE-2017-0148
 - https://github.com/Kiz619ao630/StepwisePolicy3
@@ -51,6 +52,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2
 - https://github.com/hackeremmen/Active-Directory-Kill-Chain-Attack-Defense-
 - https://github.com/hktalent/scan4all
 - https://github.com/infosecn1nja/AD-Attack-Defense
+- https://github.com/k8gege/PowerLadon
 - https://github.com/lnick2023/nicenice
 - https://github.com/maragard/genestealer
 - https://github.com/merlinepedra/SCAN4LL

2017/CVE-2017-0785.md

@@ -79,6 +79,7 @@ A information disclosure vulnerability in the Android system (bluetooth). Produc
 - https://github.com/rootabeta/shellfish
 - https://github.com/rootcode369/shellfish
 - https://github.com/severnake/Pentest-Tools
+- https://github.com/sgxgsx/BlueToolkit
 - https://github.com/sh4rknado/BlueBorn
 - https://github.com/sigbitsadmin/diff
 - https://github.com/skhjacksonheights/blSCAN_skh

2017/CVE-2017-1000250.md

@@ -21,4 +21,5 @@ All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an in
 - https://github.com/giterlizzi/secdb-feeds
 - https://github.com/hw5773/blueborne
 - https://github.com/olav-st/CVE-2017-1000250-PoC
+- https://github.com/sgxgsx/BlueToolkit
 

2017/CVE-2017-1000251.md

@@ -19,6 +19,7 @@ The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux ke
 - https://github.com/ArmisSecurity/blueborne
 - https://github.com/AxelRoudaut/THC_BlueBorne
 - https://github.com/CrackSoft900/Blue-Borne
+- https://github.com/Cyber-Cole/Network_Analysis_with_NMAP_and_Wireshark
 - https://github.com/JeffroMF/awesome-bluetooth-security321
 - https://github.com/Lexus89/blueborne
 - https://github.com/Lukembou/Vulnerability-Scanning
@@ -46,6 +47,7 @@ The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux ke
 - https://github.com/ndk191/linux-kernel-exploitation
 - https://github.com/own2pwn/blueborne-CVE-2017-1000251-POC
 - https://github.com/qazbnm456/awesome-cve-poc
+- https://github.com/sgxgsx/BlueToolkit
 - https://github.com/ssr-111/linux-kernel-exploitation
 - https://github.com/tlatkdgus1/blueborne-CVE-2017-1000251
 - https://github.com/xairy/linux-kernel-exploitation

2017/CVE-2017-10125.md

@@ -13,5 +13,5 @@ Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployme
 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/RoganDawes/P4wnP1
 

2017/CVE-2017-10271.md

@@ -207,6 +207,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar
 - https://github.com/qince1455373819/awesome-honeypots
 - https://github.com/r0eXpeR/redteam_vul
 - https://github.com/r4b3rt/CVE-2017-10271
+- https://github.com/rabbitmask/WeblogicScan
 - https://github.com/rabbitmask/WeblogicScanLot
 - https://github.com/rambleZzz/weblogic_CVE_2017_10271
 - https://github.com/ranjan-prp/PayloadsAllTheThings

2017/CVE-2017-11283.md

@@ -17,6 +17,7 @@ No PoCs from references.
 - https://github.com/BrittanyKuhn/javascript-tutorial
 - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
 - https://github.com/PalindromeLabs/Java-Deserialization-CVEs
+- https://github.com/gyyyy/footprint
 - https://github.com/klausware/Java-Deserialization-Cheat-Sheet
 - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
 

2017/CVE-2017-12087.md

@@ -0,0 +1,17 @@
+### [CVE-2017-12087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12087)
+![](https://img.shields.io/static/v1?label=Product&message=Tinysvcmdns&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=heap%20overflow&color=brighgreen)
+
+### Description
+
+An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/Samsung/cotopaxi
+

2017/CVE-2017-12130.md

@@ -13,5 +13,5 @@ An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns
 - https://talosintelligence.com/vulnerability_reports/TALOS-2017-0486
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/Samsung/cotopaxi
 

2017/CVE-2017-12149.md

@@ -56,6 +56,7 @@ In Jboss Application Server as shipped with Red Hat Enterprise Application Platf
 - https://github.com/TSY244/scan_node
 - https://github.com/Threekiii/Awesome-POC
 - https://github.com/Threekiii/Vulhub-Reproduce
+- https://github.com/Tyro-Shan/gongkaishouji
 - https://github.com/VVeakee/CVE-2017-12149
 - https://github.com/Weik1/Artillery
 - https://github.com/Xcatolin/jboss-deserialization

2017/CVE-2017-12615.md

@@ -45,6 +45,7 @@ When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.
 - https://github.com/SexyBeast233/SecBooks
 - https://github.com/Threekiii/Awesome-POC
 - https://github.com/Threekiii/Vulhub-Reproduce
+- https://github.com/Tyro-Shan/gongkaishouji
 - https://github.com/Weik1/Artillery
 - https://github.com/YIXINSHUWU/Penetration_Testing_POC
 - https://github.com/YgorAlberto/Ethical-Hacker
@@ -73,7 +74,9 @@ When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.
 - https://github.com/ianxtianxt/CVE-2017-12615
 - https://github.com/ilhamrzr/ApacheTomcat
 - https://github.com/jweny/pocassistdb
+- https://github.com/k8gege/Aggressor
 - https://github.com/k8gege/Ladon
+- https://github.com/k8gege/PowerLadon
 - https://github.com/lions2012/Penetration_Testing_POC
 - https://github.com/lnick2023/nicenice
 - https://github.com/lp008/Hack-readme

2017/CVE-2017-12629.md

@@ -45,6 +45,7 @@ Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before
 - https://github.com/mustblade/solr_hacktool
 - https://github.com/p4d0rn/Siren
 - https://github.com/password520/RedTeamer
+- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
 - https://github.com/ronoski/j2ee-rscan
 - https://github.com/tdwyer/PoC_CVE-2017-3164_CVE-2017-1262
 - https://github.com/veracode-research/solr-injection

2017/CVE-2017-13716.md

@@ -19,5 +19,6 @@ No PoCs from references.
 - https://github.com/siddharthraopotukuchi/trivy
 - https://github.com/simiyo/trivy
 - https://github.com/t31m0/Vulnerability-Scanner-for-Containers
+- https://github.com/testing-felickz/docker-scout-demo
 - https://github.com/umahari/security
 

2017/CVE-2017-14159.md

@@ -15,4 +15,5 @@ slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privilege
 #### Github
 - https://github.com/andir/nixos-issue-db-example
 - https://github.com/jparrill/preview-grafeas
+- https://github.com/testing-felickz/docker-scout-demo
 

2017/CVE-2017-16905.md

@@ -18,6 +18,7 @@ No PoCs from references.
 - https://github.com/Fa1c0n35/Awesome-Bugbounty-Writeups
 - https://github.com/Hacker-Fighter001/Bug-Bounty-Hunter-Articles
 - https://github.com/ImranTheThirdEye/Awesome-Bugbounty-Writeups
+- https://github.com/Neelakandan-A/BugBounty_CheatSheet
 - https://github.com/Prabirrimi/Awesome-Bugbounty-Writeups
 - https://github.com/Prodrious/writeups
 - https://github.com/R3dg0/writeups

2017/CVE-2017-17740.md

@@ -15,4 +15,5 @@ contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops
 
 #### Github
 - https://github.com/andir/nixos-issue-db-example
+- https://github.com/testing-felickz/docker-scout-demo
 

2017/CVE-2017-18018.md

@@ -27,4 +27,5 @@ No PoCs from references.
 - https://github.com/garethr/snykout
 - https://github.com/mauraneh/WIK-DPS-TP02
 - https://github.com/phonito/phonito-scanner-action
+- https://github.com/testing-felickz/docker-scout-demo
 

2017/CVE-2017-18861.md

@@ -0,0 +1,17 @@
+### [CVE-2017-18861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18861)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Surveillance 1.4.3-15-x86 and earlier and ReadyNAS Surveillance 1.1.4-5-ARM and earlier.
+
+### POC
+
+#### Reference
+- https://kb.netgear.com/000038435/Security-Advisory-for-ReadyNAS-Surveillance-CSRF-Remote-Code-Execution-PSV-2017-0578
+
+#### Github
+No PoCs found on GitHub currently.
+

2017/CVE-2017-2624.md

@@ -13,5 +13,5 @@ It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check
 - https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/nediazla/LinuxFundamentals
 

2017/CVE-2017-2625.md

@@ -13,5 +13,5 @@ It was discovered that libXdmcp before 1.1.2 including used weak entropy to gene
 - https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/nediazla/LinuxFundamentals
 

2017/CVE-2017-2626.md

@@ -14,4 +14,5 @@ It was discovered that libICE before 1.0.9-8 used a weak entropy to generate key
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/nediazla/LinuxFundamentals
 

2017/CVE-2017-3248.md

@@ -67,6 +67,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar
 - https://github.com/qazbnm456/awesome-cve-poc
 - https://github.com/qi4L/WeblogicScan.go
 - https://github.com/quentinhardy/scriptsAndExploits
+- https://github.com/rabbitmask/WeblogicScan
 - https://github.com/rabbitmask/WeblogicScanLot
 - https://github.com/rockmelodies/rocComExpRce
 - https://github.com/rudinyu/KB

2017/CVE-2017-3506.md

@@ -81,6 +81,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar
 - https://github.com/pwnagelabs/VEF
 - https://github.com/qazbnm456/awesome-cve-poc
 - https://github.com/qi4L/WeblogicScan.go
+- https://github.com/rabbitmask/WeblogicScan
 - https://github.com/rabbitmask/WeblogicScanLot
 - https://github.com/safe6Sec/WeblogicVuln
 - https://github.com/safe6Sec/wlsEnv

2017/CVE-2017-5223.md

@@ -113,6 +113,7 @@ An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method a
 - https://github.com/morkamimi/poop
 - https://github.com/nFnK/PHPMailer
 - https://github.com/natsootail/alumni
+- https://github.com/nh0k016/Haki-Store
 - https://github.com/nyamleeze/commit_testing
 - https://github.com/pctechsupport123/php
 - https://github.com/prakashshubham13/portfolio

2017/CVE-2017-5244.md

@@ -18,6 +18,7 @@ Routes used to stop running Metasploit tasks (either particular ones or all task
 - https://github.com/Fa1c0n35/Awesome-Bugbounty-Writeups
 - https://github.com/Hacker-Fighter001/Bug-Bounty-Hunter-Articles
 - https://github.com/ImranTheThirdEye/Awesome-Bugbounty-Writeups
+- https://github.com/Neelakandan-A/BugBounty_CheatSheet
 - https://github.com/Prabirrimi/Awesome-Bugbounty-Writeups
 - https://github.com/Prodrious/writeups
 - https://github.com/R3dg0/writeups

2017/CVE-2017-6770.md

@@ -0,0 +1,17 @@
+### [CVE-2017-6770](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6770)
+![](https://img.shields.io/static/v1?label=Product&message=Multiple%20Cisco%20Products&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20&color=brighgreen)
+
+### Description
+
+Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software 7.0.1 through 9.7.1.2, NX-OS 4.0 through 12.0, and IOS XE 3.6 through 3.18 are affected by a vulnerability involving the Open Shortest Path First (OSPF) Routing Protocol Link State Advertisement (LSA) database. This vulnerability could allow an unauthenticated, remote attacker to take full control of the OSPF Autonomous System (AS) domain routing table, allowing the attacker to intercept or black-hole traffic. The attacker could exploit this vulnerability by injecting crafted OSPF packets. Successful exploitation could cause the targeted router to flush its routing table and propagate the crafted OSPF LSA type 1 update throughout the OSPF AS domain. To exploit this vulnerability, an attacker must accurately determine certain parameters within the LSA database on the target router. This vulnerability can only be triggered by sending crafted unicast or multicast OSPF LSA type 1 packets. No other LSA type packets can trigger this vulnerability. OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First (FSPF) protocol is not affected by this vulnerability. Cisco Bug IDs: CSCva74756, CSCve47393, CSCve47401.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/muchdogesec/cve2stix
+

2017/CVE-2017-7243.md

@@ -13,5 +13,6 @@ Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause a denial
 No PoCs from references.
 
 #### Github
+- https://github.com/Samsung/cotopaxi
 - https://github.com/q40603/Continuous-Invivo-Fuzz
 

2017/CVE-2017-7269.md

@@ -46,6 +46,7 @@ Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in In
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
 - https://github.com/SexyBeast233/SecBooks
 - https://github.com/ThanHuuTuan/CVE-2017-7269
+- https://github.com/Tyro-Shan/gongkaishouji
 - https://github.com/YIXINSHUWU/Penetration_Testing_POC
 - https://github.com/ZTK-009/Penetration_PoC
 - https://github.com/ZTK-009/RedTeamer

2017/CVE-2017-8360.md

@@ -14,5 +14,6 @@ Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZB
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/ffffffff0x/Dork-Admin
 - https://github.com/thom-s/nessus-compliance
 

2017/CVE-2017-8514.md

@@ -19,6 +19,7 @@ No PoCs from references.
 - https://github.com/Fa1c0n35/Awesome-Bugbounty-Writeups
 - https://github.com/Hacker-Fighter001/Bug-Bounty-Hunter-Articles
 - https://github.com/ImranTheThirdEye/Awesome-Bugbounty-Writeups
+- https://github.com/Neelakandan-A/BugBounty_CheatSheet
 - https://github.com/Prabirrimi/Awesome-Bugbounty-Writeups
 - https://github.com/Prodrious/writeups
 - https://github.com/R3dg0/writeups

2017/CVE-2017-8759.md

@@ -120,6 +120,7 @@ Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow
 - https://github.com/smashinu/CVE-2017-8759Expoit
 - https://github.com/sumas/APT_CyberCriminal_Campagin_Collections
 - https://github.com/svbjdbk123/-
+- https://github.com/sythass/CVE-2017-8759
 - https://github.com/t31m0/Red-Teaming-Toolkit
 - https://github.com/thezimtex/red-team
 - https://github.com/twensoo/PersistentThreat

2017/CVE-2017-9805.md

@@ -52,6 +52,7 @@ The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x bef
 - https://github.com/Lone-Ranger/apache-struts-pwn_CVE-2017-9805
 - https://github.com/Muhammd/Awesome-Payloads
 - https://github.com/Nieuport/PayloadsAllTheThings
+- https://github.com/NikolaKostadinov01/Cyber-Security-Base-project-two
 - https://github.com/Ostorlab/KEV
 - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
 - https://github.com/PalindromeLabs/Java-Deserialization-CVEs

2018/CVE-2018-0893.md

@@ -14,6 +14,7 @@ No PoCs from references.
 
 #### Github
 - https://github.com/ARPSyndicate/cvemon
+- https://github.com/alisaesage/Disclosures
 - https://github.com/badd1e/Disclosures
 - https://github.com/lnick2023/nicenice
 - https://github.com/qazbnm456/awesome-cve-poc

2018/CVE-2018-1000021.md

@@ -14,4 +14,5 @@ No PoCs from references.
 
 #### Github
 - https://github.com/adegoodyer/ubuntu
+- https://github.com/testing-felickz/docker-scout-demo
 

2018/CVE-2018-1000861.md

@@ -45,6 +45,7 @@ A code execution vulnerability exists in the Stapler web framework used by Jenki
 - https://github.com/TheBeastofwar/JenkinsExploit-GUI
 - https://github.com/Threekiii/Awesome-POC
 - https://github.com/Threekiii/Vulhub-Reproduce
+- https://github.com/Tyro-Shan/gongkaishouji
 - https://github.com/YIXINSHUWU/Penetration_Testing_POC
 - https://github.com/ZTK-009/Penetration_PoC
 - https://github.com/Zompire/cc_talk_2021

2018/CVE-2018-1058.md

@@ -24,6 +24,7 @@ No PoCs from references.
 - https://github.com/claranet/terraform-azurerm-db-postgresql
 - https://github.com/claranet/terraform-azurerm-db-postgresql-flexible
 - https://github.com/claranet/terraform-postgresql-database-configuration
+- https://github.com/digoal/blog
 - https://github.com/hxysaury/saury-vulnhub
 - https://github.com/ngadminq/Bei-Gai-penetration-test-guide
 - https://github.com/stilet/postgraphile-simple-express-starter

2018/CVE-2018-1260.md

@@ -18,5 +18,6 @@ No PoCs from references.
 - https://github.com/Drun1baby/CVE-Reproduction-And-Analysis
 - https://github.com/SexyBeast233/SecBooks
 - https://github.com/ax1sX/SpringSecurity
+- https://github.com/gyyyy/footprint
 - https://github.com/langu-xyz/JavaVulnMap
 

2018/CVE-2018-1261.md

@@ -16,6 +16,7 @@ No PoCs from references.
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/ExpLangcn/FuYao-Go
 - https://github.com/ax1sX/SpringSecurity
+- https://github.com/gyyyy/footprint
 - https://github.com/jpbprakash/vuln
 - https://github.com/mile9299/zip-slip-vulnerability
 - https://github.com/snyk/zip-slip-vulnerability

2018/CVE-2018-12679.md

@@ -0,0 +1,17 @@
+### [CVE-2018-12679](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12679)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The Serialize.deserialize() method in CoAPthon3 1.0 and 1.0.1 mishandles certain exceptions, leading to a denial of service in applications that use this library (e.g., the standard CoAP server, CoAP client, example collect CoAP server and client) when they receive crafted CoAP messages.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/Samsung/cotopaxi
+

2018/CVE-2018-16845.md

@@ -17,6 +17,7 @@ nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_mod
 - https://github.com/ConstantaNF/RPM
 - https://github.com/Dekkert/dz6_soft_distribution
 - https://github.com/adastraaero/OTUS_LinuxProf
+- https://github.com/alisaesage/Disclosures
 - https://github.com/anitazhaochen/anitazhaochen.github.io
 - https://github.com/badd1e/Disclosures
 - https://github.com/rmtec/modeswitcher

2018/CVE-2018-18264.md

@@ -19,4 +19,5 @@ No PoCs from references.
 - https://github.com/d4n-sec/d4n-sec.github.io
 - https://github.com/g3rzi/HackingKubernetes
 - https://github.com/hacking-kubernetes/hacking-kubernetes.info
+- https://github.com/magnologan/awesome-k8s-security
 

2018/CVE-2018-18428.md

@@ -15,5 +15,5 @@ TP-Link TL-SC3130 1.6.18P12_121101 devices allow unauthenticated RTSP stream acc
 - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5497.php
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/Samsung/cotopaxi
 

2018/CVE-2018-18483.md

@@ -16,5 +16,6 @@ The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Bi
 #### Github
 - https://github.com/fokypoky/places-list
 - https://github.com/fuzz-evaluator/MemLock-Fuzz-eval
+- https://github.com/testing-felickz/docker-scout-demo
 - https://github.com/wcventure/MemLock-Fuzz
 

2018/CVE-2018-19067.md

@@ -13,5 +13,5 @@ An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and A
 - https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/Samsung/cotopaxi
 

2018/CVE-2018-19077.md

@@ -13,5 +13,5 @@ An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.
 - https://sintonen.fi/advisories/foscam-ip-camera-multiple-vulnerabilities.txt
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/Samsung/cotopaxi
 

2018/CVE-2018-19417.md

@@ -0,0 +1,17 @@
+### [CVE-2018-19417](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19417)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+An issue was discovered in the MQTT server in Contiki-NG before 4.2. The function parse_publish_vhdr() that parses MQTT PUBLISH messages with a variable length header uses memcpy to input data into a fixed size buffer. The allocated buffer can fit only MQTT_MAX_TOPIC_LENGTH (default 64) bytes, and a length check is missing. This could lead to Remote Code Execution via a stack-smashing attack (overwriting the function return address). Contiki-NG does not separate the MQTT server from other servers and the OS modules, so access to all memory regions is possible.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/Samsung/cotopaxi
+

2018/CVE-2018-19518.md

@@ -23,6 +23,7 @@ University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in P
 - https://github.com/C-starm/PoC-and-Exp-of-Vulnerabilities
 - https://github.com/HacTF/poc--exp
 - https://github.com/SexyBeast233/SecBooks
+- https://github.com/Threekiii/Awesome-POC
 - https://github.com/avboy1337/Vulnerabilities
 - https://github.com/bb33bb/Vulnerabilities
 - https://github.com/ensimag-security/CVE-2018-19518