diff --git a/2000/CVE-2000-0267.md b/2000/CVE-2000-0267.md new file mode 100644 index 000000000..5d0a0ded0 --- /dev/null +++ b/2000/CVE-2000-0267.md @@ -0,0 +1,17 @@ +### [CVE-2000-0267](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0267) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2000/CVE-2000-0268.md b/2000/CVE-2000-0268.md new file mode 100644 index 000000000..f8685aef0 --- /dev/null +++ b/2000/CVE-2000-0268.md @@ -0,0 +1,17 @@ +### [CVE-2000-0268](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0268) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2000/CVE-2000-0368.md b/2000/CVE-2000-0368.md new file mode 100644 index 000000000..b426ce7b9 --- /dev/null +++ b/2000/CVE-2000-0368.md @@ -0,0 +1,17 @@ +### [CVE-2000-0368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0368) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/770/ioshist-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2000/CVE-2000-0380.md b/2000/CVE-2000-0380.md new file mode 100644 index 000000000..4c05e7c7b --- /dev/null +++ b/2000/CVE-2000-0380.md @@ -0,0 +1,17 @@ +### [CVE-2000-0380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0380) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2000/CVE-2000-0388.md b/2000/CVE-2000-0388.md index 80acd8c0c..9549e4aa0 100644 --- a/2000/CVE-2000-0388.md +++ b/2000/CVE-2000-0388.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/joscanoga/Reto-python-CRM +- https://github.com/riik-db/cc_hw diff --git a/2000/CVE-2000-0700.md b/2000/CVE-2000-0700.md new file mode 100644 index 000000000..a3480b478 --- /dev/null +++ b/2000/CVE-2000-0700.md @@ -0,0 +1,17 @@ +### [CVE-2000-0700](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0700) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/gsraclbypassdos-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2000/CVE-2000-0984.md b/2000/CVE-2000-0984.md index 0cd2ba716..6af8e8785 100644 --- a/2000/CVE-2000-0984.md +++ b/2000/CVE-2000-0984.md @@ -10,7 +10,7 @@ The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a den ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2000/CVE-2000-1022.md b/2000/CVE-2000-1022.md new file mode 100644 index 000000000..5034cf17a --- /dev/null +++ b/2000/CVE-2000-1022.md @@ -0,0 +1,17 @@ +### [CVE-2000-1022](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1022) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2000/CVE-2000-1054.md b/2000/CVE-2000-1054.md new file mode 100644 index 000000000..1c4270b6f --- /dev/null +++ b/2000/CVE-2000-1054.md @@ -0,0 +1,17 @@ +### [CVE-2000-1054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1054) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2000/CVE-2000-1055.md b/2000/CVE-2000-1055.md new file mode 100644 index 000000000..574bd0272 --- /dev/null +++ b/2000/CVE-2000-1055.md @@ -0,0 +1,17 @@ +### [CVE-2000-1055](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1055) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2000/CVE-2000-1056.md b/2000/CVE-2000-1056.md new file mode 100644 index 000000000..b728aeb99 --- /dev/null +++ b/2000/CVE-2000-1056.md @@ -0,0 +1,17 @@ +### [CVE-2000-1056](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1056) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0019.md b/2001/CVE-2001-0019.md new file mode 100644 index 000000000..38a6c567d --- /dev/null +++ b/2001/CVE-2001-0019.md @@ -0,0 +1,17 @@ +### [CVE-2001-0019](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0019) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Arrowpoint (aka Cisco Content Services, or CSS) allows local users to cause a denial of service via a long argument to the "show script," "clear script," "show archive," "clear archive," "show log," or "clear log" commands. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/arrowpoint-cli-filesystem-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0020.md b/2001/CVE-2001-0020.md new file mode 100644 index 000000000..2e0091756 --- /dev/null +++ b/2001/CVE-2001-0020.md @@ -0,0 +1,17 @@ +### [CVE-2001-0020](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0020) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/arrowpoint-cli-filesystem-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0041.md b/2001/CVE-2001-0041.md new file mode 100644 index 000000000..b8efef698 --- /dev/null +++ b/2001/CVE-2001-0041.md @@ -0,0 +1,17 @@ +### [CVE-2001-0041](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0041) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/catalyst-memleak-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0055.md b/2001/CVE-2001-0055.md new file mode 100644 index 000000000..dbbb00842 --- /dev/null +++ b/2001/CVE-2001-0055.md @@ -0,0 +1,17 @@ +### [CVE-2001-0055](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0055) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-multiple.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0056.md b/2001/CVE-2001-0056.md new file mode 100644 index 000000000..7b6e084c8 --- /dev/null +++ b/2001/CVE-2001-0056.md @@ -0,0 +1,17 @@ +### [CVE-2001-0056](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0056) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-multiple.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0057.md b/2001/CVE-2001-0057.md new file mode 100644 index 000000000..df14ac93b --- /dev/null +++ b/2001/CVE-2001-0057.md @@ -0,0 +1,17 @@ +### [CVE-2001-0057](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0057) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-multiple.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0058.md b/2001/CVE-2001-0058.md new file mode 100644 index 000000000..c674fda06 --- /dev/null +++ b/2001/CVE-2001-0058.md @@ -0,0 +1,17 @@ +### [CVE-2001-0058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0058) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-multiple.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0288.md b/2001/CVE-2001-0288.md new file mode 100644 index 000000000..5d30ea9e3 --- /dev/null +++ b/2001/CVE-2001-0288.md @@ -0,0 +1,17 @@ +### [CVE-2001-0288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0288) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0375.md b/2001/CVE-2001-0375.md new file mode 100644 index 000000000..e5f6b54dc --- /dev/null +++ b/2001/CVE-2001-0375.md @@ -0,0 +1,17 @@ +### [CVE-2001-0375](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0375) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0412.md b/2001/CVE-2001-0412.md new file mode 100644 index 000000000..b5ffd74c5 --- /dev/null +++ b/2001/CVE-2001-0412.md @@ -0,0 +1,17 @@ +### [CVE-2001-0412](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0412) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/arrowpoint-useraccnt-debug-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0427.md b/2001/CVE-2001-0427.md new file mode 100644 index 000000000..097e50da3 --- /dev/null +++ b/2001/CVE-2001-0427.md @@ -0,0 +1,17 @@ +### [CVE-2001-0427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0427) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0428.md b/2001/CVE-2001-0428.md new file mode 100644 index 000000000..0dfbdf484 --- /dev/null +++ b/2001/CVE-2001-0428.md @@ -0,0 +1,17 @@ +### [CVE-2001-0428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0428) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-ipoptions-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0429.md b/2001/CVE-2001-0429.md new file mode 100644 index 000000000..72737fe1a --- /dev/null +++ b/2001/CVE-2001-0429.md @@ -0,0 +1,17 @@ +### [CVE-2001-0429](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0429) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0455.md b/2001/CVE-2001-0455.md new file mode 100644 index 000000000..800948dfe --- /dev/null +++ b/2001/CVE-2001-0455.md @@ -0,0 +1,17 @@ +### [CVE-2001-0455](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0455) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Aironet340-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0537.md b/2001/CVE-2001-0537.md index f318d6211..10d7cd1c0 100644 --- a/2001/CVE-2001-0537.md +++ b/2001/CVE-2001-0537.md @@ -10,7 +10,7 @@ HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2001/CVE-2001-0554.md b/2001/CVE-2001-0554.md index c84e4caba..ca7515869 100644 --- a/2001/CVE-2001-0554.md +++ b/2001/CVE-2001-0554.md @@ -10,6 +10,7 @@ Buffer overflow in BSD-based telnetd telnet daemon on various operating systems ### POC #### Reference +- http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml - http://www.redhat.com/support/errata/RHSA-2001-099.html #### Github diff --git a/2001/CVE-2001-0621.md b/2001/CVE-2001-0621.md new file mode 100644 index 000000000..40edb1b9b --- /dev/null +++ b/2001/CVE-2001-0621.md @@ -0,0 +1,17 @@ +### [CVE-2001-0621](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0621) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/arrowpoint-ftp-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0622.md b/2001/CVE-2001-0622.md new file mode 100644 index 000000000..42ce037da --- /dev/null +++ b/2001/CVE-2001-0622.md @@ -0,0 +1,17 @@ +### [CVE-2001-0622](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0622) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0650.md b/2001/CVE-2001-0650.md new file mode 100644 index 000000000..c4bc8b7c3 --- /dev/null +++ b/2001/CVE-2001-0650.md @@ -0,0 +1,17 @@ +### [CVE-2001-0650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0650) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0669.md b/2001/CVE-2001-0669.md new file mode 100644 index 000000000..e399de436 --- /dev/null +++ b/2001/CVE-2001-0669.md @@ -0,0 +1,17 @@ +### [CVE-2001-0669](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0669) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-intrusion-detection-obfuscation-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0711.md b/2001/CVE-2001-0711.md new file mode 100644 index 000000000..74a93e7d1 --- /dev/null +++ b/2001/CVE-2001-0711.md @@ -0,0 +1,17 @@ +### [CVE-2001-0711](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0711) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a denial of service via the undocumented Interim Local Management Interface (ILMI) SNMP community string. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ios-snmp-ilmi-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0748.md b/2001/CVE-2001-0748.md new file mode 100644 index 000000000..6f004d199 --- /dev/null +++ b/2001/CVE-2001-0748.md @@ -0,0 +1,17 @@ +### [CVE-2001-0748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0748) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0750.md b/2001/CVE-2001-0750.md new file mode 100644 index 000000000..f431a4dba --- /dev/null +++ b/2001/CVE-2001-0750.md @@ -0,0 +1,17 @@ +### [CVE-2001-0750](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0750) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ios-tcp-scanner-reload-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0751.md b/2001/CVE-2001-0751.md new file mode 100644 index 000000000..c1efae4f0 --- /dev/null +++ b/2001/CVE-2001-0751.md @@ -0,0 +1,17 @@ +### [CVE-2001-0751](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0751) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0752.md b/2001/CVE-2001-0752.md new file mode 100644 index 000000000..acbc3ab97 --- /dev/null +++ b/2001/CVE-2001-0752.md @@ -0,0 +1,17 @@ +### [CVE-2001-0752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0752) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0753.md b/2001/CVE-2001-0753.md new file mode 100644 index 000000000..b7c3ffe0c --- /dev/null +++ b/2001/CVE-2001-0753.md @@ -0,0 +1,17 @@ +### [CVE-2001-0753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0753) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0754.md b/2001/CVE-2001-0754.md new file mode 100644 index 000000000..0d39b60bc --- /dev/null +++ b/2001/CVE-2001-0754.md @@ -0,0 +1,17 @@ +### [CVE-2001-0754](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0754) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0757.md b/2001/CVE-2001-0757.md new file mode 100644 index 000000000..8c917f32b --- /dev/null +++ b/2001/CVE-2001-0757.md @@ -0,0 +1,17 @@ +### [CVE-2001-0757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0757) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/6400-nrp2-telnet-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0817.md b/2001/CVE-2001-0817.md new file mode 100644 index 000000000..2879e5d39 --- /dev/null +++ b/2001/CVE-2001-0817.md @@ -0,0 +1,17 @@ +### [CVE-2001-0817](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0817) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bigb0x/CVE-2024-6387 + diff --git a/2001/CVE-2001-0861.md b/2001/CVE-2001-0861.md new file mode 100644 index 000000000..e1353d20c --- /dev/null +++ b/2001/CVE-2001-0861.md @@ -0,0 +1,17 @@ +### [CVE-2001-0861](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0861) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/GSR-unreachables-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0862.md b/2001/CVE-2001-0862.md new file mode 100644 index 000000000..27b1379b1 --- /dev/null +++ b/2001/CVE-2001-0862.md @@ -0,0 +1,17 @@ +### [CVE-2001-0862](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0862) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0863.md b/2001/CVE-2001-0863.md new file mode 100644 index 000000000..0b0b5432c --- /dev/null +++ b/2001/CVE-2001-0863.md @@ -0,0 +1,17 @@ +### [CVE-2001-0863](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0863) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0864.md b/2001/CVE-2001-0864.md new file mode 100644 index 000000000..d27eadeca --- /dev/null +++ b/2001/CVE-2001-0864.md @@ -0,0 +1,17 @@ +### [CVE-2001-0864](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0864) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0865.md b/2001/CVE-2001-0865.md new file mode 100644 index 000000000..dcbb5e21f --- /dev/null +++ b/2001/CVE-2001-0865.md @@ -0,0 +1,17 @@ +### [CVE-2001-0865](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0865) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0866.md b/2001/CVE-2001-0866.md new file mode 100644 index 000000000..6f4b512ad --- /dev/null +++ b/2001/CVE-2001-0866.md @@ -0,0 +1,17 @@ +### [CVE-2001-0866](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0866) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0867.md b/2001/CVE-2001-0867.md new file mode 100644 index 000000000..5e2af5ced --- /dev/null +++ b/2001/CVE-2001-0867.md @@ -0,0 +1,17 @@ +### [CVE-2001-0867](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0867) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0895.md b/2001/CVE-2001-0895.md new file mode 100644 index 000000000..f5b0af419 --- /dev/null +++ b/2001/CVE-2001-0895.md @@ -0,0 +1,17 @@ +### [CVE-2001-0895](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0895) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-0929.md b/2001/CVE-2001-0929.md new file mode 100644 index 000000000..726d1909a --- /dev/null +++ b/2001/CVE-2001-0929.md @@ -0,0 +1,17 @@ +### [CVE-2001-0929](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0929) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-1037.md b/2001/CVE-2001-1037.md new file mode 100644 index 000000000..af8e332ef --- /dev/null +++ b/2001/CVE-2001-1037.md @@ -0,0 +1,17 @@ +### [CVE-2001-1037](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1037) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/SN-kernel-pub.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-1038.md b/2001/CVE-2001-1038.md new file mode 100644 index 000000000..46e8f4669 --- /dev/null +++ b/2001/CVE-2001-1038.md @@ -0,0 +1,17 @@ +### [CVE-2001-1038](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1038) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/SN-kernel-pub.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-1064.md b/2001/CVE-2001-1064.md new file mode 100644 index 000000000..d0c39e686 --- /dev/null +++ b/2001/CVE-2001-1064.md @@ -0,0 +1,17 @@ +### [CVE-2001-1064](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1064) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-cbos-webserver-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-1065.md b/2001/CVE-2001-1065.md new file mode 100644 index 000000000..24a0a08d2 --- /dev/null +++ b/2001/CVE-2001-1065.md @@ -0,0 +1,17 @@ +### [CVE-2001-1065](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1065) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-cbos-webserver-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-1105.md b/2001/CVE-2001-1105.md new file mode 100644 index 000000000..ca2d1650e --- /dev/null +++ b/2001/CVE-2001-1105.md @@ -0,0 +1,17 @@ +### [CVE-2001-1105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1105) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to sensitive data by logging in after an initial failure. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/SSL-J-pub.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-1183.md b/2001/CVE-2001-1183.md new file mode 100644 index 000000000..170ba41f8 --- /dev/null +++ b/2001/CVE-2001-1183.md @@ -0,0 +1,17 @@ +### [CVE-2001-1183](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1183) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/PPTP-vulnerability-pub.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2001/CVE-2001-1434.md b/2001/CVE-2001-1434.md new file mode 100644 index 000000000..8aa8b92e4 --- /dev/null +++ b/2001/CVE-2001-1434.md @@ -0,0 +1,17 @@ +### [CVE-2001-1434](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1434) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read system administration and topology information via an "snmp-server host" command, which creates a readable "community" community string if one has not been previously created. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0071.md b/2002/CVE-2002-0071.md new file mode 100644 index 000000000..5d0cdc880 --- /dev/null +++ b/2002/CVE-2002-0071.md @@ -0,0 +1,17 @@ +### [CVE-2002-0071](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0071) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0072.md b/2002/CVE-2002-0072.md new file mode 100644 index 000000000..8e7c36797 --- /dev/null +++ b/2002/CVE-2002-0072.md @@ -0,0 +1,17 @@ +### [CVE-2002-0072](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0072) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0073.md b/2002/CVE-2002-0073.md index b2dbcede7..a3d43adbc 100644 --- a/2002/CVE-2002-0073.md +++ b/2002/CVE-2002-0073.md @@ -11,6 +11,7 @@ The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows att #### Reference - http://marc.info/?l=bugtraq&m=101901273810598&w=2 +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml #### Github No PoCs found on GitHub currently. diff --git a/2002/CVE-2002-0074.md b/2002/CVE-2002-0074.md new file mode 100644 index 000000000..b1d9d3b84 --- /dev/null +++ b/2002/CVE-2002-0074.md @@ -0,0 +1,17 @@ +### [CVE-2002-0074](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0074) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0075.md b/2002/CVE-2002-0075.md new file mode 100644 index 000000000..3ec81dd6a --- /dev/null +++ b/2002/CVE-2002-0075.md @@ -0,0 +1,17 @@ +### [CVE-2002-0075](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0075) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0079.md b/2002/CVE-2002-0079.md new file mode 100644 index 000000000..7f2d47473 --- /dev/null +++ b/2002/CVE-2002-0079.md @@ -0,0 +1,17 @@ +### [CVE-2002-0079](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0079) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0083.md b/2002/CVE-2002-0083.md new file mode 100644 index 000000000..9862e4f36 --- /dev/null +++ b/2002/CVE-2002-0083.md @@ -0,0 +1,17 @@ +### [CVE-2002-0083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0083) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bigb0x/CVE-2024-6387 + diff --git a/2002/CVE-2002-0147.md b/2002/CVE-2002-0147.md new file mode 100644 index 000000000..6c0662f24 --- /dev/null +++ b/2002/CVE-2002-0147.md @@ -0,0 +1,17 @@ +### [CVE-2002-0147](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0147) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0148.md b/2002/CVE-2002-0148.md index 3eb9ab0af..d15e26d07 100644 --- a/2002/CVE-2002-0148.md +++ b/2002/CVE-2002-0148.md @@ -10,6 +10,7 @@ Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 ### POC #### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A92 #### Github diff --git a/2002/CVE-2002-0149.md b/2002/CVE-2002-0149.md index 236158970..f897848bb 100644 --- a/2002/CVE-2002-0149.md +++ b/2002/CVE-2002-0149.md @@ -10,6 +10,7 @@ Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allo ### POC #### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A95 #### Github diff --git a/2002/CVE-2002-0150.md b/2002/CVE-2002-0150.md new file mode 100644 index 000000000..b76a36137 --- /dev/null +++ b/2002/CVE-2002-0150.md @@ -0,0 +1,17 @@ +### [CVE-2002-0150](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0150) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0159.md b/2002/CVE-2002-0159.md new file mode 100644 index 000000000..654ccec70 --- /dev/null +++ b/2002/CVE-2002-0159.md @@ -0,0 +1,17 @@ +### [CVE-2002-0159](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0159) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0160.md b/2002/CVE-2002-0160.md new file mode 100644 index 000000000..15ab2550a --- /dev/null +++ b/2002/CVE-2002-0160.md @@ -0,0 +1,17 @@ +### [CVE-2002-0160](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0160) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0339.md b/2002/CVE-2002-0339.md new file mode 100644 index 000000000..e93304534 --- /dev/null +++ b/2002/CVE-2002-0339.md @@ -0,0 +1,17 @@ +### [CVE-2002-0339](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0339) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0505.md b/2002/CVE-2002-0505.md new file mode 100644 index 000000000..f08cd6abe --- /dev/null +++ b/2002/CVE-2002-0505.md @@ -0,0 +1,17 @@ +### [CVE-2002-0505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0505) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0545.md b/2002/CVE-2002-0545.md new file mode 100644 index 000000000..a576f87dc --- /dev/null +++ b/2002/CVE-2002-0545.md @@ -0,0 +1,17 @@ +### [CVE-2002-0545](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0545) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Aironet-Telnet.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0769.md b/2002/CVE-2002-0769.md new file mode 100644 index 000000000..4365d108e --- /dev/null +++ b/2002/CVE-2002-0769.md @@ -0,0 +1,17 @@ +### [CVE-2002-0769](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0769) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ata186-password-disclosure.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0778.md b/2002/CVE-2002-0778.md new file mode 100644 index 000000000..db6dd12d5 --- /dev/null +++ b/2002/CVE-2002-0778.md @@ -0,0 +1,17 @@ +### [CVE-2002-0778](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0778) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/transparentcache-tcp-relay-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0792.md b/2002/CVE-2002-0792.md new file mode 100644 index 000000000..18dffe876 --- /dev/null +++ b/2002/CVE-2002-0792.md @@ -0,0 +1,17 @@ +### [CVE-2002-0792](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0792) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/css-http-post-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0813.md b/2002/CVE-2002-0813.md index 12c6c837a..9f9ccdc0c 100644 --- a/2002/CVE-2002-0813.md +++ b/2002/CVE-2002-0813.md @@ -11,6 +11,7 @@ Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2 #### Reference - http://marc.info/?l=bugtraq&m=103002169829669&w=2 +- http://www.cisco.com/warp/public/707/ios-tftp-long-filename-pub.shtml #### Github No PoCs found on GitHub currently. diff --git a/2002/CVE-2002-0848.md b/2002/CVE-2002-0848.md new file mode 100644 index 000000000..f7f17e931 --- /dev/null +++ b/2002/CVE-2002-0848.md @@ -0,0 +1,17 @@ +### [CVE-2002-0848](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0848) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0852.md b/2002/CVE-2002-0852.md new file mode 100644 index 000000000..0c2e00770 --- /dev/null +++ b/2002/CVE-2002-0852.md @@ -0,0 +1,17 @@ +### [CVE-2002-0852](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0852) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via (1) an Internet Key Exchange (IKE) with a large Security Parameter Index (SPI) payload, or (2) an IKE packet with a large number of valid payloads. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0853.md b/2002/CVE-2002-0853.md new file mode 100644 index 000000000..9470c2f51 --- /dev/null +++ b/2002/CVE-2002-0853.md @@ -0,0 +1,17 @@ +### [CVE-2002-0853](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0853) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0870.md b/2002/CVE-2002-0870.md new file mode 100644 index 000000000..cdd55d9d9 --- /dev/null +++ b/2002/CVE-2002-0870.md @@ -0,0 +1,17 @@ +### [CVE-2002-0870](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0870) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The original patch for the Cisco Content Service Switch 11000 Series authentication bypass vulnerability (CVE-2001-0622) was incomplete, which still allows remote attackers to gain additional privileges by directly requesting the web management URL instead of navigating through the interface, possibly via a variant of the original attack, as identified by Cisco bug ID CSCdw08549. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0880.md b/2002/CVE-2002-0880.md new file mode 100644 index 000000000..830004ae3 --- /dev/null +++ b/2002/CVE-2002-0880.md @@ -0,0 +1,17 @@ +### [CVE-2002-0880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0880) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attackers to cause a denial of service (crash) via malformed packets as demonstrated by (1) "jolt", (2) "jolt2", (3) "raped", (4) "hping2", (5) "bloop", (6) "bubonic", (7) "mutant", (8) "trash", and (9) "trash2." + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0881.md b/2002/CVE-2002-0881.md new file mode 100644 index 000000000..e7871d4f5 --- /dev/null +++ b/2002/CVE-2002-0881.md @@ -0,0 +1,17 @@ +### [CVE-2002-0881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0881) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default administrative password, which allows attackers with physical access to the phone to modify the configuration settings. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0882.md b/2002/CVE-2002-0882.md new file mode 100644 index 000000000..c0c47d9b5 --- /dev/null +++ b/2002/CVE-2002-0882.md @@ -0,0 +1,17 @@ +### [CVE-2002-0882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0882) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the PortInformation script. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0886.md b/2002/CVE-2002-0886.md new file mode 100644 index 000000000..b21d8c570 --- /dev/null +++ b/2002/CVE-2002-0886.md @@ -0,0 +1,17 @@ +### [CVE-2002-0886](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0886) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service (hang or memory consumption) via (1) a large packet to the DHCP port, (2) a large packet to the Telnet port, or (3) a flood of large packets to the CPE, which causes the TCP/IP stack to consume large amounts of memory. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/CBOS-DoS.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-0952.md b/2002/CVE-2002-0952.md new file mode 100644 index 000000000..c6422d81d --- /dev/null +++ b/2002/CVE-2002-0952.md @@ -0,0 +1,17 @@ +### [CVE-2002-0952](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0952) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 allows remote attackers to cause a denial of service (reset) by sending IP packets with non-zero Type of Service (TOS) bits to the Timing Control Card (TCC) LAN interface. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ons-tos-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1024.md b/2002/CVE-2002-1024.md index e9d59c20b..e1ff8f72b 100644 --- a/2002/CVE-2002-1024.md +++ b/2002/CVE-2002-1024.md @@ -10,7 +10,7 @@ Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attackers to cau ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/SSH-scanning.shtml #### Github - https://github.com/phx/cvescan diff --git a/2002/CVE-2002-1092.md b/2002/CVE-2002-1092.md new file mode 100644 index 000000000..e1da84d25 --- /dev/null +++ b/2002/CVE-2002-1092.md @@ -0,0 +1,17 @@ +### [CVE-2002-1092](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1092) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1093.md b/2002/CVE-2002-1093.md new file mode 100644 index 000000000..031510209 --- /dev/null +++ b/2002/CVE-2002-1093.md @@ -0,0 +1,17 @@ +### [CVE-2002-1093](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1093) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1094.md b/2002/CVE-2002-1094.md new file mode 100644 index 000000000..758cda27b --- /dev/null +++ b/2002/CVE-2002-1094.md @@ -0,0 +1,17 @@ +### [CVE-2002-1094](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1094) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.5.4 allow remote attackers to obtain potentially sensitive information via the (1) SSH banner, (2) FTP banner, or (3) an incorrect HTTP request. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1095.md b/2002/CVE-2002-1095.md new file mode 100644 index 000000000..3fb206c6c --- /dev/null +++ b/2002/CVE-2002-1095.md @@ -0,0 +1,17 @@ +### [CVE-2002-1095](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1095) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1096.md b/2002/CVE-2002-1096.md new file mode 100644 index 000000000..4e940826c --- /dev/null +++ b/2002/CVE-2002-1096.md @@ -0,0 +1,17 @@ +### [CVE-2002-1096](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1096) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1097.md b/2002/CVE-2002-1097.md new file mode 100644 index 000000000..94da33dc3 --- /dev/null +++ b/2002/CVE-2002-1097.md @@ -0,0 +1,17 @@ +### [CVE-2002-1097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1097) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1098.md b/2002/CVE-2002-1098.md new file mode 100644 index 000000000..8f3020a6d --- /dev/null +++ b/2002/CVE-2002-1098.md @@ -0,0 +1,17 @@ +### [CVE-2002-1098](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1098) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1099.md b/2002/CVE-2002-1099.md new file mode 100644 index 000000000..3930d4555 --- /dev/null +++ b/2002/CVE-2002-1099.md @@ -0,0 +1,17 @@ +### [CVE-2002-1099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1099) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1100.md b/2002/CVE-2002-1100.md new file mode 100644 index 000000000..a32d98d4b --- /dev/null +++ b/2002/CVE-2002-1100.md @@ -0,0 +1,17 @@ +### [CVE-2002-1100](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1100) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to cause a denial of service (crash) via a long (1) username or (2) password to the HTML login interface. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1101.md b/2002/CVE-2002-1101.md new file mode 100644 index 000000000..051d7cddb --- /dev/null +++ b/2002/CVE-2002-1101.md @@ -0,0 +1,17 @@ +### [CVE-2002-1101](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1101) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via a long user name. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1102.md b/2002/CVE-2002-1102.md new file mode 100644 index 000000000..e121cdcae --- /dev/null +++ b/2002/CVE-2002-1102.md @@ -0,0 +1,17 @@ +### [CVE-2002-1102](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1102) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1103.md b/2002/CVE-2002-1103.md new file mode 100644 index 000000000..000515bf2 --- /dev/null +++ b/2002/CVE-2002-1103.md @@ -0,0 +1,17 @@ +### [CVE-2002-1103](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1103) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, allows remote attackers to cause a denial of service via (1) malformed or (2) large ISAKMP packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1104.md b/2002/CVE-2002-1104.md new file mode 100644 index 000000000..c99c9c8d3 --- /dev/null +++ b/2002/CVE-2002-1104.md @@ -0,0 +1,17 @@ +### [CVE-2002-1104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1104) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1105.md b/2002/CVE-2002-1105.md new file mode 100644 index 000000000..6ec27a3b6 --- /dev/null +++ b/2002/CVE-2002-1105.md @@ -0,0 +1,17 @@ +### [CVE-2002-1105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1105) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1106.md b/2002/CVE-2002-1106.md new file mode 100644 index 000000000..5cdfee066 --- /dev/null +++ b/2002/CVE-2002-1106.md @@ -0,0 +1,17 @@ +### [CVE-2002-1106](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1106) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1107.md b/2002/CVE-2002-1107.md new file mode 100644 index 000000000..fe8a14938 --- /dev/null +++ b/2002/CVE-2002-1107.md @@ -0,0 +1,17 @@ +### [CVE-2002-1107](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1107) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1108.md b/2002/CVE-2002-1108.md new file mode 100644 index 000000000..99103c62f --- /dev/null +++ b/2002/CVE-2002-1108.md @@ -0,0 +1,17 @@ +### [CVE-2002-1108](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1108) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1131.md b/2002/CVE-2002-1131.md index 3e96f1d1a..2f194bbeb 100644 --- a/2002/CVE-2002-1131.md +++ b/2002/CVE-2002-1131.md @@ -16,4 +16,5 @@ No PoCs from references. - https://github.com/0xget/cve-2001-1473 - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/POORVAJA-195/Nuclei-Analysis-main +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2002/CVE-2002-1137.md b/2002/CVE-2002-1137.md new file mode 100644 index 000000000..36599db0a --- /dev/null +++ b/2002/CVE-2002-1137.md @@ -0,0 +1,17 @@ +### [CVE-2002-1137](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1137) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1145.md b/2002/CVE-2002-1145.md new file mode 100644 index 000000000..4eeec0aec --- /dev/null +++ b/2002/CVE-2002-1145.md @@ -0,0 +1,17 @@ +### [CVE-2002-1145](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1145) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1189.md b/2002/CVE-2002-1189.md new file mode 100644 index 000000000..a92919ccd --- /dev/null +++ b/2002/CVE-2002-1189.md @@ -0,0 +1,17 @@ +### [CVE-2002-1189](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1189) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1190.md b/2002/CVE-2002-1190.md new file mode 100644 index 000000000..ea5030599 --- /dev/null +++ b/2002/CVE-2002-1190.md @@ -0,0 +1,17 @@ +### [CVE-2002-1190](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1190) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Unity 2.x and 3.x uses well-known default user accounts, which could allow remote attackers to gain access and place arbitrary calls. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1222.md b/2002/CVE-2002-1222.md new file mode 100644 index 000000000..74a01ffed --- /dev/null +++ b/2002/CVE-2002-1222.md @@ -0,0 +1,17 @@ +### [CVE-2002-1222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1222) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/catos-http-overflow-vuln.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1447.md b/2002/CVE-2002-1447.md new file mode 100644 index 000000000..2be954869 --- /dev/null +++ b/2002/CVE-2002-1447.md @@ -0,0 +1,17 @@ +### [CVE-2002-1447](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1447) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1491.md b/2002/CVE-2002-1491.md new file mode 100644 index 000000000..b47b1ac6d --- /dev/null +++ b/2002/CVE-2002-1491.md @@ -0,0 +1,17 @@ +### [CVE-2002-1491](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1491) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1492.md b/2002/CVE-2002-1492.md new file mode 100644 index 000000000..47addc5a7 --- /dev/null +++ b/2002/CVE-2002-1492.md @@ -0,0 +1,17 @@ +### [CVE-2002-1492](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1492) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1553.md b/2002/CVE-2002-1553.md new file mode 100644 index 000000000..fe64066e3 --- /dev/null +++ b/2002/CVE-2002-1553.md @@ -0,0 +1,17 @@ +### [CVE-2002-1553](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1553) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1554.md b/2002/CVE-2002-1554.md new file mode 100644 index 000000000..12ae7d57c --- /dev/null +++ b/2002/CVE-2002-1554.md @@ -0,0 +1,17 @@ +### [CVE-2002-1554](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1554) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1555.md b/2002/CVE-2002-1555.md new file mode 100644 index 000000000..88f9b9884 --- /dev/null +++ b/2002/CVE-2002-1555.md @@ -0,0 +1,17 @@ +### [CVE-2002-1555](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1555) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1556.md b/2002/CVE-2002-1556.md new file mode 100644 index 000000000..2d3447cb8 --- /dev/null +++ b/2002/CVE-2002-1556.md @@ -0,0 +1,17 @@ +### [CVE-2002-1556](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1556) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1557.md b/2002/CVE-2002-1557.md new file mode 100644 index 000000000..8f7f6b621 --- /dev/null +++ b/2002/CVE-2002-1557.md @@ -0,0 +1,17 @@ +### [CVE-2002-1557](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1557) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1558.md b/2002/CVE-2002-1558.md new file mode 100644 index 000000000..24899bcaf --- /dev/null +++ b/2002/CVE-2002-1558.md @@ -0,0 +1,17 @@ +### [CVE-2002-1558](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1558) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1595.md b/2002/CVE-2002-1595.md new file mode 100644 index 000000000..bfd87e8b5 --- /dev/null +++ b/2002/CVE-2002-1595.md @@ -0,0 +1,17 @@ +### [CVE-2002-1595](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1595) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1596.md b/2002/CVE-2002-1596.md new file mode 100644 index 000000000..23026cc44 --- /dev/null +++ b/2002/CVE-2002-1596.md @@ -0,0 +1,17 @@ +### [CVE-2002-1596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1596) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (router crash) via an HTTP request with large headers. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1597.md b/2002/CVE-2002-1597.md new file mode 100644 index 000000000..b06530dba --- /dev/null +++ b/2002/CVE-2002-1597.md @@ -0,0 +1,17 @@ +### [CVE-2002-1597](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1597) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (halt) via a fragmented packet to the Gigabit interface. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-1706.md b/2002/CVE-2002-1706.md new file mode 100644 index 000000000..e894d6e06 --- /dev/null +++ b/2002/CVE-2002-1706.md @@ -0,0 +1,17 @@ +### [CVE-2002-1706](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1706) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature, which is approved by the router. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cmts-MD5-bypass-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-2037.md b/2002/CVE-2002-2037.md new file mode 100644 index 000000000..33f6019c4 --- /dev/null +++ b/2002/CVE-2002-2037.md @@ -0,0 +1,17 @@ +### [CVE-2002-2037](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2037) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier, (2) VSC3000 9.1 and earlier, (3) PGW 2200 9.1 and earlier, (4) Billing and Management Server (BAMS) and (5) Voice Services Provisioning Tool (VSPT) runs on default installations of Solaris 2.6 with unnecessary services and without the latest security patches, which allows attackers to exploit known vulnerabilities. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/Solaris-for-MGC-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-2139.md b/2002/CVE-2002-2139.md new file mode 100644 index 000000000..7c8db1f1f --- /dev/null +++ b/2002/CVE-2002-2139.md @@ -0,0 +1,17 @@ +### [CVE-2002-2139](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2139) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/pix-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-2140.md b/2002/CVE-2002-2140.md new file mode 100644 index 000000000..fae2e96ec --- /dev/null +++ b/2002/CVE-2002-2140.md @@ -0,0 +1,17 @@ +### [CVE-2002-2140](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2140) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, 6.1.x to 6.1.3, and 6.2.x to 6.2.1 allows remote attackers to cause a denial of service via HTTP traffic authentication using (1) TACACS+ or (2) RADIUS. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/pix-multiple-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-2208.md b/2002/CVE-2002-2208.md new file mode 100644 index 000000000..87d5f8f53 --- /dev/null +++ b/2002/CVE-2002-2208.md @@ -0,0 +1,17 @@ +### [CVE-2002-2208](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2208) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/eigrp_issue.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2002/CVE-2002-2239.md b/2002/CVE-2002-2239.md new file mode 100644 index 000000000..d4e9f5797 --- /dev/null +++ b/2002/CVE-2002-2239.md @@ -0,0 +1,17 @@ +### [CVE-2002-2239](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2239) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 series running Cisco IOS 12.1(8)E through 12.1(13.4)E allows remote attackers to cause a denial of service (hang) via a malformed packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/osm-lc-ios-pkt-vuln-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0190.md b/2003/CVE-2003-0190.md index e7a97819d..bea1b32bc 100644 --- a/2003/CVE-2003-0190.md +++ b/2003/CVE-2003-0190.md @@ -19,5 +19,6 @@ OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediat - https://github.com/0xdea/exploits - https://github.com/Live-Hack-CVE/CVE-2003-0190 - https://github.com/Live-Hack-CVE/CVE-2003-1562 +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/octane23/CASE-STUDY-1 diff --git a/2003/CVE-2003-0210.md b/2003/CVE-2003-0210.md new file mode 100644 index 000000000..f5f025adb --- /dev/null +++ b/2003/CVE-2003-0210.md @@ -0,0 +1,17 @@ +### [CVE-2003-0210](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0210) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0216.md b/2003/CVE-2003-0216.md new file mode 100644 index 000000000..cb09059e4 --- /dev/null +++ b/2003/CVE-2003-0216.md @@ -0,0 +1,17 @@ +### [CVE-2003-0216](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0216) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030424-catos.shtml. + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0258.md b/2003/CVE-2003-0258.md new file mode 100644 index 000000000..b226a0167 --- /dev/null +++ b/2003/CVE-2003-0258.md @@ -0,0 +1,17 @@ +### [CVE-2003-0258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0258) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0259.md b/2003/CVE-2003-0259.md new file mode 100644 index 000000000..83c51c08b --- /dev/null +++ b/2003/CVE-2003-0259.md @@ -0,0 +1,17 @@ +### [CVE-2003-0259](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0259) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0260.md b/2003/CVE-2003-0260.md new file mode 100644 index 000000000..de8499645 --- /dev/null +++ b/2003/CVE-2003-0260.md @@ -0,0 +1,17 @@ +### [CVE-2003-0260](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0260) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0305.md b/2003/CVE-2003-0305.md new file mode 100644 index 000000000..79011f0a7 --- /dev/null +++ b/2003/CVE-2003-0305.md @@ -0,0 +1,17 @@ +### [CVE-2003-0305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0305) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030515-saa.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0511.md b/2003/CVE-2003-0511.md new file mode 100644 index 000000000..13bb8a7fb --- /dev/null +++ b/2003/CVE-2003-0511.md @@ -0,0 +1,17 @@ +### [CVE-2003-0511](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0511) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030728-ap1x00.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0512.md b/2003/CVE-2003-0512.md new file mode 100644 index 000000000..4d8c017c2 --- /dev/null +++ b/2003/CVE-2003-0512.md @@ -0,0 +1,17 @@ +### [CVE-2003-0512](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0512) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0567.md b/2003/CVE-2003-0567.md index 17239bf5a..3d4314061 100644 --- a/2003/CVE-2003-0567.md +++ b/2003/CVE-2003-0567.md @@ -11,6 +11,7 @@ Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial o #### Reference - http://www.cert.org/advisories/CA-2003-17.html +- http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml #### Github No PoCs found on GitHub currently. diff --git a/2003/CVE-2003-0647.md b/2003/CVE-2003-0647.md new file mode 100644 index 000000000..b13c57f07 --- /dev/null +++ b/2003/CVE-2003-0647.md @@ -0,0 +1,17 @@ +### [CVE-2003-0647](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0647) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0731.md b/2003/CVE-2003-0731.md new file mode 100644 index 000000000..35f703ec6 --- /dev/null +++ b/2003/CVE-2003-0731.md @@ -0,0 +1,17 @@ +### [CVE-2003-0731](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0731) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and a modified "priviledges" parameter. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0732.md b/2003/CVE-2003-0732.md new file mode 100644 index 000000000..9b7998f01 --- /dev/null +++ b/2003/CVE-2003-0732.md @@ -0,0 +1,17 @@ +### [CVE-2003-0732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0732) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-0812.md b/2003/CVE-2003-0812.md index fad57bdd9..70adf262d 100644 --- a/2003/CVE-2003-0812.md +++ b/2003/CVE-2003-0812.md @@ -11,6 +11,7 @@ Stack-based buffer overflow in a logging function for Windows Workstation Servic #### Reference - http://marc.info/?l=bugtraq&m=106865197102041&w=2 +- http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml - http://www.kb.cert.org/vuls/id/567620 #### Github diff --git a/2003/CVE-2003-0851.md b/2003/CVE-2003-0851.md index 52402d9cc..ba6baa70a 100644 --- a/2003/CVE-2003-0851.md +++ b/2003/CVE-2003-0851.md @@ -10,7 +10,7 @@ OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via l ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2003/CVE-2003-0982.md b/2003/CVE-2003-0982.md new file mode 100644 index 000000000..9900807fb --- /dev/null +++ b/2003/CVE-2003-0982.md @@ -0,0 +1,17 @@ +### [CVE-2003-0982](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0982) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20031210-ACNS-auth.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-1001.md b/2003/CVE-2003-1001.md new file mode 100644 index 000000000..57dfb8cac --- /dev/null +++ b/2003/CVE-2003-1001.md @@ -0,0 +1,17 @@ +### [CVE-2003-1001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1001) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20031215-fwsm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-1002.md b/2003/CVE-2003-1002.md new file mode 100644 index 000000000..9492d5f4d --- /dev/null +++ b/2003/CVE-2003-1002.md @@ -0,0 +1,17 @@ +### [CVE-2003-1002](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1002) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20031215-fwsm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-1003.md b/2003/CVE-2003-1003.md new file mode 100644 index 000000000..58a678e5e --- /dev/null +++ b/2003/CVE-2003-1003.md @@ -0,0 +1,17 @@ +### [CVE-2003-1003](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1003) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-1004.md b/2003/CVE-2003-1004.md new file mode 100644 index 000000000..3100d3633 --- /dev/null +++ b/2003/CVE-2003-1004.md @@ -0,0 +1,17 @@ +### [CVE-2003-1004](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1004) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-1096.md b/2003/CVE-2003-1096.md new file mode 100644 index 000000000..12c52941a --- /dev/null +++ b/2003/CVE-2003-1096.md @@ -0,0 +1,17 @@ +### [CVE-2003-1096](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1096) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-1109.md b/2003/CVE-2003-1109.md new file mode 100644 index 000000000..a2d397fb9 --- /dev/null +++ b/2003/CVE-2003-1109.md @@ -0,0 +1,17 @@ +### [CVE-2003-1109](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1109) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-1132.md b/2003/CVE-2003-1132.md new file mode 100644 index 000000000..2c688e50a --- /dev/null +++ b/2003/CVE-2003-1132.md @@ -0,0 +1,17 @@ +### [CVE-2003-1132](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1132) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20030430-dns.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2003/CVE-2003-1418.md b/2003/CVE-2003-1418.md index 86be8558b..bf880424b 100644 --- a/2003/CVE-2003-1418.md +++ b/2003/CVE-2003-1418.md @@ -13,5 +13,6 @@ Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to o - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html #### Github +- https://github.com/EzeTauil/Maquina-Vacaciones - https://github.com/KINGSABRI/nessus-search diff --git a/2004/CVE-2004-0044.md b/2004/CVE-2004-0044.md new file mode 100644 index 000000000..95fee1709 --- /dev/null +++ b/2004/CVE-2004-0044.md @@ -0,0 +1,17 @@ +### [CVE-2004-0044](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0044) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0054.md b/2004/CVE-2004-0054.md new file mode 100644 index 000000000..944215c19 --- /dev/null +++ b/2004/CVE-2004-0054.md @@ -0,0 +1,17 @@ +### [CVE-2004-0054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0054) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0077.md b/2004/CVE-2004-0077.md index 8a9bd1542..6b3637a00 100644 --- a/2004/CVE-2004-0077.md +++ b/2004/CVE-2004-0077.md @@ -34,6 +34,7 @@ The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2004/CVE-2004-0079.md b/2004/CVE-2004-0079.md index b872cddaf..10644a926 100644 --- a/2004/CVE-2004-0079.md +++ b/2004/CVE-2004-0079.md @@ -10,6 +10,7 @@ The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0. ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A975 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9779 diff --git a/2004/CVE-2004-0081.md b/2004/CVE-2004-0081.md index cc3fea93a..0a9de38c8 100644 --- a/2004/CVE-2004-0081.md +++ b/2004/CVE-2004-0081.md @@ -10,6 +10,7 @@ OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, whic ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A902 #### Github diff --git a/2004/CVE-2004-0112.md b/2004/CVE-2004-0112.md index 918110b7f..1b47efb08 100644 --- a/2004/CVE-2004-0112.md +++ b/2004/CVE-2004-0112.md @@ -10,6 +10,7 @@ The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using K ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040317-openssl.shtml - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A928 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9580 diff --git a/2004/CVE-2004-0230.md b/2004/CVE-2004-0230.md index b91b3bdfc..8e1d21891 100644 --- a/2004/CVE-2004-0230.md +++ b/2004/CVE-2004-0230.md @@ -10,6 +10,7 @@ TCP, when using a large Window Size, makes it easier for remote attackers to gue ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml - http://www.kb.cert.org/vuls/id/415294 - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019 diff --git a/2004/CVE-2004-0244.md b/2004/CVE-2004-0244.md new file mode 100644 index 000000000..50ece48f6 --- /dev/null +++ b/2004/CVE-2004-0244.md @@ -0,0 +1,17 @@ +### [CVE-2004-0244](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0244) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040203-cat6k.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0306.md b/2004/CVE-2004-0306.md new file mode 100644 index 000000000..20761a033 --- /dev/null +++ b/2004/CVE-2004-0306.md @@ -0,0 +1,17 @@ +### [CVE-2004-0306](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0306) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0307.md b/2004/CVE-2004-0307.md new file mode 100644 index 000000000..88f441f54 --- /dev/null +++ b/2004/CVE-2004-0307.md @@ -0,0 +1,17 @@ +### [CVE-2004-0307](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0307) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 SD before 4.1(3) allows remote attackers to cause a denial of service (reset) by not sending the ACK portion of the TCP three-way handshake and sending an invalid response instead. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0308.md b/2004/CVE-2004-0308.md new file mode 100644 index 000000000..82cb664c9 --- /dev/null +++ b/2004/CVE-2004-0308.md @@ -0,0 +1,17 @@ +### [CVE-2004-0308](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0308) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, or suspended to gain unauthorized access via a Telnet connection to the VxWorks shell. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0352.md b/2004/CVE-2004-0352.md new file mode 100644 index 000000000..c2005f599 --- /dev/null +++ b/2004/CVE-2004-0352.md @@ -0,0 +1,17 @@ +### [CVE-2004-0352](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0352) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040304-css.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0391.md b/2004/CVE-2004-0391.md new file mode 100644 index 000000000..9a5cc5829 --- /dev/null +++ b/2004/CVE-2004-0391.md @@ -0,0 +1,17 @@ +### [CVE-2004-0391](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0391) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting Solution Engine (HSE) 1.7 through 1.7.3 have a hardcoded username and password, which allows remote attackers to add new users, modify existing users, and change configuration. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040407-username.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0519.md b/2004/CVE-2004-0519.md index 7677fbdba..2679f7d68 100644 --- a/2004/CVE-2004-0519.md +++ b/2004/CVE-2004-0519.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/POORVAJA-195/Nuclei-Analysis-main +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2004/CVE-2004-0551.md b/2004/CVE-2004-0551.md new file mode 100644 index 000000000..67d3b57a8 --- /dev/null +++ b/2004/CVE-2004-0551.md @@ -0,0 +1,17 @@ +### [CVE-2004-0551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0551) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the three-way handshake to the (1) Telnet, (2) HTTP, or (3) SSH services, aka "TCP-ACK DoS attack." + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040609-catos.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0589.md b/2004/CVE-2004-0589.md index b20654eb6..0d4bccb7d 100644 --- a/2004/CVE-2004-0589.md +++ b/2004/CVE-2004-0589.md @@ -10,7 +10,7 @@ Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured f ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml #### Github - https://github.com/Live-Hack-CVE/CVE-2004-0589 diff --git a/2004/CVE-2004-0650.md b/2004/CVE-2004-0650.md new file mode 100644 index 000000000..aaf2f349b --- /dev/null +++ b/2004/CVE-2004-0650.md @@ -0,0 +1,17 @@ +### [CVE-2004-0650](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0650) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040630-CCS.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0710.md b/2004/CVE-2004-0710.md new file mode 100644 index 000000000..3dfabc1ea --- /dev/null +++ b/2004/CVE-2004-0710.md @@ -0,0 +1,17 @@ +### [CVE-2004-0710](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0710) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of service (device crash and reload) via a malformed Internet Key Exchange (IKE) packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040408-vpnsm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-0714.md b/2004/CVE-2004-0714.md new file mode 100644 index 000000000..b350da580 --- /dev/null +++ b/2004/CVE-2004-0714.md @@ -0,0 +1,17 @@ +### [CVE-2004-0714](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0714) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1060.md b/2004/CVE-2004-1060.md index 095bc9669..aa485a4b1 100644 --- a/2004/CVE-2004-1060.md +++ b/2004/CVE-2004-1060.md @@ -11,6 +11,7 @@ Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery ( #### Reference - http://securityreason.com/securityalert/57 +- http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml - https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019 #### Github diff --git a/2004/CVE-2004-1099.md b/2004/CVE-2004-1099.md new file mode 100644 index 000000000..307653f34 --- /dev/null +++ b/2004/CVE-2004-1099.md @@ -0,0 +1,17 @@ +### [CVE-2004-1099](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1099) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20041102-acs-eap-tls.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1111.md b/2004/CVE-2004-1111.md new file mode 100644 index 000000000..e8a95a9ba --- /dev/null +++ b/2004/CVE-2004-1111.md @@ -0,0 +1,17 @@ +### [CVE-2004-1111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1111) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20041110-dhcp.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1112.md b/2004/CVE-2004-1112.md new file mode 100644 index 000000000..c39725072 --- /dev/null +++ b/2004/CVE-2004-1112.md @@ -0,0 +1,17 @@ +### [CVE-2004-1112](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1112) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20041111-csa.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1235.md b/2004/CVE-2004-1235.md index 063e6081e..0f710224f 100644 --- a/2004/CVE-2004-1235.md +++ b/2004/CVE-2004-1235.md @@ -31,6 +31,7 @@ Race condition in the (1) load_elf_library and (2) binfmt_aout function calls fo - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2004/CVE-2004-1322.md b/2004/CVE-2004-1322.md new file mode 100644 index 000000000..49f2b4d95 --- /dev/null +++ b/2004/CVE-2004-1322.md @@ -0,0 +1,17 @@ +### [CVE-2004-1322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1322) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20041215-unity.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1432.md b/2004/CVE-2004-1432.md new file mode 100644 index 000000000..10a4dd0f0 --- /dev/null +++ b/2004/CVE-2004-1432.md @@ -0,0 +1,17 @@ +### [CVE-2004-1432](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1432) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed (1) IP or (2) ICMP packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1433.md b/2004/CVE-2004-1433.md new file mode 100644 index 000000000..d60d12371 --- /dev/null +++ b/2004/CVE-2004-1433.md @@ -0,0 +1,17 @@ +### [CVE-2004-1433](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1433) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, and ONS 15600 1.x(x), allows remote attackers to cause a denial of service (control card reset) via malformed (1) TCP and (2) UDP packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1434.md b/2004/CVE-2004-1434.md new file mode 100644 index 000000000..5d16c4bb2 --- /dev/null +++ b/2004/CVE-2004-1434.md @@ -0,0 +1,17 @@ +### [CVE-2004-1434](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1434) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.1(0) to 4.1(2), 4.5(x), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed SNMP packets. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1435.md b/2004/CVE-2004-1435.md new file mode 100644 index 000000000..cc20ca5ce --- /dev/null +++ b/2004/CVE-2004-1435.md @@ -0,0 +1,17 @@ +### [CVE-2004-1435](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1435) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via a large number of TCP connections with an invalid response instead of the final ACK (TCP-ACK). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1436.md b/2004/CVE-2004-1436.md new file mode 100644 index 000000000..fa9d5d160 --- /dev/null +++ b/2004/CVE-2004-1436.md @@ -0,0 +1,17 @@ +### [CVE-2004-1436](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1436) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote attackers to gain unauthorized access by logging in with a password larger than 10 characters. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040721-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1454.md b/2004/CVE-2004-1454.md new file mode 100644 index 000000000..0cbb94531 --- /dev/null +++ b/2004/CVE-2004-1454.md @@ -0,0 +1,17 @@ +### [CVE-2004-1454](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1454) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040818-ospf.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1458.md b/2004/CVE-2004-1458.md new file mode 100644 index 000000000..ea7963cdd --- /dev/null +++ b/2004/CVE-2004-1458.md @@ -0,0 +1,17 @@ +### [CVE-2004-1458](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1458) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to port 2002. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1459.md b/2004/CVE-2004-1459.md new file mode 100644 index 000000000..7dad0b727 --- /dev/null +++ b/2004/CVE-2004-1459.md @@ -0,0 +1,17 @@ +### [CVE-2004-1459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1459) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1460.md b/2004/CVE-2004-1460.md new file mode 100644 index 000000000..efad8ad2c --- /dev/null +++ b/2004/CVE-2004-1460.md @@ -0,0 +1,17 @@ +### [CVE-2004-1460](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1460) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1461.md b/2004/CVE-2004-1461.md new file mode 100644 index 000000000..981218ce1 --- /dev/null +++ b/2004/CVE-2004-1461.md @@ -0,0 +1,17 @@ +### [CVE-2004-1461](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1461) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040825-acs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1464.md b/2004/CVE-2004-1464.md index 666723ad1..1263f5245 100644 --- a/2004/CVE-2004-1464.md +++ b/2004/CVE-2004-1464.md @@ -10,7 +10,7 @@ Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of serv ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml #### Github - https://github.com/Ostorlab/KEV diff --git a/2004/CVE-2004-1759.md b/2004/CVE-2004-1759.md new file mode 100644 index 000000000..c77765a69 --- /dev/null +++ b/2004/CVE-2004-1759.md @@ -0,0 +1,17 @@ +### [CVE-2004-1759](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1759) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of service (CPU consumption) via arbitrary packets to TCP port 14247, as demonstrated using port scanning. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1760.md b/2004/CVE-2004-1760.md new file mode 100644 index 000000000..19ab47f85 --- /dev/null +++ b/2004/CVE-2004-1760.md @@ -0,0 +1,17 @@ +### [CVE-2004-1760](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1760) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20040121-voice.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1775.md b/2004/CVE-2004-1775.md new file mode 100644 index 000000000..1fedc5ceb --- /dev/null +++ b/2004/CVE-2004-1775.md @@ -0,0 +1,17 @@ +### [CVE-2004-1775](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1775) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-1776.md b/2004/CVE-2004-1776.md new file mode 100644 index 000000000..19c5d8ede --- /dev/null +++ b/2004/CVE-2004-1776.md @@ -0,0 +1,17 @@ +### [CVE-2004-1776](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1776) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2004/CVE-2004-2687.md b/2004/CVE-2004-2687.md index a56a108f0..e50183686 100644 --- a/2004/CVE-2004-2687.md +++ b/2004/CVE-2004-2687.md @@ -19,7 +19,9 @@ No PoCs from references. - https://github.com/CVEDB/awesome-cve-repo - https://github.com/H3xL00m/distccd_rce_CVE-2004-2687 - https://github.com/Kr1tz3x3/HTB-Writeups +- https://github.com/Patrick122333/4240project - https://github.com/SecGen/SecGen +- https://github.com/Sp3c73rSh4d0w/distccd_rce_CVE-2004-2687 - https://github.com/angelpimentell/distcc_cve_2004-2687_exploit - https://github.com/c0d3cr4f73r/distccd_rce_CVE-2004-2687 - https://github.com/crypticdante/distccd_rce_CVE-2004-2687 @@ -30,6 +32,7 @@ No PoCs from references. - https://github.com/k4miyo/CVE-2004-2687 - https://github.com/k4u5h41/distccd_rce_CVE-2004-2687 - https://github.com/marcocastro100/Intrusion_Detection_System-Python +- https://github.com/mrhunter7/SecGen - https://github.com/n3ov4n1sh/distccd_rce_CVE-2004-2687 - https://github.com/ss0wl/CVE-2004-2687_distcc_v1 - https://github.com/sukraken/distcc_exploit.py diff --git a/2005/CVE-2005-0186.md b/2005/CVE-2005-0186.md new file mode 100644 index 000000000..5c5fe8026 --- /dev/null +++ b/2005/CVE-2005-0186.md @@ -0,0 +1,17 @@ +### [CVE-2005-0186](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0186) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-0195.md b/2005/CVE-2005-0195.md new file mode 100644 index 000000000..8ae893d3f --- /dev/null +++ b/2005/CVE-2005-0195.md @@ -0,0 +1,17 @@ +### [CVE-2005-0195](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0195) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-0197.md b/2005/CVE-2005-0197.md new file mode 100644 index 000000000..8bacb85a8 --- /dev/null +++ b/2005/CVE-2005-0197.md @@ -0,0 +1,17 @@ +### [CVE-2005-0197](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0197) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-0356.md b/2005/CVE-2005-0356.md new file mode 100644 index 000000000..ac109e7f3 --- /dev/null +++ b/2005/CVE-2005-0356.md @@ -0,0 +1,17 @@ +### [CVE-2005-0356](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0356) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-0736.md b/2005/CVE-2005-0736.md index fafe3b146..3f6f06ac6 100644 --- a/2005/CVE-2005-0736.md +++ b/2005/CVE-2005-0736.md @@ -31,6 +31,7 @@ Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2005/CVE-2005-0943.md b/2005/CVE-2005-0943.md new file mode 100644 index 000000000..bfcd502d4 --- /dev/null +++ b/2005/CVE-2005-0943.md @@ -0,0 +1,17 @@ +### [CVE-2005-0943](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0943) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-1020.md b/2005/CVE-2005-1020.md new file mode 100644 index 000000000..c365d21ba --- /dev/null +++ b/2005/CVE-2005-1020.md @@ -0,0 +1,17 @@ +### [CVE-2005-1020](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1020) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-1021.md b/2005/CVE-2005-1021.md new file mode 100644 index 000000000..650843fa5 --- /dev/null +++ b/2005/CVE-2005-1021.md @@ -0,0 +1,17 @@ +### [CVE-2005-1021](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1021) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-1057.md b/2005/CVE-2005-1057.md new file mode 100644 index 000000000..26289ba48 --- /dev/null +++ b/2005/CVE-2005-1057.md @@ -0,0 +1,17 @@ +### [CVE-2005-1057](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1057) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet." + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-1058.md b/2005/CVE-2005-1058.md new file mode 100644 index 000000000..f15a71274 --- /dev/null +++ b/2005/CVE-2005-1058.md @@ -0,0 +1,17 @@ +### [CVE-2005-1058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1058) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-1263.md b/2005/CVE-2005-1263.md index f8c5c2fd2..a4685d398 100644 --- a/2005/CVE-2005-1263.md +++ b/2005/CVE-2005-1263.md @@ -30,6 +30,7 @@ The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2005/CVE-2005-1942.md b/2005/CVE-2005-1942.md new file mode 100644 index 000000000..deb4f87c5 --- /dev/null +++ b/2005/CVE-2005-1942.md @@ -0,0 +1,17 @@ +### [CVE-2005-1942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1942) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco switches that support 802.1x security allow remote attackers to bypass port security and gain access to the VLAN via spoofed Cisco Discovery Protocol (CDP) messages. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sn-20050608-8021x.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2105.md b/2005/CVE-2005-2105.md new file mode 100644 index 000000000..84783a60b --- /dev/null +++ b/2005/CVE-2005-2105.md @@ -0,0 +1,17 @@ +### [CVE-2005-2105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2105) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050629-aaa.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2241.md b/2005/CVE-2005-2241.md new file mode 100644 index 000000000..e39252312 --- /dev/null +++ b/2005/CVE-2005-2241.md @@ -0,0 +1,17 @@ +### [CVE-2005-2241](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2241) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2242.md b/2005/CVE-2005-2242.md new file mode 100644 index 000000000..0da6640ae --- /dev/null +++ b/2005/CVE-2005-2242.md @@ -0,0 +1,17 @@ +### [CVE-2005-2242](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2242) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to (1) the CTI Manager (ctimgr.exe) or (2) the CallManager (ccm.exe). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2243.md b/2005/CVE-2005-2243.md new file mode 100644 index 000000000..fbd531aa9 --- /dev/null +++ b/2005/CVE-2005-2243.md @@ -0,0 +1,17 @@ +### [CVE-2005-2243](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2243) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2244.md b/2005/CVE-2005-2244.md new file mode 100644 index 000000000..61cf14c05 --- /dev/null +++ b/2005/CVE-2005-2244.md @@ -0,0 +1,17 @@ +### [CVE-2005-2244](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2244) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050712-ccm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2279.md b/2005/CVE-2005-2279.md new file mode 100644 index 000000000..8e3d2df79 --- /dev/null +++ b/2005/CVE-2005-2279.md @@ -0,0 +1,17 @@ +### [CVE-2005-2279](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2279) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware 2.2.2 and earlier allows remote attackers to cause a denial of service (management plane session loss) via crafted telnet data. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050713-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2280.md b/2005/CVE-2005-2280.md new file mode 100644 index 000000000..d1f33b28f --- /dev/null +++ b/2005/CVE-2005-2280.md @@ -0,0 +1,17 @@ +### [CVE-2005-2280](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2280) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a denial of service (system crash) via a crafted IP packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050713-csa.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2428.md b/2005/CVE-2005-2428.md index d1a3ea10b..ffe1b4069 100644 --- a/2005/CVE-2005-2428.md +++ b/2005/CVE-2005-2428.md @@ -21,6 +21,7 @@ Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, sto - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/POORVAJA-195/Nuclei-Analysis-main - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/gojhonny/Pentesting-Scripts - https://github.com/jobroche/Pentesting-Scripts - https://github.com/merlinepedra/nuclei-templates diff --git a/2005/CVE-2005-2451.md b/2005/CVE-2005-2451.md new file mode 100644 index 000000000..41bec36be --- /dev/null +++ b/2005/CVE-2005-2451.md @@ -0,0 +1,17 @@ +### [CVE-2005-2451](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2451) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2631.md b/2005/CVE-2005-2631.md new file mode 100644 index 000000000..194e12fcc --- /dev/null +++ b/2005/CVE-2005-2631.md @@ -0,0 +1,17 @@ +### [CVE-2005-2631](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2631) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authenticate users when invoking API methods, which could allow remote attackers to bypass security checks, change the assigned role of a user, or disconnect users. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050817-cca.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2681.md b/2005/CVE-2005-2681.md new file mode 100644 index 000000000..fa4f66b8d --- /dev/null +++ b/2005/CVE-2005-2681.md @@ -0,0 +1,17 @@ +### [CVE-2005-2681](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2681) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in the command line processing (CLI) logic in Cisco Intrusion Prevention System 5.0(1) and 5.0(2) allows local users with OPERATOR or VIEWER privileges to gain additional privileges via unknown vectors. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050824-ips.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2695.md b/2005/CVE-2005-2695.md new file mode 100644 index 000000000..402494e2f --- /dev/null +++ b/2005/CVE-2005-2695.md @@ -0,0 +1,17 @@ +### [CVE-2005-2695](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2695) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in the SSL certificate checking functionality in Cisco CiscoWorks Management Center for IDS Sensors (IDSMC) 2.0 and 2.1, and Monitoring Center for Security (Security Monitor or Secmon) 1.1 through 2.0 and 2.1, allows remote attackers to spoof a Cisco Intrusion Detection Sensor (IDS) or Intrusion Prevention System (IPS). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050824-idsmc.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2841.md b/2005/CVE-2005-2841.md new file mode 100644 index 000000000..1302f5248 --- /dev/null +++ b/2005/CVE-2005-2841.md @@ -0,0 +1,17 @@ +### [CVE-2005-2841](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2841) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted user authentication credentials. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-2969.md b/2005/CVE-2005-2969.md index cd450838b..4b305b1c5 100644 --- a/2005/CVE-2005-2969.md +++ b/2005/CVE-2005-2969.md @@ -10,7 +10,7 @@ The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 befor ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2005/CVE-2005-3299.md b/2005/CVE-2005-3299.md index 30b65509a..7f48515d4 100644 --- a/2005/CVE-2005-3299.md +++ b/2005/CVE-2005-3299.md @@ -16,5 +16,6 @@ PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and - https://github.com/ARPSyndicate/cvemon - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo +- https://github.com/Cr0w-ui/-CVE-2005-3299- - https://github.com/RizeKishimaro/CVE-2005-3299 diff --git a/2005/CVE-2005-3426.md b/2005/CVE-2005-3426.md new file mode 100644 index 000000000..86812ce56 --- /dev/null +++ b/2005/CVE-2005-3426.md @@ -0,0 +1,17 @@ +### [CVE-2005-3426](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3426) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20051019-css.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-3427.md b/2005/CVE-2005-3427.md index 891a1ea70..7ae4029bd 100644 --- a/2005/CVE-2005-3427.md +++ b/2005/CVE-2005-3427.md @@ -11,6 +11,7 @@ The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port fiel #### Reference - http://securityreason.com/securityalert/137 +- http://www.cisco.com/warp/public/707/cisco-sa-20051101-ipsmc.shtml #### Github No PoCs found on GitHub currently. diff --git a/2005/CVE-2005-3481.md b/2005/CVE-2005-3481.md new file mode 100644 index 000000000..c08bd5d59 --- /dev/null +++ b/2005/CVE-2005-3481.md @@ -0,0 +1,17 @@ +### [CVE-2005-3481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3481) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers. NOTE: this issue does not correspond to a specific vulnerability, rather a general weakness that only increases the feasibility of exploitation of any vulnerabilities that might exist. Such design-level weaknesses normally are not included in CVE, so perhaps this issue should be REJECTed. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-3482.md b/2005/CVE-2005-3482.md index 083a32eb8..e16754784 100644 --- a/2005/CVE-2005-3482.md +++ b/2005/CVE-2005-3482.md @@ -11,6 +11,7 @@ Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight A #### Reference - http://securityreason.com/securityalert/139 +- http://www.cisco.com/warp/public/707/cisco-sa-20051102-lwapp.shtml #### Github No PoCs found on GitHub currently. diff --git a/2005/CVE-2005-3669.md b/2005/CVE-2005-3669.md new file mode 100644 index 000000000..d8daa022f --- /dev/null +++ b/2005/CVE-2005-3669.md @@ -0,0 +1,17 @@ +### [CVE-2005-3669](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3669) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20051114-ipsec.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-3774.md b/2005/CVE-2005-3774.md new file mode 100644 index 000000000..6521283d3 --- /dev/null +++ b/2005/CVE-2005-3774.md @@ -0,0 +1,17 @@ +### [CVE-2005-3774](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3774) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-response-20051122-pix.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-3803.md b/2005/CVE-2005-3803.md new file mode 100644 index 000000000..07c7532fa --- /dev/null +++ b/2005/CVE-2005-3803.md @@ -0,0 +1,17 @@ +### [CVE-2005-3803](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3803) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-3804.md b/2005/CVE-2005-3804.md new file mode 100644 index 000000000..0e9ed7f34 --- /dev/null +++ b/2005/CVE-2005-3804.md @@ -0,0 +1,17 @@ +### [CVE-2005-3804](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3804) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-3886.md b/2005/CVE-2005-3886.md new file mode 100644 index 000000000..00cf9da7f --- /dev/null +++ b/2005/CVE-2005-3886.md @@ -0,0 +1,17 @@ +### [CVE-2005-3886](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3886) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20051129-csa.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-3921.md b/2005/CVE-2005-3921.md index 0fb77dc46..38055dba5 100644 --- a/2005/CVE-2005-3921.md +++ b/2005/CVE-2005-3921.md @@ -11,6 +11,7 @@ Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a #### Reference - http://securityreason.com/securityalert/227 +- http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml #### Github No PoCs found on GitHub currently. diff --git a/2005/CVE-2005-4332.md b/2005/CVE-2005-4332.md index e4036be6e..b101c9885 100644 --- a/2005/CVE-2005-4332.md +++ b/2005/CVE-2005-4332.md @@ -11,6 +11,7 @@ Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote a #### Reference - http://securityreason.com/securityalert/265 +- http://www.cisco.com/warp/public/707/cisco-response-20051221-CCA.shtml #### Github No PoCs found on GitHub currently. diff --git a/2005/CVE-2005-4385.md b/2005/CVE-2005-4385.md index 750eb0a2c..af01f2266 100644 --- a/2005/CVE-2005-4385.md +++ b/2005/CVE-2005-4385.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2005/CVE-2005-4442.md b/2005/CVE-2005-4442.md index ac227c104..dbdf4e629 100644 --- a/2005/CVE-2005-4442.md +++ b/2005/CVE-2005-4442.md @@ -13,6 +13,7 @@ Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2005/CVE-2005-4794.md b/2005/CVE-2005-4794.md new file mode 100644 index 000000000..1e0d8caa5 --- /dev/null +++ b/2005/CVE-2005-4794.md @@ -0,0 +1,17 @@ +### [CVE-2005-4794](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4794) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sn-20050524-dns.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2005/CVE-2005-4825.md b/2005/CVE-2005-4825.md new file mode 100644 index 000000000..c6a1150d7 --- /dev/null +++ b/2005/CVE-2005-4825.md @@ -0,0 +1,17 @@ +### [CVE-2005-4825](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4825) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service (disk consumption), or make unauthorized files accessible, by uploading files through requests to certain JSP scripts, a related issue to CVE-2005-4332. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-response-20051221-CCA.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-0181.md b/2006/CVE-2006-0181.md new file mode 100644 index 000000000..b12aac97e --- /dev/null +++ b/2006/CVE-2006-0181.md @@ -0,0 +1,17 @@ +### [CVE-2006-0181](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0181) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060111-mars.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-0340.md b/2006/CVE-2006-0340.md index d844932d9..951b783d6 100644 --- a/2006/CVE-2006-0340.md +++ b/2006/CVE-2006-0340.md @@ -11,6 +11,7 @@ Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisc #### Reference - http://securityreason.com/securityalert/358 +- http://www.cisco.com/warp/public/707/cisco-sa-20060118-sgbp.shtml #### Github No PoCs found on GitHub currently. diff --git a/2006/CVE-2006-0354.md b/2006/CVE-2006-0354.md new file mode 100644 index 000000000..04ad2e566 --- /dev/null +++ b/2006/CVE-2006-0354.md @@ -0,0 +1,17 @@ +### [CVE-2006-0354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0354) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060112-wireless.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-0367.md b/2006/CVE-2006-0367.md new file mode 100644 index 000000000..e131f4059 --- /dev/null +++ b/2006/CVE-2006-0367.md @@ -0,0 +1,17 @@ +### [CVE-2006-0367](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0367) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page." + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmpe.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-0368.md b/2006/CVE-2006-0368.md new file mode 100644 index 000000000..0a6259611 --- /dev/null +++ b/2006/CVE-2006-0368.md @@ -0,0 +1,17 @@ +### [CVE-2006-0368](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0368) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060118-ccmdos.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-0483.md b/2006/CVE-2006-0483.md new file mode 100644 index 000000000..227d7519b --- /dev/null +++ b/2006/CVE-2006-0483.md @@ -0,0 +1,17 @@ +### [CVE-2006-0483](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0483) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-0485.md b/2006/CVE-2006-0485.md new file mode 100644 index 000000000..7cc53aaab --- /dev/null +++ b/2006/CVE-2006-0485.md @@ -0,0 +1,17 @@ +### [CVE-2006-0485](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0485) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-0486.md b/2006/CVE-2006-0486.md new file mode 100644 index 000000000..752ba1c57 --- /dev/null +++ b/2006/CVE-2006-0486.md @@ -0,0 +1,17 @@ +### [CVE-2006-0486](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0486) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Certain Cisco IOS releases in 12.2S based trains with maintenance release number 25 and later, 12.3T based trains, and 12.4 based trains reuse a Tcl Shell process across login sessions of different local users on the same terminal if the first user does not use tclquit before exiting, which may cause subsequent local users to execute unintended commands or bypass AAA command authorization checks, aka Bug ID CSCef77770. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-response-20060125-aaatcl.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-0561.md b/2006/CVE-2006-0561.md new file mode 100644 index 000000000..17875a9a2 --- /dev/null +++ b/2006/CVE-2006-0561.md @@ -0,0 +1,17 @@ +### [CVE-2006-0561](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0561) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20060508-acs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1631.md b/2006/CVE-2006-1631.md new file mode 100644 index 000000000..4ef20d6f7 --- /dev/null +++ b/2006/CVE-2006-1631.md @@ -0,0 +1,17 @@ +### [CVE-2006-1631](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1631) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) "valid, but obsolete" or (2) "specially crafted" HTTP requests. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060405-css.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1670.md b/2006/CVE-2006-1670.md new file mode 100644 index 000000000..b3ed7ad12 --- /dev/null +++ b/2006/CVE-2006-1670.md @@ -0,0 +1,17 @@ +### [CVE-2006-1670](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1670) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (memory exhaustion and possibly card reset) by sending an invalid response when the final ACK is expected, aka bug ID CSCei45910. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1671.md b/2006/CVE-2006-1671.md new file mode 100644 index 000000000..89902b2aa --- /dev/null +++ b/2006/CVE-2006-1671.md @@ -0,0 +1,17 @@ +### [CVE-2006-1671](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1671) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (card reset) via (1) a "crafted" IP packet to a device with secure mode EMS-to-network-element access, aka bug ID CSCsc51390; (2) a "crafted" IP packet to a device with IP on the LAN interface, aka bug ID CSCsd04168; and (3) a "malformed" OSPF packet, aka bug ID CSCsc54558. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1672.md b/2006/CVE-2006-1672.md new file mode 100644 index 000000000..5ed6dfefb --- /dev/null +++ b/2006/CVE-2006-1672.md @@ -0,0 +1,17 @@ +### [CVE-2006-1672](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1672) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060405-ons.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1888.md b/2006/CVE-2006-1888.md new file mode 100644 index 000000000..2c2deecde --- /dev/null +++ b/2006/CVE-2006-1888.md @@ -0,0 +1,17 @@ +### [CVE-2006-1888](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1888) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +phpGraphy 0.9.11 and earlier allows remote attackers to bypass authentication and gain administrator privileges via a direct request to index.php with the editwelcome parameter set to 1, which can then be used to modify the main page to inject arbitrary HTML and web script. NOTE: XSS attacks are resultant from this issue, since normal functionality allows the admin to modify pages. + +### POC + +#### Reference +- http://securityreason.com/securityalert/733 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1927.md b/2006/CVE-2006-1927.md new file mode 100644 index 000000000..c05bba8ab --- /dev/null +++ b/2006/CVE-2006-1927.md @@ -0,0 +1,17 @@ +### [CVE-2006-1927](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1927) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash) via certain MPLS packets, as identified by Cisco bug ID CSCsc77475. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060419-xr.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1928.md b/2006/CVE-2006-1928.md new file mode 100644 index 000000000..d35b93fe2 --- /dev/null +++ b/2006/CVE-2006-1928.md @@ -0,0 +1,17 @@ +### [CVE-2006-1928](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1928) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS packets, as identified by Cisco bug IDs (1) CSCsd15970 and (2) CSCsd55531. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060419-xr.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1960.md b/2006/CVE-2006-1960.md new file mode 100644 index 000000000..27da0eec1 --- /dev/null +++ b/2006/CVE-2006-1960.md @@ -0,0 +1,17 @@ +### [CVE-2006-1960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1960) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-1961.md b/2006/CVE-2006-1961.md new file mode 100644 index 000000000..91a575c9e --- /dev/null +++ b/2006/CVE-2006-1961.md @@ -0,0 +1,18 @@ +### [CVE-2006-1961](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1961) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060419-wlse.shtml +- http://www.cisco.com/warp/public/707/cisco-sr-20060419-priv.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-2322.md b/2006/CVE-2006-2322.md new file mode 100644 index 000000000..b893b5070 --- /dev/null +++ b/2006/CVE-2006-2322.md @@ -0,0 +1,17 @@ +### [CVE-2006-2322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2322) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The transparent proxy feature of the Cisco Application Velocity System (AVS) 3110 5.0 and 4.0 and earlier, and 3120 5.0.0 and earlier, has a default configuration that allows remote attackers to proxy arbitrary TCP connections, aka Bug ID CSCsd32143. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060510-avs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-2369.md b/2006/CVE-2006-2369.md index 8e2729d01..1467a7a48 100644 --- a/2006/CVE-2006-2369.md +++ b/2006/CVE-2006-2369.md @@ -12,6 +12,7 @@ RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisc #### Reference - http://seclists.org/fulldisclosure/2022/May/29 - http://securityreason.com/securityalert/8355 +- http://www.cisco.com/warp/public/707/cisco-sr-20060622-cmm.shtml - http://www.intelliadmin.com/blog/2006/05/vnc-flaw-proof-of-concept.html #### Github diff --git a/2006/CVE-2006-2393.md b/2006/CVE-2006-2393.md index 44d25d4dc..f10f75add 100644 --- a/2006/CVE-2006-2393.md +++ b/2006/CVE-2006-2393.md @@ -11,6 +11,7 @@ The client_cmd function in Empire 4.3.2 and earlier allows remote attackers to c #### Reference - http://aluigi.altervista.org/adv/empiredos-adv.txt +- http://securityreason.com/securityalert/896 #### Github No PoCs found on GitHub currently. diff --git a/2006/CVE-2006-2451.md b/2006/CVE-2006-2451.md index 20a26eeda..e2089ce66 100644 --- a/2006/CVE-2006-2451.md +++ b/2006/CVE-2006-2451.md @@ -33,6 +33,7 @@ No PoCs from references. - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2006/CVE-2006-2754.md b/2006/CVE-2006-2754.md index 5d3a397d4..fa4d7d344 100644 --- a/2006/CVE-2006-2754.md +++ b/2006/CVE-2006-2754.md @@ -13,6 +13,7 @@ Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might a No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2006/CVE-2006-2842.md b/2006/CVE-2006-2842.md index 80cfc18ef..429f9ba24 100644 --- a/2006/CVE-2006-2842.md +++ b/2006/CVE-2006-2842.md @@ -16,5 +16,6 @@ No PoCs from references. - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/CVEDB/awesome-cve-repo - https://github.com/Cappricio-Securities/CVE-2021-20323 +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/karthi-the-hacker/CVE-2006-2842 diff --git a/2006/CVE-2006-2937.md b/2006/CVE-2006-2937.md index 9d0dcf75a..45db30c80 100644 --- a/2006/CVE-2006-2937.md +++ b/2006/CVE-2006-2937.md @@ -10,6 +10,7 @@ OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to c ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml - http://www.ubuntu.com/usn/usn-353-1 - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html - http://www.vmware.com/support/player/doc/releasenotes_player.html diff --git a/2006/CVE-2006-2940.md b/2006/CVE-2006-2940.md index b3064d269..e3424419e 100644 --- a/2006/CVE-2006-2940.md +++ b/2006/CVE-2006-2940.md @@ -10,6 +10,7 @@ OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows at ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml - http://www.ubuntu.com/usn/usn-353-1 - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html - http://www.vmware.com/support/player/doc/releasenotes_player.html diff --git a/2006/CVE-2006-3073.md b/2006/CVE-2006-3073.md new file mode 100644 index 000000000..e7e67adca --- /dev/null +++ b/2006/CVE-2006-3073.md @@ -0,0 +1,17 @@ +### [CVE-2006-3073](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3073) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) dnserror.html and (2) connecterror.html, aka bugid CSCsd81095 (VPN3k) and CSCse48193 (ASA). NOTE: the vendor states that "WebVPN full-network-access mode" is not affected, despite the claims by the original researcher. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20060613-webvpn-xss.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3285.md b/2006/CVE-2006-3285.md new file mode 100644 index 000000000..c7e9181bb --- /dev/null +++ b/2006/CVE-2006-3285.md @@ -0,0 +1,17 @@ +### [CVE-2006-3285](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3285) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3286.md b/2006/CVE-2006-3286.md new file mode 100644 index 000000000..02dec5a2d --- /dev/null +++ b/2006/CVE-2006-3286.md @@ -0,0 +1,17 @@ +### [CVE-2006-3286](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3286) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3287.md b/2006/CVE-2006-3287.md new file mode 100644 index 000000000..ddfd3b1c8 --- /dev/null +++ b/2006/CVE-2006-3287.md @@ -0,0 +1,17 @@ +### [CVE-2006-3287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3287) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391). + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3288.md b/2006/CVE-2006-3288.md new file mode 100644 index 000000000..a862d1ea7 --- /dev/null +++ b/2006/CVE-2006-3288.md @@ -0,0 +1,17 @@ +### [CVE-2006-3288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3288) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3289.md b/2006/CVE-2006-3289.md new file mode 100644 index 000000000..d89f13e14 --- /dev/null +++ b/2006/CVE-2006-3289.md @@ -0,0 +1,17 @@ +### [CVE-2006-3289](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3289) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL". + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3290.md b/2006/CVE-2006-3290.md new file mode 100644 index 000000000..b2031bd97 --- /dev/null +++ b/2006/CVE-2006-3290.md @@ -0,0 +1,17 @@ +### [CVE-2006-3290](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3290) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060628-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3291.md b/2006/CVE-2006-3291.md new file mode 100644 index 000000000..8589af145 --- /dev/null +++ b/2006/CVE-2006-3291.md @@ -0,0 +1,17 @@ +### [CVE-2006-3291](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3291) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060628-ap.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3592.md b/2006/CVE-2006-3592.md index caee75c0d..8cf5018c2 100644 --- a/2006/CVE-2006-3592.md +++ b/2006/CVE-2006-3592.md @@ -10,7 +10,7 @@ Unspecified vulnerability in the command line interface (CLI) in Cisco Unified C ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2006/CVE-2006-3594.md b/2006/CVE-2006-3594.md new file mode 100644 index 000000000..19b5e40a2 --- /dev/null +++ b/2006/CVE-2006-3594.md @@ -0,0 +1,17 @@ +### [CVE-2006-3594](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3594) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060712-cucm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3595.md b/2006/CVE-2006-3595.md new file mode 100644 index 000000000..fddca37fa --- /dev/null +++ b/2006/CVE-2006-3595.md @@ -0,0 +1,17 @@ +### [CVE-2006-3595](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3595) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060712-crws.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3596.md b/2006/CVE-2006-3596.md new file mode 100644 index 000000000..6518e0954 --- /dev/null +++ b/2006/CVE-2006-3596.md @@ -0,0 +1,17 @@ +### [CVE-2006-3596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3596) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The device driver for Intel-based gigabit network adapters in Cisco Intrusion Prevention System (IPS) 5.1(1) through 5.1(p1), as installed on various Cisco Intrusion Prevention System 42xx appliances, allows remote attackers to cause a denial of service (kernel panic and possibly network outage) via a crafted IP packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060712-ips.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3626.md b/2006/CVE-2006-3626.md index 67a857a9c..031ad671d 100644 --- a/2006/CVE-2006-3626.md +++ b/2006/CVE-2006-3626.md @@ -30,6 +30,7 @@ Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain r - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2006/CVE-2006-3633.md b/2006/CVE-2006-3633.md new file mode 100644 index 000000000..f02f6083a --- /dev/null +++ b/2006/CVE-2006-3633.md @@ -0,0 +1,17 @@ +### [CVE-2006-3633](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3633) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +OSSP shiela 1.1.5 and earlier allows remote authenticated users to execute arbitrary commands on the CVS server via shell metacharacters in a filename that is committed. + +### POC + +#### Reference +- http://www.sourcefire.com/services/advisories/sa072506.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3732.md b/2006/CVE-2006-3732.md new file mode 100644 index 000000000..a9a4ec5b1 --- /dev/null +++ b/2006/CVE-2006-3732.md @@ -0,0 +1,17 @@ +### [CVE-2006-3732](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3732) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3733.md b/2006/CVE-2006-3733.md new file mode 100644 index 000000000..d9d6b1f9f --- /dev/null +++ b/2006/CVE-2006-3733.md @@ -0,0 +1,17 @@ +### [CVE-2006-3733](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3733) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3734.md b/2006/CVE-2006-3734.md new file mode 100644 index 000000000..f307767cf --- /dev/null +++ b/2006/CVE-2006-3734.md @@ -0,0 +1,17 @@ +### [CVE-2006-3734](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3734) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060719-mars.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-3738.md b/2006/CVE-2006-3738.md index 6d3cea3e0..8b11ca02e 100644 --- a/2006/CVE-2006-3738.md +++ b/2006/CVE-2006-3738.md @@ -10,6 +10,7 @@ Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0 ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml - http://www.ubuntu.com/usn/usn-353-1 - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370 diff --git a/2006/CVE-2006-4032.md b/2006/CVE-2006-4032.md index 94d6280d3..1eff1dade 100644 --- a/2006/CVE-2006-4032.md +++ b/2006/CVE-2006-4032.md @@ -11,6 +11,7 @@ Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote a #### Reference - http://www.blackhat.com/html/bh-usa-06/bh-usa-06-speakers.html#Endler +- http://www.cisco.com/warp/public/707/cisco-sr-20060802-sip.shtml #### Github No PoCs found on GitHub currently. diff --git a/2006/CVE-2006-4097.md b/2006/CVE-2006-4097.md new file mode 100644 index 000000000..b9eae251f --- /dev/null +++ b/2006/CVE-2006-4097.md @@ -0,0 +1,17 @@ +### [CVE-2006-4097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4097) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a denial of service (crash) via a crafted RADIUS Access-Request packet. NOTE: it has been reported that at least one issue is a heap-based buffer overflow involving the Tunnel-Password attribute. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4098.md b/2006/CVE-2006-4098.md new file mode 100644 index 000000000..c3120f246 --- /dev/null +++ b/2006/CVE-2006-4098.md @@ -0,0 +1,17 @@ +### [CVE-2006-4098](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4098) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4304.md b/2006/CVE-2006-4304.md index 8f689695d..598ba4905 100644 --- a/2006/CVE-2006-4304.md +++ b/2006/CVE-2006-4304.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/DjPopol/EZ-PPPwn-Bin-Loader - https://github.com/DjPopol/Ez-PPPwn - https://github.com/DjPopol/EzPPPwn +- https://github.com/Marketgame99/Pppwn-LM - https://github.com/Naughtyangel103/PS4 - https://github.com/SUIJUNG/PPPwn - https://github.com/Sammylol69/Sammylol69 diff --git a/2006/CVE-2006-4312.md b/2006/CVE-2006-4312.md new file mode 100644 index 000000000..7dfa114c0 --- /dev/null +++ b/2006/CVE-2006-4312.md @@ -0,0 +1,17 @@ +### [CVE-2006-4312](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4312) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060823-firewall.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4313.md b/2006/CVE-2006-4313.md new file mode 100644 index 000000000..5e8365b3c --- /dev/null +++ b/2006/CVE-2006-4313.md @@ -0,0 +1,17 @@ +### [CVE-2006-4313](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4313) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060823-vpn3k.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4339.md b/2006/CVE-2006-4339.md index 0d555e611..3a30f458c 100644 --- a/2006/CVE-2006-4339.md +++ b/2006/CVE-2006-4339.md @@ -10,6 +10,7 @@ OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using a ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml - http://www.redhat.com/support/errata/RHSA-2007-0073.html - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html - http://www.vmware.com/support/player/doc/releasenotes_player.html diff --git a/2006/CVE-2006-4343.md b/2006/CVE-2006-4343.md index 54d190106..de44f9674 100644 --- a/2006/CVE-2006-4343.md +++ b/2006/CVE-2006-4343.md @@ -10,6 +10,7 @@ The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0 ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml - http://www.ubuntu.com/usn/usn-353-1 - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html - http://www.vmware.com/support/player/doc/releasenotes_player.html diff --git a/2006/CVE-2006-4352.md b/2006/CVE-2006-4352.md new file mode 100644 index 000000000..13290c2cc --- /dev/null +++ b/2006/CVE-2006-4352.md @@ -0,0 +1,17 @@ +### [CVE-2006-4352](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4352) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/117/AP_cookies.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4774.md b/2006/CVE-2006-4774.md new file mode 100644 index 000000000..10417a9a1 --- /dev/null +++ b/2006/CVE-2006-4774.md @@ -0,0 +1,17 @@ +### [CVE-2006-4774](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4774) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4775.md b/2006/CVE-2006-4775.md new file mode 100644 index 000000000..4cca919d2 --- /dev/null +++ b/2006/CVE-2006-4775.md @@ -0,0 +1,17 @@ +### [CVE-2006-4775](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4775) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a negative number in a signed context. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4776.md b/2006/CVE-2006-4776.md new file mode 100644 index 000000000..95747e0c7 --- /dev/null +++ b/2006/CVE-2006-4776.md @@ -0,0 +1,17 @@ +### [CVE-2006-4776](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4776) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4909.md b/2006/CVE-2006-4909.md new file mode 100644 index 000000000..49cd49d37 --- /dev/null +++ b/2006/CVE-2006-4909.md @@ -0,0 +1,17 @@ +### [CVE-2006-4909](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4909) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060920-guardxss.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4910.md b/2006/CVE-2006-4910.md new file mode 100644 index 000000000..c1a2fb1a8 --- /dev/null +++ b/2006/CVE-2006-4910.md @@ -0,0 +1,17 @@ +### [CVE-2006-4910](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4910) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060920-ips.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4911.md b/2006/CVE-2006-4911.md new file mode 100644 index 000000000..c6579d9c9 --- /dev/null +++ b/2006/CVE-2006-4911.md @@ -0,0 +1,17 @@ +### [CVE-2006-4911](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4911) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets". + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060920-ips.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-4950.md b/2006/CVE-2006-4950.md new file mode 100644 index 000000000..4e23dbb1e --- /dev/null +++ b/2006/CVE-2006-4950.md @@ -0,0 +1,17 @@ +### [CVE-2006-4950](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4950) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20060920-docsis.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-5051.md b/2006/CVE-2006-5051.md index 977e838ef..bebe4b55c 100644 --- a/2006/CVE-2006-5051.md +++ b/2006/CVE-2006-5051.md @@ -13,5 +13,13 @@ Signal handler race condition in OpenSSH before 4.4 allows remote attackers to c - http://www.ubuntu.com/usn/usn-355-1 #### Github -No PoCs found on GitHub currently. +- https://github.com/David-M-Berry/openssh-cve-discovery +- https://github.com/Passyed/regreSSHion-Fix +- https://github.com/TAM-K592/CVE-2024-6387 +- https://github.com/ThemeHackers/CVE-2024-6387 +- https://github.com/azurejoga/CVE-2024-6387-how-to-fix +- https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/sardine-web/CVE-2024-6387_Check diff --git a/2006/CVE-2006-5277.md b/2006/CVE-2006-5277.md new file mode 100644 index 000000000..1ca4184eb --- /dev/null +++ b/2006/CVE-2006-5277.md @@ -0,0 +1,17 @@ +### [CVE-2006-5277](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5277) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-5278.md b/2006/CVE-2006-5278.md new file mode 100644 index 000000000..ed658e8fb --- /dev/null +++ b/2006/CVE-2006-5278.md @@ -0,0 +1,17 @@ +### [CVE-2006-5278](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5278) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-5465.md b/2006/CVE-2006-5465.md index 1341a82d1..59ecba675 100644 --- a/2006/CVE-2006-5465.md +++ b/2006/CVE-2006-5465.md @@ -10,7 +10,7 @@ Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary ### POC #### Reference -No PoCs from references. +- http://www.cisco.com/warp/public/707/cisco-air-20070425-http.shtml #### Github - https://github.com/mudongliang/LinuxFlaw diff --git a/2006/CVE-2006-5750.md b/2006/CVE-2006-5750.md index 5cd5963d8..7c18bfbbc 100644 --- a/2006/CVE-2006-5750.md +++ b/2006/CVE-2006-5750.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/dudek-marcin/Poc-Exp - https://github.com/enomothem/PenTestNote - https://github.com/fupinglee/JavaTools +- https://github.com/onewinner/VulToolsKit - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research - https://github.com/pen4uin/vulnerability-research-list diff --git a/2006/CVE-2006-5779.md b/2006/CVE-2006-5779.md index 7ccc1056f..9e5d58c78 100644 --- a/2006/CVE-2006-5779.md +++ b/2006/CVE-2006-5779.md @@ -13,6 +13,7 @@ OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (dae - http://securityreason.com/securityalert/1831 #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2006/CVE-2006-5806.md b/2006/CVE-2006-5806.md new file mode 100644 index 000000000..5ce04f529 --- /dev/null +++ b/2006/CVE-2006-5806.md @@ -0,0 +1,17 @@ +### [CVE-2006-5806](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5806) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-5807.md b/2006/CVE-2006-5807.md new file mode 100644 index 000000000..d8115377b --- /dev/null +++ b/2006/CVE-2006-5807.md @@ -0,0 +1,17 @@ +### [CVE-2006-5807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5807) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion". + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-5808.md b/2006/CVE-2006-5808.md new file mode 100644 index 000000000..de432af0d --- /dev/null +++ b/2006/CVE-2006-5808.md @@ -0,0 +1,17 @@ +### [CVE-2006-5808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5808) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation". + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20061108-csd.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2006/CVE-2006-6493.md b/2006/CVE-2006-6493.md index 1a5b9ba1d..579b46001 100644 --- a/2006/CVE-2006-6493.md +++ b/2006/CVE-2006-6493.md @@ -13,6 +13,7 @@ Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in O No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2006/CVE-2006-6548.md b/2006/CVE-2006-6548.md new file mode 100644 index 000000000..a2b9fb13d --- /dev/null +++ b/2006/CVE-2006-6548.md @@ -0,0 +1,17 @@ +### [CVE-2006-6548](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6548) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the feature parameter to scripts2/dofeaturemanager is already covered by CVE-2006-6198. + +### POC + +#### Reference +- http://securityreason.com/securityalert/2027 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-0057.md b/2007/CVE-2007-0057.md new file mode 100644 index 000000000..e674a5f76 --- /dev/null +++ b/2007/CVE-2007-0057.md @@ -0,0 +1,17 @@ +### [CVE-2007-0057](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0057) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070103-CleanAccess.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-0058.md b/2007/CVE-2007-0058.md new file mode 100644 index 000000000..40973feef --- /dev/null +++ b/2007/CVE-2007-0058.md @@ -0,0 +1,17 @@ +### [CVE-2007-0058](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0058) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070103-CleanAccess.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-0105.md b/2007/CVE-2007-0105.md new file mode 100644 index 000000000..2838cb6eb --- /dev/null +++ b/2007/CVE-2007-0105.md @@ -0,0 +1,17 @@ +### [CVE-2007-0105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0105) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070105-csacs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-0198.md b/2007/CVE-2007-0198.md new file mode 100644 index 000000000..3e11023fe --- /dev/null +++ b/2007/CVE-2007-0198.md @@ -0,0 +1,17 @@ +### [CVE-2007-0198](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0198) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070110-jtapi.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-0199.md b/2007/CVE-2007-0199.md new file mode 100644 index 000000000..1b3da4460 --- /dev/null +++ b/2007/CVE-2007-0199.md @@ -0,0 +1,17 @@ +### [CVE-2007-0199](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0199) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange." + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070110-dlsw.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-0648.md b/2007/CVE-2007-0648.md new file mode 100644 index 000000000..1a32c2a93 --- /dev/null +++ b/2007/CVE-2007-0648.md @@ -0,0 +1,18 @@ +### [CVE-2007-0648](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0648) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-air-20070131-sip.shtml +- http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-0885.md b/2007/CVE-2007-0885.md index 54b10a9fd..5377622de 100644 --- a/2007/CVE-2007-0885.md +++ b/2007/CVE-2007-0885.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2007/CVE-2007-1036.md b/2007/CVE-2007-1036.md index e85c4c722..7bb783811 100644 --- a/2007/CVE-2007-1036.md +++ b/2007/CVE-2007-1036.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/dudek-marcin/Poc-Exp - https://github.com/enomothem/PenTestNote - https://github.com/fupinglee/JavaTools +- https://github.com/onewinner/VulToolsKit - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research - https://github.com/pen4uin/vulnerability-research-list diff --git a/2007/CVE-2007-1062.md b/2007/CVE-2007-1062.md new file mode 100644 index 000000000..d52f4d36f --- /dev/null +++ b/2007/CVE-2007-1062.md @@ -0,0 +1,18 @@ +### [CVE-2007-1062](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1062) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml +- http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1063.md b/2007/CVE-2007-1063.md new file mode 100644 index 000000000..d965287c8 --- /dev/null +++ b/2007/CVE-2007-1063.md @@ -0,0 +1,18 @@ +### [CVE-2007-1063](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1063) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml +- http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1064.md b/2007/CVE-2007-1064.md new file mode 100644 index 000000000..25c4c5b5d --- /dev/null +++ b/2007/CVE-2007-1064.md @@ -0,0 +1,17 @@ +### [CVE-2007-1064](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1064) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1065.md b/2007/CVE-2007-1065.md new file mode 100644 index 000000000..65e96ffa7 --- /dev/null +++ b/2007/CVE-2007-1065.md @@ -0,0 +1,17 @@ +### [CVE-2007-1065](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1065) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1066.md b/2007/CVE-2007-1066.md new file mode 100644 index 000000000..988b5da8c --- /dev/null +++ b/2007/CVE-2007-1066.md @@ -0,0 +1,17 @@ +### [CVE-2007-1066](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1066) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1067.md b/2007/CVE-2007-1067.md new file mode 100644 index 000000000..3215dabb3 --- /dev/null +++ b/2007/CVE-2007-1067.md @@ -0,0 +1,17 @@ +### [CVE-2007-1067](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1067) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1068.md b/2007/CVE-2007-1068.md new file mode 100644 index 000000000..b2955fbc5 --- /dev/null +++ b/2007/CVE-2007-1068.md @@ -0,0 +1,17 @@ +### [CVE-2007-1068](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1068) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070221-supplicant.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1072.md b/2007/CVE-2007-1072.md new file mode 100644 index 000000000..8336e2ae3 --- /dev/null +++ b/2007/CVE-2007-1072.md @@ -0,0 +1,18 @@ +### [CVE-2007-1072](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1072) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml +- http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1257.md b/2007/CVE-2007-1257.md new file mode 100644 index 000000000..3991be60d --- /dev/null +++ b/2007/CVE-2007-1257.md @@ -0,0 +1,17 @@ +### [CVE-2007-1257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1257) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070228-nam.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1258.md b/2007/CVE-2007-1258.md new file mode 100644 index 000000000..2e81d16b1 --- /dev/null +++ b/2007/CVE-2007-1258.md @@ -0,0 +1,17 @@ +### [CVE-2007-1258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1258) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070228-mpls.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1826.md b/2007/CVE-2007-1826.md new file mode 100644 index 000000000..f16ba39e8 --- /dev/null +++ b/2007/CVE-2007-1826.md @@ -0,0 +1,17 @@ +### [CVE-2007-1826](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1826) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID CSCsg60949. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1833.md b/2007/CVE-2007-1833.md new file mode 100644 index 000000000..b2c7b1375 --- /dev/null +++ b/2007/CVE-2007-1833.md @@ -0,0 +1,17 @@ +### [CVE-2007-1833](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1833) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Skinny Call Control Protocol (SCCP) implementation in Cisco Unified CallManager (CUCM) 3.3 before 3.3(5)SR2a, 4.1 before 4.1(3)SR4, 4.2 before 4.2(3)SR1, and 5.0 before 5.0(4a)SU1 allows remote attackers to cause a denial of service (loss of voice services) by sending crafted packets to the (1) SCCP (2000/tcp) or (2) SCCPS (2443/tcp) port. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-1834.md b/2007/CVE-2007-1834.md new file mode 100644 index 000000000..2f9987c8c --- /dev/null +++ b/2007/CVE-2007-1834.md @@ -0,0 +1,17 @@ +### [CVE-2007-1834](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1834) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070328-voip.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2032.md b/2007/CVE-2007-2032.md new file mode 100644 index 000000000..153413f3b --- /dev/null +++ b/2007/CVE-2007-2032.md @@ -0,0 +1,17 @@ +### [CVE-2007-2032](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2032) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2033.md b/2007/CVE-2007-2033.md new file mode 100644 index 000000000..dd16e37fa --- /dev/null +++ b/2007/CVE-2007-2033.md @@ -0,0 +1,17 @@ +### [CVE-2007-2033](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2033) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2034.md b/2007/CVE-2007-2034.md new file mode 100644 index 000000000..e5d20a527 --- /dev/null +++ b/2007/CVE-2007-2034.md @@ -0,0 +1,17 @@ +### [CVE-2007-2034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2034) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2035.md b/2007/CVE-2007-2035.md new file mode 100644 index 000000000..03a9126cd --- /dev/null +++ b/2007/CVE-2007-2035.md @@ -0,0 +1,17 @@ +### [CVE-2007-2035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2035) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wcs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2036.md b/2007/CVE-2007-2036.md new file mode 100644 index 000000000..5ac1cd431 --- /dev/null +++ b/2007/CVE-2007-2036.md @@ -0,0 +1,17 @@ +### [CVE-2007-2036](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2036) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2037.md b/2007/CVE-2007-2037.md new file mode 100644 index 000000000..2690f93b6 --- /dev/null +++ b/2007/CVE-2007-2037.md @@ -0,0 +1,17 @@ +### [CVE-2007-2037](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2037) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2038.md b/2007/CVE-2007-2038.md new file mode 100644 index 000000000..4c11698e1 --- /dev/null +++ b/2007/CVE-2007-2038.md @@ -0,0 +1,17 @@ +### [CVE-2007-2038](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2038) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2039.md b/2007/CVE-2007-2039.md new file mode 100644 index 000000000..4a70eb3d0 --- /dev/null +++ b/2007/CVE-2007-2039.md @@ -0,0 +1,17 @@ +### [CVE-2007-2039](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2039) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2040.md b/2007/CVE-2007-2040.md new file mode 100644 index 000000000..3cded4cb1 --- /dev/null +++ b/2007/CVE-2007-2040.md @@ -0,0 +1,17 @@ +### [CVE-2007-2040](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2040) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2041.md b/2007/CVE-2007-2041.md new file mode 100644 index 000000000..020a5f7ca --- /dev/null +++ b/2007/CVE-2007-2041.md @@ -0,0 +1,17 @@ +### [CVE-2007-2041](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2041) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070412-wlc.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-2447.md b/2007/CVE-2007-2447.md index 82465278c..e3b57c0e4 100644 --- a/2007/CVE-2007-2447.md +++ b/2007/CVE-2007-2447.md @@ -34,6 +34,7 @@ The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote - https://github.com/GaloisInc/msf-haskell - https://github.com/H3xL00m/CVE-2007-2447 - https://github.com/HerculesRD/PyUsernameMapScriptRCE +- https://github.com/IamLucif3r/CVE-2007-2447-Exploit - https://github.com/JoseBarrios/CVE-2007-2447 - https://github.com/Juantos/cve-2007-2447 - https://github.com/Ki11i0n4ir3/CVE-2007-2447 @@ -41,8 +42,10 @@ The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote - https://github.com/Kr1tz3x3/HTB-Writeups - https://github.com/MikeRega7/CVE-2007-2447-RCE - https://github.com/Nosferatuvjr/Samba-Usermap-exploit +- https://github.com/Patrick122333/4240project - https://github.com/SamHackingArticles/CVE-2007-2447 - https://github.com/ShivamDey/Samba-CVE-2007-2447-Exploit +- https://github.com/Sp3c73rSh4d0w/CVE-2007-2447 - https://github.com/Tamie13/Penetration-Testing-Week-16 - https://github.com/Unix13/metasploitable2 - https://github.com/WildfootW/CVE-2007-2447_Samba_3.0.25rc3 diff --git a/2007/CVE-2007-3698.md b/2007/CVE-2007-3698.md new file mode 100644 index 000000000..adb505216 --- /dev/null +++ b/2007/CVE-2007-3698.md @@ -0,0 +1,17 @@ +### [CVE-2007-3698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3698) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20070725-jsse.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-3775.md b/2007/CVE-2007-3775.md new file mode 100644 index 000000000..4b7c846ae --- /dev/null +++ b/2007/CVE-2007-3775.md @@ -0,0 +1,17 @@ +### [CVE-2007-3775](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3775) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859 and (2) CSCsj19985. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-3776.md b/2007/CVE-2007-3776.md new file mode 100644 index 000000000..7747c00ca --- /dev/null +++ b/2007/CVE-2007-3776.md @@ -0,0 +1,17 @@ +### [CVE-2007-3776](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3776) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668 and (2) CSCsj25962. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-3923.md b/2007/CVE-2007-3923.md new file mode 100644 index 000000000..d21e08ea6 --- /dev/null +++ b/2007/CVE-2007-3923.md @@ -0,0 +1,17 @@ +### [CVE-2007-3923](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3923) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Common Internet File System (CIFS) optimization in Cisco Wide Area Application Services (WAAS) 4.0.7 and 4.0.9, as used by Cisco WAE appliance and the NM-WAE-502 network module, when Edge Services are configured, allows remote attackers to cause a denial of service (loss of service) via a flood of TCP SYN packets to port (1) 139 or (2) 445. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070718-waas.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-4263.md b/2007/CVE-2007-4263.md new file mode 100644 index 000000000..44282db08 --- /dev/null +++ b/2007/CVE-2007-4263.md @@ -0,0 +1,17 @@ +### [CVE-2007-4263](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4263) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in the server side of the Secure Copy (SCP) implementation in Cisco 12.2-based IOS allows remote authenticated users to read, write or overwrite any file on the device's filesystem via unknown vectors. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-4414.md b/2007/CVE-2007-4414.md new file mode 100644 index 000000000..49335e738 --- /dev/null +++ b/2007/CVE-2007-4414.md @@ -0,0 +1,17 @@ +### [CVE-2007-4414](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4414) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-4415.md b/2007/CVE-2007-4415.md new file mode 100644 index 000000000..aab86bd85 --- /dev/null +++ b/2007/CVE-2007-4415.md @@ -0,0 +1,17 @@ +### [CVE-2007-4415](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4415) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify granted to Interactive Users), which allows local users to gain privileges via a modified cvpnd.exe. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-4459.md b/2007/CVE-2007-4459.md new file mode 100644 index 000000000..2de358314 --- /dev/null +++ b/2007/CVE-2007-4459.md @@ -0,0 +1,17 @@ +### [CVE-2007-4459](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4459) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20070821-sip.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-4504.md b/2007/CVE-2007-4504.md index 5491fb4c3..8eaca521a 100644 --- a/2007/CVE-2007-4504.md +++ b/2007/CVE-2007-4504.md @@ -13,5 +13,6 @@ Directory traversal vulnerability in index.php in the RSfiles component (com_rsf - https://www.exploit-db.com/exploits/4307 #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2007/CVE-2007-4559.md b/2007/CVE-2007-4559.md index ddab58a47..832b9ab13 100644 --- a/2007/CVE-2007-4559.md +++ b/2007/CVE-2007-4559.md @@ -25,5 +25,6 @@ No PoCs from references. - https://github.com/davidholiday/CVE-2007-4559 - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/luigigubello/trellix-tarslip-patch-bypass +- https://github.com/snyk/zip-slip-vulnerability - https://github.com/woniwory/woniwory diff --git a/2007/CVE-2007-4788.md b/2007/CVE-2007-4788.md new file mode 100644 index 000000000..58e1f458b --- /dev/null +++ b/2007/CVE-2007-4788.md @@ -0,0 +1,17 @@ +### [CVE-2007-4788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4788) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Content Switching Modules (CSM) 4.2 before 4.2.3a, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.2a, allow remote attackers to cause a denial of service (CPU consumption or reboot) via sets of out-of-order TCP packets with unspecified characteristics, aka CSCsd27478. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070905-csm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-4789.md b/2007/CVE-2007-4789.md new file mode 100644 index 000000000..af50ebf51 --- /dev/null +++ b/2007/CVE-2007-4789.md @@ -0,0 +1,17 @@ +### [CVE-2007-4789](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4789) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco Content Switching Module with SSL (CSM-S) 2.1 before 2.1.6, when service termination is enabled, allow remote attackers to cause a denial of service (reboot) via unspecified vectors related to high network utilization, aka CSCsh57876. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070905-csm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-5134.md b/2007/CVE-2007-5134.md new file mode 100644 index 000000000..ea63cd7e5 --- /dev/null +++ b/2007/CVE-2007-5134.md @@ -0,0 +1,17 @@ +### [CVE-2007-5134](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5134) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP addresses for Ethernet Out-of-Band Channel (EOBC) internal communication, which might allow remote attackers to send packets to an interface for which network exposure was unintended. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20070926-lb.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-5581.md b/2007/CVE-2007-5581.md new file mode 100644 index 000000000..db0e860d6 --- /dev/null +++ b/2007/CVE-2007-5581.md @@ -0,0 +1,17 @@ +### [CVE-2007-5581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5581) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName parameters. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20071107-mp.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-5582.md b/2007/CVE-2007-5582.md new file mode 100644 index 000000000..79e36b857 --- /dev/null +++ b/2007/CVE-2007-5582.md @@ -0,0 +1,17 @@ +### [CVE-2007-5582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5582) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sr-20071205-cw.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2007/CVE-2007-5707.md b/2007/CVE-2007-5707.md index 4c2e86100..10710bca7 100644 --- a/2007/CVE-2007-5707.md +++ b/2007/CVE-2007-5707.md @@ -13,6 +13,7 @@ OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service (sla No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2007/CVE-2007-5708.md b/2007/CVE-2007-5708.md index d3386737b..bd1bf41c2 100644 --- a/2007/CVE-2007-5708.md +++ b/2007/CVE-2007-5708.md @@ -13,6 +13,7 @@ slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when runnin No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2007/CVE-2007-5728.md b/2007/CVE-2007-5728.md index 24cb1f2be..3c5a65036 100644 --- a/2007/CVE-2007-5728.md +++ b/2007/CVE-2007-5728.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2007/CVE-2007-6750.md b/2007/CVE-2007-6750.md index 02807b04f..4d61fb953 100644 --- a/2007/CVE-2007-6750.md +++ b/2007/CVE-2007-6750.md @@ -29,10 +29,12 @@ No PoCs from references. - https://github.com/MrFrozenPepe/Pentest-Cheetsheet - https://github.com/NikulinMS/13-01-hw - https://github.com/PierreChrd/py-projet-tut +- https://github.com/PradhapRam/Vulner-Reports - https://github.com/RoliSoft/ReconScan - https://github.com/SebSundin/THM-Nmap - https://github.com/SecureAxom/strike - https://github.com/SexyBeast233/SecBooks +- https://github.com/SinghNanak/apache-dos - https://github.com/Zhivarev/13-01-hw - https://github.com/adamziaja/vulnerability-check - https://github.com/binglansky/Slowloris-DOS-Attack @@ -42,12 +44,14 @@ No PoCs from references. - https://github.com/hktalent/bug-bounty - https://github.com/issdp/test - https://github.com/jaiderospina/NMAP +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/kasem545/vulnsearch - https://github.com/le37/slowloris - https://github.com/marcocastro100/Intrusion_Detection_System-Python - https://github.com/matoweb/Enumeration-Script - https://github.com/murilofurlan/trabalho-seguranca-redes - https://github.com/nsdhanoa/apache-dos +- https://github.com/oscaar90/nmap-scan - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems - https://github.com/vshaliii/Basic-Pentesting-1-Vulnhub-Walkthrough - https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough diff --git a/2008/CVE-2008-0028.md b/2008/CVE-2008-0028.md new file mode 100644 index 000000000..0742f28a7 --- /dev/null +++ b/2008/CVE-2008-0028.md @@ -0,0 +1,17 @@ +### [CVE-2008-0028](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0028) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in Cisco PIX 500 Series Security Appliance and 5500 Series Adaptive Security Appliance (ASA) before 7.2(3)6 and 8.0(3), when the Time-to-Live (TTL) decrement feature is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted IP packet. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20080123-asa.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2008/CVE-2008-0029.md b/2008/CVE-2008-0029.md new file mode 100644 index 000000000..2f1ad8bcc --- /dev/null +++ b/2008/CVE-2008-0029.md @@ -0,0 +1,17 @@ +### [CVE-2008-0029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0029) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20080123-avs.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2008/CVE-2008-0537.md b/2008/CVE-2008-0537.md new file mode 100644 index 000000000..199eb3087 --- /dev/null +++ b/2008/CVE-2008-0537.md @@ -0,0 +1,17 @@ +### [CVE-2008-0537](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0537) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Unspecified vulnerability in the Supervisor Engine 32 (Sup32), Supervisor Engine 720 (Sup720), and Route Switch Processor 720 (RSP720) for multiple Cisco products, when using Multi Protocol Label Switching (MPLS) VPN and OSPF sham-link, allows remote attackers to cause a denial of service (blocked queue, device restart, or memory leak) via unknown vectors. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20080326-queue.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2008/CVE-2008-0600.md b/2008/CVE-2008-0600.md index ee01001d1..165cd10e2 100644 --- a/2008/CVE-2008-0600.md +++ b/2008/CVE-2008-0600.md @@ -32,6 +32,7 @@ The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not v - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2008/CVE-2008-0900.md b/2008/CVE-2008-0900.md index 9048e00e2..2509c33cc 100644 --- a/2008/CVE-2008-0900.md +++ b/2008/CVE-2008-0900.md @@ -17,6 +17,7 @@ No PoCs from references. - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/fei9747/LinuxEelvation - https://github.com/hktalent/bug-bounty diff --git a/2008/CVE-2008-0960.md b/2008/CVE-2008-0960.md index ea2f7f1b2..919f8ecf8 100644 --- a/2008/CVE-2008-0960.md +++ b/2008/CVE-2008-0960.md @@ -11,6 +11,7 @@ SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3. #### Reference - http://securityreason.com/securityalert/3933 +- http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml - http://www.ubuntu.com/usn/usn-685-1 - https://bugzilla.redhat.com/show_bug.cgi?id=447974 - https://www.exploit-db.com/exploits/5790 diff --git a/2008/CVE-2008-1153.md b/2008/CVE-2008-1153.md new file mode 100644 index 000000000..7554e444f --- /dev/null +++ b/2008/CVE-2008-1153.md @@ -0,0 +1,17 @@ +### [CVE-2008-1153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1153) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the IPv6 protocol enabled, allows remote attackers to cause a denial of service (device crash and possible blocked interface) via a crafted IPv6 packet to the device. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2008/CVE-2008-1157.md b/2008/CVE-2008-1157.md new file mode 100644 index 000000000..1bbb7bf1c --- /dev/null +++ b/2008/CVE-2008-1157.md @@ -0,0 +1,17 @@ +### [CVE-2008-1157](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1157) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a process that executes a command shell and listens on a randomly chosen TCP port, which allows remote attackers to execute arbitrary commands. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20080313-ipm.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2008/CVE-2008-2398.md b/2008/CVE-2008-2398.md index 208d640ad..d028c1d3c 100644 --- a/2008/CVE-2008-2398.md +++ b/2008/CVE-2008-2398.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/merlinepedra/nuclei-templates - https://github.com/merlinepedra25/nuclei-templates - https://github.com/sobinge/nuclei-templates diff --git a/2008/CVE-2008-2441.md b/2008/CVE-2008-2441.md index ed6a9312c..433bf7ef0 100644 --- a/2008/CVE-2008-2441.md +++ b/2008/CVE-2008-2441.md @@ -11,6 +11,7 @@ Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) #### Reference - http://securityreason.com/securityalert/4216 +- http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml #### Github No PoCs found on GitHub currently. diff --git a/2008/CVE-2008-4109.md b/2008/CVE-2008-4109.md index 88ea0abae..70e3fa76a 100644 --- a/2008/CVE-2008-4109.md +++ b/2008/CVE-2008-4109.md @@ -13,5 +13,10 @@ A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 o - http://www.ubuntu.com/usn/usn-649-1 #### Github -No PoCs found on GitHub currently. +- https://github.com/David-M-Berry/openssh-cve-discovery +- https://github.com/Passyed/regreSSHion-Fix +- https://github.com/TAM-K592/CVE-2024-6387 +- https://github.com/azurejoga/CVE-2024-6387-how-to-fix +- https://github.com/bigb0x/CVE-2024-6387 +- https://github.com/invaderslabs/regreSSHion-CVE-2024-6387- diff --git a/2008/CVE-2008-4210.md b/2008/CVE-2008-4210.md index a1d766c76..6728ffb43 100644 --- a/2008/CVE-2008-4210.md +++ b/2008/CVE-2008-4210.md @@ -30,6 +30,7 @@ fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and s - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2008/CVE-2008-4250.md b/2008/CVE-2008-4250.md index 52d24116c..004d7e2e5 100644 --- a/2008/CVE-2008-4250.md +++ b/2008/CVE-2008-4250.md @@ -33,7 +33,9 @@ The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP - https://github.com/Kuromesi/Py4CSKG - https://github.com/RodrigoVarasLopez/Download-Scanners-from-Nessus-8.7-using-the-API - https://github.com/SexyBeast233/SecBooks +- https://github.com/Sp3c73rSh4d0w/MS08-067 - https://github.com/TheLastochka/pentest +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Y2FuZXBh/exploits - https://github.com/c0d3cr4f73r/MS08-067 - https://github.com/crypticdante/MS08-067 @@ -51,6 +53,7 @@ The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP - https://github.com/nitishbadole/oscp-note-2 - https://github.com/notsag-dev/htb-legacy - https://github.com/pxcs/CVE-29343-Sysmon-list +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/rmsbpro/rmsbpro - https://github.com/shashihacks/OSCP - https://github.com/shashihacks/OSWE diff --git a/2008/CVE-2008-5161.md b/2008/CVE-2008-5161.md index 5dfc5d73f..afd1f370c 100644 --- a/2008/CVE-2008-5161.md +++ b/2008/CVE-2008-5161.md @@ -27,6 +27,7 @@ Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Conne - https://github.com/VictorSum/13.1 - https://github.com/Wernigerode23/Uiazvimosty - https://github.com/Zhivarev/13-01-hw +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/ekiojp/hanase - https://github.com/joshgarlandreese/WordPressRedTeam_BlueTeam - https://github.com/kaio6fellipe/ssh-enum diff --git a/2008/CVE-2008-5587.md b/2008/CVE-2008-5587.md index d857b377e..d4039278c 100644 --- a/2008/CVE-2008-5587.md +++ b/2008/CVE-2008-5587.md @@ -15,4 +15,5 @@ Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 a #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2008/CVE-2008-6222.md b/2008/CVE-2008-6222.md index 7ee6c4b30..f2918183a 100644 --- a/2008/CVE-2008-6222.md +++ b/2008/CVE-2008-6222.md @@ -13,5 +13,6 @@ Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) - https://www.exploit-db.com/exploits/6980 #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2008/CVE-2008-6465.md b/2008/CVE-2008-6465.md index 6c0e2b202..397b77129 100644 --- a/2008/CVE-2008-6465.md +++ b/2008/CVE-2008-6465.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2008/CVE-2008-6982.md b/2008/CVE-2008-6982.md index e53e1ab22..e38f8aa8d 100644 --- a/2008/CVE-2008-6982.md +++ b/2008/CVE-2008-6982.md @@ -15,4 +15,5 @@ Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows re #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2009/CVE-2009-0079.md b/2009/CVE-2009-0079.md index dcdfa481e..652a06556 100644 --- a/2009/CVE-2009-0079.md +++ b/2009/CVE-2009-0079.md @@ -17,5 +17,6 @@ No PoCs from references. - https://github.com/Ascotbe/Kernelhub - https://github.com/Cruxer8Mech/Idk - https://github.com/fei9747/WindowsElevation +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/ycdxsb/WindowsPrivilegeEscalation diff --git a/2009/CVE-2009-0545.md b/2009/CVE-2009-0545.md index a09a336b5..f27295eec 100644 --- a/2009/CVE-2009-0545.md +++ b/2009/CVE-2009-0545.md @@ -17,4 +17,5 @@ cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to e - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2009/CVE-2009-0932.md b/2009/CVE-2009-0932.md index 136e111da..cbe18e962 100644 --- a/2009/CVE-2009-0932.md +++ b/2009/CVE-2009-0932.md @@ -15,5 +15,6 @@ Directory traversal vulnerability in framework/Image/Image.php in Horde before 3 #### Github - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/afzalbin64/accuknox-policy-temp +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/kubearmor/policy-templates diff --git a/2009/CVE-2009-1151.md b/2009/CVE-2009-1151.md index 3b548dce8..a0508e894 100644 --- a/2009/CVE-2009-1151.md +++ b/2009/CVE-2009-1151.md @@ -25,6 +25,7 @@ Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.1 - https://github.com/adpast/pocs - https://github.com/duckstroms/Web-CTF-Cheatsheet - https://github.com/e-Thug/PhpMyAdmin +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/pagvac/pocs - https://github.com/w181496/Web-CTF-Cheatsheet diff --git a/2009/CVE-2009-1185.md b/2009/CVE-2009-1185.md index 6084daaea..79d92e724 100644 --- a/2009/CVE-2009-1185.md +++ b/2009/CVE-2009-1185.md @@ -33,6 +33,7 @@ udev before 1.4.1 does not verify whether a NETLINK message originates from kern - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/amane312/Linux_menthor @@ -48,6 +49,7 @@ udev before 1.4.1 does not verify whether a NETLINK message originates from kern - https://github.com/hussien-almalki/Hack_lame - https://github.com/ismailvc1111/Linux_Privilege - https://github.com/kumardineshwar/linux-kernel-exploits +- https://github.com/kyuna312/Linux_menthor - https://github.com/m0mkris/linux-kernel-exploits - https://github.com/maririn312/Linux_menthor - https://github.com/moorejacob2017/Simple-Metasploitable2-RootKit diff --git a/2009/CVE-2009-1337.md b/2009/CVE-2009-1337.md index 72eb333c9..7c17696db 100644 --- a/2009/CVE-2009-1337.md +++ b/2009/CVE-2009-1337.md @@ -31,6 +31,7 @@ The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2009/CVE-2009-2265.md b/2009/CVE-2009-2265.md index 3c3692f51..c700c99c9 100644 --- a/2009/CVE-2009-2265.md +++ b/2009/CVE-2009-2265.md @@ -25,6 +25,7 @@ Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow r - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo - https://github.com/H3xL00m/CVE-2009-2265 +- https://github.com/Sp3c73rSh4d0w/CVE-2009-2265 - https://github.com/c0d3cr4f73r/CVE-2009-2265 - https://github.com/crypticdante/CVE-2009-2265 - https://github.com/k4u5h41/CVE-2009-2265 diff --git a/2009/CVE-2009-2692.md b/2009/CVE-2009-2692.md index 16f6ab08f..b7f1afa94 100644 --- a/2009/CVE-2009-2692.md +++ b/2009/CVE-2009-2692.md @@ -36,6 +36,7 @@ The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not in - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/cloudsec/exploit diff --git a/2009/CVE-2009-2698.md b/2009/CVE-2009-2698.md index c69dbede6..dbb49d84e 100644 --- a/2009/CVE-2009-2698.md +++ b/2009/CVE-2009-2698.md @@ -36,6 +36,7 @@ The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) - https://github.com/YgorAlberto/Ethical-Hacker - https://github.com/YgorAlberto/ygoralberto.github.io - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/cloudsec/exploit diff --git a/2009/CVE-2009-2890.md b/2009/CVE-2009-2890.md index 94d21adb2..3b1d9a8a9 100644 --- a/2009/CVE-2009-2890.md +++ b/2009/CVE-2009-2890.md @@ -13,6 +13,7 @@ Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddl - http://packetstormsecurity.org/0907-exploits/riddledepot-sqlxss.txt #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2009/CVE-2009-2929.md b/2009/CVE-2009-2929.md new file mode 100644 index 000000000..a1a809cfa --- /dev/null +++ b/2009/CVE-2009-2929.md @@ -0,0 +1,17 @@ +### [CVE-2009-2929](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2929) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, (22) subj, (23) mysql_l, (24) action, and (25) userfile1 parameters to cms/frontpage_ception.php. NOTE: some of these parameters may be applicable only in nonstandard versions of the product, and cms/frontpage_ception.php may be cms/frontpage_caption.php in all released versions. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CarlosMeyreles/Network-Vulnerability-Assessment + diff --git a/2009/CVE-2009-3547.md b/2009/CVE-2009-3547.md index 6fd82fa74..a8bd8521a 100644 --- a/2009/CVE-2009-3547.md +++ b/2009/CVE-2009-3547.md @@ -32,6 +32,7 @@ Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allo - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2009/CVE-2009-3555.md b/2009/CVE-2009-3555.md index 25f2a1d08..7f49fda98 100644 --- a/2009/CVE-2009-3555.md +++ b/2009/CVE-2009-3555.md @@ -51,5 +51,6 @@ The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Micr - https://github.com/pyllyukko/user.js - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems - https://github.com/withdk/pulse-secure-vpn-mitm-research +- https://github.com/ziezeeshan/Networksecurity - https://github.com/zzzWTF/db-13-01 diff --git a/2009/CVE-2009-4223.md b/2009/CVE-2009-4223.md index d98adda11..fa3172d83 100644 --- a/2009/CVE-2009-4223.md +++ b/2009/CVE-2009-4223.md @@ -13,5 +13,6 @@ PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web 1.1b2 and e - http://www.exploit-db.com/exploits/10216 #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2010/CVE-2010-0738.md b/2010/CVE-2010-0738.md index 7169e9d8e..521dedbc7 100644 --- a/2010/CVE-2010-0738.md +++ b/2010/CVE-2010-0738.md @@ -26,6 +26,7 @@ The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Applicati - https://github.com/fupinglee/JavaTools - https://github.com/gitcollect/jboss-autopwn - https://github.com/hatRiot/clusterd +- https://github.com/onewinner/VulToolsKit - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research - https://github.com/pen4uin/vulnerability-research-list diff --git a/2010/CVE-2010-1122.md b/2010/CVE-2010-1122.md index f2c10d8ba..f7875cba7 100644 --- a/2010/CVE-2010-1122.md +++ b/2010/CVE-2010-1122.md @@ -13,5 +13,6 @@ Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote a - https://bugzilla.mozilla.org/show_bug.cgi?id=552216 #### Github +- https://github.com/Jaideep1997/inspector-checker - https://github.com/nicolaurech/inspector-checker diff --git a/2010/CVE-2010-1146.md b/2010/CVE-2010-1146.md index ef1afd8ed..a445d9d6d 100644 --- a/2010/CVE-2010-1146.md +++ b/2010/CVE-2010-1146.md @@ -32,6 +32,7 @@ No PoCs from references. - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2010/CVE-2010-1871.md b/2010/CVE-2010-1871.md index 2a8e613ac..19607f178 100644 --- a/2010/CVE-2010-1871.md +++ b/2010/CVE-2010-1871.md @@ -23,6 +23,7 @@ No PoCs from references. - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/dudek-marcin/Poc-Exp - https://github.com/fupinglee/JavaTools +- https://github.com/onewinner/VulToolsKit - https://github.com/orangetw/My-CTF-Web-Challenges - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research diff --git a/2010/CVE-2010-2075.md b/2010/CVE-2010-2075.md index 17c667f5d..6daeae166 100644 --- a/2010/CVE-2010-2075.md +++ b/2010/CVE-2010-2075.md @@ -23,6 +23,7 @@ No PoCs from references. - https://github.com/JoseLRC97/UnrealIRCd-3.2.8.1-Backdoor-Command-Execution - https://github.com/MFernstrom/OffensivePascal-CVE-2010-2075 - https://github.com/Okarn/TP_securite_EDOU_JACQUEMONT +- https://github.com/Patrick122333/4240project - https://github.com/Sh4dowX404/UnrealIRCD-3.2.8.1-Backdoor - https://github.com/VoitenkoAN/13.1 - https://github.com/XorgX304/UnrealIRCd-3.2.8.1-RCE diff --git a/2010/CVE-2010-2333.md b/2010/CVE-2010-2333.md new file mode 100644 index 000000000..c3f730afe --- /dev/null +++ b/2010/CVE-2010-2333.md @@ -0,0 +1,17 @@ +### [CVE-2010-2333](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2333) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/PradhapRam/Vulner-Reports + diff --git a/2010/CVE-2010-2554.md b/2010/CVE-2010-2554.md index 5c8cbbf9b..16da211a1 100644 --- a/2010/CVE-2010-2554.md +++ b/2010/CVE-2010-2554.md @@ -17,5 +17,6 @@ No PoCs from references. - https://github.com/Ascotbe/Kernelhub - https://github.com/Cruxer8Mech/Idk - https://github.com/fei9747/WindowsElevation +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/ycdxsb/WindowsPrivilegeEscalation diff --git a/2010/CVE-2010-2795.md b/2010/CVE-2010-2795.md index 9d55ce241..6a8ab1e96 100644 --- a/2010/CVE-2010-2795.md +++ b/2010/CVE-2010-2795.md @@ -11,6 +11,7 @@ phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a q #### Reference - https://issues.jasig.org/browse/PHPCAS-61 +- https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog #### Github No PoCs found on GitHub currently. diff --git a/2010/CVE-2010-2796.md b/2010/CVE-2010-2796.md index 279254f59..a764374f0 100644 --- a/2010/CVE-2010-2796.md +++ b/2010/CVE-2010-2796.md @@ -11,6 +11,7 @@ Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode #### Reference - https://issues.jasig.org/browse/PHPCAS-67 +- https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog #### Github No PoCs found on GitHub currently. diff --git a/2010/CVE-2010-2959.md b/2010/CVE-2010-2959.md index f616f78ee..1ad24b445 100644 --- a/2010/CVE-2010-2959.md +++ b/2010/CVE-2010-2959.md @@ -47,6 +47,7 @@ No PoCs from references. - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/akr3ch/OSCP-Survival-Guide - https://github.com/aktechnohacker/OSCP-Notes - https://github.com/albinjoshy03/linux-kernel-exploits diff --git a/2010/CVE-2010-3081.md b/2010/CVE-2010-3081.md index aab71e7a5..1a8928004 100644 --- a/2010/CVE-2010-3081.md +++ b/2010/CVE-2010-3081.md @@ -36,6 +36,7 @@ The compat_alloc_user_space functions in include/asm/compat.h files in the Linux - https://github.com/SteinsGatep001/Binary - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2010/CVE-2010-3301.md b/2010/CVE-2010-3301.md index 9f8858b16..953af55d0 100644 --- a/2010/CVE-2010-3301.md +++ b/2010/CVE-2010-3301.md @@ -35,6 +35,7 @@ The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2010/CVE-2010-3904.md b/2010/CVE-2010-3904.md index 624aa0012..93a2460ba 100644 --- a/2010/CVE-2010-3904.md +++ b/2010/CVE-2010-3904.md @@ -30,6 +30,7 @@ The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Socke - https://github.com/CCIEVoice2009/oscp-survival - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo +- https://github.com/CYBER-PUBLIC-SCHOOL/linux-privilege-escalation-cheatsheet - https://github.com/De4dCr0w/Linux-kernel-EoP-exp - https://github.com/DhivaKD/OSCP-Notes - https://github.com/DictionaryHouse/The-Security-Handbook-Kali-Linux @@ -56,6 +57,7 @@ The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Socke - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/T3b0g025/PWK-CheatSheet - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/akr3ch/OSCP-Survival-Guide - https://github.com/aktechnohacker/OSCP-Notes - https://github.com/albinjoshy03/linux-kernel-exploits @@ -89,6 +91,7 @@ The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Socke - https://github.com/k0mi-tg/OSCP - https://github.com/k0mi-tg/OSCP-note - https://github.com/kumardineshwar/linux-kernel-exploits +- https://github.com/kyuna312/Linux_menthor - https://github.com/m0mkris/linux-kernel-exploits - https://github.com/make0day/pentest - https://github.com/manas3c/OSCP-note diff --git a/2010/CVE-2010-4073.md b/2010/CVE-2010-4073.md index ff6bc75a3..fea6a3eea 100644 --- a/2010/CVE-2010-4073.md +++ b/2010/CVE-2010-4073.md @@ -34,6 +34,7 @@ The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize cert - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2010/CVE-2010-4258.md b/2010/CVE-2010-4258.md index eaae0c5ae..1bc0a0a39 100644 --- a/2010/CVE-2010-4258.md +++ b/2010/CVE-2010-4258.md @@ -18,6 +18,7 @@ The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does n - https://github.com/Al1ex/LinuxEelvation - https://github.com/C0dak/linux-kernel-exploits - https://github.com/C0dak/local-root-exploit- +- https://github.com/CYBER-PUBLIC-SCHOOL/linux-privilege-escalation-cheatsheet - https://github.com/De4dCr0w/Linux-kernel-EoP-exp - https://github.com/Feng4/linux-kernel-exploits - https://github.com/HUSTSeclab/Kernel-Exploits @@ -34,6 +35,7 @@ The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does n - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2010/CVE-2010-4347.md b/2010/CVE-2010-4347.md index 327136789..335c27bff 100644 --- a/2010/CVE-2010-4347.md +++ b/2010/CVE-2010-4347.md @@ -32,6 +32,7 @@ No PoCs from references. - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2011/CVE-2011-0049.md b/2011/CVE-2011-0049.md index b38b53792..b23f56d68 100644 --- a/2011/CVE-2011-0049.md +++ b/2011/CVE-2011-0049.md @@ -16,4 +16,5 @@ Directory traversal vulnerability in the _list_file_get function in lib/Majordom #### Github - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2011/CVE-2011-1002.md b/2011/CVE-2011-1002.md index 1bae41a3f..0a6809b18 100644 --- a/2011/CVE-2011-1002.md +++ b/2011/CVE-2011-1002.md @@ -15,11 +15,14 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/DButter/whitehat_public +- https://github.com/Howertx/avahi-dos - https://github.com/NikolayAntipov/DB_13-01 +- https://github.com/berradiginamic/32123BC7-Securite-Informatique - https://github.com/csk/unisecbarber - https://github.com/kaanyeniyol/python-nmap - https://github.com/lucasljk1/NMAP - https://github.com/namhikelo/Symfonos1-Vulnhub-CEH - https://github.com/odolezal/D-Link-DIR-655 +- https://github.com/oscaar90/nmap-scan - https://github.com/polarbeargo/Security-Engineer-Nanodegree-Program-Adversarial-Resilience-Assessing-Infrastructure-Security diff --git a/2011/CVE-2011-1249.md b/2011/CVE-2011-1249.md index 0d968b8b6..61a3d67cc 100644 --- a/2011/CVE-2011-1249.md +++ b/2011/CVE-2011-1249.md @@ -22,6 +22,7 @@ The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and S - https://github.com/Cruxer8Mech/Idk - https://github.com/H3xL00m/CVE-2011-1249 - https://github.com/Madusanka99/OHTS +- https://github.com/Sp3c73rSh4d0w/CVE-2011-1249 - https://github.com/c0d3cr4f73r/CVE-2011-1249 - https://github.com/crypticdante/CVE-2011-1249 - https://github.com/fei9747/WindowsElevation diff --git a/2011/CVE-2011-2523.md b/2011/CVE-2011-2523.md index 38b9da29b..22483b52b 100644 --- a/2011/CVE-2011-2523.md +++ b/2011/CVE-2011-2523.md @@ -22,6 +22,8 @@ vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which - https://github.com/4m3rr0r/CVE-2011-2523-poc - https://github.com/5k1pp/Red-Team-Engagement-Simulation - https://github.com/ARPSyndicate/cvemon +- https://github.com/AhmedIrfan198/Penetration-Test-of-Metasploitable-2 +- https://github.com/AnugiArrawwala/CVE-Research - https://github.com/Atiwitch15101/vsftpd-2.3.4-Exploit - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo @@ -33,6 +35,7 @@ vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which - https://github.com/Hellsender01/vsftpd_2.3.4_Exploit - https://github.com/HerculesRD/vsftpd2.3.4PyExploit - https://github.com/JFPineda79/Red-Team-Engagement-Simulation +- https://github.com/KennuC/PentestLab - https://github.com/Kr1tz3x3/HTB-Writeups - https://github.com/Lynk4/CVE-2011-2523 - https://github.com/MFernstrom/OffensivePascal-CVE-2011-2523 @@ -41,9 +44,11 @@ vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which - https://github.com/NikolayAntipov/DB_13-01 - https://github.com/NnickSecurity/vsftpd_backdoor_exploit - https://github.com/NullBrunk/CVE-2011-2523 +- https://github.com/Patrick122333/4240project - https://github.com/Prachi-Sharma-git/Exploit_FTP - https://github.com/Shubham-2k1/Exploit-CVE-2011-2523 - https://github.com/Tenor-Z/SmileySploit +- https://github.com/Uno13x/Uno13x - https://github.com/VoitenkoAN/13.1 - https://github.com/WanShannn/Exploit-vsftpd - https://github.com/Wanderwille/13.01 diff --git a/2011/CVE-2011-2678.md b/2011/CVE-2011-2678.md new file mode 100644 index 000000000..dfa017247 --- /dev/null +++ b/2011/CVE-2011-2678.md @@ -0,0 +1,17 @@ +### [CVE-2011-2678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2678) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for cvpnd.exe, which allows local users to gain privileges by replacing this executable file with an arbitrary program, aka Bug ID CSCtn50645. NOTE: this vulnerability exists because of a CVE-2007-4415 regression. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20070815-vpnclient.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2011/CVE-2011-2780.md b/2011/CVE-2011-2780.md index bcc92ab78..7c2289f56 100644 --- a/2011/CVE-2011-2780.md +++ b/2011/CVE-2011-2780.md @@ -16,4 +16,5 @@ Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlie #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2011/CVE-2011-3298.md b/2011/CVE-2011-3298.md index 20d7dcb1b..88ac1e49c 100644 --- a/2011/CVE-2011-3298.md +++ b/2011/CVE-2011-3298.md @@ -10,6 +10,7 @@ Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Servic ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml - http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml #### Github diff --git a/2011/CVE-2011-3299.md b/2011/CVE-2011-3299.md index e15b7439f..361d05332 100644 --- a/2011/CVE-2011-3299.md +++ b/2011/CVE-2011-3299.md @@ -10,6 +10,7 @@ Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Servic ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml - http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml #### Github diff --git a/2011/CVE-2011-3300.md b/2011/CVE-2011-3300.md index 983c9c23e..450d1d2b4 100644 --- a/2011/CVE-2011-3300.md +++ b/2011/CVE-2011-3300.md @@ -10,6 +10,7 @@ Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Servic ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml - http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml #### Github diff --git a/2011/CVE-2011-3301.md b/2011/CVE-2011-3301.md index 060a5eda2..71087c173 100644 --- a/2011/CVE-2011-3301.md +++ b/2011/CVE-2011-3301.md @@ -10,6 +10,7 @@ Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Servic ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml - http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml #### Github diff --git a/2011/CVE-2011-3302.md b/2011/CVE-2011-3302.md index 42faf211e..a9c2b41f4 100644 --- a/2011/CVE-2011-3302.md +++ b/2011/CVE-2011-3302.md @@ -10,6 +10,7 @@ Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Servic ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml - http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml #### Github diff --git a/2011/CVE-2011-3303.md b/2011/CVE-2011-3303.md index cab117bb3..c418c9059 100644 --- a/2011/CVE-2011-3303.md +++ b/2011/CVE-2011-3303.md @@ -10,6 +10,7 @@ Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Servic ### POC #### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml - http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml #### Github diff --git a/2011/CVE-2011-3304.md b/2011/CVE-2011-3304.md new file mode 100644 index 000000000..4a64fb043 --- /dev/null +++ b/2011/CVE-2011-3304.md @@ -0,0 +1,17 @@ +### [CVE-2011-3304](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3304) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.2 before 7.2(5.3), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2), and 8.5 before 8.5(1.1) allow remote attackers to cause a denial of service (device reload) via crafted MSN Instant Messenger traffic, aka Bug ID CSCtl67486. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2011/CVE-2011-3305.md b/2011/CVE-2011-3305.md new file mode 100644 index 000000000..3115260d2 --- /dev/null +++ b/2011/CVE-2011-3305.md @@ -0,0 +1,17 @@ +### [CVE-2011-3305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3305) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755. + +### POC + +#### Reference +- http://www.cisco.com/warp/public/707/cisco-sa-20111005-nac.shtml + +#### Github +No PoCs found on GitHub currently. + diff --git a/2011/CVE-2011-3315.md b/2011/CVE-2011-3315.md index a3cae26bf..65eb94666 100644 --- a/2011/CVE-2011-3315.md +++ b/2011/CVE-2011-3315.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2011/CVE-2011-4079.md b/2011/CVE-2011-4079.md index 84009250c..67271851a 100644 --- a/2011/CVE-2011-4079.md +++ b/2011/CVE-2011-4079.md @@ -13,6 +13,7 @@ Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earl No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2012/CVE-2012-0056.md b/2012/CVE-2012-0056.md index e80131bdd..491adfef9 100644 --- a/2012/CVE-2012-0056.md +++ b/2012/CVE-2012-0056.md @@ -28,6 +28,7 @@ No PoCs from references. - https://github.com/CCIEVoice2009/oscp-survival - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo +- https://github.com/CYBER-PUBLIC-SCHOOL/linux-privilege-escalation-cheatsheet - https://github.com/De4dCr0w/Linux-kernel-EoP-exp - https://github.com/DhivaKD/OSCP-Notes - https://github.com/DictionaryHouse/The-Security-Handbook-Kali-Linux @@ -57,6 +58,7 @@ No PoCs from references. - https://github.com/T3b0g025/PWK-CheatSheet - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/akr3ch/OSCP-Survival-Guide - https://github.com/aktechnohacker/OSCP-Notes - https://github.com/albinjoshy03/linux-kernel-exploits @@ -104,6 +106,7 @@ No PoCs from references. - https://github.com/kicku6/Opensource88888 - https://github.com/knd06/linux-kernel-exploitation - https://github.com/kumardineshwar/linux-kernel-exploits +- https://github.com/kyuna312/Linux_menthor - https://github.com/m0mkris/linux-kernel-exploits - https://github.com/make0day/pentest - https://github.com/manas3c/OSCP-note diff --git a/2012/CVE-2012-0814.md b/2012/CVE-2012-0814.md index 90135a5b1..1d53d5739 100644 --- a/2012/CVE-2012-0814.md +++ b/2012/CVE-2012-0814.md @@ -25,6 +25,7 @@ No PoCs from references. - https://github.com/VictorSum/13.1 - https://github.com/Wernigerode23/Uiazvimosty - https://github.com/Zhivarev/13-01-hw +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/kaio6fellipe/ssh-enum - https://github.com/scmanjarrez/CVEScannerV2 - https://github.com/smabramov/Vulnerabilities-and-attacks-on-information-systems diff --git a/2012/CVE-2012-0816.md b/2012/CVE-2012-0816.md new file mode 100644 index 000000000..d2d330ac6 --- /dev/null +++ b/2012/CVE-2012-0816.md @@ -0,0 +1,17 @@ +### [CVE-2012-0816](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0816) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue) + +### Description + +** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/bigb0x/CVE-2024-6387 + diff --git a/2012/CVE-2012-1182.md b/2012/CVE-2012-1182.md index 734fbd453..d7540cb12 100644 --- a/2012/CVE-2012-1182.md +++ b/2012/CVE-2012-1182.md @@ -22,6 +22,7 @@ The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6. - https://github.com/Kiosec/Windows-Exploitation - https://github.com/Qftm/Information_Collection_Handbook - https://github.com/amishamunjal-az/Week16-Homework +- https://github.com/casohub/multinmap - https://github.com/esteban0477/RedTeamPlaybook - https://github.com/jlashay/Penetration-Testing-1 - https://github.com/joneswu456/rt-n56u diff --git a/2012/CVE-2012-2122.md b/2012/CVE-2012-2122.md index e6e93be9a..eb884f4df 100644 --- a/2012/CVE-2012-2122.md +++ b/2012/CVE-2012-2122.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/0day666/Vulnerability-verification - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/4ARMED/nmap-nse-scripts - https://github.com/7hang/cyber-security-interview - https://github.com/ARPSyndicate/cvemon diff --git a/2012/CVE-2012-2459.md b/2012/CVE-2012-2459.md index 5514070eb..bfcb4fde7 100644 --- a/2012/CVE-2012-2459.md +++ b/2012/CVE-2012-2459.md @@ -18,5 +18,6 @@ No PoCs from references. - https://github.com/akircanski/coinbugs - https://github.com/dmp1ce/eloipool-docker - https://github.com/fmerg/pymerkle +- https://github.com/slowmist/Cryptocurrency-Security-Audit-Guide - https://github.com/uvhw/conchimgiangnang diff --git a/2012/CVE-2012-3524.md b/2012/CVE-2012-3524.md index 4a76464c8..21c276076 100644 --- a/2012/CVE-2012-3524.md +++ b/2012/CVE-2012-3524.md @@ -30,6 +30,7 @@ libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2012/CVE-2012-4253.md b/2012/CVE-2012-4253.md index 179bfaaaf..ad574b3c8 100644 --- a/2012/CVE-2012-4253.md +++ b/2012/CVE-2012-4253.md @@ -14,4 +14,5 @@ Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2012/CVE-2012-4273.md b/2012/CVE-2012-4273.md index 00c091e7c..548cf7ba9 100644 --- a/2012/CVE-2012-4273.md +++ b/2012/CVE-2012-4273.md @@ -14,4 +14,5 @@ Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 Click Social #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2012/CVE-2012-4547.md b/2012/CVE-2012-4547.md index 15ffde0b4..a360137a7 100644 --- a/2012/CVE-2012-4547.md +++ b/2012/CVE-2012-4547.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2012/CVE-2012-5568.md b/2012/CVE-2012-5568.md index 2e7d5e0b4..ca19cc12c 100644 --- a/2012/CVE-2012-5568.md +++ b/2012/CVE-2012-5568.md @@ -13,6 +13,7 @@ Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service No PoCs from references. #### Github +- https://github.com/SinghNanak/apache-dos - https://github.com/h0ussni/pwnloris - https://github.com/nsdhanoa/apache-dos diff --git a/2013/CVE-2013-0268.md b/2013/CVE-2013-0268.md index b02aa84dd..5c66969ee 100644 --- a/2013/CVE-2013-0268.md +++ b/2013/CVE-2013-0268.md @@ -30,6 +30,7 @@ No PoCs from references. - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2013/CVE-2013-1763.md b/2013/CVE-2013-1763.md index 8a8708040..95dc7edf5 100644 --- a/2013/CVE-2013-1763.md +++ b/2013/CVE-2013-1763.md @@ -34,6 +34,7 @@ Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/anoaghost/Localroot_Compile diff --git a/2013/CVE-2013-1858.md b/2013/CVE-2013-1858.md index 8f423f5ff..a5ad38a2e 100644 --- a/2013/CVE-2013-1858.md +++ b/2013/CVE-2013-1858.md @@ -30,6 +30,7 @@ The clone system-call implementation in the Linux kernel before 3.8.3 does not p - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2013/CVE-2013-1959.md b/2013/CVE-2013-1959.md index 5d29fc0c2..e75494a7b 100644 --- a/2013/CVE-2013-1959.md +++ b/2013/CVE-2013-1959.md @@ -15,4 +15,5 @@ kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropria #### Github - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits diff --git a/2013/CVE-2013-2094.md b/2013/CVE-2013-2094.md index 491887725..e8864b171 100644 --- a/2013/CVE-2013-2094.md +++ b/2013/CVE-2013-2094.md @@ -47,6 +47,7 @@ The perf_swevent_init function in kernel/events/core.c in the Linux kernel befor - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/amane312/Linux_menthor @@ -75,6 +76,7 @@ The perf_swevent_init function in kernel/events/core.c in the Linux kernel befor - https://github.com/khanhnd123/linux-kernel-exploitation - https://github.com/knd06/linux-kernel-exploitation - https://github.com/kumardineshwar/linux-kernel-exploits +- https://github.com/kyuna312/Linux_menthor - https://github.com/lushtree-cn-honeyzhao/awesome-c - https://github.com/m0mkris/linux-kernel-exploits - https://github.com/maririn312/Linux_menthor diff --git a/2013/CVE-2013-2251.md b/2013/CVE-2013-2251.md index 7c7500344..1aac47996 100644 --- a/2013/CVE-2013-2251.md +++ b/2013/CVE-2013-2251.md @@ -20,6 +20,7 @@ Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary - https://github.com/0day666/Vulnerability-verification - https://github.com/0xh4di/PayloadsAllTheThings - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/pocsuite3 - https://github.com/3vikram/Application-Vulnerabilities-Payloads - https://github.com/84KaliPleXon3/Payloads_All_The_Things @@ -29,6 +30,7 @@ Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/GuynnR/Payloads - https://github.com/HimmelAward/Goby_POC +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/MelanyRoob/Goby - https://github.com/Muhammd/Awesome-Payloads - https://github.com/Nieuport/PayloadsAllTheThings diff --git a/2013/CVE-2013-4548.md b/2013/CVE-2013-4548.md index eadc736f1..800ac1be0 100644 --- a/2013/CVE-2013-4548.md +++ b/2013/CVE-2013-4548.md @@ -13,5 +13,5 @@ The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6 - https://hackerone.com/reports/500 #### Github -No PoCs found on GitHub currently. +- https://github.com/bigb0x/CVE-2024-6387 diff --git a/2013/CVE-2013-4810.md b/2013/CVE-2013-4810.md index 04c4148ee..13aac8662 100644 --- a/2013/CVE-2013-4810.md +++ b/2013/CVE-2013-4810.md @@ -24,6 +24,7 @@ HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manag - https://github.com/enomothem/PenTestNote - https://github.com/fupinglee/JavaTools - https://github.com/jiangsir404/POC-S +- https://github.com/onewinner/VulToolsKit - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research - https://github.com/pen4uin/vulnerability-research-list diff --git a/2013/CVE-2013-7282.md b/2013/CVE-2013-7282.md new file mode 100644 index 000000000..28abf3680 --- /dev/null +++ b/2013/CVE-2013-7282.md @@ -0,0 +1,18 @@ +### [CVE-2013-7282](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7282) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header. + +### POC + +#### Reference +- http://www.ampliasecurity.com/advisories/AMPLIA-ARA050913.txt +- http://www.ampliasecurity.com/advisories/nisuta-nswir150ne-nswir300n-wireless-router-remote-management-web-interface-authentication-bypass-vulnerability.html + +#### Github +No PoCs found on GitHub currently. + diff --git a/2014/CVE-2014-0018.md b/2014/CVE-2014-0018.md index 76c0c0789..fe7fbb00a 100644 --- a/2014/CVE-2014-0018.md +++ b/2014/CVE-2014-0018.md @@ -13,6 +13,7 @@ Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Ap No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/auditt7708/rhsecapi - https://github.com/bharatsunny/dagda diff --git a/2014/CVE-2014-0038.md b/2014/CVE-2014-0038.md index 37ba9b5ac..7b9cc0593 100644 --- a/2014/CVE-2014-0038.md +++ b/2014/CVE-2014-0038.md @@ -40,6 +40,7 @@ The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/ambynotcoder/C-libraries diff --git a/2014/CVE-2014-0107.md b/2014/CVE-2014-0107.md index dcacdd888..cc1434999 100644 --- a/2014/CVE-2014-0107.md +++ b/2014/CVE-2014-0107.md @@ -16,6 +16,7 @@ The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restr - https://www.oracle.com/security-alerts/cpuoct2021.html #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/4depcheck diff --git a/2014/CVE-2014-0160.md b/2014/CVE-2014-0160.md index 161b0b3de..2874265e9 100644 --- a/2014/CVE-2014-0160.md +++ b/2014/CVE-2014-0160.md @@ -134,6 +134,7 @@ The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not p - https://github.com/Live-Hack-CVE/CVE-2014-0160 - https://github.com/LucaFilipozzi/ssl-heartbleed.nse - https://github.com/MHM5000/starred +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Mehedi-Babu/ethical_hacking_cyber - https://github.com/MiChuan/PenTesting - https://github.com/Miraitowa70/POC-Notes diff --git a/2014/CVE-2014-0196.md b/2014/CVE-2014-0196.md index adc2cf965..a8540ff3e 100644 --- a/2014/CVE-2014-0196.md +++ b/2014/CVE-2014-0196.md @@ -38,6 +38,7 @@ The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14 - https://github.com/SunRain/CVE-2014-0196 - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/anoaghost/Localroot_Compile diff --git a/2014/CVE-2014-10037.md b/2014/CVE-2014-10037.md index 2ec5fbd86..c62d860cf 100644 --- a/2014/CVE-2014-10037.md +++ b/2014/CVE-2014-10037.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2014/CVE-2014-1203.md b/2014/CVE-2014-1203.md index 47e5d39c7..120a9d304 100644 --- a/2014/CVE-2014-1203.md +++ b/2014/CVE-2014-1203.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2014/CVE-2014-2024.md b/2014/CVE-2014-2024.md index 9fc8231a2..6b76da762 100644 --- a/2014/CVE-2014-2024.md +++ b/2014/CVE-2014-2024.md @@ -14,4 +14,5 @@ Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open #### Github - https://github.com/pxcs/CVE-29343-Sysmon-list +- https://github.com/pxcs/CVE_Sysmon_Report diff --git a/2014/CVE-2014-2527.md b/2014/CVE-2014-2527.md new file mode 100644 index 000000000..907fde71a --- /dev/null +++ b/2014/CVE-2014-2527.md @@ -0,0 +1,17 @@ +### [CVE-2014-2527](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2527) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory name, a different vulnerability than CVE-2014-2528. + +### POC + +#### Reference +- https://bitbucket.org/jeromerobert/k4dirstat/commits/1ad2e96d73fa06cd9be0f3749b337c03575016aa#chg-src/kcleanup.cpp + +#### Github +No PoCs found on GitHub currently. + diff --git a/2014/CVE-2014-2528.md b/2014/CVE-2014-2528.md new file mode 100644 index 000000000..e988245bd --- /dev/null +++ b/2014/CVE-2014-2528.md @@ -0,0 +1,17 @@ +### [CVE-2014-2528](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2528) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vulnerability than CVE-2014-2527. + +### POC + +#### Reference +- https://bitbucket.org/jeromerobert/k4dirstat/commits/1ad2e96d73fa06cd9be0f3749b337c03575016aa#chg-src/kcleanup.cpp + +#### Github +No PoCs found on GitHub currently. + diff --git a/2014/CVE-2014-2532.md b/2014/CVE-2014-2532.md index 0c0e54a74..e5c96a025 100644 --- a/2014/CVE-2014-2532.md +++ b/2014/CVE-2014-2532.md @@ -16,5 +16,6 @@ sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv line #### Github - https://github.com/averyth3archivist/nmap-network-reconnaissance +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough diff --git a/2014/CVE-2014-3120.md b/2014/CVE-2014-3120.md index 36f1963fd..734c1141b 100644 --- a/2014/CVE-2014-3120.md +++ b/2014/CVE-2014-3120.md @@ -17,6 +17,7 @@ The default configuration in Elasticsearch before 1.2 enables dynamic scripting, - https://github.com/0ps/pocassistdb - https://github.com/189569400/fofa - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/pocsuite - https://github.com/ACIC-Africa/metasploitable3 - https://github.com/ARPSyndicate/cvemon @@ -32,6 +33,7 @@ The default configuration in Elasticsearch before 1.2 enables dynamic scripting, - https://github.com/GhostTroops/myhktools - https://github.com/Hackinfinity/Honey-Pots- - https://github.com/HimmelAward/Goby_POC +- https://github.com/JE2Se/AssetScan - https://github.com/Karma47/Cybersecurity_base_project_2 - https://github.com/LubyRuffy/fofa - https://github.com/Mehedi-Babu/honeypots_cyber @@ -44,6 +46,7 @@ The default configuration in Elasticsearch before 1.2 enables dynamic scripting, - https://github.com/Pasyware/Honeypot_Projects - https://github.com/SexyBeast233/SecBooks - https://github.com/ToonyLoony/OpenVAS_Project +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Z0fhack/Goby_POC - https://github.com/ZTK-009/RedTeamer - https://github.com/ahm3dhany/IDS-Evasion diff --git a/2014/CVE-2014-3146.md b/2014/CVE-2014-3146.md index a1c55abfe..ee7f30137 100644 --- a/2014/CVE-2014-3146.md +++ b/2014/CVE-2014-3146.md @@ -14,6 +14,7 @@ Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before - http://seclists.org/fulldisclosure/2014/Apr/319 #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/ARPSyndicate/cvemon - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda diff --git a/2014/CVE-2014-3153.md b/2014/CVE-2014-3153.md index 230df7617..3481c4267 100644 --- a/2014/CVE-2014-3153.md +++ b/2014/CVE-2014-3153.md @@ -45,6 +45,7 @@ No PoCs from references. - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/ambynotcoder/C-libraries diff --git a/2014/CVE-2014-4014.md b/2014/CVE-2014-4014.md index 518daa452..98ad6145d 100644 --- a/2014/CVE-2014-4014.md +++ b/2014/CVE-2014-4014.md @@ -32,6 +32,7 @@ The capabilities implementation in the Linux kernel before 3.14.8 does not prope - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/anoaghost/Localroot_Compile diff --git a/2014/CVE-2014-4113.md b/2014/CVE-2014-4113.md index f4056aec3..b771ed452 100644 --- a/2014/CVE-2014-4113.md +++ b/2014/CVE-2014-4113.md @@ -42,6 +42,7 @@ win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Wind - https://github.com/HacTF/poc--exp - https://github.com/HackOvert/awesome-bugs - https://github.com/JERRY123S/all-poc +- https://github.com/JennieXLisa/awe-win-expx - https://github.com/LegendSaber/exp - https://github.com/NitroA/windowsexpoitationresources - https://github.com/NullArray/WinKernel-Resources diff --git a/2014/CVE-2014-4210.md b/2014/CVE-2014-4210.md index 76beeef56..9ef2f3e1a 100644 --- a/2014/CVE-2014-4210.md +++ b/2014/CVE-2014-4210.md @@ -23,6 +23,7 @@ Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusi - https://github.com/1120362990/vulnerability-list - https://github.com/189569400/Meppo - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates @@ -86,6 +87,7 @@ Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusi - https://github.com/qi4L/WeblogicScan.go - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/ronoski/j2ee-rscan - https://github.com/skyblueflag/WebSecurityStudy - https://github.com/superfish9/pt diff --git a/2014/CVE-2014-4544.md b/2014/CVE-2014-4544.md index e6f442191..bc8859735 100644 --- a/2014/CVE-2014-4544.md +++ b/2014/CVE-2014-4544.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2014/CVE-2014-4699.md b/2014/CVE-2014-4699.md index 38716a4e9..dddf53dc6 100644 --- a/2014/CVE-2014-4699.md +++ b/2014/CVE-2014-4699.md @@ -36,6 +36,7 @@ The Linux kernel before 3.15.4 on Intel processors does not properly restrict us - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/anoaghost/Localroot_Compile diff --git a/2014/CVE-2014-5284.md b/2014/CVE-2014-5284.md index 77f1e3b39..67e6cb3ef 100644 --- a/2014/CVE-2014-5284.md +++ b/2014/CVE-2014-5284.md @@ -30,6 +30,7 @@ host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable fi - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2014/CVE-2014-5461.md b/2014/CVE-2014-5461.md index 6fc9ffa9b..f0eac25be 100644 --- a/2014/CVE-2014-5461.md +++ b/2014/CVE-2014-5461.md @@ -13,6 +13,7 @@ Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/andir/nixos-issue-db-example - https://github.com/bharatsunny/dagda diff --git a/2014/CVE-2014-6271.md b/2014/CVE-2014-6271.md index 78e0fbe55..6aa6f24f5 100644 --- a/2014/CVE-2014-6271.md +++ b/2014/CVE-2014-6271.md @@ -173,6 +173,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th - https://github.com/Ly0nt4r/OSCP - https://github.com/Ly0nt4r/ShellShock - https://github.com/MY7H404/CVE-2014-6271-Shellshock +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Mehedi-Babu/enumeration_cheat_sht - https://github.com/Mehedi-Babu/ethical_hacking_cyber - https://github.com/Meowmycks/OSCPprep-SickOs1.1 diff --git a/2014/CVE-2014-8122.md b/2014/CVE-2014-8122.md index 22f327468..9d50227b1 100644 --- a/2014/CVE-2014-8122.md +++ b/2014/CVE-2014-8122.md @@ -13,6 +13,7 @@ Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows rem No PoCs from references. #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2014/CVE-2014-9322.md b/2014/CVE-2014-9322.md index a9c406db9..30d6019c9 100644 --- a/2014/CVE-2014-9322.md +++ b/2014/CVE-2014-9322.md @@ -20,6 +20,7 @@ arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly h - https://github.com/R0B1NL1N/linux-kernel-exploitation - https://github.com/RKX1209/CVE-2014-9322 - https://github.com/Technoashofficial/kernel-exploitation-linux +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/cranelab/exploit-development - https://github.com/dyjakan/exploit-development-case-studies - https://github.com/kdn111/linux-kernel-exploitation diff --git a/2014/CVE-2014-9709.md b/2014/CVE-2014-9709.md index 680f0f21f..5ef08ecab 100644 --- a/2014/CVE-2014-9709.md +++ b/2014/CVE-2014-9709.md @@ -12,6 +12,7 @@ The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP bef #### Reference - http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html - http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html +- https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43 #### Github - https://github.com/Live-Hack-CVE/CVE-2014-9709 diff --git a/2015/CVE-2015-0057.md b/2015/CVE-2015-0057.md index d4ba3f81d..3765ced85 100644 --- a/2015/CVE-2015-0057.md +++ b/2015/CVE-2015-0057.md @@ -29,6 +29,7 @@ win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Wind - https://github.com/Flerov/WindowsExploitDev - https://github.com/GhostTroops/TOP - https://github.com/JERRY123S/all-poc +- https://github.com/JennieXLisa/awe-win-expx - https://github.com/Karneades/awesome-vulnerabilities - https://github.com/LegendSaber/exp - https://github.com/NitroA/windowsexpoitationresources diff --git a/2015/CVE-2015-0204.md b/2015/CVE-2015-0204.md index 68ffab384..8e6999078 100644 --- a/2015/CVE-2015-0204.md +++ b/2015/CVE-2015-0204.md @@ -74,4 +74,5 @@ The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 - https://github.com/thekondrashov/stuff - https://github.com/vitaliivakhr/NETOLOGY - https://github.com/yellownine/netology-DevOps +- https://github.com/ziezeeshan/Networksecurity diff --git a/2015/CVE-2015-1328.md b/2015/CVE-2015-1328.md index 6bb25624d..9a4ad01be 100644 --- a/2015/CVE-2015-1328.md +++ b/2015/CVE-2015-1328.md @@ -39,6 +39,7 @@ The overlayfs implementation in the linux (aka Linux kernel) package before 3.19 - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/amtzespinosa/tr0ll-walkthrough diff --git a/2015/CVE-2015-1345.md b/2015/CVE-2015-1345.md index a21ad22dd..c5b16ee37 100644 --- a/2015/CVE-2015-1345.md +++ b/2015/CVE-2015-1345.md @@ -13,6 +13,7 @@ The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local user - http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html #### Github +- https://github.com/1karu32s/dagda_offline - https://github.com/MrE-Fog/dagda - https://github.com/bharatsunny/dagda - https://github.com/eliasgranderubio/dagda diff --git a/2015/CVE-2015-1427.md b/2015/CVE-2015-1427.md index dd09a9344..850635908 100644 --- a/2015/CVE-2015-1427.md +++ b/2015/CVE-2015-1427.md @@ -32,6 +32,7 @@ The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 - https://github.com/GhostTroops/myhktools - https://github.com/HimmelAward/Goby_POC - https://github.com/IsmailSoltakhanov17/Monkey +- https://github.com/JE2Se/AssetScan - https://github.com/JERRY123S/all-poc - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/Makare06/Monkey @@ -41,6 +42,7 @@ The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 - https://github.com/R0B1NL1N/E-x-p-l-o-i-t-s - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Xcod3bughunt3r/ExploitsTools - https://github.com/XiphosResearch/exploits - https://github.com/YrenWu/Elhackstic diff --git a/2015/CVE-2015-1503.md b/2015/CVE-2015-1503.md index ccca44528..ed2cb4dc9 100644 --- a/2015/CVE-2015-1503.md +++ b/2015/CVE-2015-1503.md @@ -17,4 +17,5 @@ Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2015/CVE-2015-1701.md b/2015/CVE-2015-1701.md index d2cc2fa7e..ffe9ad306 100644 --- a/2015/CVE-2015-1701.md +++ b/2015/CVE-2015-1701.md @@ -62,6 +62,7 @@ Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vist - https://github.com/pr0code/https-github.com-ExpLife0011-awesome-windows-kernel-security-development - https://github.com/pravinsrc/NOTES-windows-kernel-links - https://github.com/puckiestyle/A-Red-Teamer-diaries +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/tronghieu220403/Common-Vulnerabilities-and-Exposures-Reports - https://github.com/tufanturhan/Red-Teamer-Diaries - https://github.com/weeka10/-hktalent-TOP diff --git a/2015/CVE-2015-1880.md b/2015/CVE-2015-1880.md index 707fd95e2..49b2acc96 100644 --- a/2015/CVE-2015-1880.md +++ b/2015/CVE-2015-1880.md @@ -13,6 +13,7 @@ Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet Fo No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates diff --git a/2015/CVE-2015-4852.md b/2015/CVE-2015-4852.md index d6325a9aa..9c3380eef 100644 --- a/2015/CVE-2015-4852.md +++ b/2015/CVE-2015-4852.md @@ -64,6 +64,7 @@ The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3. - https://github.com/nex1less/CVE-2015-4852 - https://github.com/nihaohello/N-MiddlewareScan - https://github.com/oneplus-x/jok3r +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/RedTeamer - https://github.com/psadmin-io/weblogic-patching-scripts - https://github.com/qiqiApink/apkRepair diff --git a/2015/CVE-2015-5600.md b/2015/CVE-2015-5600.md index 058bbb58d..3a5e379c5 100644 --- a/2015/CVE-2015-5600.md +++ b/2015/CVE-2015-5600.md @@ -22,6 +22,7 @@ The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 #### Github - https://github.com/Live-Hack-CVE/CVE-2015-5600 - https://github.com/ahm3dhany/IDS-Evasion +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/pboonman196/Final_Project_CyberBootcamp - https://github.com/scmanjarrez/CVEScannerV2 - https://github.com/sjourdan/clair-lab diff --git a/2015/CVE-2015-6563.md b/2015/CVE-2015-6563.md index 6b7690e0a..971a4401a 100644 --- a/2015/CVE-2015-6563.md +++ b/2015/CVE-2015-6563.md @@ -18,6 +18,7 @@ The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms acc - https://github.com/ARPSyndicate/cvemon - https://github.com/CyCognito/manual-detection - https://github.com/Live-Hack-CVE/CVE-2015-6563 +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough - https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough diff --git a/2015/CVE-2015-6564.md b/2015/CVE-2015-6564.md index f88de6faf..e271b0157 100644 --- a/2015/CVE-2015-6564.md +++ b/2015/CVE-2015-6564.md @@ -17,6 +17,7 @@ Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c #### Github - https://github.com/CyCognito/manual-detection - https://github.com/Live-Hack-CVE/CVE-2015-6564 +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/vshaliii/DC-1-Vulnhub-Walkthrough - https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough diff --git a/2015/CVE-2015-6927.md b/2015/CVE-2015-6927.md new file mode 100644 index 000000000..21e1717e5 --- /dev/null +++ b/2015/CVE-2015-6927.md @@ -0,0 +1,17 @@ +### [CVE-2015-6927](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6927) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel. + +### POC + +#### Reference +- https://src.openvz.org/projects/OVZL/repos/vzctl/commits/9e98ea630ac0e88b44e3e23c878a5166aeb74e1c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2015/CVE-2015-7450.md b/2015/CVE-2015-7450.md index 0eacdfb5e..ce1c56b11 100644 --- a/2015/CVE-2015-7450.md +++ b/2015/CVE-2015-7450.md @@ -28,6 +28,7 @@ Serialized-object interfaces in certain IBM analytics, business solutions, cogni - https://github.com/Delishsploits/PayloadsAndMethodology - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet - https://github.com/GuynnR/Payloads +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Muhammd/Awesome-Payloads - https://github.com/Nieuport/PayloadsAllTheThings - https://github.com/Ostorlab/KEV diff --git a/2015/CVE-2015-7501.md b/2015/CVE-2015-7501.md index b3c16f640..75c6412ad 100644 --- a/2015/CVE-2015-7501.md +++ b/2015/CVE-2015-7501.md @@ -37,6 +37,7 @@ Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet - https://github.com/GuynnR/Payloads - https://github.com/HimmelAward/Goby_POC +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/MrE-Fog/jbossScan - https://github.com/Muhammd/Awesome-Payloads - https://github.com/Nieuport/PayloadsAllTheThings @@ -81,6 +82,7 @@ Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/mrhacker51/ReverseShellCommands - https://github.com/nevidimk0/PayloadsAllTheThings +- https://github.com/onewinner/VulToolsKit - https://github.com/orgTestCodacy11KRepos110MB/repo-5832-java-deserialization-exploits - https://github.com/password520/RedTeamer - https://github.com/pen4uin/awesome-vulnerability-research diff --git a/2015/CVE-2015-7547.md b/2015/CVE-2015-7547.md index 8929d95d2..f59149e26 100644 --- a/2015/CVE-2015-7547.md +++ b/2015/CVE-2015-7547.md @@ -66,6 +66,7 @@ Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functio - https://github.com/Vxer-Lee/Hack_Tools - https://github.com/ZTK-009/linux-kernel-exploits - https://github.com/ZiDuNet/Note +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/alanmeyer/CVE-glibc - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alex-bender/links diff --git a/2015/CVE-2015-7780.md b/2015/CVE-2015-7780.md index 1d1d5022e..2ffd5b1d7 100644 --- a/2015/CVE-2015-7780.md +++ b/2015/CVE-2015-7780.md @@ -13,5 +13,6 @@ Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2015/CVE-2015-8103.md b/2015/CVE-2015-8103.md index 4ddb33c11..536ae3674 100644 --- a/2015/CVE-2015-8103.md +++ b/2015/CVE-2015-8103.md @@ -30,6 +30,7 @@ The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet - https://github.com/GuynnR/Payloads - https://github.com/KayCHENvip/vulnerability-poc +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Miraitowa70/POC-Notes - https://github.com/Muhammd/Awesome-Payloads - https://github.com/NCSU-DANCE-Research-Group/CDL @@ -63,6 +64,7 @@ The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/mrhacker51/ReverseShellCommands - https://github.com/nevidimk0/PayloadsAllTheThings +- https://github.com/onewinner/VulToolsKit - https://github.com/orgTestCodacy11KRepos110MB/repo-5832-java-deserialization-exploits - https://github.com/r00t4dm/Jenkins-CVE-2015-8103 - https://github.com/ranjan-prp/PayloadsAllTheThings diff --git a/2015/CVE-2015-8550.md b/2015/CVE-2015-8550.md index 84c1fae43..669ba343b 100644 --- a/2015/CVE-2015-8550.md +++ b/2015/CVE-2015-8550.md @@ -16,6 +16,7 @@ Xen, when used on a system providing PV backends, allows local guest OS administ - https://github.com/Al1ex/LinuxEelvation - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/jfbastien/no-sane-compiler diff --git a/2015/CVE-2015-8660.md b/2015/CVE-2015-8660.md index ad62a57ab..0c0df43c5 100644 --- a/2015/CVE-2015-8660.md +++ b/2015/CVE-2015-8660.md @@ -22,6 +22,7 @@ The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3 - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits - https://github.com/Live-Hack-CVE/CVE-2015-8660 +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/chorankates/Irked - https://github.com/nhamle2/CVE-2015-8660 - https://github.com/nhamle2/nhamle2 diff --git a/2016/CVE-2016-0099.md b/2016/CVE-2016-0099.md index 60ce59c50..fd0558ffa 100644 --- a/2016/CVE-2016-0099.md +++ b/2016/CVE-2016-0099.md @@ -31,6 +31,7 @@ The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 - https://github.com/hktalent/TOP - https://github.com/jenriquezv/OSCP-Cheat-Sheets-Windows - https://github.com/lyshark/Windows-exploits +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/readloud/Awesome-Stars - https://github.com/taielab/awesome-hacking-lists - https://github.com/xbl2022/awesome-hacking-lists diff --git a/2016/CVE-2016-0638.md b/2016/CVE-2016-0638.md index 85cde6095..e3ff9e5c7 100644 --- a/2016/CVE-2016-0638.md +++ b/2016/CVE-2016-0638.md @@ -54,11 +54,13 @@ Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusi - https://github.com/koutto/jok3r-pocs - https://github.com/langu-xyz/JavaVulnMap - https://github.com/nihaohello/N-MiddlewareScan +- https://github.com/onewinner/VulToolsKit - https://github.com/openx-org/BLEN - https://github.com/password520/RedTeamer - https://github.com/qi4L/WeblogicScan.go - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/safe6Sec/WeblogicVuln - https://github.com/safe6Sec/wlsEnv - https://github.com/sp4zcmd/WeblogicExploit-GUI diff --git a/2016/CVE-2016-0728.md b/2016/CVE-2016-0728.md index 763ae5cdd..bfa0692ba 100644 --- a/2016/CVE-2016-0728.md +++ b/2016/CVE-2016-0728.md @@ -40,6 +40,7 @@ The join_session_keyring function in security/keys/process_keys.c in the Linux k - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/ainannurizzaman/zabbix - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits diff --git a/2016/CVE-2016-0777.md b/2016/CVE-2016-0777.md index 9214eed9d..8605825e8 100644 --- a/2016/CVE-2016-0777.md +++ b/2016/CVE-2016-0777.md @@ -25,6 +25,7 @@ The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, - https://github.com/RedHatSatellite/satellite-host-cve - https://github.com/WinstonN/fabric2 - https://github.com/akshayprasad/Linux_command_crash_course +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/chuongvuvan/awesome-ssh - https://github.com/cpcloudnl/ssh-config - https://github.com/dblume/dotfiles diff --git a/2016/CVE-2016-0788.md b/2016/CVE-2016-0788.md index b9408b4c8..a5a0a46fc 100644 --- a/2016/CVE-2016-0788.md +++ b/2016/CVE-2016-0788.md @@ -22,6 +22,7 @@ No PoCs from references. - https://github.com/klausware/Java-Deserialization-Cheat-Sheet - https://github.com/lnick2023/nicenice - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet +- https://github.com/onewinner/VulToolsKit - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/xbl3/awesome-cve-poc_qazbnm456 diff --git a/2016/CVE-2016-0792.md b/2016/CVE-2016-0792.md index f717b26a1..ad8b18dd5 100644 --- a/2016/CVE-2016-0792.md +++ b/2016/CVE-2016-0792.md @@ -30,6 +30,7 @@ Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642. - https://github.com/GuynnR/Payloads - https://github.com/JERRY123S/all-poc - https://github.com/KayCHENvip/vulnerability-poc +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Miraitowa70/POC-Notes - https://github.com/Muhammd/Awesome-Payloads - https://github.com/Nieuport/PayloadsAllTheThings @@ -62,6 +63,7 @@ Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642. - https://github.com/lp008/Hack-readme - https://github.com/mrhacker51/ReverseShellCommands - https://github.com/nevidimk0/PayloadsAllTheThings +- https://github.com/onewinner/VulToolsKit - https://github.com/orgTestCodacy11KRepos110MB/repo-5832-java-deserialization-exploits - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/ranjan-prp/PayloadsAllTheThings diff --git a/2016/CVE-2016-1000109.md b/2016/CVE-2016-1000109.md index 0b4cf91e6..371415bad 100644 --- a/2016/CVE-2016-1000109.md +++ b/2016/CVE-2016-1000109.md @@ -32,6 +32,7 @@ HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/gabomasi/reverse-proxy - https://github.com/garnser/nginx-oidc-proxy diff --git a/2016/CVE-2016-1000110.md b/2016/CVE-2016-1000110.md index 57232937a..af8079a49 100644 --- a/2016/CVE-2016-1000110.md +++ b/2016/CVE-2016-1000110.md @@ -33,6 +33,7 @@ The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_P - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/gabomasi/reverse-proxy - https://github.com/garnser/nginx-oidc-proxy diff --git a/2016/CVE-2016-1000216.md b/2016/CVE-2016-1000216.md new file mode 100644 index 000000000..26a99d8aa --- /dev/null +++ b/2016/CVE-2016-1000216.md @@ -0,0 +1,17 @@ +### [CVE-2016-1000216](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000216) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Ruckus Wireless H500 web management interface authenticated command injection + +### POC + +#### Reference +- https://bitbucket.org/dudux/ruckus-rootshell + +#### Github +No PoCs found on GitHub currently. + diff --git a/2016/CVE-2016-10009.md b/2016/CVE-2016-10009.md index af1bca5b8..a64c27296 100644 --- a/2016/CVE-2016-10009.md +++ b/2016/CVE-2016-10009.md @@ -15,6 +15,7 @@ Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH befor - https://www.exploit-db.com/exploits/40963/ #### Github +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/bioly230/THM_Skynet - https://github.com/biswajitde/dsm_ips - https://github.com/gabrieljcs/ips-assessment-reports diff --git a/2016/CVE-2016-10012.md b/2016/CVE-2016-10012.md index 4c3a03549..1fad6ddc9 100644 --- a/2016/CVE-2016-10012.md +++ b/2016/CVE-2016-10012.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/bioly230/THM_Skynet - https://github.com/phx/cvescan - https://github.com/retr0-13/cveScannerV2 diff --git a/2016/CVE-2016-2384.md b/2016/CVE-2016-2384.md index ff3a231f4..44f360f56 100644 --- a/2016/CVE-2016-2384.md +++ b/2016/CVE-2016-2384.md @@ -37,6 +37,7 @@ Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/coffee727/linux-exp diff --git a/2016/CVE-2016-3088.md b/2016/CVE-2016-3088.md index 515ab3dd2..32af1b79e 100644 --- a/2016/CVE-2016-3088.md +++ b/2016/CVE-2016-3088.md @@ -36,6 +36,7 @@ The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remot - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/YutuSec/ActiveMQ_Crack - https://github.com/Z0fhack/Goby_POC - https://github.com/bakery312/Vulhub-Reproduce diff --git a/2016/CVE-2016-3115.md b/2016/CVE-2016-3115.md index fa842bdc6..7a10fdb62 100644 --- a/2016/CVE-2016-3115.md +++ b/2016/CVE-2016-3115.md @@ -22,6 +22,7 @@ Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH before 7 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/RedHatSatellite/satellite-host-cve +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/bioly230/THM_Skynet - https://github.com/biswajitde/dsm_ips - https://github.com/gabrieljcs/ips-assessment-reports diff --git a/2016/CVE-2016-3309.md b/2016/CVE-2016-3309.md index 116de094e..7fab3296b 100644 --- a/2016/CVE-2016-3309.md +++ b/2016/CVE-2016-3309.md @@ -50,6 +50,7 @@ The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 - https://github.com/nobiusmallyu/kehai - https://github.com/pravinsrc/NOTES-windows-kernel-links - https://github.com/qazbnm456/awesome-cve-poc +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/sensepost/ms16-098 - https://github.com/siberas/CVE-2016-3309_Reloaded - https://github.com/slimdaddy/RedTeam diff --git a/2016/CVE-2016-3510.md b/2016/CVE-2016-3510.md index 8514477c6..01fc4b82e 100644 --- a/2016/CVE-2016-3510.md +++ b/2016/CVE-2016-3510.md @@ -38,6 +38,7 @@ Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusi - https://github.com/JERRY123S/all-poc - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/KimJun1010/WeblogicTool +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/MacAsure/WL_Scan_GO - https://github.com/Miraitowa70/POC-Notes - https://github.com/Muhammd/Awesome-Payloads @@ -84,11 +85,13 @@ Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusi - https://github.com/mrhacker51/ReverseShellCommands - https://github.com/nevidimk0/PayloadsAllTheThings - https://github.com/nihaohello/N-MiddlewareScan +- https://github.com/onewinner/VulToolsKit - https://github.com/orgTestCodacy11KRepos110MB/repo-5832-java-deserialization-exploits - https://github.com/password520/RedTeamer - https://github.com/qi4L/WeblogicScan.go - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/ranjan-prp/PayloadsAllTheThings - https://github.com/ravijainpro/payloads_xss - https://github.com/safe6Sec/WeblogicVuln diff --git a/2016/CVE-2016-4437.md b/2016/CVE-2016-4437.md index f2070d5b2..0a664949a 100644 --- a/2016/CVE-2016-4437.md +++ b/2016/CVE-2016-4437.md @@ -16,6 +16,7 @@ Apache Shiro before 1.2.5, when a cipher key has not been configured for the "re #### Github - https://github.com/0day404/vulnerability-poc - https://github.com/0day666/Vulnerability-verification +- https://github.com/0x727/FingerprintHub - https://github.com/20142995/Goby - https://github.com/4nth0ny1130/shisoserial - https://github.com/ARPSyndicate/cvemon diff --git a/2016/CVE-2016-4557.md b/2016/CVE-2016-4557.md index a50a32cc5..e35c2c741 100644 --- a/2016/CVE-2016-4557.md +++ b/2016/CVE-2016-4557.md @@ -16,6 +16,7 @@ The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux k - https://github.com/ARPSyndicate/cvemon - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/chreniuc/CTF - https://github.com/dylandreimerink/gobpfld - https://github.com/kkamagui/linux-kernel-exploits diff --git a/2016/CVE-2016-4997.md b/2016/CVE-2016-4997.md index 3649b3fc9..fd276c8fc 100644 --- a/2016/CVE-2016-4997.md +++ b/2016/CVE-2016-4997.md @@ -18,4 +18,5 @@ The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations #### Github - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits diff --git a/2016/CVE-2016-5195.md b/2016/CVE-2016-5195.md index b4b4b0aa1..4d6c65639 100644 --- a/2016/CVE-2016-5195.md +++ b/2016/CVE-2016-5195.md @@ -67,6 +67,7 @@ Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allo - https://github.com/CVEDB/PoC-List - https://github.com/CVEDB/awesome-cve-repo - https://github.com/CVEDB/top +- https://github.com/CYBER-PUBLIC-SCHOOL/linux-privilege-escalation-cheatsheet - https://github.com/Cham0i/SecPlus - https://github.com/DanielEbert/CVE-2016-5195 - https://github.com/DanielEbert/dirtycow-vdso @@ -152,6 +153,7 @@ Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allo - https://github.com/Ygodsec/- - https://github.com/ZTK-009/RedTeamer - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/acidburnmi/CVE-2016-5195-master - https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground - https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground @@ -284,6 +286,7 @@ Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allo - https://github.com/knd06/linux-kernel-exploitation - https://github.com/kumardineshwar/linux-kernel-exploits - https://github.com/kwxk/Rutgers_Cyber_Range +- https://github.com/kyuna312/Linux_menthor - https://github.com/kzwkt/lkrt - https://github.com/l2dy/stars - https://github.com/ldenevi/CVE-2016-5195 diff --git a/2016/CVE-2016-5385.md b/2016/CVE-2016-5385.md index 2f7fc2cce..c69e91d6a 100644 --- a/2016/CVE-2016-5385.md +++ b/2016/CVE-2016-5385.md @@ -43,6 +43,7 @@ PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/gabomasi/reverse-proxy - https://github.com/garnser/nginx-oidc-proxy diff --git a/2016/CVE-2016-5386.md b/2016/CVE-2016-5386.md index 29e4eeb33..7d6ef6558 100644 --- a/2016/CVE-2016-5386.md +++ b/2016/CVE-2016-5386.md @@ -36,6 +36,7 @@ The net/http package in Go through 1.6 does not attempt to address RFC 3875 sect - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/gabomasi/reverse-proxy - https://github.com/garnser/nginx-oidc-proxy diff --git a/2016/CVE-2016-5387.md b/2016/CVE-2016-5387.md index 60185f963..d95b5b454 100644 --- a/2016/CVE-2016-5387.md +++ b/2016/CVE-2016-5387.md @@ -46,6 +46,7 @@ The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and theref - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/firatesatoglu/shodanSearch - https://github.com/gabomasi/reverse-proxy diff --git a/2016/CVE-2016-5388.md b/2016/CVE-2016-5388.md index 97af8c0f4..0e59baa4f 100644 --- a/2016/CVE-2016-5388.md +++ b/2016/CVE-2016-5388.md @@ -36,6 +36,7 @@ Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is - https://github.com/creativ/docker-nginx-proxy - https://github.com/cryptoplay/docker-alpine-nginx-proxy - https://github.com/dlpnetworks/dlp-nginx-proxy +- https://github.com/dmitriy-tkalich/docker-nginx-proxy - https://github.com/expoli/nginx-proxy-docker-image-builder - https://github.com/gabomasi/reverse-proxy - https://github.com/garnser/nginx-oidc-proxy diff --git a/2016/CVE-2016-6210.md b/2016/CVE-2016-6210.md index ae3859770..108b69184 100644 --- a/2016/CVE-2016-6210.md +++ b/2016/CVE-2016-6210.md @@ -17,6 +17,7 @@ sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password has - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Live-Hack-CVE/CVE-2016-6210 +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/bioly230/THM_Skynet - https://github.com/cocomelonc/vulnexipy - https://github.com/eric-conrad/enumer8 diff --git a/2016/CVE-2016-7067.md b/2016/CVE-2016-7067.md new file mode 100644 index 000000000..711387895 --- /dev/null +++ b/2016/CVE-2016-7067.md @@ -0,0 +1,17 @@ +### [CVE-2016-7067](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7067) +![](https://img.shields.io/static/v1?label=Product&message=monit&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352&color=brighgreen) + +### Description + +Monit before version 5.20.0 is vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host or disable/enable monitoring for a specific service. + +### POC + +#### Reference +- https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master + +#### Github +No PoCs found on GitHub currently. + diff --git a/2016/CVE-2016-7124.md b/2016/CVE-2016-7124.md index e0eca3109..7cf2f24bb 100644 --- a/2016/CVE-2016-7124.md +++ b/2016/CVE-2016-7124.md @@ -16,6 +16,7 @@ ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 misha #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/Fa1c0n35/Web-CTF-Cheatshee +- https://github.com/ProbiusOfficial/PHPSerialize-labs - https://github.com/Zxser/Web-CTF-Cheatsheet - https://github.com/duckstroms/Web-CTF-Cheatsheet - https://github.com/fine-1/php-SER-libs diff --git a/2016/CVE-2016-8527.md b/2016/CVE-2016-8527.md index e8023aa7e..ed852ed57 100644 --- a/2016/CVE-2016-8527.md +++ b/2016/CVE-2016-8527.md @@ -13,6 +13,7 @@ Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a - https://www.exploit-db.com/exploits/41482/ #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2016/CVE-2016-8655.md b/2016/CVE-2016-8655.md index 757c4c92a..fbfe1fa36 100644 --- a/2016/CVE-2016-8655.md +++ b/2016/CVE-2016-8655.md @@ -33,6 +33,7 @@ Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allo - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/The-Z-Labs/linux-exploit-suggester - https://github.com/TheJoyOfHacking/mzet-linux-exploit-suggester +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/agkunkle/chocobo - https://github.com/anoaghost/Localroot_Compile - https://github.com/bcoles/kernel-exploits diff --git a/2016/CVE-2016-9793.md b/2016/CVE-2016-9793.md index 4b23acc38..4939b692a 100644 --- a/2016/CVE-2016-9793.md +++ b/2016/CVE-2016-9793.md @@ -31,6 +31,7 @@ The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.1 - https://github.com/Singlea-lyh/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/amrelsadane123/Ecploit-kernel-4.10-linux-local diff --git a/2016/CVE-2016-9957.md b/2016/CVE-2016-9957.md index 59d3ef0bc..21666334b 100644 --- a/2016/CVE-2016-9957.md +++ b/2016/CVE-2016-9957.md @@ -10,6 +10,7 @@ Stack-based buffer overflow in game-music-emu before 0.6.1. ### POC #### Reference +- https://bitbucket.org/mpyne/game-music-emu/wiki/Home - https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html #### Github diff --git a/2016/CVE-2016-9958.md b/2016/CVE-2016-9958.md index ecb5e443d..c01ebec9e 100644 --- a/2016/CVE-2016-9958.md +++ b/2016/CVE-2016-9958.md @@ -10,6 +10,7 @@ game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory ### POC #### Reference +- https://bitbucket.org/mpyne/game-music-emu/wiki/Home - https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html #### Github diff --git a/2016/CVE-2016-9959.md b/2016/CVE-2016-9959.md index e2f3febfe..3b30e1bb9 100644 --- a/2016/CVE-2016-9959.md +++ b/2016/CVE-2016-9959.md @@ -10,6 +10,7 @@ game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8- ### POC #### Reference +- https://bitbucket.org/mpyne/game-music-emu/wiki/Home - https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html #### Github diff --git a/2016/CVE-2016-9960.md b/2016/CVE-2016-9960.md index c8ba9f1be..4c314b3db 100644 --- a/2016/CVE-2016-9960.md +++ b/2016/CVE-2016-9960.md @@ -10,6 +10,7 @@ game-music-emu before 0.6.1 allows local users to cause a denial of service (div ### POC #### Reference +- https://bitbucket.org/mpyne/game-music-emu/wiki/Home - https://scarybeastsecurity.blogspot.in/2016/12/redux-compromising-linux-using-snes.html #### Github diff --git a/2016/CVE-2016-9961.md b/2016/CVE-2016-9961.md index 10b4a6890..0dc4d0ddc 100644 --- a/2016/CVE-2016-9961.md +++ b/2016/CVE-2016-9961.md @@ -10,6 +10,7 @@ game-music-emu before 0.6.1 mishandles unspecified integer values. ### POC #### Reference +- https://bitbucket.org/mpyne/game-music-emu/wiki/Home - https://scarybeastsecurity.blogspot.cz/2016/12/redux-compromising-linux-using-snes.html #### Github diff --git a/2017/CVE-2017-0143.md b/2017/CVE-2017-0143.md index fd1824952..df4d77f80 100644 --- a/2017/CVE-2017-0143.md +++ b/2017/CVE-2017-0143.md @@ -110,6 +110,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 - https://github.com/liorsivan/hackthebox-machines - https://github.com/lnick2023/nicenice - https://github.com/lyshark/Windows-exploits +- https://github.com/mchklt/PFE - https://github.com/merlinepedra/SCAN4LL - https://github.com/merlinepedra25/SCAN4ALL-1 - https://github.com/mishmashclone/infosecn1nja-AD-Attack-Defense diff --git a/2017/CVE-2017-0144.md b/2017/CVE-2017-0144.md index 80555f69b..ab26f8477 100644 --- a/2017/CVE-2017-0144.md +++ b/2017/CVE-2017-0144.md @@ -23,6 +23,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 - https://github.com/61106960/adPEAS - https://github.com/ARPSyndicate/cvemon - https://github.com/Ali-Imangholi/EternalBlueTrojan +- https://github.com/AnugiArrawwala/CVE-Research - https://github.com/Astrogeorgeonethree/Starred - https://github.com/Astrogeorgeonethree/Starred2 - https://github.com/Atem1988/Starred @@ -128,6 +129,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 - https://github.com/peterpt/eternal_scanner - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/quynhold/Detect-CVE-2017-0144-attack +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/retr0-13/AD-Attack-Defense - https://github.com/revanmalang/OSCP - https://github.com/rvsvishnuv/rvsvishnuv.github.io diff --git a/2017/CVE-2017-0199.md b/2017/CVE-2017-0199.md index 6012e461c..4d9708ce2 100644 --- a/2017/CVE-2017-0199.md +++ b/2017/CVE-2017-0199.md @@ -185,6 +185,7 @@ Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, - https://github.com/securi3ytalent/Red-Teaming-documentation - https://github.com/severnake/Pentest-Tools - https://github.com/shr3ddersec/Shr3dKit +- https://github.com/sifatnotes/cobalt_strike_tutorials - https://github.com/slimdaddy/RedTeam - https://github.com/stealth-ronin/CVE-2017-0199-PY-KIT - https://github.com/sv3nbeast/Attack-Notes @@ -197,6 +198,7 @@ Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, - https://github.com/triw0lf/Security-Matters-22 - https://github.com/twensoo/PersistentThreat - https://github.com/txuswashere/OSCP +- https://github.com/u53r55/Security-Tools-List - https://github.com/unusualwork/red-team-tools - https://github.com/viethdgit/CVE-2017-0199 - https://github.com/vysecurity/RedTips diff --git a/2017/CVE-2017-0213.md b/2017/CVE-2017-0213.md index 2724b5698..b780f8699 100644 --- a/2017/CVE-2017-0213.md +++ b/2017/CVE-2017-0213.md @@ -94,6 +94,7 @@ Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/qiantu88/cve - https://github.com/rakjong/WindowsElvation +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/redteampa1/Windows - https://github.com/renzu0/Windows-exp - https://github.com/reph0r/Poc-Exp-Tools diff --git a/2017/CVE-2017-1000112.md b/2017/CVE-2017-1000112.md index bd9562d16..05e3122fe 100644 --- a/2017/CVE-2017-1000112.md +++ b/2017/CVE-2017-1000112.md @@ -74,6 +74,7 @@ Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. W - https://github.com/kkamagui/linux-kernel-exploits - https://github.com/knd06/linux-kernel-exploitation - https://github.com/kumardineshwar/linux-kernel-exploits +- https://github.com/kyuna312/Linux_menthor - https://github.com/lnick2023/nicenice - https://github.com/m0mkris/linux-kernel-exploits - https://github.com/maririn312/Linux_menthor diff --git a/2017/CVE-2017-1000253.md b/2017/CVE-2017-1000253.md index 8e21e1e66..bee568b6a 100644 --- a/2017/CVE-2017-1000253.md +++ b/2017/CVE-2017-1000253.md @@ -17,6 +17,7 @@ Linux distributions that have not patched their long-term kernels with https://g - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits - https://github.com/RicterZ/PIE-Stack-Clash-CVE-2017-1000253 +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/kaosagnt/ansible-everyday - https://github.com/sxlmnwb/CVE-2017-1000253 diff --git a/2017/CVE-2017-1000353.md b/2017/CVE-2017-1000353.md index 9cfaf3870..515a72d31 100644 --- a/2017/CVE-2017-1000353.md +++ b/2017/CVE-2017-1000353.md @@ -60,6 +60,7 @@ Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerab - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/nixawk/labs - https://github.com/oneplus-x/MS17-010 +- https://github.com/onewinner/VulToolsKit - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/r00t4dm/Jenkins-CVE-2017-1000353 - https://github.com/reph0r/poc-exp diff --git a/2017/CVE-2017-1000367.md b/2017/CVE-2017-1000367.md index 1b4882a90..c7aa8542d 100644 --- a/2017/CVE-2017-1000367.md +++ b/2017/CVE-2017-1000367.md @@ -36,6 +36,7 @@ Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validati - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/WhaleShark-Team/murasame - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/anoaghost/Localroot_Compile diff --git a/2017/CVE-2017-1001000.md b/2017/CVE-2017-1001000.md index e4bbcf372..48d7083cb 100644 --- a/2017/CVE-2017-1001000.md +++ b/2017/CVE-2017-1001000.md @@ -15,6 +15,7 @@ The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-pos #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/FishyStix12/BH.py-CharCyCon2024 +- https://github.com/FishyStix12/WHPython_v1.02 - https://github.com/Vayel/docker-wordpress-content-injection - https://github.com/YemiBeshe/Codepath-WP1 - https://github.com/hom3r/wordpress-4.7 diff --git a/2017/CVE-2017-10271.md b/2017/CVE-2017-10271.md index a3ea7a4bb..3c92b0c5a 100644 --- a/2017/CVE-2017-10271.md +++ b/2017/CVE-2017-10271.md @@ -73,6 +73,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/KimJun1010/WeblogicTool - https://github.com/Luffin/CVE-2017-10271 +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/MacAsure/WL_Scan_GO - https://github.com/Mehedi-Babu/honeypots_cyber - https://github.com/Mehedi-Babu/pentest_tools_repo @@ -98,6 +99,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/SuperHacker-liuan/cve-2017-10271-poc - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Waseem27-art/ART-TOOLKIT - https://github.com/Weik1/Artillery - https://github.com/WingsSec/Meppo @@ -189,6 +191,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/nitishbadole/Pentest_Tools - https://github.com/oneplus-x/Sn1per - https://github.com/oneplus-x/jok3r +- https://github.com/onewinner/VulToolsKit - https://github.com/openx-org/BLEN - https://github.com/papa-anniekey/CustomSignatures - https://github.com/paralax/awesome-honeypots @@ -209,6 +212,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/r4b3rt/CVE-2017-10271 - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/rambleZzz/weblogic_CVE_2017_10271 - https://github.com/ranjan-prp/PayloadsAllTheThings - https://github.com/ravijainpro/payloads_xss diff --git a/2017/CVE-2017-11176.md b/2017/CVE-2017-11176.md index 5f494ed15..e5557b819 100644 --- a/2017/CVE-2017-11176.md +++ b/2017/CVE-2017-11176.md @@ -27,6 +27,7 @@ The mq_notify function in the Linux kernel through 4.11.9 does not set the sock - https://github.com/Lexterl33t/Exploit-Kernel - https://github.com/Norido/kernel - https://github.com/Sama-Ayman-Mokhtar/CVE-2017-11176 +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/ahpaleus/ahp_cheatsheet - https://github.com/anoaghost/Localroot_Compile - https://github.com/bsauce/kernel-exploit-factory diff --git a/2017/CVE-2017-11882.md b/2017/CVE-2017-11882.md index f8323e0b3..9cdd76e1b 100644 --- a/2017/CVE-2017-11882.md +++ b/2017/CVE-2017-11882.md @@ -87,6 +87,7 @@ Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Micr - https://github.com/Ridter/RTF_11882_0802 - https://github.com/Rory33160/Phishing-Prevention - https://github.com/RxXwx3x/Redteam +- https://github.com/S3N4T0R-0X0/Ember-Bear-APT - https://github.com/Saidul-M-Khan/Red-Teaming-Toolkit - https://github.com/SewellDinG/Search - https://github.com/SexyBeast233/SecBooks @@ -96,6 +97,7 @@ Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Micr - https://github.com/StrangerealIntel/DeltaFlare - https://github.com/Sunqiz/CVE-2017-11882-reproduction - https://github.com/Th3k33n/RedTeam +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Ygodsec/- - https://github.com/ZTK-009/RedTeamer - https://github.com/ZtczGrowtopia/2500-OPEN-SOURCE-RAT @@ -182,6 +184,7 @@ Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Micr - https://github.com/rxwx/CVE-2018-0802 - https://github.com/scriptsboy/Red-Teaming-Toolkit - https://github.com/shr3ddersec/Shr3dKit +- https://github.com/sifatnotes/cobalt_strike_tutorials - https://github.com/slimdaddy/RedTeam - https://github.com/starnightcyber/CVE-2017-11882 - https://github.com/sumas/APT_CyberCriminal_Campagin_Collections @@ -194,6 +197,7 @@ Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Micr - https://github.com/triw0lf/Security-Matters-22 - https://github.com/twensoo/PersistentThreat - https://github.com/tzwlhack/CVE-2017-11882 +- https://github.com/u53r55/Security-Tools-List - https://github.com/unamer/CVE-2017-11882 - https://github.com/unusualwork/red-team-tools - https://github.com/wateroot/poc-exp diff --git a/2017/CVE-2017-12149.md b/2017/CVE-2017-12149.md index b07e2645f..ce41b0753 100644 --- a/2017/CVE-2017-12149.md +++ b/2017/CVE-2017-12149.md @@ -56,6 +56,7 @@ In Jboss Application Server as shipped with Red Hat Enterprise Application Platf - https://github.com/TSY244/scan_node - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/VVeakee/CVE-2017-12149 - https://github.com/Weik1/Artillery @@ -101,6 +102,7 @@ In Jboss Application Server as shipped with Red Hat Enterprise Application Platf - https://github.com/merlinepedra25/JavaDeserH2HC - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/nihaohello/N-MiddlewareScan +- https://github.com/onewinner/VulToolsKit - https://github.com/ozkanbilge/Java-Reverse-Shell - https://github.com/password520/Penetration_PoC - https://github.com/password520/RedTeamer diff --git a/2017/CVE-2017-12615.md b/2017/CVE-2017-12615.md index d56913481..928d22bfc 100644 --- a/2017/CVE-2017-12615.md +++ b/2017/CVE-2017-12615.md @@ -84,6 +84,7 @@ When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e. - https://github.com/mefulton/cve-2017-12615 - https://github.com/nixawk/labs - https://github.com/oneplus-x/MS17-010 +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/Penetration_PoC - https://github.com/password520/RedTeamer - https://github.com/qazbnm456/awesome-cve-poc diff --git a/2017/CVE-2017-12617.md b/2017/CVE-2017-12617.md index 79981f4cb..b605e64c9 100644 --- a/2017/CVE-2017-12617.md +++ b/2017/CVE-2017-12617.md @@ -42,6 +42,7 @@ When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC - https://github.com/Kaizhe/attacker - https://github.com/Lodoelama/Offensive-Security-CTF-Project - https://github.com/LongWayHomie/CVE-2017-12617 +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Muhammd/Awesome-Payloads - https://github.com/Nieuport/PayloadsAllTheThings - https://github.com/Ostorlab/KEV diff --git a/2017/CVE-2017-12637.md b/2017/CVE-2017-12637.md index e494b9617..25f907829 100644 --- a/2017/CVE-2017-12637.md +++ b/2017/CVE-2017-12637.md @@ -17,6 +17,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/merlinepedra/nuclei-templates - https://github.com/merlinepedra25/nuclei-templates - https://github.com/sobinge/nuclei-templates diff --git a/2017/CVE-2017-12794.md b/2017/CVE-2017-12794.md index 3701dc1ea..28714e3a7 100644 --- a/2017/CVE-2017-12794.md +++ b/2017/CVE-2017-12794.md @@ -21,6 +21,7 @@ No PoCs from references. - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce - https://github.com/bakery312/Vulhub-Reproduce +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hktalent/bug-bounty - https://github.com/hxysaury/saury-vulnhub - https://github.com/kenuosec/youzai diff --git a/2017/CVE-2017-12972.md b/2017/CVE-2017-12972.md new file mode 100644 index 000000000..23f1dac08 --- /dev/null +++ b/2017/CVE-2017-12972.md @@ -0,0 +1,19 @@ +### [CVE-2017-12972](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12972) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC. + +### POC + +#### Reference +- https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c +- https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc +- https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-12973.md b/2017/CVE-2017-12973.md new file mode 100644 index 000000000..54de5b2cb --- /dev/null +++ b/2017/CVE-2017-12973.md @@ -0,0 +1,19 @@ +### [CVE-2017-12973](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12973) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack. + +### POC + +#### Reference +- https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912 +- https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac +- https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-12974.md b/2017/CVE-2017-12974.md new file mode 100644 index 000000000..db668a642 --- /dev/null +++ b/2017/CVE-2017-12974.md @@ -0,0 +1,19 @@ +### [CVE-2017-12974](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12974) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation. + +### POC + +#### Reference +- https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f +- https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve +- https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-13698.md b/2017/CVE-2017-13698.md new file mode 100644 index 000000000..1a1dc5d60 --- /dev/null +++ b/2017/CVE-2017-13698.md @@ -0,0 +1,17 @@ +### [CVE-2017-13698](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13698) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. An attacker could extract public and private keys from the firmware image available on the MOXA website and could use them against a production switch that has the default keys embedded. + +### POC + +#### Reference +- https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-13699.md b/2017/CVE-2017-13699.md new file mode 100644 index 000000000..c77b9520c --- /dev/null +++ b/2017/CVE-2017-13699.md @@ -0,0 +1,17 @@ +### [CVE-2017-13699](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13699) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The password encryption method can be retrieved from the firmware. This encryption method is based on a chall value that is sent in cleartext as a POST parameter. An attacker could reverse the password encryption algorithm to retrieve it. + +### POC + +#### Reference +- https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-13700.md b/2017/CVE-2017-13700.md new file mode 100644 index 000000000..0a33a272f --- /dev/null +++ b/2017/CVE-2017-13700.md @@ -0,0 +1,17 @@ +### [CVE-2017-13700](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13700) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface. + +### POC + +#### Reference +- https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-13701.md b/2017/CVE-2017-13701.md new file mode 100644 index 000000000..08bfcd661 --- /dev/null +++ b/2017/CVE-2017-13701.md @@ -0,0 +1,17 @@ +### [CVE-2017-13701](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13701) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. The backup file contains sensitive information in a insecure way. There is no salt for password hashing. Indeed passwords are stored without being ciphered with a timestamped ciphering method. + +### POC + +#### Reference +- https://www.sentryo.net/wp-content/uploads/2017/11/Switch-Moxa-Analysis.pdf + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-13702.md b/2017/CVE-2017-13702.md new file mode 100644 index 000000000..01810df97 --- /dev/null +++ b/2017/CVE-2017-13702.md @@ -0,0 +1,17 @@ +### [CVE-2017-13702](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13702) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. Cookies can be stolen, manipulated, and reused. + +### POC + +#### Reference +- https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-13703.md b/2017/CVE-2017-13703.md new file mode 100644 index 000000000..85181dc93 --- /dev/null +++ b/2017/CVE-2017-13703.md @@ -0,0 +1,17 @@ +### [CVE-2017-13703](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13703) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A denial of service may occur. + +### POC + +#### Reference +- https://www.sentryo.net/fr/sentryo-analyse-switch-industriel/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2017/CVE-2017-15906.md b/2017/CVE-2017-15906.md index 4cc4196cf..d1755f9b7 100644 --- a/2017/CVE-2017-15906.md +++ b/2017/CVE-2017-15906.md @@ -14,6 +14,7 @@ The process_open function in sftp-server.c in OpenSSH before 7.6 does not proper #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/FishyStix12/WHPython_v1.02 - https://github.com/Milkad0/DC-4_VulnHub - https://github.com/ProTechEx/asn - https://github.com/bioly230/THM_Skynet diff --git a/2017/CVE-2017-16939.md b/2017/CVE-2017-16939.md index af6d0e468..a10dcfcde 100644 --- a/2017/CVE-2017-16939.md +++ b/2017/CVE-2017-16939.md @@ -24,6 +24,7 @@ No PoCs from references. - https://github.com/SecWiki/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/distance-vector/linux-kernel-exploits diff --git a/2017/CVE-2017-16995.md b/2017/CVE-2017-16995.md index b12479252..ac77bcd54 100644 --- a/2017/CVE-2017-16995.md +++ b/2017/CVE-2017-16995.md @@ -36,6 +36,7 @@ The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4 - https://github.com/Lumindu/CVE-2017-16995-Linux-Kernel---BPF-Sign-Extension-Local-Privilege-Escalation- - https://github.com/Metarget/metarget - https://github.com/Micr067/linux-kernel-exploits +- https://github.com/Mr-Tree-S/POC_EXP - https://github.com/PhoenixCreation/resources - https://github.com/QChiLan/linux-exp - https://github.com/R0B1NL1N/Linux-Kernal-Exploits-m- @@ -55,6 +56,7 @@ The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4 - https://github.com/ZTK-009/RedTeamer - https://github.com/ZTK-009/linux-kernel-exploits - https://github.com/ZhiQiAnSecFork/cve-2017-16995 +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/anldori/CVE-2017-16995 diff --git a/2017/CVE-2017-18640.md b/2017/CVE-2017-18640.md index b219e30b5..cba685414 100644 --- a/2017/CVE-2017-18640.md +++ b/2017/CVE-2017-18640.md @@ -10,6 +10,8 @@ The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load ### POC #### Reference +- https://bitbucket.org/snakeyaml/snakeyaml/issues/377 +- https://bitbucket.org/snakeyaml/snakeyaml/wiki/Changes - https://www.oracle.com/security-alerts/cpuApr2021.html #### Github diff --git a/2017/CVE-2017-20066.md b/2017/CVE-2017-20066.md index 793f4b60a..a75938fbe 100644 --- a/2017/CVE-2017-20066.md +++ b/2017/CVE-2017-20066.md @@ -11,6 +11,7 @@ A vulnerability has been found in Adminer Login 1.4.4 and classified as problema #### Reference - https://sumofpwn.nl/advisory/2016/wordpress_adminer_plugin_allows_public__local__database_login.html +- https://vuldb.com/?id.97384 #### Github No PoCs found on GitHub currently. diff --git a/2017/CVE-2017-20073.md b/2017/CVE-2017-20073.md index 69cc097aa..66906456a 100644 --- a/2017/CVE-2017-20073.md +++ b/2017/CVE-2017-20073.md @@ -10,6 +10,7 @@ A vulnerability has been found in Hindu Matrimonial Script and classified as cri ### POC #### Reference +- https://vuldb.com/?id.95413 - https://www.exploit-db.com/exploits/41044/ #### Github diff --git a/2017/CVE-2017-20117.md b/2017/CVE-2017-20117.md index 3e70f11a8..7ffde745b 100644 --- a/2017/CVE-2017-20117.md +++ b/2017/CVE-2017-20117.md @@ -10,6 +10,7 @@ A vulnerability was found in TrueConf Server 4.3.7. It has been declared as prob ### POC #### Reference +- https://vuldb.com/?id.96631 - https://www.exploit-db.com/exploits/41184/ #### Github diff --git a/2017/CVE-2017-3248.md b/2017/CVE-2017-3248.md index 84d4e8eff..24dbf5283 100644 --- a/2017/CVE-2017-3248.md +++ b/2017/CVE-2017-3248.md @@ -63,12 +63,14 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/nihaohello/N-MiddlewareScan - https://github.com/oneplus-x/jok3r +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/RedTeamer - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/qi4L/WeblogicScan.go - https://github.com/quentinhardy/scriptsAndExploits - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/rockmelodies/rocComExpRce - https://github.com/rudinyu/KB - https://github.com/safe6Sec/WeblogicVuln diff --git a/2017/CVE-2017-3506.md b/2017/CVE-2017-3506.md index 2e814226a..f2d1aa566 100644 --- a/2017/CVE-2017-3506.md +++ b/2017/CVE-2017-3506.md @@ -84,6 +84,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/qi4L/WeblogicScan.go - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/safe6Sec/WeblogicVuln - https://github.com/safe6Sec/wlsEnv - https://github.com/sahabrifki/erpscan diff --git a/2017/CVE-2017-5123.md b/2017/CVE-2017-5123.md index 73418bdb8..4f01afaa5 100644 --- a/2017/CVE-2017-5123.md +++ b/2017/CVE-2017-5123.md @@ -37,6 +37,7 @@ Insufficient data validation in waitid allowed an user to escape sandboxes on Li - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/WinMin/awesome-vm-exploit - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground - https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground - https://github.com/albinjoshy03/linux-kernel-exploits diff --git a/2017/CVE-2017-5638.md b/2017/CVE-2017-5638.md index 1d94aab6f..0b46b8d98 100644 --- a/2017/CVE-2017-5638.md +++ b/2017/CVE-2017-5638.md @@ -74,6 +74,7 @@ The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x be - https://github.com/Kaizhe/attacker - https://github.com/KarzsGHR/S2-046_S2-045_POC - https://github.com/Lawrence-Dean/awesome-stars +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Masahiro-Yamada/OgnlContentTypeRejectorValve - https://github.com/MelanyRoob/Goby - https://github.com/Meowmycks/OSCPprep-BlueSky @@ -104,6 +105,7 @@ The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x be - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce - https://github.com/UNC1739/awesome-vulnerability-research +- https://github.com/Well-Neri/Simulado-L-gica-de-programa-o - https://github.com/XPR1M3/Payloads_All_The_Things - https://github.com/Xhendos/CVE-2017-5638 - https://github.com/Z0fhack/Goby_POC diff --git a/2017/CVE-2017-5992.md b/2017/CVE-2017-5992.md index 0ec85d6aa..a01681410 100644 --- a/2017/CVE-2017-5992.md +++ b/2017/CVE-2017-5992.md @@ -10,6 +10,7 @@ Openpyxl 2.4.1 resolves external entities by default, which allows remote attack ### POC #### Reference +- https://bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854442 #### Github diff --git a/2017/CVE-2017-6074.md b/2017/CVE-2017-6074.md index ab4f43078..c04b036bf 100644 --- a/2017/CVE-2017-6074.md +++ b/2017/CVE-2017-6074.md @@ -44,6 +44,7 @@ The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel thro - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/WhaleShark-Team/murasame - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/alsmadi/Parse_CVE_Details diff --git a/2017/CVE-2017-7264.md b/2017/CVE-2017-7264.md index 9ec89381c..827a4c24b 100644 --- a/2017/CVE-2017-7264.md +++ b/2017/CVE-2017-7264.md @@ -5,7 +5,7 @@ ### Description -Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document. +Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document. ### POC diff --git a/2017/CVE-2017-7308.md b/2017/CVE-2017-7308.md index c6de4c247..71b8fb01a 100644 --- a/2017/CVE-2017-7308.md +++ b/2017/CVE-2017-7308.md @@ -38,6 +38,7 @@ The packet_set_ring function in net/packet/af_packet.c in the Linux kernel throu - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Technoashofficial/kernel-exploitation-linux - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/amrelsadane123/Ecploit-kernel-4.10-linux-local diff --git a/2017/CVE-2017-7391.md b/2017/CVE-2017-7391.md index fa186b8f0..302137ef3 100644 --- a/2017/CVE-2017-7391.md +++ b/2017/CVE-2017-7391.md @@ -16,6 +16,7 @@ A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/merlinepedra/nuclei-templates - https://github.com/merlinepedra25/nuclei-templates - https://github.com/sobinge/nuclei-templates diff --git a/2017/CVE-2017-7494.md b/2017/CVE-2017-7494.md index a8b77aaab..bd6041e43 100644 --- a/2017/CVE-2017-7494.md +++ b/2017/CVE-2017-7494.md @@ -106,6 +106,7 @@ Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to r - https://github.com/YellowVeN0m/Pentesters-toolbox - https://github.com/ZTK-009/linux-kernel-exploits - https://github.com/Zer0d0y/Samba-CVE-2017-7494 +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/abhinavkakku/Ethical-Hacking-Tutorials - https://github.com/acidonper/openshift4-advanced-cluster-security - https://github.com/adjaliya/-CVE-2017-7494-Samba-Exploit-POC @@ -127,6 +128,7 @@ Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to r - https://github.com/brianwrf/SambaHunter - https://github.com/brimstone/damnvulnerable-sambacry - https://github.com/caique-garbim/CVE-2017-7494_SambaCry +- https://github.com/casohub/multinmap - https://github.com/chzerv/ansible-role-samba - https://github.com/clout86/Navi - https://github.com/clout86/the-read-team diff --git a/2017/CVE-2017-7504.md b/2017/CVE-2017-7504.md index 743e31894..5937334b2 100644 --- a/2017/CVE-2017-7504.md +++ b/2017/CVE-2017-7504.md @@ -58,6 +58,7 @@ No PoCs from references. - https://github.com/merlinepedra/JavaDeserH2HC - https://github.com/merlinepedra25/JavaDeserH2HC - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet +- https://github.com/onewinner/VulToolsKit - https://github.com/ozkanbilge/Java-Reverse-Shell - https://github.com/password520/RedTeamer - https://github.com/pen4uin/awesome-vulnerability-research diff --git a/2017/CVE-2017-8464.md b/2017/CVE-2017-8464.md index 175d2a7d6..dc8367b8d 100644 --- a/2017/CVE-2017-8464.md +++ b/2017/CVE-2017-8464.md @@ -50,6 +50,7 @@ Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Wi - https://github.com/SomUrim/windows-kernel-exploits-clone - https://github.com/TieuLong21Prosper/Detect-CVE-2017-8464 - https://github.com/TrG-1999/DetectPacket-CVE-2017-8464 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/X-Vector/usbhijacking - https://github.com/Ygodsec/- - https://github.com/ZTK-009/windows-kernel-exploits diff --git a/2017/CVE-2017-8570.md b/2017/CVE-2017-8570.md index 27784943f..87e0694d5 100644 --- a/2017/CVE-2017-8570.md +++ b/2017/CVE-2017-8570.md @@ -106,6 +106,7 @@ Microsoft Office allows a remote code execution vulnerability due to the way tha - https://github.com/tezukanice/Office8570 - https://github.com/thezimtex/red-team - https://github.com/twensoo/PersistentThreat +- https://github.com/u53r55/Security-Tools-List - https://github.com/unusualwork/red-team-tools - https://github.com/weeka10/-hktalent-TOP - https://github.com/winterwolf32/Red-teaming diff --git a/2017/CVE-2017-8625.md b/2017/CVE-2017-8625.md index 9f5da92ae..23e3f4869 100644 --- a/2017/CVE-2017-8625.md +++ b/2017/CVE-2017-8625.md @@ -73,6 +73,7 @@ Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 - https://github.com/lnick2023/nicenice - https://github.com/maurotedesco/RedTeam - https://github.com/mishmashclone/yeyintminthuhtut-Awesome-Red-Teaming +- https://github.com/mrhunter7/Awesome-Red-Teaming - https://github.com/mynameiskaleb/Coder-Everyday-Resource-Pack- - https://github.com/neonoatmeal/Coder-Everyday-Resource-Pack- - https://github.com/nitishbadole/PENTESTING-BIBLE diff --git a/2017/CVE-2017-8759.md b/2017/CVE-2017-8759.md index e967e2679..f8a768826 100644 --- a/2017/CVE-2017-8759.md +++ b/2017/CVE-2017-8759.md @@ -116,6 +116,7 @@ Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow - https://github.com/scriptsboy/Red-Teaming-Toolkit - https://github.com/securi3ytalent/Red-Teaming-documentation - https://github.com/shr3ddersec/Shr3dKit +- https://github.com/sifatnotes/cobalt_strike_tutorials - https://github.com/slimdaddy/RedTeam - https://github.com/smashinu/CVE-2017-8759Expoit - https://github.com/sumas/APT_CyberCriminal_Campagin_Collections @@ -124,6 +125,7 @@ Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow - https://github.com/t31m0/Red-Teaming-Toolkit - https://github.com/thezimtex/red-team - https://github.com/twensoo/PersistentThreat +- https://github.com/u53r55/Security-Tools-List - https://github.com/unusualwork/red-team-tools - https://github.com/varunsaru/SNP - https://github.com/vysecurity/CVE-2017-8759 diff --git a/2017/CVE-2017-8890.md b/2017/CVE-2017-8890.md index d1d5a3059..f1bf509d6 100644 --- a/2017/CVE-2017-8890.md +++ b/2017/CVE-2017-8890.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/Al1ex/LinuxEelvation - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/beraphin/CVE-2017-8890 - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning diff --git a/2017/CVE-2017-9791.md b/2017/CVE-2017-9791.md index 44ab2465f..914a3ca6e 100644 --- a/2017/CVE-2017-9791.md +++ b/2017/CVE-2017-9791.md @@ -15,6 +15,7 @@ The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code exe #### Github - https://github.com/0day666/Vulnerability-verification +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/pocsuite3 - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon diff --git a/2017/CVE-2017-9805.md b/2017/CVE-2017-9805.md index c5e8026c5..5d34e779e 100644 --- a/2017/CVE-2017-9805.md +++ b/2017/CVE-2017-9805.md @@ -50,6 +50,7 @@ The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x bef - https://github.com/Jean-Francois-C/Windows-Penetration-Testing - https://github.com/LearnGolang/LearnGolang - https://github.com/Lone-Ranger/apache-struts-pwn_CVE-2017-9805 +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Muhammd/Awesome-Payloads - https://github.com/Nieuport/PayloadsAllTheThings - https://github.com/NikolaKostadinov01/Cyber-Security-Base-project-two diff --git a/2018/CVE-2018-0127.md b/2018/CVE-2018-0127.md index 8eb2ea854..2f8d9a4bc 100644 --- a/2018/CVE-2018-0127.md +++ b/2018/CVE-2018-0127.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2018/CVE-2018-0296.md b/2018/CVE-2018-0296.md index bc0d81850..ac98d5029 100644 --- a/2018/CVE-2018-0296.md +++ b/2018/CVE-2018-0296.md @@ -38,6 +38,7 @@ A vulnerability in the web interface of the Cisco Adaptive Security Appliance (A - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/dk47os3r/hongduiziliao +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hasee2018/Safety-net-information - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP diff --git a/2018/CVE-2018-1000001.md b/2018/CVE-2018-1000001.md index 88f1b81ac..0c17cd575 100644 --- a/2018/CVE-2018-1000001.md +++ b/2018/CVE-2018-1000001.md @@ -31,6 +31,7 @@ In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpat - https://github.com/SecWiki/linux-kernel-exploits - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/ZTK-009/linux-kernel-exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/anoaghost/Localroot_Compile diff --git a/2018/CVE-2018-1000036.md b/2018/CVE-2018-1000036.md index 4cf611a41..3473b009d 100644 --- a/2018/CVE-2018-1000036.md +++ b/2018/CVE-2018-1000036.md @@ -5,7 +5,7 @@ ### Description -In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. +In Artifex MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF parser allow an attacker to cause a denial of service (memory leak) via a crafted file. ### POC diff --git a/2018/CVE-2018-1000037.md b/2018/CVE-2018-1000037.md index 8b5087602..46b4faba1 100644 --- a/2018/CVE-2018-1000037.md +++ b/2018/CVE-2018-1000037.md @@ -5,7 +5,7 @@ ### Description -In MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. +In Artifex MuPDF 1.12.0 and earlier, multiple reachable assertions in the PDF parser allow an attacker to cause a denial of service (assert crash) via a crafted file. ### POC diff --git a/2018/CVE-2018-1000038.md b/2018/CVE-2018-1000038.md index 374e60485..4c037c65d 100644 --- a/2018/CVE-2018-1000038.md +++ b/2018/CVE-2018-1000038.md @@ -5,7 +5,7 @@ ### Description -In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. +In Artifex MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file. ### POC diff --git a/2018/CVE-2018-1000039.md b/2018/CVE-2018-1000039.md index 172d87ce3..a5a90d3c6 100644 --- a/2018/CVE-2018-1000039.md +++ b/2018/CVE-2018-1000039.md @@ -5,7 +5,7 @@ ### Description -In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. +In Artifex MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file. ### POC diff --git a/2018/CVE-2018-1000040.md b/2018/CVE-2018-1000040.md index def001141..80cf61c1b 100644 --- a/2018/CVE-2018-1000040.md +++ b/2018/CVE-2018-1000040.md @@ -5,7 +5,7 @@ ### Description -In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file. +In Artifex MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file. ### POC diff --git a/2018/CVE-2018-1000600.md b/2018/CVE-2018-1000600.md index 2397be4a9..a5e1c3e97 100644 --- a/2018/CVE-2018-1000600.md +++ b/2018/CVE-2018-1000600.md @@ -16,5 +16,6 @@ No PoCs from references. - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/TheBeastofwar/JenkinsExploit-GUI - https://github.com/assetnote/blind-ssrf-chains +- https://github.com/onewinner/VulToolsKit - https://github.com/zan8in/afrog diff --git a/2018/CVE-2018-1000861.md b/2018/CVE-2018-1000861.md index 8711efe38..8e983ed79 100644 --- a/2018/CVE-2018-1000861.md +++ b/2018/CVE-2018-1000861.md @@ -30,6 +30,7 @@ A code execution vulnerability exists in the Stapler web framework used by Jenki - https://github.com/EchoGin404/gongkaishouji - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/FishyStix12/BH.py-CharCyCon2024 +- https://github.com/FishyStix12/WHPython_v1.02 - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/MelanyRoob/Goby - https://github.com/Miraitowa70/POC-Notes @@ -67,6 +68,7 @@ A code execution vulnerability exists in the Stapler web framework used by Jenki - https://github.com/koutto/jok3r-pocs - https://github.com/langu-xyz/JavaVulnMap - https://github.com/lions2012/Penetration_Testing_POC +- https://github.com/onewinner/VulToolsKit - https://github.com/orangetw/awesome-jenkins-rce-2019 - https://github.com/password520/Penetration_PoC - https://github.com/reph0r/poc-exp diff --git a/2018/CVE-2018-10933.md b/2018/CVE-2018-10933.md index e79317144..8791af832 100644 --- a/2018/CVE-2018-10933.md +++ b/2018/CVE-2018-10933.md @@ -56,6 +56,7 @@ A vulnerability was found in libssh's server-side state machine before versions - https://github.com/Threekiii/Awesome-Exploit - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Virgula0/POC-CVE-2018-10933 - https://github.com/VladimirFogel/PRO4 - https://github.com/a-n-n-a-c-g/advanced-pentesting diff --git a/2018/CVE-2018-11776.md b/2018/CVE-2018-11776.md index 2ce0873f0..531ece2e8 100644 --- a/2018/CVE-2018-11776.md +++ b/2018/CVE-2018-11776.md @@ -60,6 +60,7 @@ Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remo - https://github.com/Ivan1ee/struts2-057-exp - https://github.com/JERRY123S/all-poc - https://github.com/LightC0der/Apache-Struts-0Day-Exploit +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Muhammd/Awesome-Payloads - https://github.com/Nieuport/PayloadsAllTheThings - https://github.com/Ondrik8/RED-Team @@ -122,6 +123,7 @@ Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remo - https://github.com/ice0bear14h/struts2scan - https://github.com/iflody/codeql-workshop - https://github.com/iqrok/myhktools +- https://github.com/jamoski3112/strut - https://github.com/jas502n/St2-057 - https://github.com/jbmihoub/all-poc - https://github.com/jiguangsdf/CVE-2018-11776 diff --git a/2018/CVE-2018-1207.md b/2018/CVE-2018-1207.md index 1efa82674..78ffe4e8c 100644 --- a/2018/CVE-2018-1207.md +++ b/2018/CVE-2018-1207.md @@ -17,6 +17,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/chnzzh/iDRAC-CVE-lib +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/huimzjty/vulwiki - https://github.com/l4rz/reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling - https://github.com/lnick2023/nicenice diff --git a/2018/CVE-2018-12634.md b/2018/CVE-2018-12634.md index 4695dbc60..eec3e8d2b 100644 --- a/2018/CVE-2018-12634.md +++ b/2018/CVE-2018-12634.md @@ -14,6 +14,7 @@ CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive informat - https://www.exploit-db.com/exploits/45384/ #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2018/CVE-2018-1273.md b/2018/CVE-2018-1273.md index ab5300097..8f5cfbaf1 100644 --- a/2018/CVE-2018-1273.md +++ b/2018/CVE-2018-1273.md @@ -65,6 +65,7 @@ Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older - https://github.com/merlinepedra25/nuclei-templates - https://github.com/nBp1Ng/FrameworkAndComponentVulnerabilities - https://github.com/nBp1Ng/SpringFramework-Vul +- https://github.com/onewinner/VulToolsKit - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/ronoski/j2ee-rscan - https://github.com/seal-community/patches diff --git a/2018/CVE-2018-13390.md b/2018/CVE-2018-13390.md new file mode 100644 index 000000000..268a4f1fb --- /dev/null +++ b/2018/CVE-2018-13390.md @@ -0,0 +1,17 @@ +### [CVE-2018-13390](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13390) +![](https://img.shields.io/static/v1?label=Product&message=cloudtoken&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%200.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Restriction%20of%20Communication%20Channel%20to%20Intended%20Endpoints&color=brighgreen) + +### Description + +Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles. + +### POC + +#### Reference +- https://bitbucket.org/atlassian/cloudtoken/wiki/CVE-2018-13390%20-%20Exposed%20credentials%20in%20daemon%20mode%20on%20Linux + +#### Github +No PoCs found on GitHub currently. + diff --git a/2018/CVE-2018-14013.md b/2018/CVE-2018-14013.md index 093fecb09..638c6b864 100644 --- a/2018/CVE-2018-14013.md +++ b/2018/CVE-2018-14013.md @@ -15,5 +15,6 @@ Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJ - http://www.openwall.com/lists/oss-security/2019/01/30/1 #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2018/CVE-2018-15126.md b/2018/CVE-2018-15126.md index dd47b0e60..5a1664de5 100644 --- a/2018/CVE-2018-15126.md +++ b/2018/CVE-2018-15126.md @@ -11,6 +11,7 @@ LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use- #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-027-libvnc-heap-use-after-free/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-15127.md b/2018/CVE-2018-15127.md index 3dcc0426b..f2f8b8658 100644 --- a/2018/CVE-2018-15127.md +++ b/2018/CVE-2018-15127.md @@ -11,6 +11,7 @@ LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out- #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-028-libvnc-heap-out-of-bound-write/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-15473.md b/2018/CVE-2018-15473.md index f40a78fae..eb4be0495 100644 --- a/2018/CVE-2018-15473.md +++ b/2018/CVE-2018-15473.md @@ -74,6 +74,7 @@ OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not dela - https://github.com/angry-bender/SUOPE - https://github.com/ba56789/WebMap - https://github.com/bakery312/Vulhub-Reproduce +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/bioly230/THM_Skynet - https://github.com/coollce/CVE-2018-15473_burte - https://github.com/cved-sources/cve-2018-15473 diff --git a/2018/CVE-2018-15685.md b/2018/CVE-2018-15685.md index 36592d5cd..69c20eb48 100644 --- a/2018/CVE-2018-15685.md +++ b/2018/CVE-2018-15685.md @@ -17,6 +17,7 @@ GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios inv - https://github.com/SexyBeast233/SecBooks - https://github.com/cranelab/webapp-tech - https://github.com/doyensec/awesome-electronjs-hacking +- https://github.com/jamoski3112/Electron_RCE - https://github.com/lnick2023/nicenice - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/rahulr311295/Electron_RCE diff --git a/2018/CVE-2018-15892.md b/2018/CVE-2018-15892.md new file mode 100644 index 000000000..9e8cd52b4 --- /dev/null +++ b/2018/CVE-2018-15892.md @@ -0,0 +1,17 @@ +### [CVE-2018-15892](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15892) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page. + +### POC + +#### Reference +- https://wiki.freepbx.org/display/FOP/2018-09-11+DISA+SQL+Injection + +#### Github +No PoCs found on GitHub currently. + diff --git a/2018/CVE-2018-15982.md b/2018/CVE-2018-15982.md index 9fd51f11d..9d9f097a2 100644 --- a/2018/CVE-2018-15982.md +++ b/2018/CVE-2018-15982.md @@ -50,6 +50,7 @@ Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/qiantu88/2018-cve - https://github.com/scanfsec/CVE-2018-15982 +- https://github.com/sifatnotes/cobalt_strike_tutorials - https://github.com/tdcoming/Vulnerability-engine - https://github.com/touchmycrazyredhat/myhktools - https://github.com/trhacknon/myhktools diff --git a/2018/CVE-2018-17066.md b/2018/CVE-2018-17066.md index 1b27f59c8..254290353 100644 --- a/2018/CVE-2018-17066.md +++ b/2018/CVE-2018-17066.md @@ -13,5 +13,6 @@ An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request p - https://github.com/PAGalaxyLab/VulInfo/tree/master/D-Link/DIR-816/cmd_injection_0 #### Github +- https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/PAGalaxyLab/VulInfo diff --git a/2018/CVE-2018-17182.md b/2018/CVE-2018-17182.md index f52c97794..b6cb3861a 100644 --- a/2018/CVE-2018-17182.md +++ b/2018/CVE-2018-17182.md @@ -30,6 +30,7 @@ An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_a - https://github.com/IdanBanani/Linux-Kernel-VR-Exploitation - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits - https://github.com/Ondrik8/RED-Team +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/dk47os3r/hongduiziliao - https://github.com/fei9747/LinuxEelvation - https://github.com/hasee2018/Safety-net-information diff --git a/2018/CVE-2018-17199.md b/2018/CVE-2018-17199.md index 7f109249f..8a023f8af 100644 --- a/2018/CVE-2018-17199.md +++ b/2018/CVE-2018-17199.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/FishyStix12/WHPython_v1.02 - https://github.com/PawanKumarPandit/Shodan-nrich - https://github.com/RoseSecurity-Research/Red-Teaming-TTPs - https://github.com/RoseSecurity/Red-Teaming-TTPs diff --git a/2018/CVE-2018-17463.md b/2018/CVE-2018-17463.md index cf316a509..c90d64033 100644 --- a/2018/CVE-2018-17463.md +++ b/2018/CVE-2018-17463.md @@ -23,6 +23,7 @@ Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 al - https://github.com/jhalon/CVE-2018-17463 - https://github.com/kdmarti2/CVE-2018-17463 - https://github.com/rycbar77/V8Exploits +- https://github.com/rycbar77/rycbar77 - https://github.com/tunz/js-vuln-db - https://github.com/w0lfzhang/browser_pwn_learning diff --git a/2018/CVE-2018-18506.md b/2018/CVE-2018-18506.md index b7ff2d055..158cd89c5 100644 --- a/2018/CVE-2018-18506.md +++ b/2018/CVE-2018-18506.md @@ -10,6 +10,7 @@ When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Config ### POC #### Reference +- https://access.redhat.com/errata/RHSA-2019:0622 - https://usn.ubuntu.com/3874-1/ #### Github diff --git a/2018/CVE-2018-18955.md b/2018/CVE-2018-18955.md index 0df86ca3b..6ae5735a8 100644 --- a/2018/CVE-2018-18955.md +++ b/2018/CVE-2018-18955.md @@ -25,6 +25,7 @@ In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/u - https://github.com/QChiLan/linux-exp - https://github.com/SecWiki/linux-kernel-exploits - https://github.com/ShehanSanjula/Linux-Kernel-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/albinjoshy03/linux-kernel-exploits - https://github.com/alian87/linux-kernel-exploits - https://github.com/anoaghost/Localroot_Compile diff --git a/2018/CVE-2018-1999002.md b/2018/CVE-2018-1999002.md index ea1690bf0..8429d4d46 100644 --- a/2018/CVE-2018-1999002.md +++ b/2018/CVE-2018-1999002.md @@ -32,6 +32,7 @@ A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 - https://github.com/hktalent/TOP - https://github.com/huimzjty/vulwiki - https://github.com/jbmihoub/all-poc +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/RedTeamer - https://github.com/slowmistio/CVE-2019-1003000-and-CVE-2018-1999002-Pre-Auth-RCE-Jenkins - https://github.com/superfish9/pt diff --git a/2018/CVE-2018-20019.md b/2018/CVE-2018-20019.md index c12598973..fdaeaf76c 100644 --- a/2018/CVE-2018-20019.md +++ b/2018/CVE-2018-20019.md @@ -11,6 +11,7 @@ LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-029-libvnc-multiple-heap-out-of-bound-vulnerabilities/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-20020.md b/2018/CVE-2018-20020.md index 75e4504d2..fda273f85 100644 --- a/2018/CVE-2018-20020.md +++ b/2018/CVE-2018-20020.md @@ -11,6 +11,7 @@ LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out- #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-030-libvnc-heap-out-of-bound-write/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-20021.md b/2018/CVE-2018-20021.md index 1e905f591..4bfae4019 100644 --- a/2018/CVE-2018-20021.md +++ b/2018/CVE-2018-20021.md @@ -11,6 +11,7 @@ LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835 #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-20022.md b/2018/CVE-2018-20022.md index 8807b2342..b7d5cb45e 100644 --- a/2018/CVE-2018-20022.md +++ b/2018/CVE-2018-20022.md @@ -11,6 +11,7 @@ LibVNC before 2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 contains multiple weaknes #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-032-libvnc-multiple-memory-leaks/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-20023.md b/2018/CVE-2018-20023.md index 43e0a3d56..5b1b49bce 100644 --- a/2018/CVE-2018-20023.md +++ b/2018/CVE-2018-20023.md @@ -11,6 +11,7 @@ LibVNC before 8b06f835e259652b0ff026898014fc7297ade858 contains CWE-665: Imprope #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-033-libvnc-memory-leak/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-20024.md b/2018/CVE-2018-20024.md index 159295831..d1473e6c1 100644 --- a/2018/CVE-2018-20024.md +++ b/2018/CVE-2018-20024.md @@ -11,6 +11,7 @@ LibVNC before commit 4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7 contains null poin #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-034-libvnc-null-pointer-dereference/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-20250.md b/2018/CVE-2018-20250.md index 1b7b6deef..26fa2f578 100644 --- a/2018/CVE-2018-20250.md +++ b/2018/CVE-2018-20250.md @@ -133,6 +133,7 @@ In WinRAR versions prior to and including 5.61, There is path traversal vulnerab - https://github.com/thezimtex/red-team - https://github.com/twensoo/PersistentThreat - https://github.com/tzwlhack/CVE-2018-20250 +- https://github.com/u53r55/Security-Tools-List - https://github.com/v3nt4n1t0/DetectWinRARaceVulnDomain.ps1 - https://github.com/wateroot/poc-exp - https://github.com/weeka10/-hktalent-TOP diff --git a/2018/CVE-2018-20748.md b/2018/CVE-2018-20748.md index 2cee33d13..1b156b3ba 100644 --- a/2018/CVE-2018-20748.md +++ b/2018/CVE-2018-20748.md @@ -11,6 +11,7 @@ LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities #### Reference - https://github.com/LibVNC/libvncserver/issues/273 +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-20749.md b/2018/CVE-2018-20749.md index 16caa3b32..2ab5f2ab6 100644 --- a/2018/CVE-2018-20749.md +++ b/2018/CVE-2018-20749.md @@ -11,6 +11,7 @@ LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvnc #### Reference - https://github.com/LibVNC/libvncserver/issues/273 +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-20750.md b/2018/CVE-2018-20750.md index b21d1deac..a7c1d7758 100644 --- a/2018/CVE-2018-20750.md +++ b/2018/CVE-2018-20750.md @@ -11,6 +11,7 @@ LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvn #### Reference - https://github.com/LibVNC/libvncserver/issues/273 +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-25031.md b/2018/CVE-2018-25031.md index dd82312fc..6a283a4ef 100644 --- a/2018/CVE-2018-25031.md +++ b/2018/CVE-2018-25031.md @@ -5,7 +5,7 @@ ### Description -Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. +Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others. ### POC diff --git a/2018/CVE-2018-2628.md b/2018/CVE-2018-2628.md index 037284d0f..19922797f 100644 --- a/2018/CVE-2018-2628.md +++ b/2018/CVE-2018-2628.md @@ -102,11 +102,13 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/mmioimm/weblogic_test - https://github.com/nihaohello/N-MiddlewareScan +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/RedTeamer - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/qi4L/WeblogicScan.go - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/reph0r/Poc-Exp-Tools - https://github.com/reph0r/poc-exp - https://github.com/reph0r/poc-exp-tools diff --git a/2018/CVE-2018-2893.md b/2018/CVE-2018-2893.md index 7fd8d3079..453cd6500 100644 --- a/2018/CVE-2018-2893.md +++ b/2018/CVE-2018-2893.md @@ -83,6 +83,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/nihaohello/N-MiddlewareScan - https://github.com/nobiusmallyu/kehai - https://github.com/oneplus-x/jok3r +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/RedTeamer - https://github.com/pyn3rd/CVE-2018-2893 - https://github.com/pyn3rd/CVE-2018-3245 @@ -91,6 +92,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/qianl0ng/CVE-2018-2893 - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/ryanInf/CVE-2018-2893 - https://github.com/safe6Sec/WeblogicVuln - https://github.com/shengqi158/CVE-2018-2628 diff --git a/2018/CVE-2018-2894.md b/2018/CVE-2018-2894.md index 9b3ca31ff..a91cfdb3c 100644 --- a/2018/CVE-2018-2894.md +++ b/2018/CVE-2018-2894.md @@ -45,6 +45,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/JERRY123S/all-poc - https://github.com/KimJun1010/WeblogicTool - https://github.com/LandGrey/CVE-2018-2894 +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/MacAsure/WL_Scan_GO - https://github.com/Mehedi-Babu/pentest_tools_repo - https://github.com/Muhammd/Awesome-Payloads @@ -115,6 +116,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/mrhacker51/ReverseShellCommands - https://github.com/nevidimk0/PayloadsAllTheThings - https://github.com/nitishbadole/Pentest_Tools +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/RedTeamer - https://github.com/pathakabhi24/Pentest-Tools - https://github.com/pjgmonteiro/Pentest-tools @@ -123,6 +125,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/qi4L/WeblogicScan.go - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/ranjan-prp/PayloadsAllTheThings - https://github.com/ravijainpro/payloads_xss - https://github.com/retr0-13/Pentest-Tools diff --git a/2018/CVE-2018-3191.md b/2018/CVE-2018-3191.md index 71176f151..03adca711 100644 --- a/2018/CVE-2018-3191.md +++ b/2018/CVE-2018-3191.md @@ -70,6 +70,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/mackleadmire/CVE-2018-3191-Rce-Exploit - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/nobiusmallyu/kehai +- https://github.com/onewinner/VulToolsKit - https://github.com/openx-org/BLEN - https://github.com/password520/RedTeamer - https://github.com/pyn3rd/CVE-2018-3191 diff --git a/2018/CVE-2018-3245.md b/2018/CVE-2018-3245.md index cdade06bb..727fd9e18 100644 --- a/2018/CVE-2018-3245.md +++ b/2018/CVE-2018-3245.md @@ -62,6 +62,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/lp008/Hack-readme - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/nobiusmallyu/kehai +- https://github.com/onewinner/VulToolsKit - https://github.com/pyn3rd/CVE-2018-3245 - https://github.com/qazbnm456/awesome-cve-poc - https://github.com/qi4L/WeblogicScan.go diff --git a/2018/CVE-2018-3252.md b/2018/CVE-2018-3252.md index e73db250d..878596037 100644 --- a/2018/CVE-2018-3252.md +++ b/2018/CVE-2018-3252.md @@ -46,6 +46,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/jbmihoub/all-poc - https://github.com/klausware/Java-Deserialization-Cheat-Sheet - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet +- https://github.com/onewinner/VulToolsKit - https://github.com/pyn3rd/CVE-2018-3252 - https://github.com/qi4L/WeblogicScan.go - https://github.com/readloud/Awesome-Stars diff --git a/2018/CVE-2018-4241.md b/2018/CVE-2018-4241.md index e84bfa997..7663fd212 100644 --- a/2018/CVE-2018-4241.md +++ b/2018/CVE-2018-4241.md @@ -17,6 +17,7 @@ An issue was discovered in certain Apple products. iOS before 11.4 is affected. - https://github.com/0xT11/CVE-POC - https://github.com/ARPSyndicate/cvemon - https://github.com/ExploitsJB/multi_path +- https://github.com/FeelTheFonk/Maze-CTF - https://github.com/GeoSn0w/Osiris-Jailbreak - https://github.com/Jailbreaks/multi_path - https://github.com/SeaJae/GeoSn0w-Osiris-Jailbreak diff --git a/2018/CVE-2018-4878.md b/2018/CVE-2018-4878.md index 08051fbe1..31b152a36 100644 --- a/2018/CVE-2018-4878.md +++ b/2018/CVE-2018-4878.md @@ -116,6 +116,7 @@ A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0. - https://github.com/r3volved/CVEAggregate - https://github.com/scriptsboy/Red-Teaming-Toolkit - https://github.com/shr3ddersec/Shr3dKit +- https://github.com/sifatnotes/cobalt_strike_tutorials - https://github.com/slimdaddy/RedTeam - https://github.com/sung3r/CobaltStrike - https://github.com/svbjdbk123/- @@ -124,6 +125,7 @@ A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0. - https://github.com/thezimtex/red-team - https://github.com/tomoyamachi/gocarts - https://github.com/twensoo/PersistentThreat +- https://github.com/u53r55/Security-Tools-List - https://github.com/unusualwork/red-team-tools - https://github.com/vysecurity/CVE-2018-4878 - https://github.com/wateroot/poc-exp diff --git a/2018/CVE-2018-5230.md b/2018/CVE-2018-5230.md index 07b47ed6e..cf2c1cfb0 100644 --- a/2018/CVE-2018-5230.md +++ b/2018/CVE-2018-5230.md @@ -13,6 +13,7 @@ The issue collector in Atlassian Jira before version 7.6.6, from version 7.7.0 b No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates diff --git a/2018/CVE-2018-5333.md b/2018/CVE-2018-5333.md index 3ec3169bb..8daa8cb46 100644 --- a/2018/CVE-2018-5333.md +++ b/2018/CVE-2018-5333.md @@ -19,6 +19,7 @@ In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdm - https://github.com/De4dCr0w/Linux-kernel-EoP-exp - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bcoles/kernel-exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning diff --git a/2018/CVE-2018-5389.md b/2018/CVE-2018-5389.md index 87de7bc41..279499362 100644 --- a/2018/CVE-2018-5389.md +++ b/2018/CVE-2018-5389.md @@ -1,7 +1,8 @@ ### [CVE-2018-5389](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5389) -![](https://img.shields.io/static/v1?label=Product&message=Internet%20Key%20Exchange%20Protocol&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=Version%201Version%201%20Main%20Mode%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-323&color=brighgreen) +![](https://img.shields.io/static/v1?label=Product&message=Strongswan&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%205.5.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-323%20Reusing%20a%20Nonce%2C%20Key%20Pair%20in%20Encryption&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-521%20Weak%20Password%20Requirements&color=brighgreen) ### Description diff --git a/2018/CVE-2018-6307.md b/2018/CVE-2018-6307.md index e9aee1610..fbe930636 100644 --- a/2018/CVE-2018-6307.md +++ b/2018/CVE-2018-6307.md @@ -11,6 +11,7 @@ LibVNC before commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b contains heap use- #### Reference - https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-026-libvnc-heap-use-after-free/ +- https://usn.ubuntu.com/3877-1/ #### Github No PoCs found on GitHub currently. diff --git a/2018/CVE-2018-7600.md b/2018/CVE-2018-7600.md index 5d76ba23e..8fffb3930 100644 --- a/2018/CVE-2018-7600.md +++ b/2018/CVE-2018-7600.md @@ -73,6 +73,7 @@ Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 - https://github.com/JERRY123S/all-poc - https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups - https://github.com/Jean-Francois-C/Windows-Penetration-Testing +- https://github.com/Maarckz/PayloadParaTudo - https://github.com/Mehedi-Babu/pentest_tools_repo - https://github.com/MelanyRoob/Goby - https://github.com/Muhammd/Awesome-Payloads diff --git a/2018/CVE-2018-8174.md b/2018/CVE-2018-8174.md index a5d584410..804189608 100644 --- a/2018/CVE-2018-8174.md +++ b/2018/CVE-2018-8174.md @@ -52,6 +52,7 @@ A remote code execution vulnerability exists in the way that the VBScript engine - https://github.com/Panopticon-Project/panopticon-DarkHotel - https://github.com/RingLcy/VulnerabilityAnalysisAndExploit - https://github.com/SyFi/CVE-2018-8174 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Yt1g3r/CVE-2018-8174_EXP - https://github.com/alphaSeclab/sec-daily-2019 - https://github.com/avboy1337/Vulnerabilities diff --git a/2018/CVE-2018-8438.md b/2018/CVE-2018-8438.md new file mode 100644 index 000000000..17fe3533e --- /dev/null +++ b/2018/CVE-2018-8438.md @@ -0,0 +1,22 @@ +### [CVE-2018-8438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8438) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Servers&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%208.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20RT%208.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202012%20R2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service&color=brighgreen) + +### Description + +A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8437. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/CarlosMeyreles/Network-Vulnerability-Assessment + diff --git a/2018/CVE-2018-8440.md b/2018/CVE-2018-8440.md index 02a1c990c..5ac51f9c6 100644 --- a/2018/CVE-2018-8440.md +++ b/2018/CVE-2018-8440.md @@ -49,6 +49,7 @@ An elevation of privilege vulnerability exists when Windows improperly handles c - https://github.com/paramint/windows-kernel-exploits - https://github.com/playerKe0402/Metasploit-Note - https://github.com/qazbnm456/awesome-cve-poc +- https://github.com/rayhan0x01/reverse-shell-able-exploit-pocs - https://github.com/rdoix/Red-Team-Cheat-Sheet - https://github.com/renzu0/Windows-exp - https://github.com/root26/bug diff --git a/2018/CVE-2018-9230.md b/2018/CVE-2018-9230.md index c6402fb0c..77b2ab50d 100644 --- a/2018/CVE-2018-9230.md +++ b/2018/CVE-2018-9230.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC- - https://github.com/xuetusummer/Penetration_Testing_POC diff --git a/2019/CVE-2019-0193.md b/2019/CVE-2019-0193.md index 8583773cc..6d88b181f 100644 --- a/2019/CVE-2019-0193.md +++ b/2019/CVE-2019-0193.md @@ -33,6 +33,7 @@ No PoCs from references. - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/ZTK-009/RedTeamer - https://github.com/amcai/myscan - https://github.com/apachecn-archive/Middleware-Vulnerability-detection diff --git a/2019/CVE-2019-0211.md b/2019/CVE-2019-0211.md index 64bb19c81..4306c52e8 100644 --- a/2019/CVE-2019-0211.md +++ b/2019/CVE-2019-0211.md @@ -23,6 +23,8 @@ In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or p - https://github.com/0xbigshaq/php7-internals - https://github.com/ARPSyndicate/cvemon - https://github.com/Awrrays/FrameVul +- https://github.com/FishyStix12/WHPython_v1.02 +- https://github.com/Madbat2024/Penetration-test - https://github.com/MicahFleming/Risk-Assessment-Cap-Stone- - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors diff --git a/2019/CVE-2019-0230.md b/2019/CVE-2019-0230.md index c4c448752..3b59d610a 100644 --- a/2019/CVE-2019-0230.md +++ b/2019/CVE-2019-0230.md @@ -20,6 +20,7 @@ Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on r - https://github.com/0day666/Vulnerability-verification - https://github.com/0xT11/CVE-POC - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/sectool - https://github.com/360quake/papers - https://github.com/ARPSyndicate/cvemon @@ -35,6 +36,7 @@ Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on r - https://github.com/Threekiii/Awesome-Exploit - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Z0fhack/Goby_POC - https://github.com/Zero094/Vulnerability-verification - https://github.com/alphaSeclab/sec-daily-2020 diff --git a/2019/CVE-2019-0708.md b/2019/CVE-2019-0708.md index 30cf712ef..78f2ffc64 100644 --- a/2019/CVE-2019-0708.md +++ b/2019/CVE-2019-0708.md @@ -96,6 +96,7 @@ A remote code execution vulnerability exists in Remote Desktop Services formerly - https://github.com/HynekPetrak/detect_bluekeep.py - https://github.com/Iamgublin/0708Test - https://github.com/Idoit-z/python_nmap +- https://github.com/JE2Se/AssetScan - https://github.com/JERRY123S/all-poc - https://github.com/JSec1337/Scanner-CVE-2019-0708 - https://github.com/Jaky5155/cve-2019-0708-exp @@ -149,6 +150,7 @@ A remote code execution vulnerability exists in Remote Desktop Services formerly - https://github.com/TinToSer/bluekeep-exploit - https://github.com/Tk369/Rdp0708 - https://github.com/Tracehowler/Bible +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/UraSecTeam/CVE-2019-0708 - https://github.com/Wh1teZe/solo-blog @@ -372,6 +374,7 @@ A remote code execution vulnerability exists in Remote Desktop Services formerly - https://github.com/syriusbughunt/CVE-2019-0708 - https://github.com/t31m0/PENTESTING-BIBLE - https://github.com/taielab/awesome-hacking-lists +- https://github.com/tanjiti/sec_profile - https://github.com/tataev/Security - https://github.com/tdcoming/Vulnerability-engine - https://github.com/temp-user-2014/CVE-2019-0708 diff --git a/2019/CVE-2019-1003000.md b/2019/CVE-2019-1003000.md index 4029a2d4a..d24763764 100644 --- a/2019/CVE-2019-1003000.md +++ b/2019/CVE-2019-1003000.md @@ -46,6 +46,7 @@ A sandbox bypass vulnerability exists in Script Security Plugin 1.49 and earlier - https://github.com/huimzjty/vulwiki - https://github.com/jaychouzzk/- - https://github.com/jbmihoub/all-poc +- https://github.com/onewinner/VulToolsKit - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main - https://github.com/purple-WL/Jenkins_CVE-2019-1003000 - https://github.com/reph0r/poc-exp diff --git a/2019/CVE-2019-1003005.md b/2019/CVE-2019-1003005.md index 8714edc6c..a69b92514 100644 --- a/2019/CVE-2019-1003005.md +++ b/2019/CVE-2019-1003005.md @@ -27,6 +27,7 @@ A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and - https://github.com/hasee2018/Penetration_Testing_POC - https://github.com/huike007/penetration_poc - https://github.com/lions2012/Penetration_Testing_POC +- https://github.com/onewinner/VulToolsKit - https://github.com/orangetw/awesome-jenkins-rce-2019 - https://github.com/password520/Penetration_PoC - https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC- diff --git a/2019/CVE-2019-1003029.md b/2019/CVE-2019-1003029.md index d90f0eb92..01ec78a4d 100644 --- a/2019/CVE-2019-1003029.md +++ b/2019/CVE-2019-1003029.md @@ -35,6 +35,7 @@ A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and - https://github.com/hasee2018/Penetration_Testing_POC - https://github.com/huike007/penetration_poc - https://github.com/lions2012/Penetration_Testing_POC +- https://github.com/onewinner/VulToolsKit - https://github.com/orangetw/awesome-jenkins-rce-2019 - https://github.com/password520/Penetration_PoC - https://github.com/retr0-13/pwn_jenkins diff --git a/2019/CVE-2019-1010268.md b/2019/CVE-2019-1010268.md index 437730ad5..d659b7475 100644 --- a/2019/CVE-2019-1010268.md +++ b/2019/CVE-2019-1010268.md @@ -10,6 +10,7 @@ Ladon since 0.6.1 (since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059) is affected b ### POC #### Reference +- https://bitbucket.org/jakobsg/ladon/src/42944fc012a3a48214791c120ee5619434505067/src/ladon/interfaces/soap.py#lines-688 - https://www.exploit-db.com/exploits/43113 #### Github diff --git a/2019/CVE-2019-10392.md b/2019/CVE-2019-10392.md index 508214795..9144f639d 100644 --- a/2019/CVE-2019-10392.md +++ b/2019/CVE-2019-10392.md @@ -22,6 +22,7 @@ No PoCs from references. - https://github.com/Rajchowdhury420/Secure-or-Break-Jenkins - https://github.com/Retr0-ll/2023-littleTerm - https://github.com/Retr0-ll/littleterm +- https://github.com/TrojanAZhen/Self_Back - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/ftk-sostupid/CVE-2019-10392_EXP - https://github.com/gquere/pwn_jenkins diff --git a/2019/CVE-2019-10758.md b/2019/CVE-2019-10758.md index 02549fb65..b7b270a60 100644 --- a/2019/CVE-2019-10758.md +++ b/2019/CVE-2019-10758.md @@ -30,6 +30,7 @@ mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/Z0fhack/Goby_POC diff --git a/2019/CVE-2019-10936.md b/2019/CVE-2019-10936.md index 142b95a3c..1096df78a 100644 --- a/2019/CVE-2019-10936.md +++ b/2019/CVE-2019-10936.md @@ -1,31 +1,30 @@ ### [CVE-2019-10936](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10936) -![](https://img.shields.io/static/v1?label=Product&message=%20SIMATIC%20S7-400%20CPU%20414-3%20PN%2FDP%20V7&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=%20SIMATIC%20S7-400%20CPU%20414F-3%20PN%2FDP%20V7&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=%20SIMATIC%20S7-400%20CPU%20416-3%20PN%2FDP%20V7&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=%20SIMATIC%20S7-400%20CPU%20416F-3%20PN%2FDP%20V7&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Development%2FEvaluation%20Kits%20for%20PROFINET%20IO%3A%20DK%20Standard%20Ethernet%20Controller&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Development%2FEvaluation%20Kits%20for%20PROFINET%20IO%3A%20EK-ERTEC%20200&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Development%2FEvaluation%20Kits%20for%20PROFINET%20IO%3A%20EK-ERTEC%20200P&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20CFU%20PA&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM151-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200AL%20IM%20157-1%20PN&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200M%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200MP%20IM%20155-5%20PN%20BA&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200MP%20IM%20155-5%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200MP%20IM%20155-5%20PN%20ST&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM%20151-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM%20151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20BA&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20HA%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20HS&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20ST%20BA&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20ST&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%2F2%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%2F3%20HF&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20Open%20Controller%20CPU%201515SP%20PC%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8F%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8FX%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200AL&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200M%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200MP%20IM155-5%20PN%20BA%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200MP%20IM155-5%20PN%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200MP%20IM155-5%20PN%20ST%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-3%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-4%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8FX%20PN%2FDP%20CPU&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200S%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20BA%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20HA%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20HS%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20ST%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%2F2%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%2F3%20HF%20(incl.%20SIPLUS%20variants)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%2016DI%2C%20DC24V%2C%208xM12&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%2016DO%20DC24V%2F1%2C3A%2C%208xM12&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%204AO%20U%2FI%204xM12&color=blue) @@ -39,9 +38,8 @@ ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%208DO%2C%20DC24V%2F1%2C3A%2C%204xM12&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%208DO%2C%20DC24V%2F1%2C3A%2C%208xM12&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%3A%20IO-Link%20Master&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200pro&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20HMI%20Comfort%20Outdoor%20Panels%207%22%20%26%2015%22%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20HMI%20Comfort%20Panels%204%22%20-%2022%22%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20HMI%20Comfort%20Outdoor%20Panels%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20HMI%20Comfort%20Panels%20(incl.%20SIPLUS%20variants)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20HMI%20KTP%20Mobile%20Panels&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20PN%2FPN%20Coupler&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20PROFINET%20Driver&color=blue) @@ -59,6 +57,10 @@ ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-300%20CPU%20319-3%20PN%2FDP&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-300%20CPU%20319F-3%20PN%2FDP&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20CPU%20412-2%20PN%20V7&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20CPU%20414-3%20PN%2FDP%20V7&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20CPU%20414F-3%20PN%2FDP%20V7&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20CPU%20416-3%20PN%2FDP%20V7&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20CPU%20416F-3%20PN%2FDP%20V7&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20H%20V6%20CPU%20family%20(incl.%20SIPLUS%20variants)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20PN%2FDP%20V6%20and%20below%20CPU%20family%20(incl.%20SIPLUS%20variants)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-410%20V8%20CPU%20family%20(incl.%20SIPLUS%20variants)&color=blue) @@ -82,8 +84,19 @@ ![](https://img.shields.io/static/v1?label=Product&message=SINAMICS%20SM120%20V4.7%20Control%20Unit&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SINUMERIK%20828D&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SINUMERIK%20840D%20sl&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM151-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200MP%20IM%20155-5%20PN%20HF%20T1%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200MP%20IM%20155-5%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200MP%20IM%20155-5%20PN%20ST%20TX%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200MP%20IM%20155-5%20PN%20ST&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM%20151-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM%20151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF%20T1%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF%20TX%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20ST%20BA%20TX%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20ST%20BA&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20ST%20TX%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20ST&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20NET%20PN%2FPN%20Coupler&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20S7-300%20CPU%20314C-2%20PN%2FDP&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20S7-300%20CPU%20315-2%20PN%2FDP&color=blue) @@ -93,9 +106,6 @@ ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20S7-400%20CPU%20414-3%20PN%2FDP%20V7&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20S7-400%20CPU%20416-3%20PN%2FDP%20V7&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%204.8%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V1.1.1%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V1.1.8%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V1.2.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V1.2.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V1.3%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V1.5%20HF1%20&color=brighgreen) @@ -104,25 +114,32 @@ ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V2010%20SP3%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V3.2.17%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V3.3.17%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.0.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.2.1%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.2.2%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.3.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.4.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.6%20Patch%2001%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.7%20HF33%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.7%20SP10%20HF5%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.8%20SP5%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V4.8%20SP6%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V6.0.9%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V7.0.3%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V8.2.2%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V1.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V1.1.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V1.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V4.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V4.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V4.2.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V4.3.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V4.4.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V6.0.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V7.0.3%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) ### Description -A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC PN/PN Coupler, SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS NET PN/PN Coupler, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. +Affected devices improperly handle large amounts of specially crafted UDP packets. This could allow an unauthenticated remote attacker to trigger a denial of service condition. ### POC diff --git a/2019/CVE-2019-11043.md b/2019/CVE-2019-11043.md index f59759ce0..b917127d9 100644 --- a/2019/CVE-2019-11043.md +++ b/2019/CVE-2019-11043.md @@ -48,6 +48,7 @@ In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/XTeam-Wing/RedTeaming2020 - https://github.com/YIXINSHUWU/Penetration_Testing_POC diff --git a/2019/CVE-2019-11358.md b/2019/CVE-2019-11358.md index 4b5cb4a97..000f1069d 100644 --- a/2019/CVE-2019-11358.md +++ b/2019/CVE-2019-11358.md @@ -448,6 +448,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/Brickwolves/LR20 - https://github.com/Brickwolves/LR24 - https://github.com/BrokeProgramer/FtcRobotController-master +- https://github.com/Broswei/centerStage-7571 - https://github.com/Broswei/powerPlay-7571 - https://github.com/BrowningUltro-10539/FF_Offseason_Control_Theory - https://github.com/BrowningUltro-10539/Tutoring-Code @@ -459,6 +460,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/BuffaloWings-5015/FtcRobotController1 - https://github.com/BuffaloWings-5015/VCS_TEST - https://github.com/Build-For-Change/2023-Power-Play +- https://github.com/Build-For-Change/2023-Power-Play-FIRST-ROBOTICS - https://github.com/BurntSpaghetti28/FTC-Robot-Controller - https://github.com/BurritoBandit28/REV-Bot-Controller - https://github.com/BuweiChen/GitGud_Teamcode_Team_5 @@ -867,6 +869,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/FRCTeam4069/FTC2020 - https://github.com/FTC-10195/FTC-10195-2021-2022 - https://github.com/FTC-10195/FTC-10195-FreightFrenzy +- https://github.com/FTC-10195/FTC10195-Centerstage - https://github.com/FTC-10195/FTC10195-Powerplay - https://github.com/FTC-10862-Nebula/10862CenterStage - https://github.com/FTC-10862-Nebula/10862_2021 @@ -895,6 +898,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/FTC-6093/Powerplay6093 - https://github.com/FTC-6183/FTC6183-Powerplay - https://github.com/FTC-6901-Phantom/6901 +- https://github.com/FTC-6901-Phantom/6901-CenterStage - https://github.com/FTC-6901-Phantom/6901PowerPlay - https://github.com/FTC-6901-Phantom/69901FTCFreightFrenzy - https://github.com/FTC-6901-Phantom/Compitition-3-6901 @@ -1017,6 +1021,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/FTCPlanB-5309/Freight-Frenzy - https://github.com/FTCRoboJunkies/origin-https-github.com-DominicGallegos-FtcRobotController-Centerstage - https://github.com/FTCTeam10298/2022-23-code +- https://github.com/FTCTeam10298/2023-24-code - https://github.com/FTCTeam11531/FTC_11531_PowerPlay_Competition - https://github.com/FTCTeam11531/TechnoTrojanTraining_Drivetrain_Differential - https://github.com/FTCTeam11531/TechnoTrojanTraining_Drivetrain_Mecanum @@ -1811,6 +1816,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/PortledgeFTC/2023Centerstage8818 - https://github.com/PotentialEnergyRobotics/23-24-tests - https://github.com/PotentialEnergyRobotics/JebSource +- https://github.com/Powercube7/CenterStage2023 - https://github.com/PranavGundu1729/Centerstage-Robot-Controller - https://github.com/PrecisionGuessworks/UltimateGoal - https://github.com/Pro2typw/Pro2type-Powerplay-Offseason @@ -1860,6 +1866,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/RambaMamba/FTCSTALLIONS - https://github.com/Ramos42069/FTC101 - https://github.com/RandomPythonProgrammer/FtcRobotControllerTest +- https://github.com/Randome-Stuff/FtcRobotController-master - https://github.com/RapidRobots/FtcRobotController - https://github.com/RaresLiscan/freight-frenzy - https://github.com/RaresLiscan/ftc-ultimate-goal @@ -1883,6 +1890,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/Reedy-Creek-Robotics/BionicBulldogs-2023 - https://github.com/Reedy-Creek-Robotics/Entropic-2022 - https://github.com/Reedy-Creek-Robotics/RobyteBulldogs-2023 +- https://github.com/Reet-Sinha/FTC - https://github.com/RepComm/robotctrlr - https://github.com/RepublicOfDanube/RODRobotController - https://github.com/ReverendRhyme/FTCTutorial @@ -1907,6 +1915,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/Robert007-23/2020UG - https://github.com/Robin-924/SV6990FF - https://github.com/Robo-AS/CenterStage +- https://github.com/Robo-Dojo/rd1 - https://github.com/Robo-Lobos/FtcRobotController24 - https://github.com/RoboDilbert/2020UltimateGoal - https://github.com/RoboDilbert/2021FreightFrenzy @@ -2296,6 +2305,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/ToothbrushB/FtcRobotController - https://github.com/TopGgg/BlackBeardFTC - https://github.com/TopGgg/BlackBeardLib +- https://github.com/TopGgg/CenterStageCode - https://github.com/TopGgg/FtcRobotController-BlackBeard2 - https://github.com/TopGgg/FtcRobotController-BlackBeard3 - https://github.com/TopGgg/LastFtcMissionTraining @@ -2332,6 +2342,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/Umesh-9248/FtcRobotController-master - https://github.com/Unbeastable/differentialswerve - https://github.com/UnionRobotics/ftc6559_ultimategoal +- https://github.com/Unknown-Element-FTC-10635/CenterStage - https://github.com/Unknown-Element-FTC-10635/FreightFrenzy - https://github.com/Unknown-Element-FTC-10635/PowerPlay - https://github.com/UpliftRobotics/UltimateGoal18172 @@ -2349,6 +2360,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/Vasil789/ftc - https://github.com/VasuBanga12/FTCTest - https://github.com/Vault-FTC/FTC-Command-System +- https://github.com/Vault-FTC/Mg-2023-2024 - https://github.com/Vault-FTC/MgCode2 - https://github.com/Vault-FTC/MoleMotion - https://github.com/Vector5233/UltimateGoal2 @@ -2761,6 +2773,8 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/charliegarfield/Controllerv1 - https://github.com/charliespy/Repository-3517 - https://github.com/chasemike/FtcRobotController-master +- https://github.com/chene0/rizzlords-robotics +- https://github.com/chene0/swagbots - https://github.com/chhu0830/ctf - https://github.com/chlohal/Robotics_2021_2022 - https://github.com/chrismlemoine/FtcBasic @@ -2815,6 +2829,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/cyborg48/UltimateGoal - https://github.com/dandominicstaicu/SoftHoardersUG - https://github.com/dandominicstaicu/SoftHoardersUG2 +- https://github.com/daria-lzr/RoboAs-CenterStage - https://github.com/darkhanakh/BalgaMenShege_Program - https://github.com/darmthealarm/FtcRobotController-master - https://github.com/darmthealarm/VEGA @@ -2985,6 +3000,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/ftc-16244/IL_FTC_Minibots - https://github.com/ftc-16244/MiniBotOpenCVTest - https://github.com/ftc-16244/Power-Play +- https://github.com/ftc-16244/_OLD_IL-FTC-Minibots - https://github.com/ftc-18650/powerplay - https://github.com/ftc-2939/powerplay-2022 - https://github.com/ftc-9773/UltimateGoal @@ -3425,9 +3441,11 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan - https://github.com/markosnarinian/PovDriveAdvancedNarinian - https://github.com/marsh135/12091 - https://github.com/marsh135/FTC_RET +- https://github.com/martin-esparragoza/DrivetrainTest - https://github.com/mateicrainiceanu/unplugged24 - https://github.com/mattchew015/FTC-12993-repository - https://github.com/mattchew15/FTC-12993-repository +- https://github.com/mattchew15/FTC-12993-repository-centerstage - https://github.com/mattchew15/FTC-12993-repository-powerplay - https://github.com/maxgao123456/FtcRobotController-master - https://github.com/maxthegray/FTCRobotics diff --git a/2019/CVE-2019-11454.md b/2019/CVE-2019-11454.md new file mode 100644 index 000000000..6567b2559 --- /dev/null +++ b/2019/CVE-2019-11454.md @@ -0,0 +1,18 @@ +### [CVE-2019-11454](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11454) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an _viewlog operation. + +### POC + +#### Reference +- https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3 +- https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-11455.md b/2019/CVE-2019-11455.md index 785e134f7..9de7af267 100644 --- a/2019/CVE-2019-11455.md +++ b/2019/CVE-2019-11455.md @@ -10,6 +10,7 @@ A buffer over-read in Util_urlDecode in util.c in Tildeslash Monit before 5.25.3 ### POC #### Reference +- https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a - https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py #### Github diff --git a/2019/CVE-2019-12581.md b/2019/CVE-2019-12581.md index 3608f29ec..86ac274fc 100644 --- a/2019/CVE-2019-12581.md +++ b/2019/CVE-2019-12581.md @@ -14,4 +14,5 @@ A reflective Cross-site scripting (XSS) vulnerability in the free_time_failed.cg #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2019/CVE-2019-12593.md b/2019/CVE-2019-12593.md index e9a2f154b..5c5eaef24 100644 --- a/2019/CVE-2019-12593.md +++ b/2019/CVE-2019-12593.md @@ -17,6 +17,7 @@ IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerabil - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/merlinepedra/nuclei-templates - https://github.com/merlinepedra25/nuclei-templates - https://github.com/sobinge/nuclei-templates diff --git a/2019/CVE-2019-12968.md b/2019/CVE-2019-12968.md new file mode 100644 index 000000000..2b830de88 --- /dev/null +++ b/2019/CVE-2019-12968.md @@ -0,0 +1,19 @@ +### [CVE-2019-12968](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12968) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A vulnerability was found in the Sonic Robo Blast 2 (SRB2) plugin (EP_Versions 9 to 11 inclusive) distributed with Doomseeker 1.1 and 1.2. Affected plugin versions did not discard IP packets with an unnaturally long response length from a Sonic Robo Blast 2 master server, allowing a remote attacker to cause a potential crash / denial of service in Doomseeker. The issue has been remediated in the Doomseeker 1.3 release with source code patches to the SRB2 plugin. + +### POC + +#### Reference +- https://bitbucket.org/Doomseeker/doomseeker/commits/ae456aac888cb794ea3292f7f99cb87d6b22a555 +- https://bitbucket.org/Doomseeker/doomseeker/commits/b9a90f1f56e704c5cbeefe83da2f9ce939920278 +- https://bitbucket.org/Doomseeker/doomseeker/pull-requests/74/more-openbsd-issues-3654-the-srb2-thingy/diff + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-13272.md b/2019/CVE-2019-13272.md index a594161a7..3693783ff 100644 --- a/2019/CVE-2019-13272.md +++ b/2019/CVE-2019-13272.md @@ -63,6 +63,7 @@ In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Tharana/Exploiting-a-Linux-kernel-vulnerability - https://github.com/Tharana/vulnerability-exploitation +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/Waseem27-art/ART-TOOLKIT - https://github.com/Whiteh4tWolf/xcoderootsploit @@ -70,6 +71,7 @@ In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the - https://github.com/YellowVeN0m/Pentesters-toolbox - https://github.com/ZTK-009/Penetration_PoC - https://github.com/ZTK-009/RedTeamer +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/alphaSeclab/sec-daily-2019 - https://github.com/anoaghost/Localroot_Compile - https://github.com/asepsaepdin/CVE-2019-13272 diff --git a/2019/CVE-2019-13343.md b/2019/CVE-2019-13343.md index c7724b9cf..1997bb216 100644 --- a/2019/CVE-2019-13343.md +++ b/2019/CVE-2019-13343.md @@ -10,6 +10,10 @@ Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading ### POC #### Reference +- https://bitbucket.org/account/user/butor-team/projects/PROJ +- https://bitbucket.org/butor-team/portal/commits/all +- https://bitbucket.org/butor-team/portal/commits/cd7055d33e194fcf530100ee1d8d13aa9cde230b +- https://bitbucket.org/butor-team/portal/src/cd7055d33e194fcf530100ee1d8d13aa9cde230b/src/main/java/com/butor/portal/web/servlet/WhiteLabelingServlet.java?at=master - https://www.gosecure.net/blog/2019/09/30/butor-portal-arbitrary-file-download-vulnerability-cve-2019-13343 #### Github diff --git a/2019/CVE-2019-13392.md b/2019/CVE-2019-13392.md index ba79e4071..d5c50e5cf 100644 --- a/2019/CVE-2019-13392.md +++ b/2019/CVE-2019-13392.md @@ -13,5 +13,6 @@ A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0 No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2019/CVE-2019-13462.md b/2019/CVE-2019-13462.md index f3f162f0d..1636d8edf 100644 --- a/2019/CVE-2019-13462.md +++ b/2019/CVE-2019-13462.md @@ -13,6 +13,7 @@ Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. - https://www.lansweeper.com/forum/yaf_topics33_Announcements.aspx #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/StarCrossPortal/scalpel diff --git a/2019/CVE-2019-1388.md b/2019/CVE-2019-1388.md index 160bc5ae2..b34ad2668 100644 --- a/2019/CVE-2019-1388.md +++ b/2019/CVE-2019-1388.md @@ -45,6 +45,7 @@ No PoCs from references. - https://github.com/Shadowven/Vulnerability_Reproduction - https://github.com/SofianeHamlaoui/Conti-Clear - https://github.com/TCM-Course-Resources/Windows-Privilege-Escalation-Resources +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/XTeam-Wing/RedTeaming2020 - https://github.com/YIXINSHUWU/Penetration_Testing_POC diff --git a/2019/CVE-2019-14234.md b/2019/CVE-2019-14234.md index c6d692c1d..edfddd41b 100644 --- a/2019/CVE-2019-14234.md +++ b/2019/CVE-2019-14234.md @@ -20,6 +20,7 @@ No PoCs from references. - https://github.com/SurfRid3r/Django_vulnerability_analysis - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/bakery312/Vulhub-Reproduce - https://github.com/hktalent/bug-bounty - https://github.com/hxysaury/saury-vulnhub @@ -33,4 +34,5 @@ No PoCs from references. - https://github.com/reph0r/poc-exp-tools - https://github.com/t0m4too/t0m4to - https://github.com/xbl3/awesome-cve-poc_qazbnm456 +- https://github.com/yihong0618/Python365 diff --git a/2019/CVE-2019-14287.md b/2019/CVE-2019-14287.md index f9d74f9cf..95907d0ff 100644 --- a/2019/CVE-2019-14287.md +++ b/2019/CVE-2019-14287.md @@ -61,6 +61,7 @@ In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can - https://github.com/TCM-Course-Resources/Linux-Privilege-Escalation-Resources - https://github.com/Tharana/Exploiting-a-Linux-kernel-vulnerability - https://github.com/Tharana/vulnerability-exploitation +- https://github.com/TrojanAZhen/Self_Back - https://github.com/XTeam-Wing/RedTeaming2020 - https://github.com/ZeusBanda/Linux_Priv-Esc_Cheatsheet - https://github.com/a-nonymou-s/Agent-Sudo @@ -107,6 +108,7 @@ In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can - https://github.com/oscpname/OSCP_cheat - https://github.com/python-nerd-git/Sudo-Security-Bypass - https://github.com/ra1nb0rn/search_vulns +- https://github.com/redcountryroad/OSCP-shortsheet - https://github.com/retr0-13/Linux-Privilege-Escalation-Basics - https://github.com/revanmalang/OSCP - https://github.com/sRussBahari/Capture_The_Flag_Offensive_Security diff --git a/2019/CVE-2019-14322.md b/2019/CVE-2019-14322.md index 2e1136fc5..2aaf07c09 100644 --- a/2019/CVE-2019-14322.md +++ b/2019/CVE-2019-14322.md @@ -13,6 +13,7 @@ In Pallets Werkzeug before 0.15.5, SharedDataMiddleware mishandles drive names ( - http://packetstormsecurity.com/files/163398/Pallets-Werkzeug-0.15.4-Path-Traversal.html #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates diff --git a/2019/CVE-2019-15107.md b/2019/CVE-2019-15107.md index 0a34b0ee9..682d1957e 100644 --- a/2019/CVE-2019-15107.md +++ b/2019/CVE-2019-15107.md @@ -61,6 +61,7 @@ An issue was discovered in Webmin <=1.920. The parameter old in password_change. - https://github.com/TheAlpha19/MiniExploit - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tuz-Wwsd/CVE-2019-15107_detection - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC diff --git a/2019/CVE-2019-15666.md b/2019/CVE-2019-15666.md index 91dd88dba..51b560507 100644 --- a/2019/CVE-2019-15666.md +++ b/2019/CVE-2019-15666.md @@ -18,6 +18,7 @@ An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bo - https://github.com/DrewSC13/Linpeas - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/go-bi/go-bi-soft diff --git a/2019/CVE-2019-16097.md b/2019/CVE-2019-16097.md index 484ac5413..1cf2fb0de 100644 --- a/2019/CVE-2019-16097.md +++ b/2019/CVE-2019-16097.md @@ -29,6 +29,7 @@ core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create - https://github.com/SexyBeast233/SecBooks - https://github.com/TeraSecTeam/ary - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Z0fhack/Goby_POC - https://github.com/alphaSeclab/sec-daily-2019 - https://github.com/apachecn-archive/Middleware-Vulnerability-detection diff --git a/2019/CVE-2019-16759.md b/2019/CVE-2019-16759.md index 290aa551b..8ba512910 100644 --- a/2019/CVE-2019-16759.md +++ b/2019/CVE-2019-16759.md @@ -38,6 +38,7 @@ vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/VengfullSecurityOperations/BTCMixingBowl - https://github.com/YIXINSHUWU/Penetration_Testing_POC diff --git a/2019/CVE-2019-17003.md b/2019/CVE-2019-17003.md index 48f63ffba..2fccf3c2e 100644 --- a/2019/CVE-2019-17003.md +++ b/2019/CVE-2019-17003.md @@ -29,6 +29,7 @@ Scanning a QR code that contained a javascript: URL would have resulted in the J - https://github.com/abuzafarhaqq/bugBounty - https://github.com/ajino2k/Awesome-Bugbounty-Writeups - https://github.com/alexbieber/Bug_Bounty_writeups +- https://github.com/arijitdirghangi/100DaysofLearning - https://github.com/arijitdirghanji/100DaysofLearning - https://github.com/blitz-cmd/Bugbounty-writeups - https://github.com/bot8080/awesomeBugbounty diff --git a/2019/CVE-2019-17195.md b/2019/CVE-2019-17195.md index 55108f605..add318b08 100644 --- a/2019/CVE-2019-17195.md +++ b/2019/CVE-2019-17195.md @@ -10,6 +10,7 @@ Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions whi ### POC #### Reference +- https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt - https://www.oracle.com//security-alerts/cpujul2021.html - https://www.oracle.com/security-alerts/cpuApr2021.html - https://www.oracle.com/security-alerts/cpuapr2020.html diff --git a/2019/CVE-2019-17564.md b/2019/CVE-2019-17564.md index 762114f9c..83967e9cb 100644 --- a/2019/CVE-2019-17564.md +++ b/2019/CVE-2019-17564.md @@ -32,6 +32,7 @@ No PoCs from references. - https://github.com/Threekiii/Awesome-Exploit - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/Whoopsunix/PPPRASP - https://github.com/Whoopsunix/PPPVULNS diff --git a/2019/CVE-2019-17567.md b/2019/CVE-2019-17567.md index b0ac9d01b..4f05efa2e 100644 --- a/2019/CVE-2019-17567.md +++ b/2019/CVE-2019-17567.md @@ -19,4 +19,5 @@ Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an - https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 diff --git a/2019/CVE-2019-17671.md b/2019/CVE-2019-17671.md index 695310d3b..0c90c2c7c 100644 --- a/2019/CVE-2019-17671.md +++ b/2019/CVE-2019-17671.md @@ -19,6 +19,7 @@ In WordPress before 5.2.4, unauthenticated viewing of certain content is possibl - https://github.com/El-Palomo/DerpNStink - https://github.com/El-Palomo/SYMFONOS - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/dkohli23/WordPressLab7and8 - https://github.com/hectorgie/PoC-in-GitHub diff --git a/2019/CVE-2019-18393.md b/2019/CVE-2019-18393.md index 01afe846b..d88453317 100644 --- a/2019/CVE-2019-18393.md +++ b/2019/CVE-2019-18393.md @@ -13,6 +13,7 @@ PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure tha No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/StarCrossPortal/scalpel diff --git a/2019/CVE-2019-19300.md b/2019/CVE-2019-19300.md index 3d51aa59c..92d0d5f57 100644 --- a/2019/CVE-2019-19300.md +++ b/2019/CVE-2019-19300.md @@ -5,20 +5,20 @@ ![](https://img.shields.io/static/v1?label=Product&message=SIDOOR%20ATD430W&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIDOOR%20ATE530S%20COATED&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIDOOR%20ATE531S&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM151-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200AL%20IM%20157-1%20PN&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200MP%20IM%20155-5%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM%20151-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM%20151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20MF%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20HA%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%2F2%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%2F3%20HF&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20Open%20Controller%20CPU%201515SP%20PC%20(incl.%20SIPLUS%20variants)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20Open%20Controller%20CPU%201515SP%20PC2%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8F%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8FX%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200AL%20IM157-1%20PN&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200MP%20IM155-5%20PN%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20MF%20HF&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20HA%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%2F2%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%2F3%20HF%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8FX%20PN%2FDP%20CPU&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%20AI%208xRTD%2FTC%2C%20M12-L&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%20CM%204x%20IO-Link%2C%20M12-L&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%20CM%208x%20IO-Link%2C%20M12-L&color=blue) @@ -43,7 +43,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-300%20CPU%20317TF-3%20PN%2FDP&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-300%20CPU%20319-3%20PN%2FDP&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-300%20CPU%20319F-3%20PN%2FDP&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20H%20V6%20CPU%20family%20and%20below%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20H%20V6%C2%A0and%20below%C2%A0CPU%20family%20(incl.%20SIPLUS%20variants)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-400%20PN%2FDP%20V7%20CPU%20family%20(incl.%20SIPLUS%20variants)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-410%20V10%20CPU%20family%20(incl.%20SIPLUS%20variants)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20S7-410%20V8%20CPU%20family%20(incl.%20SIPLUS%20variants)&color=blue) @@ -52,8 +52,13 @@ ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20WinAC%20RTX%202010&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20WinAC%20RTX%20F%202010&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SINAMICS%20S%2FG%20Control%20Unit%20w.%20PROFINET&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM151-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200MP%20IM%20155-5%20PN%20HF%20T1%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200MP%20IM%20155-5%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM%20151-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM%20151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF%20T1%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF%20TX%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20NET%20PN%2FPN%20Coupler&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20S7-300%20CPU%20314C-2%20PN%2FDP&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20S7-300%20CPU%20315-2%20PN%2FDP&color=blue) @@ -67,13 +72,14 @@ ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=V4.2.0%3C%20*%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=V5.1.1%3C%20V5.1.2%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=V5.1.1%3C%20V5.1.3%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) ### Description -A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC ET200AL IM157-1 PN, SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC MICRO-DRIVE PDC, SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS S/G Control Unit w. PROFINET, SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service. +A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0), SIMATIC ET 200pro IM 154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM 154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM 151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM 151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants), SIMATIC ET 200SP IM 155-6 PN HF (6ES7155-6AU00-0CN0), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC MICRO-DRIVE PDC, SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 H V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS S/G Control Unit w. PROFINET, SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0), SIPLUS ET 200S IM 151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM 151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-4CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU00-1CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service. ### POC diff --git a/2019/CVE-2019-19551.md b/2019/CVE-2019-19551.md new file mode 100644 index 000000000..c28a1c7b2 --- /dev/null +++ b/2019/CVE-2019-19551.md @@ -0,0 +1,17 @@ +### [CVE-2019-19551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19551) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the User Management screen of the Administrator web site. An attacker with access to the User Control Panel application can submit malicious values in some of the time/date formatting and time-zone fields. These fields are not being properly sanitized. If this is done and a user (such as an admin) visits the User Management screen and views that user's profile, the XSS payload will render and execute in the context of the victim user's account. + +### POC + +#### Reference +- https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-19552.md b/2019/CVE-2019-19552.md new file mode 100644 index 000000000..475492200 --- /dev/null +++ b/2019/CVE-2019-19552.md @@ -0,0 +1,17 @@ +### [CVE-2019-19552](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19552) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists in the user management screen of the Administrator web site, i.e., the/admin/config.php?display=userman URI. An attacker with sufficient privileges can edit the Display Name of a user and embed malicious XSS code. When another user (such as an admin) visits the main User Management screen, the XSS payload will render and execute in the context of the victim user's account. + +### POC + +#### Reference +- https://wiki.freepbx.org/display/FOP/2019-12-03+Multiple+XSS+Vulnerabilities + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-20141.md b/2019/CVE-2019-20141.md index b4ea27c72..c4523c0f2 100644 --- a/2019/CVE-2019-20141.md +++ b/2019/CVE-2019-20141.md @@ -13,6 +13,7 @@ An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via th No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/Live-Hack-CVE/CVE-2019-20141 diff --git a/2019/CVE-2019-20375.md b/2019/CVE-2019-20375.md new file mode 100644 index 000000000..946b33299 --- /dev/null +++ b/2019/CVE-2019-20375.md @@ -0,0 +1,17 @@ +### [CVE-2019-20375](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20375) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via the value parameter in a localization (loc) command to elogd.c. + +### POC + +#### Reference +- https://bitbucket.org/ritt/elog/commits/eefdabb714f26192f585083ef96c8413e459a1d1 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-20376.md b/2019/CVE-2019-20376.md new file mode 100644 index 000000000..d2e9db79b --- /dev/null +++ b/2019/CVE-2019-20376.md @@ -0,0 +1,17 @@ +### [CVE-2019-20376](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20376) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) 3.1.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG document to elogd.c. + +### POC + +#### Reference +- https://bitbucket.org/ritt/elog/commits/993bed4923c88593cc6b1186e0d1b9564994a25a + +#### Github +No PoCs found on GitHub currently. + diff --git a/2019/CVE-2019-2725.md b/2019/CVE-2019-2725.md index ea01e4400..0eed8fdbb 100644 --- a/2019/CVE-2019-2725.md +++ b/2019/CVE-2019-2725.md @@ -24,6 +24,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/0xn0ne/weblogicScanner - https://github.com/1120362990/vulnerability-list - https://github.com/189569400/Meppo +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/pocsuite - https://github.com/20142995/pocsuite3 - https://github.com/20142995/sectool @@ -80,6 +81,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/Soundaryakambhampati/test-6 - https://github.com/Threekiii/Awesome-POC - https://github.com/TopScrew/CVE-2019-2725 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/Waseem27-art/ART-TOOLKIT - https://github.com/Weik1/Artillery @@ -175,6 +177,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/r0eXpeR/redteam_vul - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/retr0-13/Pentest-Tools - https://github.com/rockmelodies/rocComExpRce - https://github.com/safe6Sec/WeblogicVuln diff --git a/2019/CVE-2019-2729.md b/2019/CVE-2019-2729.md index 16505af29..a8196a34c 100644 --- a/2019/CVE-2019-2729.md +++ b/2019/CVE-2019-2729.md @@ -74,6 +74,7 @@ Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middlewar - https://github.com/qtgavc/list - https://github.com/rabbitmask/WeblogicScan - https://github.com/rabbitmask/WeblogicScanLot +- https://github.com/rabbitmask/WeblogicScanServer - https://github.com/rockmelodies/rocComExpRce - https://github.com/ruthlezs/CVE-2019-2729-Exploit - https://github.com/safe6Sec/wlsEnv diff --git a/2019/CVE-2019-3394.md b/2019/CVE-2019-3394.md index 639da2335..73077701f 100644 --- a/2019/CVE-2019-3394.md +++ b/2019/CVE-2019-3394.md @@ -17,6 +17,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/Awrrays/FrameVul - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/goddemondemongod/Sec-Interview - https://github.com/hectorgie/PoC-in-GitHub diff --git a/2019/CVE-2019-5418.md b/2019/CVE-2019-5418.md index 30c0d9f7d..625315f86 100644 --- a/2019/CVE-2019-5418.md +++ b/2019/CVE-2019-5418.md @@ -37,6 +37,7 @@ There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6 - https://github.com/Soundaryakambhampati/test-6 - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/W01fh4cker/Serein - https://github.com/Zenika/kubernetes-security-workshop - https://github.com/albinowax/ActiveScanPlusPlus diff --git a/2019/CVE-2019-5475.md b/2019/CVE-2019-5475.md index 5f39431d7..5b5fbf447 100644 --- a/2019/CVE-2019-5475.md +++ b/2019/CVE-2019-5475.md @@ -21,6 +21,7 @@ The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution whe - https://github.com/HimmelAward/Goby_POC - https://github.com/SexyBeast233/SecBooks - https://github.com/TesterCC/exp_poc_library +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Z0fhack/Goby_POC - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/hectorgie/PoC-in-GitHub diff --git a/2019/CVE-2019-6111.md b/2019/CVE-2019-6111.md index 8d72b0ac9..c3b93f75a 100644 --- a/2019/CVE-2019-6111.md +++ b/2019/CVE-2019-6111.md @@ -25,6 +25,7 @@ An issue was discovered in OpenSSH 7.9. Due to the scp implementation being deri - https://github.com/KorayAgaya/TrivyWeb - https://github.com/Mohzeela/external-secret - https://github.com/TommasoBilotta/public +- https://github.com/bigb0x/CVE-2024-6387 - https://github.com/bioly230/THM_Skynet - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/firatesatoglu/iot-searchengine diff --git a/2019/CVE-2019-6977.md b/2019/CVE-2019-6977.md index c92d88555..9c3e99770 100644 --- a/2019/CVE-2019-6977.md +++ b/2019/CVE-2019-6977.md @@ -18,6 +18,7 @@ gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2 #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/FishyStix12/BH.py-CharCyCon2024 +- https://github.com/FishyStix12/WHPython_v1.02 - https://github.com/SexyBeast233/SecBooks - https://github.com/alphaSeclab/sec-daily-2019 - https://github.com/ozkanbilge/Apache-Exploit-2019 diff --git a/2019/CVE-2019-7238.md b/2019/CVE-2019-7238.md index 2fface8a8..61bfc6a4d 100644 --- a/2019/CVE-2019-7238.md +++ b/2019/CVE-2019-7238.md @@ -37,6 +37,7 @@ Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control. - https://github.com/Threekiii/Awesome-Exploit - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WingsSec/Meppo - https://github.com/Z0fhack/Goby_POC - https://github.com/alphaSeclab/sec-daily-2019 diff --git a/2019/CVE-2019-7256.md b/2019/CVE-2019-7256.md index 6fb2d0cfc..588d3a46c 100644 --- a/2019/CVE-2019-7256.md +++ b/2019/CVE-2019-7256.md @@ -16,6 +16,7 @@ Linear eMerge E3-Series devices allow Command Injections. - http://packetstormsecurity.com/files/170372/Linear-eMerge-E3-Series-Access-Controller-Command-Injection.html #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2019/CVE-2019-7304.md b/2019/CVE-2019-7304.md index ad5a0e22c..d35bc906e 100644 --- a/2019/CVE-2019-7304.md +++ b/2019/CVE-2019-7304.md @@ -24,12 +24,14 @@ Canonical snapd before version 2.37.1 incorrectly performed socket owner validat - https://github.com/Dhayalanb/Snapd-V2 - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits - https://github.com/Ly0nt4r/OSCP +- https://github.com/Mr-Tree-S/POC_EXP - https://github.com/SecuritySi/CVE-2019-7304_DirtySock - https://github.com/SirElmard/ethical_hacking - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/VieVaWaldi/DirtySock - https://github.com/WalterEhren/DirtySock - https://github.com/WalterEren/DirtySock +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/anoaghost/Localroot_Compile - https://github.com/bgrewell/SockPuppet - https://github.com/blkdevcon/awesome-starz diff --git a/2019/CVE-2019-7609.md b/2019/CVE-2019-7609.md index 1750f0275..53a2f074e 100644 --- a/2019/CVE-2019-7609.md +++ b/2019/CVE-2019-7609.md @@ -41,6 +41,7 @@ Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/ZTK-009/Penetration_PoC diff --git a/2019/CVE-2019-8451.md b/2019/CVE-2019-8451.md index 43cd747ae..0b70dc95a 100644 --- a/2019/CVE-2019-8451.md +++ b/2019/CVE-2019-8451.md @@ -34,6 +34,7 @@ No PoCs from references. - https://github.com/SexyBeast233/SecBooks - https://github.com/Soundaryakambhampati/test-6 - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/UGF0aWVudF9aZXJv/Atlassian-Jira-pentesting - https://github.com/Z0fhack/Goby_POC - https://github.com/alex14324/Eagel diff --git a/2019/CVE-2019-8761.md b/2019/CVE-2019-8761.md index 9ece80fd1..7754a23a0 100644 --- a/2019/CVE-2019-8761.md +++ b/2019/CVE-2019-8761.md @@ -10,7 +10,7 @@ This issue was addressed with improved checks. This issue is fixed in macOS Cata ### POC #### Reference -No PoCs from references. +- https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html #### Github - https://github.com/houjingyi233/macOS-iOS-system-security diff --git a/2019/CVE-2019-9193.md b/2019/CVE-2019-9193.md index 62df9baa9..d994f23bb 100644 --- a/2019/CVE-2019-9193.md +++ b/2019/CVE-2019-9193.md @@ -24,6 +24,7 @@ - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Yang8miao/prov_navigator - https://github.com/alphaSeclab/sec-daily-2019 - https://github.com/b4keSn4ke/CVE-2019-9193 diff --git a/2020/CVE-2020-0554.md b/2020/CVE-2020-0554.md index 7908ffd74..b03fea7d2 100644 --- a/2020/CVE-2020-0554.md +++ b/2020/CVE-2020-0554.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/EchoGin404/- - https://github.com/EchoGin404/gongkaishouji - https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/ZTK-009/Penetration_PoC diff --git a/2020/CVE-2020-0601.md b/2020/CVE-2020-0601.md index 1f99fd8b2..3cd9cef26 100644 --- a/2020/CVE-2020-0601.md +++ b/2020/CVE-2020-0601.md @@ -71,6 +71,7 @@ A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) valid - https://github.com/ShayNehmad/twoplustwo - https://github.com/SherlockSec/CVE-2020-0601 - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/XTeam-Wing/RedTeaming2020 - https://github.com/YIXINSHUWU/Penetration_Testing_POC diff --git a/2020/CVE-2020-0618.md b/2020/CVE-2020-0618.md index 2a9f22ad3..0b7c59539 100644 --- a/2020/CVE-2020-0618.md +++ b/2020/CVE-2020-0618.md @@ -40,6 +40,7 @@ A remote code execution vulnerability exists in Microsoft SQL Server Reporting S - https://github.com/Saidul-M-Khan/PENTESTING-BIBLE - https://github.com/SexyBeast233/SecBooks - https://github.com/SohelParashar/.Net-Deserialization-Cheat-Sheet +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/ZTK-009/Penetration_PoC diff --git a/2020/CVE-2020-0688.md b/2020/CVE-2020-0688.md index 4000fa47e..309026bf1 100644 --- a/2020/CVE-2020-0688.md +++ b/2020/CVE-2020-0688.md @@ -69,6 +69,7 @@ A remote code execution vulnerability exists in Microsoft Exchange software when - https://github.com/ShawnDEvans/smbmap - https://github.com/SofianeHamlaoui/Conti-Clear - https://github.com/TheKickPuncher/CVE-2020-0688-Python3 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/ViperXSecurity/OpenResearch - https://github.com/W01fh4cker/CVE-2020-0688-GUI diff --git a/2020/CVE-2020-0796.md b/2020/CVE-2020-0796.md index 12e82e88d..40e664102 100644 --- a/2020/CVE-2020-0796.md +++ b/2020/CVE-2020-0796.md @@ -149,6 +149,7 @@ A remote code execution vulnerability exists in the way that the Microsoft Serve - https://github.com/Threekiii/Awesome-POC - https://github.com/TinToSer/CVE-2020-0796-LPE - https://github.com/TinToSer/cve2020-0796 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/UraSecTeam/smbee - https://github.com/WinMin/Protocol-Vul diff --git a/2020/CVE-2020-10021.md b/2020/CVE-2020-10021.md index 2f8ecd213..2af849254 100644 --- a/2020/CVE-2020-10021.md +++ b/2020/CVE-2020-10021.md @@ -15,4 +15,5 @@ Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned S #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/CBackyx/CVE-Reproduction +- https://github.com/Moh3nsalehi/AutoPatchCode diff --git a/2020/CVE-2020-10580.md b/2020/CVE-2020-10580.md index ad91512a6..636906502 100644 --- a/2020/CVE-2020-10580.md +++ b/2020/CVE-2020-10580.md @@ -10,7 +10,7 @@ A command injection on the /admin/broadcast.php script of Invigo Automatic Devic ### POC #### Reference -No PoCs from references. +- https://cwe.mitre.org/data/definitions/77.html #### Github - https://github.com/Live-Hack-CVE/CVE-2020-10580 diff --git a/2020/CVE-2020-11023.md b/2020/CVE-2020-11023.md index 4bc64c450..afe799a56 100644 --- a/2020/CVE-2020-11023.md +++ b/2020/CVE-2020-11023.md @@ -36,6 +36,7 @@ In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML - https://github.com/Snorlyd/https-nj.gov---CVE-2020-11023 - https://github.com/alphaSeclab/sec-daily-2020 - https://github.com/andreassundstrom/cve-2020-11023-demonstration +- https://github.com/arijitdirghangi/100DaysofLearning - https://github.com/arijitdirghanji/100DaysofLearning - https://github.com/ctcpip/jquery-security - https://github.com/cve-sandbox/jquery diff --git a/2020/CVE-2020-11651.md b/2020/CVE-2020-11651.md index 8806ea75a..aaf15f1ab 100644 --- a/2020/CVE-2020-11651.md +++ b/2020/CVE-2020-11651.md @@ -47,6 +47,7 @@ An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2 - https://github.com/Threekiii/Awesome-Exploit - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/Z0fhack/Goby_POC diff --git a/2020/CVE-2020-11989.md b/2020/CVE-2020-11989.md index fdb9d1e26..92c8525b9 100644 --- a/2020/CVE-2020-11989.md +++ b/2020/CVE-2020-11989.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/HackJava/HackShiro - https://github.com/HackJava/Shiro - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Zero094/Vulnerability-verification - https://github.com/apachecn-archive/Middleware-Vulnerability-detection - https://github.com/bfengj/CTF diff --git a/2020/CVE-2020-12127.md b/2020/CVE-2020-12127.md index 432b28722..e7e6a2b81 100644 --- a/2020/CVE-2020-12127.md +++ b/2020/CVE-2020-12127.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2020/CVE-2020-12145.md b/2020/CVE-2020-12145.md index 2252c777a..c1b989f0f 100644 --- a/2020/CVE-2020-12145.md +++ b/2020/CVE-2020-12145.md @@ -17,4 +17,5 @@ No PoCs from references. - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2020/CVE-2020-12146.md b/2020/CVE-2020-12146.md new file mode 100644 index 000000000..dde350893 --- /dev/null +++ b/2020/CVE-2020-12146.md @@ -0,0 +1,18 @@ +### [CVE-2020-12146](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12146) +![](https://img.shields.io/static/v1?label=Product&message=Unity%20Orchestrator&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CVE-2020-12147&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen) + +### Description + +In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or 9.0.1+, an authenticated user can access, modify, and delete restricted files on the Orchestrator server using the/debugFiles REST API. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/gnarkill78/CSA_S2_2024 + diff --git a/2020/CVE-2020-12720.md b/2020/CVE-2020-12720.md index ed36742d3..7d62f6b0d 100644 --- a/2020/CVE-2020-12720.md +++ b/2020/CVE-2020-12720.md @@ -25,6 +25,7 @@ vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has - https://github.com/Z0fhack/Goby_POC - https://github.com/cocomelonc/vulnexipy - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/merlinepedra/nuclei-templates - https://github.com/merlinepedra25/nuclei-templates - https://github.com/sobinge/nuclei-templates diff --git a/2020/CVE-2020-13111.md b/2020/CVE-2020-13111.md new file mode 100644 index 000000000..5350a36c4 --- /dev/null +++ b/2020/CVE-2020-13111.md @@ -0,0 +1,17 @@ +### [CVE-2020-13111](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13111) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash. + +### POC + +#### Reference +- https://bitbucket.org/naviserver/naviserver/commits/a5c3079f1d8996d5f34c9384a440acf3519ca3bb + +#### Github +No PoCs found on GitHub currently. + diff --git a/2020/CVE-2020-1350.md b/2020/CVE-2020-1350.md index 99fbe8196..685c171fd 100644 --- a/2020/CVE-2020-1350.md +++ b/2020/CVE-2020-1350.md @@ -41,6 +41,7 @@ A remote code execution vulnerability exists in Windows Domain Name System serve - https://github.com/T13nn3s/CVE-2020-1350 - https://github.com/TheCyberViking/Insider_Threat_Bait - https://github.com/TrinityCryptx/OSCP-Resources +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/WinMin/Protocol-Vul - https://github.com/YIXINSHUWU/Penetration_Testing_POC diff --git a/2020/CVE-2020-13942.md b/2020/CVE-2020-13942.md index 08b9962cd..34b0dfc3c 100644 --- a/2020/CVE-2020-13942.md +++ b/2020/CVE-2020-13942.md @@ -35,6 +35,7 @@ No PoCs from references. - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/eugenebmx/CVE-2020-13942 +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hoanx4/apche_unomi_rce - https://github.com/litt1eb0yy/One-Liner-Scripts diff --git a/2020/CVE-2020-13950.md b/2020/CVE-2020-13950.md index 4c7a0a0a6..9283d9d65 100644 --- a/2020/CVE-2020-13950.md +++ b/2020/CVE-2020-13950.md @@ -16,4 +16,5 @@ Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash - https://github.com/ARPSyndicate/cvemon - https://github.com/PierreChrd/py-projet-tut - https://github.com/Totes5706/TotesHTB +- https://github.com/jkiala2/Projet_etude_M1 diff --git a/2020/CVE-2020-13957.md b/2020/CVE-2020-13957.md index c12818305..048d6bae9 100644 --- a/2020/CVE-2020-13957.md +++ b/2020/CVE-2020-13957.md @@ -22,6 +22,7 @@ No PoCs from references. - https://github.com/Miraitowa70/POC-Notes - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/apachecn-archive/Middleware-Vulnerability-detection - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/errorecho/CVEs-Collection diff --git a/2020/CVE-2020-14179.md b/2020/CVE-2020-14179.md index 69e2e8e16..63ff04d4e 100644 --- a/2020/CVE-2020-14179.md +++ b/2020/CVE-2020-14179.md @@ -23,6 +23,7 @@ No PoCs from references. - https://github.com/c0brabaghdad1/CVE-2020-14179 - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/developer3000S/PoC-in-GitHub +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hackerhackrat/R-poc - https://github.com/imhunterand/JiraCVE - https://github.com/merlinepedra/nuclei-templates diff --git a/2020/CVE-2020-14645.md b/2020/CVE-2020-14645.md index 0a0ec9565..4de14f985 100644 --- a/2020/CVE-2020-14645.md +++ b/2020/CVE-2020-14645.md @@ -31,6 +31,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/NetW0rK1le3r/awesome-hacking-lists - https://github.com/Schira4396/CVE-2020-14645 - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/Y4er/CVE-2020-14645 - https://github.com/YIXINSHUWU/Penetration_Testing_POC diff --git a/2020/CVE-2020-1472.md b/2020/CVE-2020-1472.md index 5bccfbb20..39ef38c14 100644 --- a/2020/CVE-2020-1472.md +++ b/2020/CVE-2020-1472.md @@ -163,6 +163,7 @@ An elevation of privilege vulnerability exists when an attacker establishes a vu - https://github.com/Thomashighbaugh/stars - https://github.com/Threekiii/Awesome-Redteam - https://github.com/Tobey123/CVE-2020-1472-visualizer +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Udyz/Zerologon - https://github.com/VK9D/ZeroLogon - https://github.com/VK9D/ZeroLogon-FullChain diff --git a/2020/CVE-2020-14750.md b/2020/CVE-2020-14750.md index a905a5ac3..699f9f148 100644 --- a/2020/CVE-2020-14750.md +++ b/2020/CVE-2020-14750.md @@ -33,6 +33,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/djytmdj/Tool_Summary +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP - https://github.com/jas502n/CVE-2020-14882 diff --git a/2020/CVE-2020-14815.md b/2020/CVE-2020-14815.md index f57c37ca3..aae7f5287 100644 --- a/2020/CVE-2020-14815.md +++ b/2020/CVE-2020-14815.md @@ -13,6 +13,7 @@ Vulnerability in the Oracle Business Intelligence Enterprise Edition product of - https://www.oracle.com/security-alerts/cpuoct2020.html #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/EdgeSecurityTeam/Vulnerability diff --git a/2020/CVE-2020-14825.md b/2020/CVE-2020-14825.md index 4edfdc420..2958375ef 100644 --- a/2020/CVE-2020-14825.md +++ b/2020/CVE-2020-14825.md @@ -19,6 +19,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet - https://github.com/SexyBeast233/SecBooks - https://github.com/SouthWind0/southwind0.github.io +- https://github.com/TrojanAZhen/Self_Back - https://github.com/gobysec/Weblogic - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/superlink996/chunqiuyunjingbachang diff --git a/2020/CVE-2020-14882.md b/2020/CVE-2020-14882.md index a6ab5d990..b5bd2101b 100644 --- a/2020/CVE-2020-14882.md +++ b/2020/CVE-2020-14882.md @@ -53,6 +53,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/LucasPDiniz/CVE-2020-14882 - https://github.com/LucasPDiniz/StudyRoom - https://github.com/MacAsure/WL_Scan_GO +- https://github.com/Madbat2024/Penetration-test - https://github.com/Manor99/CVE-2020-14882- - https://github.com/MicahFleming/Risk-Assessment-Cap-Stone- - https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence @@ -72,6 +73,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Awesome-Redteam - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Umarovm/-Patched-McMaster-University-Blind-Command-Injection - https://github.com/Weik1/Artillery - https://github.com/XTeam-Wing/CVE-2020-14882 @@ -107,6 +109,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/fei9747/Awesome-CobaltStrike - https://github.com/ferreirasc/redteam-arsenal - https://github.com/forhub2021/weblogicScanner +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hanc00l/some_pocsuite - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/hktalent/TOP @@ -142,6 +145,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/nik0nz7/CVE-2020-14882 - https://github.com/niudaii/go-crack - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/openx-org/BLEN - https://github.com/ovProphet/CVE-2020-14882-checker - https://github.com/pen4uin/awesome-vulnerability-research diff --git a/2020/CVE-2020-14883.md b/2020/CVE-2020-14883.md index 6157270e5..4e9c89876 100644 --- a/2020/CVE-2020-14883.md +++ b/2020/CVE-2020-14883.md @@ -17,6 +17,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/0day666/Vulnerability-verification - https://github.com/0xn0ne/weblogicScanner - https://github.com/1n7erface/PocList +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2020/CVE-2020-14974.md b/2020/CVE-2020-14974.md index 8f2a5d25b..af77d9e93 100644 --- a/2020/CVE-2020-14974.md +++ b/2020/CVE-2020-14974.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/12brendon34/IObit-Unlocker-CSharp - https://github.com/Aterror2be/CVE-2020-14974 +- https://github.com/gmh5225/awesome-game-security diff --git a/2020/CVE-2020-15257.md b/2020/CVE-2020-15257.md index 6e37bffd7..cc3932122 100644 --- a/2020/CVE-2020-15257.md +++ b/2020/CVE-2020-15257.md @@ -23,6 +23,7 @@ No PoCs from references. - https://github.com/PercussiveElbow/docker-security-checklist - https://github.com/SexyBeast233/SecBooks - https://github.com/SouthWind0/southwind0.github.io +- https://github.com/TrojanAZhen/Self_Back - https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground - https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground - https://github.com/alphaSeclab/sec-daily-2020 diff --git a/2020/CVE-2020-15505.md b/2020/CVE-2020-15505.md index 7c30051a0..5c3953e29 100644 --- a/2020/CVE-2020-15505.md +++ b/2020/CVE-2020-15505.md @@ -15,6 +15,7 @@ A remote code execution vulnerability in MobileIron Core & Connector versions 10 #### Github - https://github.com/0xMrNiko/Awesome-Red-Teaming +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet diff --git a/2020/CVE-2020-15778.md b/2020/CVE-2020-15778.md index d61d21893..b186cc86b 100644 --- a/2020/CVE-2020-15778.md +++ b/2020/CVE-2020-15778.md @@ -33,6 +33,7 @@ No PoCs from references. - https://github.com/TarikVUT/secure-fedora38 - https://github.com/Threekiii/Awesome-POC - https://github.com/Totes5706/TotesHTB +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/ZTK-009/Penetration_PoC diff --git a/2020/CVE-2020-16846.md b/2020/CVE-2020-16846.md index ec5ad0267..242cfc839 100644 --- a/2020/CVE-2020-16846.md +++ b/2020/CVE-2020-16846.md @@ -34,6 +34,7 @@ An issue was discovered in SaltStack Salt through 3002. Sending crafted web requ - https://github.com/Z0fhack/Goby_POC - https://github.com/bakery312/Vulhub-Reproduce - https://github.com/d4n-sec/d4n-sec.github.io +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hamza-boudouche/projet-secu - https://github.com/huimzjty/vulwiki - https://github.com/jweny/pocassistdb diff --git a/2020/CVE-2020-16875.md b/2020/CVE-2020-16875.md index 4fbe18dc1..fbfed4e4d 100644 --- a/2020/CVE-2020-16875.md +++ b/2020/CVE-2020-16875.md @@ -25,6 +25,7 @@ - https://github.com/FDlucifer/Proxy-Attackchain - https://github.com/HackingCost/AD_Pentest - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/XTeam-Wing/RedTeaming2020 - https://github.com/alphaSeclab/sec-daily-2020 - https://github.com/hktalent/bug-bounty diff --git a/2020/CVE-2020-16898.md b/2020/CVE-2020-16898.md index da27c463f..01aae718c 100644 --- a/2020/CVE-2020-16898.md +++ b/2020/CVE-2020-16898.md @@ -46,6 +46,7 @@ No PoCs from references. - https://github.com/Rayyan-appsec/ALL-PENTESTING-BIBLE - https://github.com/Saidul-M-Khan/PENTESTING-BIBLE - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WinMin/Protocol-Vul - https://github.com/ZephrFish/CVE-2020-16898 - https://github.com/advanced-threat-research/CVE-2020-16898 diff --git a/2020/CVE-2020-17049.md b/2020/CVE-2020-17049.md index 4d9295585..a935ae6fa 100644 --- a/2020/CVE-2020-17049.md +++ b/2020/CVE-2020-17049.md @@ -75,6 +75,7 @@ No PoCs from references. - https://github.com/pwnlog/PurpAD - https://github.com/qobil7681/Password-cracker - https://github.com/retr0-13/AD-Attack-Defense +- https://github.com/santan2020/ck2 - https://github.com/select-ldl/word_select - https://github.com/suzi007/RedTeam_Note - https://github.com/svbjdbk123/ReadTeam diff --git a/2020/CVE-2020-17496.md b/2020/CVE-2020-17496.md index 1b06d861a..4e2d24929 100644 --- a/2020/CVE-2020-17496.md +++ b/2020/CVE-2020-17496.md @@ -14,6 +14,7 @@ vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWid #### Github - https://github.com/0xT11/CVE-POC +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates diff --git a/2020/CVE-2020-17518.md b/2020/CVE-2020-17518.md index b8a865202..97eee2f72 100644 --- a/2020/CVE-2020-17518.md +++ b/2020/CVE-2020-17518.md @@ -34,6 +34,7 @@ No PoCs from references. - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Z0fhack/Goby_POC - https://github.com/bakery312/Vulhub-Reproduce - https://github.com/bigblackhat/oFx diff --git a/2020/CVE-2020-17519.md b/2020/CVE-2020-17519.md index 401091a11..783cfd0fc 100644 --- a/2020/CVE-2020-17519.md +++ b/2020/CVE-2020-17519.md @@ -48,6 +48,7 @@ A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as - https://github.com/Threekiii/Awesome-Exploit - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Z0fhack/Goby_POC - https://github.com/anonymous364872/Rapier_Tool - https://github.com/apif-review/APIF_tool_2024 diff --git a/2020/CVE-2020-17530.md b/2020/CVE-2020-17530.md index acd7db35f..607a32889 100644 --- a/2020/CVE-2020-17530.md +++ b/2020/CVE-2020-17530.md @@ -44,6 +44,7 @@ Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may - https://github.com/Shadowven/Vulnerability_Reproduction - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/Wrin9/CVE-2021-31805 - https://github.com/Xuyan-cmd/Network-security-attack-and-defense-practice diff --git a/2020/CVE-2020-18048.md b/2020/CVE-2020-18048.md index 38d48d2fd..5ebf3b041 100644 --- a/2020/CVE-2020-18048.md +++ b/2020/CVE-2020-18048.md @@ -10,7 +10,7 @@ An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrar ### POC #### Reference -No PoCs from references. +- https://cwe.mitre.org/data/definitions/77.html #### Github - https://github.com/Live-Hack-CVE/CVE-2020-18048 diff --git a/2020/CVE-2020-18885.md b/2020/CVE-2020-18885.md index e9bd530c3..7e66f8b8e 100644 --- a/2020/CVE-2020-18885.md +++ b/2020/CVE-2020-18885.md @@ -10,7 +10,7 @@ Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary ### POC #### Reference -No PoCs from references. +- https://cwe.mitre.org/data/definitions/77.html #### Github - https://github.com/Live-Hack-CVE/CVE-2020-18885 diff --git a/2020/CVE-2020-19001.md b/2020/CVE-2020-19001.md index 6ded6cdee..daadfd048 100644 --- a/2020/CVE-2020-19001.md +++ b/2020/CVE-2020-19001.md @@ -10,7 +10,7 @@ Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execut ### POC #### Reference -No PoCs from references. +- https://cwe.mitre.org/data/definitions/77.html #### Github - https://github.com/Live-Hack-CVE/CVE-2020-19001 diff --git a/2020/CVE-2020-1938.md b/2020/CVE-2020-1938.md index f628a710a..bc84c687e 100644 --- a/2020/CVE-2020-1938.md +++ b/2020/CVE-2020-1938.md @@ -79,6 +79,7 @@ When using the Apache JServ Protocol (AJP), care must be taken when trusting inc - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Awesome-Redteam - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/Umesh2807/Ghostcat - https://github.com/Warelock/cve-2020-1938 @@ -162,6 +163,7 @@ When using the Apache JServ Protocol (AJP), care must be taken when trusting inc - https://github.com/nibiwodong/CNVD-2020-10487-Tomcat-ajp-POC - https://github.com/nitishbadole/Pentest_Tools - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/Penetration_PoC - https://github.com/password520/RedTeamer - https://github.com/pathakabhi24/Pentest-Tools diff --git a/2020/CVE-2020-1947.md b/2020/CVE-2020-1947.md index e8ef53ed8..3ce284394 100644 --- a/2020/CVE-2020-1947.md +++ b/2020/CVE-2020-1947.md @@ -31,6 +31,7 @@ No PoCs from references. - https://github.com/PalindromeLabs/Java-Deserialization-CVEs - https://github.com/SexyBeast233/SecBooks - https://github.com/StarkChristmas/CVE-2020-1947 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/ZTK-009/Penetration_PoC diff --git a/2020/CVE-2020-1948.md b/2020/CVE-2020-1948.md index 925f8ca35..f84a5e5e9 100644 --- a/2020/CVE-2020-1948.md +++ b/2020/CVE-2020-1948.md @@ -30,6 +30,7 @@ No PoCs from references. - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/PalindromeLabs/Java-Deserialization-CVEs - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/Whoopsunix/PPPRASP - https://github.com/Whoopsunix/PPPVULNS diff --git a/2020/CVE-2020-20982.md b/2020/CVE-2020-20982.md index fd94d7dcc..96d6829e0 100644 --- a/2020/CVE-2020-20982.md +++ b/2020/CVE-2020-20982.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2020/CVE-2020-2109.md b/2020/CVE-2020-2109.md index 2dd7103f6..8ecf25e95 100644 --- a/2020/CVE-2020-2109.md +++ b/2020/CVE-2020-2109.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2020/CVE-2020-24312.md b/2020/CVE-2020-24312.md index efd53fd3b..7b9150c6a 100644 --- a/2020/CVE-2020-24312.md +++ b/2020/CVE-2020-24312.md @@ -13,6 +13,7 @@ mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/StarCrossPortal/scalpel diff --git a/2020/CVE-2020-25217.md b/2020/CVE-2020-25217.md index 32a0b6523..82d7b3974 100644 --- a/2020/CVE-2020-25217.md +++ b/2020/CVE-2020-25217.md @@ -10,7 +10,7 @@ Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Co ### POC #### Reference -No PoCs from references. +- https://cwe.mitre.org/data/definitions/77.html #### Github - https://github.com/Live-Hack-CVE/CVE-2020-25217 diff --git a/2020/CVE-2020-2551.md b/2020/CVE-2020-2551.md index 20cfab3b9..07692da0a 100644 --- a/2020/CVE-2020-2551.md +++ b/2020/CVE-2020-2551.md @@ -135,6 +135,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/netveil/Awesome-List - https://github.com/nitishbadole/Pentest_Tools - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/Penetration_PoC - https://github.com/pathakabhi24/Pentest-Tools - https://github.com/pinkieli/GitHub-Chinese-Top-Charts diff --git a/2020/CVE-2020-25540.md b/2020/CVE-2020-25540.md index 5d6a5b50e..70e1c466c 100644 --- a/2020/CVE-2020-25540.md +++ b/2020/CVE-2020-25540.md @@ -24,6 +24,7 @@ ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorize - https://github.com/Schira4396/CVE-2020-25540 - https://github.com/SexyBeast233/SecBooks - https://github.com/SouthWind0/southwind0.github.io +- https://github.com/TrojanAZhen/Self_Back - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/dudek-marcin/Poc-Exp diff --git a/2020/CVE-2020-2555.md b/2020/CVE-2020-2555.md index 9bcc7e735..d201013a6 100644 --- a/2020/CVE-2020-2555.md +++ b/2020/CVE-2020-2555.md @@ -75,6 +75,7 @@ Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (compo - https://github.com/R0ser1/GadgetInspector - https://github.com/SexyBeast233/SecBooks - https://github.com/TacticsTeam/sg_ysoserial +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/Uvemode/CVE-2020-2555 - https://github.com/Weik1/Artillery @@ -128,6 +129,7 @@ Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (compo - https://github.com/nu11secur1ty/CVE-mitre - https://github.com/nu11secur1ty/CVE-nu11secur1ty - https://github.com/nu11secur1ty/Windows10Exploits +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/Penetration_PoC - https://github.com/pinkieli/GitHub-Chinese-Top-Charts - https://github.com/qazbnm456/awesome-cve-poc diff --git a/2020/CVE-2020-26258.md b/2020/CVE-2020-26258.md index 83cd90dd6..c6b9f6c6b 100644 --- a/2020/CVE-2020-26258.md +++ b/2020/CVE-2020-26258.md @@ -23,6 +23,7 @@ No PoCs from references. - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Veraxy00/XStream-vul-poc - https://github.com/Whoopsunix/PPPVULNS - https://github.com/d4n-sec/d4n-sec.github.io diff --git a/2020/CVE-2020-27130.md b/2020/CVE-2020-27130.md index 58fbed382..267195446 100644 --- a/2020/CVE-2020-27130.md +++ b/2020/CVE-2020-27130.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/alphaSeclab/sec-daily-2020 +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2020/CVE-2020-27131.md b/2020/CVE-2020-27131.md index c648af58c..5782bab0d 100644 --- a/2020/CVE-2020-27131.md +++ b/2020/CVE-2020-27131.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/EdgeSecurityTeam/Vulnerability - https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet - https://github.com/SexyBeast233/SecBooks +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet - https://github.com/tzwlhack/Vulnerability diff --git a/2020/CVE-2020-27194.md b/2020/CVE-2020-27194.md index 83e8806ea..577d91121 100644 --- a/2020/CVE-2020-27194.md +++ b/2020/CVE-2020-27194.md @@ -19,6 +19,7 @@ An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or i - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits - https://github.com/OrangeGzY/security-research-learning - https://github.com/XiaozaYa/CVE-Recording +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/developer3000S/PoC-in-GitHub diff --git a/2020/CVE-2020-27982.md b/2020/CVE-2020-27982.md index 62d5aceab..28ebfa97c 100644 --- a/2020/CVE-2020-27982.md +++ b/2020/CVE-2020-27982.md @@ -14,6 +14,7 @@ IceWarp 11.4.5.0 allows XSS via the language parameter. - https://cxsecurity.com/issue/WLB-2020100161 #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates diff --git a/2020/CVE-2020-2883.md b/2020/CVE-2020-2883.md index d53dd42b8..9a4ab0247 100644 --- a/2020/CVE-2020-2883.md +++ b/2020/CVE-2020-2883.md @@ -96,6 +96,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/neilzhang1/Chinese-Charts - https://github.com/netveil/Awesome-List - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/password520/Penetration_PoC - https://github.com/pinkieli/GitHub-Chinese-Top-Charts - https://github.com/qi4L/WeblogicScan.go diff --git a/2020/CVE-2020-35121.md b/2020/CVE-2020-35121.md new file mode 100644 index 000000000..c8fa6832a --- /dev/null +++ b/2020/CVE-2020-35121.md @@ -0,0 +1,17 @@ +### [CVE-2020-35121](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35121) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro. + +### POC + +#### Reference +- https://bitbucket.org/keysight/keysight-plugins-for-atlassian-products/wiki/Confluence%20Plugins/Database%20Plugin + +#### Github +No PoCs found on GitHub currently. + diff --git a/2020/CVE-2020-35122.md b/2020/CVE-2020-35122.md new file mode 100644 index 000000000..f31dc4e81 --- /dev/null +++ b/2020/CVE-2020-35122.md @@ -0,0 +1,17 @@ +### [CVE-2020-35122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35122) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection. + +### POC + +#### Reference +- https://bitbucket.org/keysight/keysight-plugins-for-atlassian-products/wiki/Confluence%20Plugins/Database%20Plugin + +#### Github +No PoCs found on GitHub currently. + diff --git a/2020/CVE-2020-35452.md b/2020/CVE-2020-35452.md index d43880554..16cb57625 100644 --- a/2020/CVE-2020-35452.md +++ b/2020/CVE-2020-35452.md @@ -19,4 +19,5 @@ Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can - https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 diff --git a/2020/CVE-2020-36541.md b/2020/CVE-2020-36541.md index d1d0842ba..362657b09 100644 --- a/2020/CVE-2020-36541.md +++ b/2020/CVE-2020-36541.md @@ -11,6 +11,7 @@ A vulnerability was found in Demokratian. It has been rated as critical. Affecte #### Reference - https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian +- https://bitbucket.org/csalgadow/demokratian_votaciones/commits/b56c48b519fc52efa65404c312ea9bbde320e3fa - https://vuldb.com/?id.159434 #### Github diff --git a/2020/CVE-2020-36542.md b/2020/CVE-2020-36542.md index 4dfcfc48c..0254b9eba 100644 --- a/2020/CVE-2020-36542.md +++ b/2020/CVE-2020-36542.md @@ -11,6 +11,7 @@ A vulnerability classified as critical has been found in Demokratian. This affec #### Reference - https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian +- https://bitbucket.org/csalgadow/demokratian_votaciones/commits/0d073ee461edd5f42528d41e00bf0a7b22e86bb3 - https://vuldb.com/?id.159435 #### Github diff --git a/2020/CVE-2020-5902.md b/2020/CVE-2020-5902.md index 73c23ca4e..e56f213c9 100644 --- a/2020/CVE-2020-5902.md +++ b/2020/CVE-2020-5902.md @@ -102,6 +102,7 @@ In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12. - https://github.com/TheCyberViking/CVE-2020-5902-Vuln-Checker - https://github.com/TheCyberViking/TheCyberViking - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/Un4gi/CVE-2020-5902 - https://github.com/Waseem27-art/ART-TOOLKIT diff --git a/2020/CVE-2020-6383.md b/2020/CVE-2020-6383.md index 022981ad5..51c187597 100644 --- a/2020/CVE-2020-6383.md +++ b/2020/CVE-2020-6383.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/anvbis/chrome_v8_ndays +- https://github.com/ernestang98/win-exploits - https://github.com/tianstcht/v8-exploit - https://github.com/ulexec/Exploits - https://github.com/wh1ant/vulnjs diff --git a/2020/CVE-2020-7471.md b/2020/CVE-2020-7471.md index 225f2f9d8..690978f4a 100644 --- a/2020/CVE-2020-7471.md +++ b/2020/CVE-2020-7471.md @@ -29,6 +29,7 @@ No PoCs from references. - https://github.com/SexyBeast233/SecBooks - https://github.com/SurfRid3r/Django_vulnerability_analysis - https://github.com/Tempuss/CTF_CVE-2020-7471 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/YIXINSHUWU/Penetration_Testing_POC - https://github.com/ZTK-009/Penetration_PoC diff --git a/2020/CVE-2020-7799.md b/2020/CVE-2020-7799.md index 10e8b317f..3415c043f 100644 --- a/2020/CVE-2020-7799.md +++ b/2020/CVE-2020-7799.md @@ -18,6 +18,7 @@ An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allo - https://github.com/ARPSyndicate/cvemon - https://github.com/Pikaqi/cve-2020-7799 - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/apachecn-archive/Middleware-Vulnerability-detection - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/huimzjty/vulwiki diff --git a/2020/CVE-2020-7931.md b/2020/CVE-2020-7931.md index 3f7b0ca48..606fa72c0 100644 --- a/2020/CVE-2020-7931.md +++ b/2020/CVE-2020-7931.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/0xT11/CVE-POC - https://github.com/ARPSyndicate/cvemon +- https://github.com/TrojanAZhen/Self_Back - https://github.com/anquanscan/sec-tools - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/gquere/CVE-2020-7931 diff --git a/2020/CVE-2020-8191.md b/2020/CVE-2020-8191.md index 04c1cd4b3..4d361eefe 100644 --- a/2020/CVE-2020-8191.md +++ b/2020/CVE-2020-8191.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/0ps/pocassistdb +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates diff --git a/2020/CVE-2020-8209.md b/2020/CVE-2020-8209.md index c7fda6314..de059c4b3 100644 --- a/2020/CVE-2020-8209.md +++ b/2020/CVE-2020-8209.md @@ -34,6 +34,7 @@ No PoCs from references. - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/dudek-marcin/Poc-Exp +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hectorgie/PoC-in-GitHub - https://github.com/lovechinacoco/https-github.com-mai-lang-chai-Middleware-Vulnerability-detection - https://github.com/merlinepedra/nuclei-templates diff --git a/2020/CVE-2020-8515.md b/2020/CVE-2020-8515.md index 20b440455..2f210071d 100644 --- a/2020/CVE-2020-8515.md +++ b/2020/CVE-2020-8515.md @@ -17,6 +17,7 @@ DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1. - https://github.com/0day404/vulnerability-poc - https://github.com/0xT11/CVE-POC - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/pocsuite - https://github.com/20142995/pocsuite3 - https://github.com/3gstudent/Homework-of-Python diff --git a/2020/CVE-2020-8835.md b/2020/CVE-2020-8835.md index 6ec3d19cf..e783818c0 100644 --- a/2020/CVE-2020-8835.md +++ b/2020/CVE-2020-8835.md @@ -26,6 +26,7 @@ In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) di - https://github.com/Prabhashaka/IT19147192-CVE-2020-8835 - https://github.com/SplendidSky/CVE-2020-8835 - https://github.com/XiaozaYa/CVE-Recording +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/developer3000S/PoC-in-GitHub diff --git a/2020/CVE-2020-8982.md b/2020/CVE-2020-8982.md index f7f10d10e..2390e7a87 100644 --- a/2020/CVE-2020-8982.md +++ b/2020/CVE-2020-8982.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/0xT11/CVE-POC +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/DimitriNL/CTX-CVE-2020-7473 diff --git a/2020/CVE-2020-9484.md b/2020/CVE-2020-9484.md index ff393b1cb..a622bc3a8 100644 --- a/2020/CVE-2020-9484.md +++ b/2020/CVE-2020-9484.md @@ -56,6 +56,7 @@ When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8. - https://github.com/RepublicR0K/CVE-2020-9484 - https://github.com/SexyBeast233/SecBooks - https://github.com/Spacial/awesome-csirt +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyro-Shan/gongkaishouji - https://github.com/VICXOR/CVE-2020-9484 - https://github.com/Xslover/CVE-2020-9484-Scanner diff --git a/2020/CVE-2020-9490.md b/2020/CVE-2020-9490.md index e97430037..490b9df21 100644 --- a/2020/CVE-2020-9490.md +++ b/2020/CVE-2020-9490.md @@ -25,6 +25,7 @@ Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the - https://github.com/Totes5706/TotesHTB - https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network - https://github.com/hound672/BlackBox-CI-CD-script +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/vshaliii/Funbox2-rookie - https://github.com/vshaliii/Vegeta1-Vulhub-Walkthrough diff --git a/2020/CVE-2020-9496.md b/2020/CVE-2020-9496.md index c8baefff1..33d6147b6 100644 --- a/2020/CVE-2020-9496.md +++ b/2020/CVE-2020-9496.md @@ -18,6 +18,7 @@ XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scriptin - https://github.com/0xT11/CVE-POC - https://github.com/0xaniketB/HackTheBox-Monitors - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/sectool - https://github.com/360quake/papers - https://github.com/ARPSyndicate/cvemon diff --git a/2020/CVE-2020-9757.md b/2020/CVE-2020-9757.md index 140666c4b..aa2689e1a 100644 --- a/2020/CVE-2020-9757.md +++ b/2020/CVE-2020-9757.md @@ -13,6 +13,7 @@ The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template In No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates diff --git a/2021/CVE-2021-1675.md b/2021/CVE-2021-1675.md index 020480aa1..d37ef9eb5 100644 --- a/2021/CVE-2021-1675.md +++ b/2021/CVE-2021-1675.md @@ -50,6 +50,7 @@ Windows Print Spooler Remote Code Execution Vulnerability - http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html #### Github +- https://github.com/0housefly0/Printnightmare - https://github.com/0x727/usefull-elevation-of-privilege - https://github.com/0xHunterr/OSCP-Study-Notes - https://github.com/0xHunterr/OSCP-Studying-Notes @@ -91,6 +92,7 @@ Windows Print Spooler Remote Code Execution Vulnerability - https://github.com/G0urmetD/PJPT-Notes - https://github.com/Getshell/CobaltStrike - https://github.com/GhostTroops/TOP +- https://github.com/Gyarbij/xknow_infosec - https://github.com/H0j3n/EzpzCheatSheet - https://github.com/HackingCost/AD_Pentest - https://github.com/Hatcat123/my_stars @@ -132,6 +134,7 @@ Windows Print Spooler Remote Code Execution Vulnerability - https://github.com/TheLastochka/pentest - https://github.com/Threekiii/Awesome-Redteam - https://github.com/Tomparte/PrintNightmare +- https://github.com/TrojanAZhen/Self_Back - https://github.com/VK9D/PrintNightmare - https://github.com/WhooAmii/POC_to_review - https://github.com/WidespreadPandemic/CVE-2021-34527_ACL_mitigation diff --git a/2021/CVE-2021-1732.md b/2021/CVE-2021-1732.md index c78db6525..811cd272a 100644 --- a/2021/CVE-2021-1732.md +++ b/2021/CVE-2021-1732.md @@ -63,6 +63,7 @@ Windows Win32k Elevation of Privilege Vulnerability - https://github.com/SofianeHamlaoui/Conti-Clear - https://github.com/Spacial/awesome-csirt - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/YOunGWebER/cve_2021_1732 - https://github.com/YangSirrr/YangsirStudyPlan diff --git a/2021/CVE-2021-20050.md b/2021/CVE-2021-20050.md index 1f6e2dc01..cb6e0bb24 100644 --- a/2021/CVE-2021-20050.md +++ b/2021/CVE-2021-20050.md @@ -16,4 +16,5 @@ No PoCs from references. - https://github.com/InfoSecPolkCounty/CVE2021-40444-document-Scanner - https://github.com/Live-Hack-CVE/CVE-2021-20050 - https://github.com/RedTeamExp/CVE-2021-22005_PoC +- https://github.com/TrojanAZhen/Self_Back diff --git a/2021/CVE-2021-2109.md b/2021/CVE-2021-2109.md index 0261d4d75..678c9ea23 100644 --- a/2021/CVE-2021-2109.md +++ b/2021/CVE-2021-2109.md @@ -47,6 +47,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/SexyBeast233/SecBooks - https://github.com/Shadowven/Vulnerability_Reproduction - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Vulnmachines/oracle-weblogic-CVE-2021-2109 - https://github.com/WhooAmii/POC_to_review - https://github.com/WingsSec/Meppo @@ -57,6 +58,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/dinosn/CVE-2021-2109 - https://github.com/fardeen-ahmed/Bug-bounty-Writeups +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/hktalent/bug-bounty - https://github.com/huike007/penetration_poc - https://github.com/k0mi-tg/CVE-POC diff --git a/2021/CVE-2021-21300.md b/2021/CVE-2021-21300.md index f8f4f130f..9fd21897e 100644 --- a/2021/CVE-2021-21300.md +++ b/2021/CVE-2021-21300.md @@ -34,6 +34,7 @@ Git is an open-source distributed revision control system. In affected versions - https://github.com/Saboor-Hakimi-23/CVE-2021-21300 - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/bollwarm/SecToolSet - https://github.com/d4n-sec/d4n-sec.github.io diff --git a/2021/CVE-2021-21479.md b/2021/CVE-2021-21479.md index 8bf514deb..0cd24addc 100644 --- a/2021/CVE-2021-21479.md +++ b/2021/CVE-2021-21479.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2021/CVE-2021-21799.md b/2021/CVE-2021-21799.md index 34c1568d9..f046c0ed3 100644 --- a/2021/CVE-2021-21799.md +++ b/2021/CVE-2021-21799.md @@ -16,4 +16,5 @@ Cross-site scripting vulnerabilities exist in the telnet_form.php script functio - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Live-Hack-CVE/CVE-2021-21799 +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2021/CVE-2021-21972.md b/2021/CVE-2021-21972.md index 86709af1a..aa0f8f249 100644 --- a/2021/CVE-2021-21972.md +++ b/2021/CVE-2021-21972.md @@ -66,6 +66,7 @@ The vSphere Client (HTML5) contains a remote code execution vulnerability in a v - https://github.com/SouthWind0/southwind0.github.io - https://github.com/TaroballzChen/CVE-2021-21972 - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Udyz/CVE-2021-21972 - https://github.com/Vulnmachines/VmWare-vCenter-vulnerability - https://github.com/W01fh4cker/VcenterKit @@ -123,6 +124,7 @@ The vSphere Client (HTML5) contains a remote code execution vulnerability in a v - https://github.com/n1sh1th/CVE-POC - https://github.com/nitishbadole/oscp-note-3 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/orangmuda/CVE-2021-21972 - https://github.com/orgTestCodacy11KRepos110MB/repo-3569-collection-document - https://github.com/oscpname/OSCP_cheat diff --git a/2021/CVE-2021-21975.md b/2021/CVE-2021-21975.md index a5b228d61..ec23b895c 100644 --- a/2021/CVE-2021-21975.md +++ b/2021/CVE-2021-21975.md @@ -45,6 +45,7 @@ Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) - https://github.com/TheTh1nk3r/exp_hub - https://github.com/Threekiii/Awesome-POC - https://github.com/Timirepo/CVE_Exploits +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Vulnmachines/VMWare-CVE-2021-21975 - https://github.com/Vulnmachines/VmWare-vCenter-vulnerability - https://github.com/WhooAmii/POC_to_review diff --git a/2021/CVE-2021-21978.md b/2021/CVE-2021-21978.md index 05cc2eea0..699af9bfb 100644 --- a/2021/CVE-2021-21978.md +++ b/2021/CVE-2021-21978.md @@ -28,6 +28,7 @@ VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code exe - https://github.com/SYRTI/POC_to_review - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/Z0fhack/Goby_POC - https://github.com/bhassani/Recent-CVE diff --git a/2021/CVE-2021-21985.md b/2021/CVE-2021-21985.md index be332d258..71d877a5b 100644 --- a/2021/CVE-2021-21985.md +++ b/2021/CVE-2021-21985.md @@ -35,6 +35,7 @@ The vSphere Client (HTML5) contains a remote code execution vulnerability due to - https://github.com/SexyBeast233/SecBooks - https://github.com/SofianeHamlaoui/Conti-Clear - https://github.com/Spacial/awesome-csirt +- https://github.com/TrojanAZhen/Self_Back - https://github.com/W01fh4cker/VcenterKit - https://github.com/WhooAmii/POC_to_review - https://github.com/Z0fhack/Goby_POC @@ -64,6 +65,7 @@ The vSphere Client (HTML5) contains a remote code execution vulnerability due to - https://github.com/n1sh1th/CVE-POC - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/onSec-fr/CVE-2021-21985-Checker +- https://github.com/onewinner/VulToolsKit - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research - https://github.com/pen4uin/vulnerability-research-list diff --git a/2021/CVE-2021-22005.md b/2021/CVE-2021-22005.md index 65f061d45..00e46984b 100644 --- a/2021/CVE-2021-22005.md +++ b/2021/CVE-2021-22005.md @@ -43,6 +43,7 @@ The vCenter Server contains an arbitrary file upload vulnerability in the Analyt - https://github.com/Threekiii/Awesome-POC - https://github.com/TiagoSergio/CVE-2021-22005 - https://github.com/Timirepo/CVE_Exploits +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Vulnmachines/VmWare-vCenter-vulnerability - https://github.com/W01fh4cker/VcenterKit - https://github.com/WhooAmii/POC_to_review @@ -67,6 +68,7 @@ The vCenter Server contains an arbitrary file upload vulnerability in the Analyt - https://github.com/manas3c/CVE-POC - https://github.com/nday-ldgz/ZoomEye-dork - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main - https://github.com/pen4uin/awesome-vulnerability-research - https://github.com/pen4uin/vulnerability-research diff --git a/2021/CVE-2021-22214.md b/2021/CVE-2021-22214.md index 1d92a672c..2c3d721dc 100644 --- a/2021/CVE-2021-22214.md +++ b/2021/CVE-2021-22214.md @@ -26,6 +26,7 @@ When requests to the internal network for webhooks are enabled, a server-side re - https://github.com/SYRTI/POC_to_review - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Vulnmachines/gitlab-cve-2021-22214 - https://github.com/WhooAmii/POC_to_review - https://github.com/YuraveON/YuraveON diff --git a/2021/CVE-2021-22555.md b/2021/CVE-2021-22555.md index de85fe656..8e643c6fb 100644 --- a/2021/CVE-2021-22555.md +++ b/2021/CVE-2021-22555.md @@ -46,9 +46,11 @@ A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in n - https://github.com/PIG-007/kernelAll - https://github.com/SYRTI/POC_to_review - https://github.com/Snoopy-Sec/Localroot-ALL-CVE +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/XiaozaYa/CVE-Recording - https://github.com/YunDingLab/struct_sanitizer +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground - https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground - https://github.com/arttnba3/D3CTF2023_d3kcache diff --git a/2021/CVE-2021-22986.md b/2021/CVE-2021-22986.md index 14e84a1dd..288aea050 100644 --- a/2021/CVE-2021-22986.md +++ b/2021/CVE-2021-22986.md @@ -18,6 +18,7 @@ On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before - https://github.com/189569400/Meppo - https://github.com/1n7erface/PocList - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/sectool - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates @@ -48,6 +49,7 @@ On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before - https://github.com/SouthWind0/southwind0.github.io - https://github.com/Tas9er/CVE-2021-22986 - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Udyz/CVE-2021-22986-SSRF2RCE - https://github.com/WhooAmii/POC_to_review - https://github.com/WingsSec/Meppo diff --git a/2021/CVE-2021-2394.md b/2021/CVE-2021-2394.md index cea8b0a80..43d420e6a 100644 --- a/2021/CVE-2021-2394.md +++ b/2021/CVE-2021-2394.md @@ -23,6 +23,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/KayCHENvip/vulnerability-poc - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/fasanhlieu/CVE-2021-2394 - https://github.com/freeide/CVE-2021-2394 diff --git a/2021/CVE-2021-25646.md b/2021/CVE-2021-25646.md index f33f13e8b..a3e4620e2 100644 --- a/2021/CVE-2021-25646.md +++ b/2021/CVE-2021-25646.md @@ -45,6 +45,7 @@ Apache Druid includes the ability to execute user-provided JavaScript code embed - https://github.com/SpiritixCS/ToolBox - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Vulnmachines/Apache-Druid-CVE-2021-25646 - https://github.com/W4nde3/toolkits - https://github.com/WhooAmii/POC_to_review diff --git a/2021/CVE-2021-26084.md b/2021/CVE-2021-26084.md index 01a5ac170..50de71aed 100644 --- a/2021/CVE-2021-26084.md +++ b/2021/CVE-2021-26084.md @@ -144,6 +144,7 @@ In affected versions of Confluence Server and Data Center, an OGNL injection vul - https://github.com/nizarbamida/CVE-2021-26084-patch- - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/numencyber/atlassian_pbkdf2_dehash +- https://github.com/onewinner/VulToolsKit - https://github.com/openx-org/BLEN - https://github.com/orangmuda/CVE-2021-26084 - https://github.com/orgTestCodacy11KRepos110MB/repo-5222-ShuiZe_0x727 diff --git a/2021/CVE-2021-26295.md b/2021/CVE-2021-26295.md index 9e3e0a8d2..66b746b7e 100644 --- a/2021/CVE-2021-26295.md +++ b/2021/CVE-2021-26295.md @@ -42,6 +42,7 @@ Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated at - https://github.com/TheTh1nk3r/exp_hub - https://github.com/Threekiii/Awesome-POC - https://github.com/Timirepo/CVE_Exploits +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/YinWC/2021hvv_vul - https://github.com/Z0fhack/Goby_POC diff --git a/2021/CVE-2021-26690.md b/2021/CVE-2021-26690.md index ad9feb85f..480d305a4 100644 --- a/2021/CVE-2021-26690.md +++ b/2021/CVE-2021-26690.md @@ -20,4 +20,5 @@ Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header ha - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch - https://github.com/fkm75P8YjLkb/CVE-2021-26690 +- https://github.com/jkiala2/Projet_etude_M1 diff --git a/2021/CVE-2021-26691.md b/2021/CVE-2021-26691.md index 9cef7f67e..63066ffeb 100644 --- a/2021/CVE-2021-26691.md +++ b/2021/CVE-2021-26691.md @@ -22,5 +22,6 @@ In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader - https://github.com/firatesatoglu/shodanSearch - https://github.com/fkm75P8YjLkb/CVE-2021-26691 - https://github.com/hound672/BlackBox-CI-CD-script +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/rmtec/modeswitcher diff --git a/2021/CVE-2021-26708.md b/2021/CVE-2021-26708.md index 5eda063b4..9e3884b6d 100644 --- a/2021/CVE-2021-26708.md +++ b/2021/CVE-2021-26708.md @@ -24,6 +24,7 @@ A local privilege escalation was discovered in the Linux kernel before 5.10.13. - https://github.com/bsauce/kernel-security-learning - https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi - https://github.com/c4pt000/kernel-6.6.0-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi +- https://github.com/c4pt000/kernel-6.8.3-expSEHDsec-fclock-fsync-cpu - https://github.com/developer3000S/PoC-in-GitHub - https://github.com/hancp2016/news - https://github.com/hardenedvault/vault_range_poc diff --git a/2021/CVE-2021-26855.md b/2021/CVE-2021-26855.md index 7db495371..70535492b 100644 --- a/2021/CVE-2021-26855.md +++ b/2021/CVE-2021-26855.md @@ -80,6 +80,7 @@ Microsoft Exchange Server Remote Code Execution Vulnerability - https://github.com/LearnGolang/LearnGolang - https://github.com/M-AAS/CSIRT - https://github.com/MacAsure/cve-2021-26855 +- https://github.com/Madbat2024/Penetration-test - https://github.com/MicahFleming/Risk-Assessment-Cap-Stone- - https://github.com/Mr-xn/CVE-2021-26855-d - https://github.com/Mr-xn/Penetration_Testing_POC @@ -87,6 +88,7 @@ Microsoft Exchange Server Remote Code Execution Vulnerability - https://github.com/NaInSec/CVE-PoC-in-GitHub - https://github.com/NarbehJackson/python-flask-ssrfpdf-to-lfi - https://github.com/Nick-Yin12/106362522 +- https://github.com/NoTsPepino/Shodan-Dorking - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/PEASEC/msexchange-server-cti-dataset @@ -103,6 +105,7 @@ Microsoft Exchange Server Remote Code Execution Vulnerability - https://github.com/TaroballzChen/ProxyLogon-CVE-2021-26855-metasploit - https://github.com/Th3eCrow/CVE-2021-26855-SSRF-Exchange - https://github.com/TheDudeD6/ExchangeSmash +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Udyz/Proxylogon - https://github.com/WhooAmii/POC_to_review - https://github.com/WiredPulse/Invoke-HAFNIUMCheck.ps1 diff --git a/2021/CVE-2021-27330.md b/2021/CVE-2021-27330.md index 5846262a3..3192204ce 100644 --- a/2021/CVE-2021-27330.md +++ b/2021/CVE-2021-27330.md @@ -14,6 +14,7 @@ Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) i - https://www.exploit-db.com/exploits/49597 #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2021/CVE-2021-27363.md b/2021/CVE-2021-27363.md index 68e4f050b..9ad8f83ce 100644 --- a/2021/CVE-2021-27363.md +++ b/2021/CVE-2021-27363.md @@ -20,6 +20,7 @@ An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer lea - https://github.com/bollwarm/SecToolSet - https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi - https://github.com/c4pt000/kernel-6.6.0-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi +- https://github.com/c4pt000/kernel-6.8.3-expSEHDsec-fclock-fsync-cpu - https://github.com/kdn111/linux-kernel-exploitation - https://github.com/khanhdn111/linux-kernel-exploitation - https://github.com/khanhdz-06/linux-kernel-exploitation diff --git a/2021/CVE-2021-27364.md b/2021/CVE-2021-27364.md index a24d27792..59be2b265 100644 --- a/2021/CVE-2021-27364.md +++ b/2021/CVE-2021-27364.md @@ -21,6 +21,7 @@ An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_tr - https://github.com/bollwarm/SecToolSet - https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi - https://github.com/c4pt000/kernel-6.6.0-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi +- https://github.com/c4pt000/kernel-6.8.3-expSEHDsec-fclock-fsync-cpu - https://github.com/kdn111/linux-kernel-exploitation - https://github.com/khanhdn111/linux-kernel-exploitation - https://github.com/khanhdz-06/linux-kernel-exploitation diff --git a/2021/CVE-2021-27365.md b/2021/CVE-2021-27365.md index 2e50d93cb..771a90d89 100644 --- a/2021/CVE-2021-27365.md +++ b/2021/CVE-2021-27365.md @@ -21,10 +21,12 @@ An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data s - https://github.com/EGI-Federation/SVG-advisories - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/aaronxie55/Presentation2_Markdown - https://github.com/bollwarm/SecToolSet - https://github.com/c4pt000/kernel-5.11.6-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi - https://github.com/c4pt000/kernel-6.6.0-expSEHDsec-HAXM-cgroup-virtio-nvidia-amd-kaliwifi +- https://github.com/c4pt000/kernel-6.8.3-expSEHDsec-fclock-fsync-cpu - https://github.com/eeenvik1/scripts_for_YouTrack - https://github.com/gipi/cve-cemetery - https://github.com/kdn111/linux-kernel-exploitation diff --git a/2021/CVE-2021-28153.md b/2021/CVE-2021-28153.md index 038bded8f..3ab89b67f 100644 --- a/2021/CVE-2021-28153.md +++ b/2021/CVE-2021-28153.md @@ -14,4 +14,5 @@ An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is us #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/vulsio/goval-dictionary diff --git a/2021/CVE-2021-29442.md b/2021/CVE-2021-29442.md index 29274e0af..86f204104 100644 --- a/2021/CVE-2021-29442.md +++ b/2021/CVE-2021-29442.md @@ -16,6 +16,7 @@ Nacos is a platform designed for dynamic service discovery and configuration and - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/Elsfa7-110/kenzer-templates +- https://github.com/Threekiii/Awesome-POC - https://github.com/afzalbin64/accuknox-policy-temp - https://github.com/kubearmor/policy-templates diff --git a/2021/CVE-2021-29505.md b/2021/CVE-2021-29505.md index ae043b839..bf9008956 100644 --- a/2021/CVE-2021-29505.md +++ b/2021/CVE-2021-29505.md @@ -27,6 +27,7 @@ XStream is software for serializing Java objects to XML and back again. A vulner - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/Whoopsunix/PPPVULNS - https://github.com/apachecn-archive/Middleware-Vulnerability-detection diff --git a/2021/CVE-2021-30179.md b/2021/CVE-2021-30179.md index 959771daa..71219ae8a 100644 --- a/2021/CVE-2021-30179.md +++ b/2021/CVE-2021-30179.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/Armandhe-China/ApacheDubboSerialVuln - https://github.com/SexyBeast233/SecBooks +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Whoopsunix/PPPVULNS - https://github.com/lz2y/DubboPOC diff --git a/2021/CVE-2021-3019.md b/2021/CVE-2021-3019.md index f4ec2592d..67911648f 100644 --- a/2021/CVE-2021-3019.md +++ b/2021/CVE-2021-3019.md @@ -33,6 +33,7 @@ No PoCs from references. - https://github.com/SexyBeast233/SecBooks - https://github.com/TesterCC/exp_poc_library - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/WingsSec/Meppo - https://github.com/Z0fhack/Goby_POC diff --git a/2021/CVE-2021-30641.md b/2021/CVE-2021-30641.md index bcaed3e20..8f1b518a4 100644 --- a/2021/CVE-2021-30641.md +++ b/2021/CVE-2021-30641.md @@ -17,4 +17,5 @@ Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with ' - https://github.com/PierreChrd/py-projet-tut - https://github.com/Totes5706/TotesHTB - https://github.com/fkm75P8YjLkb/CVE-2021-30641 +- https://github.com/jkiala2/Projet_etude_M1 diff --git a/2021/CVE-2021-30860.md b/2021/CVE-2021-30860.md index 1cd8852f2..79473335d 100644 --- a/2021/CVE-2021-30860.md +++ b/2021/CVE-2021-30860.md @@ -31,6 +31,7 @@ An integer overflow was addressed with improved input validation. This issue is - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/SYRTI/POC_to_review +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review - https://github.com/ex0dus-0x/awesome-rust-security - https://github.com/houjingyi233/macOS-iOS-system-security diff --git a/2021/CVE-2021-3129.md b/2021/CVE-2021-3129.md index b401c0a75..e8acb7622 100644 --- a/2021/CVE-2021-3129.md +++ b/2021/CVE-2021-3129.md @@ -61,6 +61,7 @@ Ignition before 2.5.2, as used in Laravel and other products, allows unauthentic - https://github.com/SirElmard/ethical_hacking - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/W-zrd/UniXploit - https://github.com/WhooAmii/POC_to_review - https://github.com/XuCcc/VulEnv @@ -115,6 +116,7 @@ Ignition before 2.5.2, as used in Laravel and other products, allows unauthentic - https://github.com/pen4uin/vulnerability-research-list - https://github.com/qingchenhh/Tools-collection - https://github.com/r3volved/CVEAggregate +- https://github.com/ramimac/aws-customer-security-incidents - https://github.com/randolphcyg/nuclei-plus - https://github.com/revanmalang/OSCP - https://github.com/shadowabi/Laravel-CVE-2021-3129 diff --git a/2021/CVE-2021-31440.md b/2021/CVE-2021-31440.md index b7b25f50d..b66b675f0 100644 --- a/2021/CVE-2021-31440.md +++ b/2021/CVE-2021-31440.md @@ -19,6 +19,7 @@ This vulnerability allows local attackers to escalate privileges on affected ins - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits - https://github.com/XiaozaYa/CVE-Recording +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground - https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground - https://github.com/bsauce/kernel-exploit-factory diff --git a/2021/CVE-2021-3156.md b/2021/CVE-2021-3156.md index 8fbe08fae..c744f62a4 100644 --- a/2021/CVE-2021-3156.md +++ b/2021/CVE-2021-3156.md @@ -118,11 +118,13 @@ Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based - https://github.com/Timirepo/CVE_Exploits - https://github.com/Toufupi/CVE_Collection - https://github.com/Trivialcorgi/Proyecto-Prueba-PPS +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Whiteh4tWolf/Sudo-1.8.31-Root-Exploit - https://github.com/Whiteh4tWolf/xcoderootsploit - https://github.com/WhooAmii/POC_to_review - https://github.com/Y3A/CVE-2021-3156 - https://github.com/ZTK-009/CVE-2021-3156 +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/aasphixie/aasphixie.github.io - https://github.com/abedra/securing_security_software - https://github.com/ajtech-hue/CVE-2021-3156-Mitigation-ShellScript-Build diff --git a/2021/CVE-2021-33193.md b/2021/CVE-2021-33193.md index b6bc4f5cc..2de3e9b9d 100644 --- a/2021/CVE-2021-33193.md +++ b/2021/CVE-2021-33193.md @@ -21,6 +21,7 @@ A crafted method sent through HTTP/2 will bypass validation and be forwarded by - https://github.com/Totes5706/TotesHTB - https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network - https://github.com/bioly230/THM_Skynet +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/soosmile/POC diff --git a/2021/CVE-2021-3377.md b/2021/CVE-2021-3377.md index 5626abda4..7e07a38d0 100644 --- a/2021/CVE-2021-3377.md +++ b/2021/CVE-2021-3377.md @@ -13,6 +13,7 @@ The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANS No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2021/CVE-2021-34429.md b/2021/CVE-2021-34429.md index 1ddeaaed4..bd32c96df 100644 --- a/2021/CVE-2021-34429.md +++ b/2021/CVE-2021-34429.md @@ -25,6 +25,7 @@ For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs ca - https://github.com/SexyBeast233/SecBooks - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Z0fhack/Goby_POC - https://github.com/anquanscan/sec-tools - https://github.com/bakery312/Vulhub-Reproduce diff --git a/2021/CVE-2021-34527.md b/2021/CVE-2021-34527.md index 40aea3cac..7c2263047 100644 --- a/2021/CVE-2021-34527.md +++ b/2021/CVE-2021-34527.md @@ -49,6 +49,7 @@ - http://packetstormsecurity.com/files/167261/Print-Spooler-Remote-DLL-Injection.html #### Github +- https://github.com/0housefly0/Printnightmare - https://github.com/0x6d69636b/windows_hardening - https://github.com/0x727/usefull-elevation-of-privilege - https://github.com/0xMarcio/cve @@ -87,6 +88,7 @@ - https://github.com/Eutectico/Printnightmare - https://github.com/GhostTroops/TOP - https://github.com/Gokul-C/CIS-Hardening-Windows-L1 +- https://github.com/Gyarbij/xknow_infosec - https://github.com/H0j3n/EzpzCheatSheet - https://github.com/HackingCost/AD_Pentest - https://github.com/Hatcat123/my_stars @@ -129,6 +131,7 @@ - https://github.com/Threekiii/Awesome-Redteam - https://github.com/TieuLong21Prosper/detect_bruteforce - https://github.com/Tomparte/PrintNightmare +- https://github.com/TrojanAZhen/Self_Back - https://github.com/VK9D/PrintNightmare - https://github.com/Vertrauensstellung/PoshME - https://github.com/WhooAmii/POC_to_review diff --git a/2021/CVE-2021-34798.md b/2021/CVE-2021-34798.md index ae1c2797e..a6ab02742 100644 --- a/2021/CVE-2021-34798.md +++ b/2021/CVE-2021-34798.md @@ -20,5 +20,6 @@ Malformed requests may cause the server to dereference a NULL pointer. This issu - https://github.com/Totes5706/TotesHTB - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/kasem545/vulnsearch diff --git a/2021/CVE-2021-3490.md b/2021/CVE-2021-3490.md index dfce8c840..a08f81af6 100644 --- a/2021/CVE-2021-3490.md +++ b/2021/CVE-2021-3490.md @@ -27,6 +27,7 @@ The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux ke - https://github.com/Whiteh4tWolf/xcoderootsploit - https://github.com/WhooAmii/POC_to_review - https://github.com/XiaozaYa/CVE-Recording +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/chompie1337/Linux_LPE_eBPF_CVE-2021-3490 diff --git a/2021/CVE-2021-3493.md b/2021/CVE-2021-3493.md index 2a3e779fc..a22532bfe 100644 --- a/2021/CVE-2021-3493.md +++ b/2021/CVE-2021-3493.md @@ -56,7 +56,9 @@ The overlayfs implementation in the linux kernel did not properly validate with - https://github.com/SrcVme50/Analytics - https://github.com/SrcVme50/Hospital - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/abylinjohnson/linux-kernel-exploits - https://github.com/anquanscan/sec-tools - https://github.com/beruangsalju/LocalPrivelegeEscalation diff --git a/2021/CVE-2021-35464.md b/2021/CVE-2021-35464.md index c29a0fbdf..6a3322636 100644 --- a/2021/CVE-2021-35464.md +++ b/2021/CVE-2021-35464.md @@ -25,6 +25,7 @@ ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the j - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/PwnAwan/MindMaps2 - https://github.com/StarCrossPortal/scalpel +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Y4er/openam-CVE-2021-35464 - https://github.com/Z0fhack/Goby_POC - https://github.com/anonymous364872/Rapier_Tool diff --git a/2021/CVE-2021-36160.md b/2021/CVE-2021-36160.md index e1adadedf..251bdbfbb 100644 --- a/2021/CVE-2021-36160.md +++ b/2021/CVE-2021-36160.md @@ -17,4 +17,5 @@ A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the - https://github.com/ARPSyndicate/cvemon - https://github.com/PierreChrd/py-projet-tut - https://github.com/Totes5706/TotesHTB +- https://github.com/jkiala2/Projet_etude_M1 diff --git a/2021/CVE-2021-36934.md b/2021/CVE-2021-36934.md index 86b6b8b9a..d3395626d 100644 --- a/2021/CVE-2021-36934.md +++ b/2021/CVE-2021-36934.md @@ -59,6 +59,7 @@ - https://github.com/SexyBeast233/SecBooks - https://github.com/SirElmard/ethical_hacking - https://github.com/Sp00p64/PyNightmare +- https://github.com/TrojanAZhen/Self_Back - https://github.com/VertigoRay/CVE-2021-36934 - https://github.com/Wh04m1001/VSSCopy - https://github.com/WhooAmii/POC_to_review diff --git a/2021/CVE-2021-39275.md b/2021/CVE-2021-39275.md index 895a832d0..9463b6c2e 100644 --- a/2021/CVE-2021-39275.md +++ b/2021/CVE-2021-39275.md @@ -20,5 +20,6 @@ ap_escape_quotes() may write beyond the end of a buffer when given malicious inp - https://github.com/Totes5706/TotesHTB - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/kasem545/vulnsearch diff --git a/2021/CVE-2021-4034.md b/2021/CVE-2021-4034.md index d19eb949b..1507a65d6 100644 --- a/2021/CVE-2021-4034.md +++ b/2021/CVE-2021-4034.md @@ -111,6 +111,7 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility. - https://github.com/Meowmycks/OSCPprep-Cute - https://github.com/Meowmycks/OSCPprep-Sar - https://github.com/Meowmycks/OSCPprep-hackme1 +- https://github.com/Mr-Tree-S/POC_EXP - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/N1et/CVE-2021-4034 - https://github.com/NSeither/WITCOE @@ -174,6 +175,7 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility. - https://github.com/YgorAlberto/ygoralberto.github.io - https://github.com/ZWDeJun/ZWDeJun - https://github.com/Zeyad-Azima/Remedy4me +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/aimebertrand/Socat - https://github.com/al4xs/polkit-pwnkit - https://github.com/amirexsploit/serverscanner @@ -188,6 +190,7 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility. - https://github.com/ashishlaxkar16/vulnerabilities - https://github.com/ashutoshrohilla/CVE-2021-4034 - https://github.com/aus-mate/CVE-2021-4034-POC +- https://github.com/ayoub-elbouzi/CVE-2021-4034-Pwnkit - https://github.com/ayypril/CVE-2021-4034 - https://github.com/azazelm3dj3d/CVE-2021-4034 - https://github.com/azminawwar/CVE-2021-4034 diff --git a/2021/CVE-2021-40438.md b/2021/CVE-2021-40438.md index 858dae0d1..024cdd073 100644 --- a/2021/CVE-2021-40438.md +++ b/2021/CVE-2021-40438.md @@ -52,6 +52,7 @@ A crafted request uri-path can cause mod_proxy to forward the request to an orig - https://github.com/gassara-kys/CVE-2021-40438 - https://github.com/ginoah/My-CTF-Challenges - https://github.com/harsh-bothra/learn365 +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/kasem545/vulnsearch - https://github.com/litt1eb0yy/One-Liner-Scripts - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2021/CVE-2021-40444.md b/2021/CVE-2021-40444.md index fb31f6546..5379bca57 100644 --- a/2021/CVE-2021-40444.md +++ b/2021/CVE-2021-40444.md @@ -98,6 +98,7 @@ - https://github.com/SirElmard/ethical_hacking - https://github.com/Spacial/awesome-csirt - https://github.com/TiagoSergio/CVE-2021-40444 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Udyz/CVE-2021-40444-CAB - https://github.com/Udyz/CVE-2021-40444-Sample - https://github.com/VilNE-Scanner/VilNE diff --git a/2021/CVE-2021-41037.md b/2021/CVE-2021-41037.md index 98fe4fd3d..55d722b98 100644 --- a/2021/CVE-2021-41037.md +++ b/2021/CVE-2021-41037.md @@ -1,6 +1,6 @@ ### [CVE-2021-41037](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41037) ![](https://img.shields.io/static/v1?label=Product&message=Eclipse%20Equinox%20p2&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%201.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=1.0.0%3C%204.28%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-829&color=brighgreen) ### Description diff --git a/2021/CVE-2021-41073.md b/2021/CVE-2021-41073.md index 94cdd917b..22a91ca4a 100644 --- a/2021/CVE-2021-41073.md +++ b/2021/CVE-2021-41073.md @@ -23,6 +23,7 @@ loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows loc - https://github.com/SYRTI/POC_to_review - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/chompie1337/Linux_LPE_io_uring_CVE-2021-41073 diff --git a/2021/CVE-2021-41174.md b/2021/CVE-2021-41174.md index d12705d49..74cd4a673 100644 --- a/2021/CVE-2021-41174.md +++ b/2021/CVE-2021-41174.md @@ -14,6 +14,7 @@ No PoCs from references. #### Github - https://github.com/20142995/Goby +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/HimmelAward/Goby_POC diff --git a/2021/CVE-2021-41293.md b/2021/CVE-2021-41293.md index 923760021..8a1d1f1fd 100644 --- a/2021/CVE-2021-41293.md +++ b/2021/CVE-2021-41293.md @@ -19,6 +19,7 @@ ECOA BAS controller suffers from a path traversal vulnerability, causing arbitra No PoCs from references. #### Github +- https://github.com/20142995/nuclei-templates - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates diff --git a/2021/CVE-2021-4154.md b/2021/CVE-2021-4154.md index ee1539d1c..df7db40e1 100644 --- a/2021/CVE-2021-4154.md +++ b/2021/CVE-2021-4154.md @@ -22,6 +22,7 @@ A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v - https://github.com/NaInSec/CVE-PoC-in-GitHub - https://github.com/SYRTI/POC_to_review - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/a8stract-lab/SeaK - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning diff --git a/2021/CVE-2021-41773.md b/2021/CVE-2021-41773.md index ac671851b..cfe27f02a 100644 --- a/2021/CVE-2021-41773.md +++ b/2021/CVE-2021-41773.md @@ -123,6 +123,7 @@ A flaw was found in a change made to path normalization in Apache HTTP Server 2. - https://github.com/Threekiii/Vulhub-Reproduce - https://github.com/TishcaTpx/POC-CVE-2021-41773 - https://github.com/Trivialcorgi/Proyecto-Prueba-PPS +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Undefind404/cve_2021_41773 - https://github.com/Vulnmachines/cve-2021-41773 - https://github.com/WhooAmii/POC_to_review @@ -266,6 +267,7 @@ A flaw was found in a change made to path normalization in Apache HTTP Server 2. - https://github.com/retr0-13/apachrot - https://github.com/retrymp3/apache2.4.49VulnerableLabSetup - https://github.com/revanmalang/OSCP +- https://github.com/samglish/ServerSide - https://github.com/scarmandef/CVE-2021-41773 - https://github.com/seeu-inspace/easyg - https://github.com/sergiovks/LFI-RCE-Unauthenticated-Apache-2.4.49-2.4.50 diff --git a/2021/CVE-2021-42008.md b/2021/CVE-2021-42008.md index fc67273ee..011b18f27 100644 --- a/2021/CVE-2021-42008.md +++ b/2021/CVE-2021-42008.md @@ -23,6 +23,7 @@ The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel bef - https://github.com/NaInSec/CVE-PoC-in-GitHub - https://github.com/SYRTI/POC_to_review - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bcoles/kasld - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning diff --git a/2021/CVE-2021-42013.md b/2021/CVE-2021-42013.md index afa4bc87e..393bfa72a 100644 --- a/2021/CVE-2021-42013.md +++ b/2021/CVE-2021-42013.md @@ -28,6 +28,7 @@ It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was in - https://github.com/0xZipp0/OSCP - https://github.com/0xsyr0/OSCP - https://github.com/12345qwert123456/CVE-2021-42013 +- https://github.com/20142995/nuclei-templates - https://github.com/20142995/pocsuite3 - https://github.com/5gstudent/cve-2021-41773-and-cve-2021-42013 - https://github.com/ARPSyndicate/cvemon @@ -152,6 +153,7 @@ It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was in - https://github.com/revanmalang/OSCP - https://github.com/rnsss/CVE-2021-42013 - https://github.com/robotsense1337/CVE-2021-42013 +- https://github.com/samglish/ServerSide - https://github.com/sergiovks/LFI-RCE-Unauthenticated-Apache-2.4.49-2.4.50 - https://github.com/skentagon/CVE-2021-41773 - https://github.com/soosmile/POC diff --git a/2021/CVE-2021-42278.md b/2021/CVE-2021-42278.md index 2814cbc09..bc39ab7a4 100644 --- a/2021/CVE-2021-42278.md +++ b/2021/CVE-2021-42278.md @@ -56,6 +56,7 @@ No PoCs from references. - https://github.com/DanielBodnar/my-awesome-stars - https://github.com/EvilAnne/2021-Read-article - https://github.com/GhostTroops/TOP +- https://github.com/Gyarbij/xknow_infosec - https://github.com/H0j3n/EzpzCheatSheet - https://github.com/HackingCost/AD_Pentest - https://github.com/IAMinZoho/sAMAccountName-Spoofing @@ -84,6 +85,7 @@ No PoCs from references. - https://github.com/Singhsanjeev617/A-Red-Teamer-diaries - https://github.com/SirElmard/ethical_hacking - https://github.com/Threekiii/Awesome-Redteam +- https://github.com/TrojanAZhen/Self_Back - https://github.com/TryA9ain/noPac - https://github.com/WazeHell/sam-the-admin - https://github.com/Whiteh4tWolf/Attack-Defense diff --git a/2021/CVE-2021-42287.md b/2021/CVE-2021-42287.md index cad9e7a8a..6a6b15f22 100644 --- a/2021/CVE-2021-42287.md +++ b/2021/CVE-2021-42287.md @@ -55,6 +55,7 @@ No PoCs from references. - https://github.com/EvilAnne/2021-Read-article - https://github.com/GhostPack/Rubeus - https://github.com/GhostTroops/TOP +- https://github.com/Gyarbij/xknow_infosec - https://github.com/H0j3n/EzpzCheatSheet - https://github.com/HackingCost/AD_Pentest - https://github.com/IAMinZoho/sAMAccountName-Spoofing @@ -82,6 +83,7 @@ No PoCs from references. - https://github.com/SirElmard/ethical_hacking - https://github.com/Strokekilla/Rubeus - https://github.com/Threekiii/Awesome-Redteam +- https://github.com/TrojanAZhen/Self_Back - https://github.com/TryA9ain/noPac - https://github.com/WazeHell/sam-the-admin - https://github.com/Whiteh4tWolf/Attack-Defense @@ -152,6 +154,7 @@ No PoCs from references. - https://github.com/rumputliar/Active-Directory-Exploitation-Cheat-Sheet - https://github.com/s3mPr1linux/JUST_WALKING_DOG - https://github.com/safebuffer/sam-the-admin +- https://github.com/santan2020/ck2 - https://github.com/sdogancesur/log4j_github_repository - https://github.com/securi3ytalent/bugbounty-CVE-Report - https://github.com/shengshengli/GetDomainAdmin diff --git a/2021/CVE-2021-42321.md b/2021/CVE-2021-42321.md index 309e37fb2..8c7c490a6 100644 --- a/2021/CVE-2021-42321.md +++ b/2021/CVE-2021-42321.md @@ -39,6 +39,7 @@ Microsoft Exchange Server Remote Code Execution Vulnerability - https://github.com/SYRTI/POC_to_review - https://github.com/SirElmard/ethical_hacking - https://github.com/SohelParashar/.Net-Deserialization-Cheat-Sheet +- https://github.com/TrojanAZhen/Self_Back - https://github.com/UNC1739/awesome-vulnerability-research - https://github.com/WhooAmii/POC_to_review - https://github.com/Y4er/dotnet-deserialization diff --git a/2021/CVE-2021-43267.md b/2021/CVE-2021-43267.md index dd4b1a08d..30ab03be8 100644 --- a/2021/CVE-2021-43267.md +++ b/2021/CVE-2021-43267.md @@ -19,6 +19,7 @@ An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. - https://github.com/DarkSprings/CVE-2021-43267-POC - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/aixcc-public/challenge-001-exemplar - https://github.com/bcoles/kasld - https://github.com/bsauce/kernel-exploit-factory diff --git a/2021/CVE-2021-44224.md b/2021/CVE-2021-44224.md index b78fbf816..995f9a378 100644 --- a/2021/CVE-2021-44224.md +++ b/2021/CVE-2021-44224.md @@ -19,4 +19,5 @@ A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can - https://github.com/Totes5706/TotesHTB - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 diff --git a/2021/CVE-2021-44228.md b/2021/CVE-2021-44228.md index e7f698fc6..7b5fcf477 100644 --- a/2021/CVE-2021-44228.md +++ b/2021/CVE-2021-44228.md @@ -103,6 +103,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12 - https://github.com/Aschen/log4j-patched - https://github.com/Astrogeorgeonethree/Starred - https://github.com/Astrogeorgeonethree/Starred2 +- https://github.com/Astrosp/Awesome-OSINT-For-Everything - https://github.com/Atem1988/Starred - https://github.com/Aviral18/log4j2-exploit-detect - https://github.com/Awisefew/Lof4j @@ -473,6 +474,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12 - https://github.com/Toolsec/log4j-scan - https://github.com/TotallyNotAHaxxer/f-for-java - https://github.com/ToxicEnvelope/XSYS-Log4J2Shell-Ex +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Tyasarlar/tea - https://github.com/Tyasarlar/the_tea - https://github.com/UltraVanilla/LogJackFix diff --git a/2021/CVE-2021-4440.md b/2021/CVE-2021-4440.md new file mode 100644 index 000000000..e1955fc9c --- /dev/null +++ b/2021/CVE-2021-4440.md @@ -0,0 +1,17 @@ +### [CVE-2021-4440](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4440) +![](https://img.shields.io/static/v1?label=Product&message=Linux&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=cea750c99d8f%3C%201424ab4bb386%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In the Linux kernel, the following vulnerability has been resolved:x86/xen: Drop USERGS_SYSRET64 paravirt callcommit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream.USERGS_SYSRET64 is used to return from a syscall via SYSRET, buta Xen PV guest will nevertheless use the IRET hypercall, as thereis no sysret PV hypercall defined.So instead of testing all the prerequisites for doing a sysret andthen mangling the stack for Xen PV again for doing an iret just usethe iret exit from the beginning.This can easily be done via an ALTERNATIVE like it is done for thesysenter compat case already.It should be noted that this drops the optimization in Xen for notrestoring a few registers when returning to user mode, but it seemsas if the saved instructions in the kernel more than compensate forthis drop (a kernel build in a Xen PV guest was slightly faster withthis patch applied).While at it remove the stale sysret32 remnants. [ pawan: Brad Spengler and Salvatore Bonaccorso reported a problem with the 5.10 backport commit edc702b4a820 ("x86/entry_64: Add VERW just before userspace transition"). When CONFIG_PARAVIRT_XXL=y, CLEAR_CPU_BUFFERS is not executed in syscall_return_via_sysret path as USERGS_SYSRET64 is runtime patched to: .cpu_usergs_sysret64 = { 0x0f, 0x01, 0xf8, 0x48, 0x0f, 0x07 }, // swapgs; sysretq which is missing CLEAR_CPU_BUFFERS. It turns out dropping USERGS_SYSRET64 simplifies the code, allowing CLEAR_CPU_BUFFERS to be explicitly added to syscall_return_via_sysret path. Below is with CONFIG_PARAVIRT_XXL=y and this patch applied: syscall_return_via_sysret: ... <+342>: swapgs <+345>: xchg %ax,%ax <+347>: verw -0x1a2(%rip) <------ <+354>: sysretq ] + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2021/CVE-2021-44790.md b/2021/CVE-2021-44790.md index 6788bf7d7..749835a5c 100644 --- a/2021/CVE-2021-44790.md +++ b/2021/CVE-2021-44790.md @@ -24,6 +24,7 @@ A carefully crafted request body can cause a buffer overflow in the mod_lua mult - https://github.com/cretlaw/SnykDesk - https://github.com/emotest1/emo_emo - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/kasem545/vulnsearch - https://github.com/nuPacaChi/-CVE-2021-44790 - https://github.com/pboonman196/Final_Project_CyberBootcamp diff --git a/2021/CVE-2021-45785.md b/2021/CVE-2021-45785.md new file mode 100644 index 000000000..a96e8b66b --- /dev/null +++ b/2021/CVE-2021-45785.md @@ -0,0 +1,17 @@ +### [CVE-2021-45785](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45785) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery (CSRF) attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the victim (who has sufficient privileges), would visit the page and the server restart would begin. The attacker must know the full URL that TruDesk is on in order to craft the webpage. + +### POC + +#### Reference +- https://1d8.github.io/cves/cve_2021_45785/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2021/CVE-2021-46709.md b/2021/CVE-2021-46709.md new file mode 100644 index 000000000..e0ab82fb2 --- /dev/null +++ b/2021/CVE-2021-46709.md @@ -0,0 +1,17 @@ +### [CVE-2021-46709](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46709) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number). + +### POC + +#### Reference +- https://bitbucket.org/phpliteadmin/public/issues/399/xss-vulnerability + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-0185.md b/2022/CVE-2022-0185.md index a3edcc1d1..6076e952b 100644 --- a/2022/CVE-2022-0185.md +++ b/2022/CVE-2022-0185.md @@ -37,6 +37,7 @@ A heap-based buffer overflow flaw was found in the way the legacy_parse_param fu - https://github.com/Shoeb-K/MANAGE-SECURE-VALIDATE-DEBUG-MONITOR-HARDENING-AND-PREVENT-MISCONFIGURATION-OF-KUBERNETES - https://github.com/WhooAmii/POC_to_review - https://github.com/XiaozaYa/CVE-Recording +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/a8stract-lab/SeaK - https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground - https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground diff --git a/2022/CVE-2022-0847.md b/2022/CVE-2022-0847.md index 9a3901e4a..92cd02854 100644 --- a/2022/CVE-2022-0847.md +++ b/2022/CVE-2022-0847.md @@ -52,6 +52,7 @@ A flaw was found in the way the "flags" member of the new pipe buffer structure - https://github.com/CVEDB/awesome-cve-repo - https://github.com/CVEDB/top - https://github.com/CYB3RK1D/CVE-2022-0847-POC +- https://github.com/CYBER-PUBLIC-SCHOOL/linux-privilege-escalation-cheatsheet - https://github.com/Ch4nc3n/PublicExploitation - https://github.com/CharonDefalt/linux-exploit - https://github.com/DanaEpp/pwncat_dirtypipe @@ -135,6 +136,7 @@ A flaw was found in the way the "flags" member of the new pipe buffer structure - https://github.com/XmasSnowISBACK/CVE-2022-0847-DirtyPipe-Exploits - https://github.com/ZWDeJun/ZWDeJun - https://github.com/Zen-ctrl/Rutgers_Cyber_Range +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground - https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground - https://github.com/ahrixia/CVE_2022_0847 diff --git a/2022/CVE-2022-0995.md b/2022/CVE-2022-0995.md index 490084649..78cda7ef2 100644 --- a/2022/CVE-2022-0995.md +++ b/2022/CVE-2022-0995.md @@ -37,6 +37,7 @@ An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch - https://github.com/SYRTI/POC_to_review - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/cyberanand1337x/bug-bounty-2022 diff --git a/2022/CVE-2022-1015.md b/2022/CVE-2022-1015.md index bfcf543ed..9a6a15703 100644 --- a/2022/CVE-2022-1015.md +++ b/2022/CVE-2022-1015.md @@ -26,8 +26,10 @@ A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of t - https://github.com/NaInSec/CVE-PoC-in-GitHub - https://github.com/SYRTI/POC_to_review - https://github.com/TurtleARM/CVE-2023-0179-PoC +- https://github.com/Uniguri/CVE-1day - https://github.com/WhooAmii/POC_to_review - https://github.com/XiaozaYa/CVE-Recording +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/baehunsang/kernel2 - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning diff --git a/2022/CVE-2022-1388.md b/2022/CVE-2022-1388.md index e79b95c5e..31ec527c1 100644 --- a/2022/CVE-2022-1388.md +++ b/2022/CVE-2022-1388.md @@ -83,6 +83,7 @@ On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5. - https://github.com/Threekiii/Awesome-POC - https://github.com/TomArni680/CVE-2022-1388-POC - https://github.com/TomArni680/CVE-2022-1388-RCE +- https://github.com/TrojanAZhen/Self_Back - https://github.com/UNC1739/awesome-vulnerability-research - https://github.com/Vulnmachines/F5-Big-IP-CVE-2022-1388 - https://github.com/WhooAmii/POC_to_review diff --git a/2022/CVE-2022-21894.md b/2022/CVE-2022-21894.md index 80de84058..8070ff334 100644 --- a/2022/CVE-2022-21894.md +++ b/2022/CVE-2022-21894.md @@ -47,6 +47,7 @@ No PoCs from references. - https://github.com/CVEDB/awesome-cve-repo - https://github.com/CVEDB/top - https://github.com/GhostTroops/TOP +- https://github.com/Gyarbij/xknow_infosec - https://github.com/Iveco/xknow_infosec - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/NaInSec/CVE-PoC-in-GitHub diff --git a/2022/CVE-2022-22719.md b/2022/CVE-2022-22719.md index 90ba4dd34..131b2f35f 100644 --- a/2022/CVE-2022-22719.md +++ b/2022/CVE-2022-22719.md @@ -20,5 +20,6 @@ A carefully crafted request body can cause a read to a random memory area which - https://github.com/Totes5706/TotesHTB - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/kasem545/vulnsearch diff --git a/2022/CVE-2022-22720.md b/2022/CVE-2022-22720.md index a829f4dfc..9a630a866 100644 --- a/2022/CVE-2022-22720.md +++ b/2022/CVE-2022-22720.md @@ -22,6 +22,7 @@ Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when err - https://github.com/Totes5706/TotesHTB - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/kasem545/vulnsearch - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2022/CVE-2022-22721.md b/2022/CVE-2022-22721.md index 09af0d081..a734b28a3 100644 --- a/2022/CVE-2022-22721.md +++ b/2022/CVE-2022-22721.md @@ -21,5 +21,6 @@ If LimitXMLRequestBody is set to allow request bodies larger than 350MB (default - https://github.com/Totes5706/TotesHTB - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 - https://github.com/kasem545/vulnsearch diff --git a/2022/CVE-2022-22947.md b/2022/CVE-2022-22947.md index 8b92a74d6..48550e06c 100644 --- a/2022/CVE-2022-22947.md +++ b/2022/CVE-2022-22947.md @@ -161,6 +161,7 @@ In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are v - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/nu0l/cve-2022-22947 - https://github.com/nu1r/yak-module-Nu +- https://github.com/onewinner/VulToolsKit - https://github.com/open-source-agenda/new-open-source-projects - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main - https://github.com/pen4uin/java-memshell-generator-release diff --git a/2022/CVE-2022-22954.md b/2022/CVE-2022-22954.md index cb1ea0a4f..db8394a4b 100644 --- a/2022/CVE-2022-22954.md +++ b/2022/CVE-2022-22954.md @@ -101,6 +101,7 @@ VMware Workspace ONE Access and Identity Manager contain a remote code execution - https://github.com/mumu2020629/-CVE-2022-22954-scanner - https://github.com/nguyenv1nK/CVE-2022-22954 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/orwagodfather/CVE-2022-22954 - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main - https://github.com/rat857/AtomsPanic diff --git a/2022/CVE-2022-22963.md b/2022/CVE-2022-22963.md index 709f71730..fc7efab59 100644 --- a/2022/CVE-2022-22963.md +++ b/2022/CVE-2022-22963.md @@ -137,6 +137,7 @@ In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, w - https://github.com/nikn0laty/RCE-in-Spring-Cloud-CVE-2022-22963 - https://github.com/nitishbadole/oscp-note-3 - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/onurgule/S4S-Scanner - https://github.com/oscpname/OSCP_cheat - https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main diff --git a/2022/CVE-2022-22965.md b/2022/CVE-2022-22965.md index b43bd434d..13c60a898 100644 --- a/2022/CVE-2022-22965.md +++ b/2022/CVE-2022-22965.md @@ -262,6 +262,7 @@ A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable t - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/nu0l/CVE-2022-22965 - https://github.com/nu1r/yak-module-Nu +- https://github.com/onewinner/VulToolsKit - https://github.com/onurgule/S4S-Scanner - https://github.com/opennms-forge/opennms-spring-patched - https://github.com/p1ckzi/CVE-2022-22965 diff --git a/2022/CVE-2022-22972.md b/2022/CVE-2022-22972.md index e6b6b05a5..d9c2cba38 100644 --- a/2022/CVE-2022-22972.md +++ b/2022/CVE-2022-22972.md @@ -36,6 +36,7 @@ No PoCs from references. - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/manas3c/CVE-POC - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/taielab/awesome-hacking-lists - https://github.com/trhacknon/Pocingit - https://github.com/whoforget/CVE-POC diff --git a/2022/CVE-2022-23222.md b/2022/CVE-2022-23222.md index cd4809ca1..c87ae2b8b 100644 --- a/2022/CVE-2022-23222.md +++ b/2022/CVE-2022-23222.md @@ -40,6 +40,7 @@ No PoCs from references. - https://github.com/SYRTI/POC_to_review - https://github.com/Threekiii/Awesome-POC - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/cookiengineer/groot - https://github.com/cyberanand1337x/bug-bounty-2022 - https://github.com/d4n-sec/d4n-sec.github.io diff --git a/2022/CVE-2022-23823.md b/2022/CVE-2022-23823.md index 84585fb90..331aeef99 100644 --- a/2022/CVE-2022-23823.md +++ b/2022/CVE-2022-23823.md @@ -15,5 +15,6 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/bollwarm/SecToolSet +- https://github.com/smokyisthatyou/address_reuse_ita - https://github.com/teresaweber685/book_list diff --git a/2022/CVE-2022-23943.md b/2022/CVE-2022-23943.md index 0ee16695e..3155a73e9 100644 --- a/2022/CVE-2022-23943.md +++ b/2022/CVE-2022-23943.md @@ -20,4 +20,5 @@ Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an att - https://github.com/Totes5706/TotesHTB - https://github.com/bioly230/THM_Skynet - https://github.com/firatesatoglu/shodanSearch +- https://github.com/jkiala2/Projet_etude_M1 diff --git a/2022/CVE-2022-24112.md b/2022/CVE-2022-24112.md index dc4a3fc66..54bd2bb72 100644 --- a/2022/CVE-2022-24112.md +++ b/2022/CVE-2022-24112.md @@ -20,6 +20,7 @@ An attacker can abuse the batch-requests plugin to send requests to bypass the I - https://github.com/Acczdy/CVE-2022-24112_POC - https://github.com/Awrrays/FrameVul - https://github.com/Axx8/CVE-2022-24112 +- https://github.com/CrackerCat/CVE-2022-24112 - https://github.com/Greetdawn/Apache-APISIX-dashboard-RCE - https://github.com/Loginsoft-LLC/Linux-Exploit-Detection - https://github.com/Loginsoft-Research/Linux-Exploit-Detection diff --git a/2022/CVE-2022-24436.md b/2022/CVE-2022-24436.md index 603ae63ae..d0ce874d5 100644 --- a/2022/CVE-2022-24436.md +++ b/2022/CVE-2022-24436.md @@ -15,5 +15,6 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/bollwarm/SecToolSet +- https://github.com/smokyisthatyou/address_reuse_ita - https://github.com/teresaweber685/book_list diff --git a/2022/CVE-2022-24816.md b/2022/CVE-2022-24816.md index 9f791a765..85af28eea 100644 --- a/2022/CVE-2022-24816.md +++ b/2022/CVE-2022-24816.md @@ -14,5 +14,6 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/Ostorlab/KEV - https://github.com/tanjiti/sec_profile diff --git a/2022/CVE-2022-2487.md b/2022/CVE-2022-2487.md index 438a76292..97151fc51 100644 --- a/2022/CVE-2022-2487.md +++ b/2022/CVE-2022-2487.md @@ -17,4 +17,5 @@ A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2022/CVE-2022-24975.md b/2022/CVE-2022-24975.md index d1251369c..538ed72fa 100644 --- a/2022/CVE-2022-24975.md +++ b/2022/CVE-2022-24975.md @@ -10,7 +10,7 @@ ### POC #### Reference -No PoCs from references. +- https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/ #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2022/CVE-2022-25622.md b/2022/CVE-2022-25622.md index 0569af25c..c37a28140 100644 --- a/2022/CVE-2022-25622.md +++ b/2022/CVE-2022-25622.md @@ -2,17 +2,17 @@ ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20CFU%20DIQ&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20CFU%20PA&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200AL%20IM%20157-1%20PN&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM151-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM151-8F%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8F%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM154-8FX%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200MP%20IM155-5%20PN%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20MF%20HF&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20HA%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%2F2%20HF%20(incl.%20SIPLUS%20variants)&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200SP%20IM155-6%20PN%2F3%20HF%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200MP%20IM%20155-5%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM%20151-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200S%20IM%20151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20MF%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20HA%20(incl.%20SIPLUS%20variants)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%2F2%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200SP%20IM%20155-6%20PN%2F3%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET%20200pro%20IM%20154-8FX%20PN%2FDP%20CPU&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%20AI%208xRTD%2FTC%2C%20M12-L&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%20CM%204x%20IO-Link%2C%20M12-L&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20ET200ecoPN%2C%20CM%208x%20IO-Link%2C%20M12-L&color=blue) @@ -57,8 +57,13 @@ ![](https://img.shields.io/static/v1?label=Product&message=SINAMICS%20S150&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SINAMICS%20S210%20(6SL5...)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SINAMICS%20V90&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM151-8%20PN%2FDP%20CPU&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200MP%20IM%20155-5%20PN%20HF%20T1%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200MP%20IM%20155-5%20PN%20HF&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM%20151-8%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200S%20IM%20151-8F%20PN%2FDP%20CPU&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF%20T1%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF%20TX%20RAIL&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20ET%20200SP%20IM%20155-6%20PN%20HF&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20HCS4200%20CIM4210&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20HCS4200%20CIM4210C&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIPLUS%20HCS4300%20CIM4310&color=blue) @@ -75,13 +80,13 @@ ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V3.2.19%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V3.3.19%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3E%3D%204.2%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3E%3D%20V4.2%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3E%3D%20V5.1.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20with%20Ethernet%20interface%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V1.04.04%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V1.1.10%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V1.2.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V1.5%20SP1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2.0.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V4.7%20SP14%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V4.7.14%20&color=brighgreen) @@ -90,13 +95,14 @@ ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V5.2.3.13%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V6.0.10%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V8.2.3%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=V4.2.0%3C%20*%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=V5.1.1%3C%20V5.1.2%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=V5.1.1%3C%20V5.1.3%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) ### Description -A vulnerability has been identified in SIMATIC CFU DIQ (6ES7655-5PX31-1XX0), SIMATIC CFU PA (6ES7655-5PX11-0XX0), SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET200ecoPN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET200ecoPN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 MF HF, SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 CPU 412-2 PN V7 (6ES7412-2EK07-0AB0), SIMATIC S7-400 CPU 414-3 PN/DP V7 (6ES7414-3EM07-0AB0), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (6ES7414-3FM07-0AB0), SIMATIC S7-400 CPU 416-3 PN/DP V7 (6ES7416-3ES07-0AB0), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (6ES7416-3FS07-0AB0), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS DCM, SINAMICS G110M, SINAMICS G115D, SINAMICS G120 (incl. SIPLUS variants), SINAMICS G130, SINAMICS G150, SINAMICS S110, SINAMICS S120 (incl. SIPLUS variants), SINAMICS S150, SINAMICS S210 (6SL5...), SINAMICS V90, SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS HCS4200 CIM4210 (6BK1942-1AA00-0AA0), SIPLUS HCS4200 CIM4210C (6BK1942-1AA00-0AA1), SIPLUS HCS4300 CIM4310 (6BK1943-1AA00-0AA0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0), SIPLUS S7-400 CPU 414-3 PN/DP V7 (6AG1414-3EM07-7AB0), SIPLUS S7-400 CPU 416-3 PN/DP V7 (6AG1416-3ES07-7AB0). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments. +The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined.This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments. ### POC diff --git a/2022/CVE-2022-25636.md b/2022/CVE-2022-25636.md index aebc29bef..9a5c38ff3 100644 --- a/2022/CVE-2022-25636.md +++ b/2022/CVE-2022-25636.md @@ -39,6 +39,7 @@ net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows loca - https://github.com/SYRTI/POC_to_review - https://github.com/SnailDev/github-hot-hub - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/boustrophedon/extrasafe - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning diff --git a/2022/CVE-2022-2585.md b/2022/CVE-2022-2585.md index 70173f614..262cf099e 100644 --- a/2022/CVE-2022-2585.md +++ b/2022/CVE-2022-2585.md @@ -18,6 +18,7 @@ It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU t #### Github - https://github.com/HaxorSecInfec/autoroot.sh - https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/greek0x0/2022-LPE-UAF - https://github.com/konoha279/2022-LPE-UAF diff --git a/2022/CVE-2022-25857.md b/2022/CVE-2022-25857.md index fecb9a82b..9fb7b240a 100644 --- a/2022/CVE-2022-25857.md +++ b/2022/CVE-2022-25857.md @@ -10,7 +10,8 @@ The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial o ### POC #### Reference -No PoCs from references. +- https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174 +- https://bitbucket.org/snakeyaml/snakeyaml/issues/525 #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2022/CVE-2022-2586.md b/2022/CVE-2022-2586.md index 782373113..9f2b7954d 100644 --- a/2022/CVE-2022-2586.md +++ b/2022/CVE-2022-2586.md @@ -26,6 +26,7 @@ It was discovered that a nft object or expression could reference a nft set on a - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Trickhish/automated_privilege_escalation - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/aels/CVE-2022-2586-LPE - https://github.com/felixfu59/kernel-hack - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2022/CVE-2022-2588.md b/2022/CVE-2022-2588.md index 66203a68e..34f51308e 100644 --- a/2022/CVE-2022-2588.md +++ b/2022/CVE-2022-2588.md @@ -41,6 +41,7 @@ It was discovered that the cls_route filter implementation in the Linux kernel w - https://github.com/PolymorphicOpcode/CVE-2022-2588 - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/beruangsalju/LocalPrivilegeEscalation - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning diff --git a/2022/CVE-2022-2602.md b/2022/CVE-2022-2602.md index 8023236d0..818ae4aa2 100644 --- a/2022/CVE-2022-2602.md +++ b/2022/CVE-2022-2602.md @@ -21,6 +21,7 @@ io_uring UAF, Unix SCM garbage collection - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/XiaozaYa/CVE-Recording +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/felixfu59/kernel-hack diff --git a/2022/CVE-2022-26134.md b/2022/CVE-2022-26134.md index 95a7e3caa..7117b704c 100644 --- a/2022/CVE-2022-26134.md +++ b/2022/CVE-2022-26134.md @@ -174,6 +174,7 @@ In affected versions of Confluence Server and Data Center, an OGNL injection vul - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/nxtexploit/CVE-2022-26134 - https://github.com/offlinehoster/CVE-2022-26134 +- https://github.com/onewinner/VulToolsKit - https://github.com/openx-org/BLEN - https://github.com/oscpname/OSCP_cheat - https://github.com/p4b3l1t0/confusploit diff --git a/2022/CVE-2022-26258.md b/2022/CVE-2022-26258.md index c04db9740..a402e4446 100644 --- a/2022/CVE-2022-26258.md +++ b/2022/CVE-2022-26258.md @@ -17,4 +17,5 @@ D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) - https://github.com/ARPSyndicate/cvemon - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors +- https://github.com/TrojanAZhen/Self_Back diff --git a/2022/CVE-2022-2639.md b/2022/CVE-2022-2639.md index 8dd00a67a..17bdd2cb7 100644 --- a/2022/CVE-2022-2639.md +++ b/2022/CVE-2022-2639.md @@ -27,6 +27,7 @@ No PoCs from references. - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Threekiii/Awesome-POC - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/avboy1337/CVE-2022-2639-PipeVersion - https://github.com/bb33bb/CVE-2022-2639-PipeVersion - https://github.com/bsauce/kernel-exploit-factory diff --git a/2022/CVE-2022-26563.md b/2022/CVE-2022-26563.md new file mode 100644 index 000000000..6971cb201 --- /dev/null +++ b/2022/CVE-2022-26563.md @@ -0,0 +1,17 @@ +### [CVE-2022-26563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26563) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization. + +### POC + +#### Reference +- https://bitbucket.org/tildeslash/monit/commits/6ecaab1d375f33165fe98d06d92f36c949c0ea11 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-27666.md b/2022/CVE-2022-27666.md index 3f9b35f78..686017e59 100644 --- a/2022/CVE-2022-27666.md +++ b/2022/CVE-2022-27666.md @@ -30,6 +30,7 @@ A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ip - https://github.com/NaInSec/CVE-PoC-in-GitHub - https://github.com/SYRTI/POC_to_review - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/a8stract-lab/SeaK - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning diff --git a/2022/CVE-2022-29034.md b/2022/CVE-2022-29034.md index 465bbc01c..3c4764082 100644 --- a/2022/CVE-2022-29034.md +++ b/2022/CVE-2022-29034.md @@ -1,11 +1,11 @@ ### [CVE-2022-29034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29034) ![](https://img.shields.io/static/v1?label=Product&message=SINEMA%20Remote%20Connect%20Server&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V3.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) ### Description -A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks. +A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks. ### POC diff --git a/2022/CVE-2022-29266.md b/2022/CVE-2022-29266.md index e2ad2e6e4..6a9667ecd 100644 --- a/2022/CVE-2022-29266.md +++ b/2022/CVE-2022-29266.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/43622283/cloud-security-guides - https://github.com/ARPSyndicate/cvemon - https://github.com/GRQForCloud/cloud-security-guides +- https://github.com/Threekiii/Awesome-POC - https://github.com/YDCloudSecurity/cloud-security-guides - https://github.com/karimhabush/cyberowl - https://github.com/teamssix/awesome-cloud-security diff --git a/2022/CVE-2022-29420.md b/2022/CVE-2022-29420.md index 41e9ef604..17aad9bce 100644 --- a/2022/CVE-2022-29420.md +++ b/2022/CVE-2022-29420.md @@ -1,11 +1,11 @@ ### [CVE-2022-29420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29420) ![](https://img.shields.io/static/v1?label=Product&message=Countdown%20%26%20Clock%20(WordPress%20plugin)&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%202.3.2%3C%3D%202.3.2%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%202.3.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(XSS%20or%20'Cross-site%20Scripting')&color=brighgreen) ### Description -Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-circle-countdown-before-countdown and &ycd-circle-countdown-after-countdown vulnerable parameters. +Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock (WordPress plugin) countdown-builder allows Stored XSS.This issue affects Countdown & Clock (WordPress plugin): from n/a through 2.3.2. ### POC diff --git a/2022/CVE-2022-31656.md b/2022/CVE-2022-31656.md index a7533c7bf..9ca4de762 100644 --- a/2022/CVE-2022-31656.md +++ b/2022/CVE-2022-31656.md @@ -19,4 +19,5 @@ VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an - https://github.com/Marcuccio/kevin - https://github.com/Schira4396/VcenterKiller - https://github.com/UNC1739/awesome-vulnerability-research +- https://github.com/onewinner/VulToolsKit diff --git a/2022/CVE-2022-32250.md b/2022/CVE-2022-32250.md index e0db18494..478a0dac1 100644 --- a/2022/CVE-2022-32250.md +++ b/2022/CVE-2022-32250.md @@ -30,6 +30,7 @@ net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/Trickhish/automated_privilege_escalation - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/felixfu59/kernel-hack diff --git a/2022/CVE-2022-32253.md b/2022/CVE-2022-32253.md index 3b2284487..c5e6c6ee5 100644 --- a/2022/CVE-2022-32253.md +++ b/2022/CVE-2022-32253.md @@ -1,6 +1,6 @@ ### [CVE-2022-32253](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32253) ![](https://img.shields.io/static/v1?label=Product&message=SINEMA%20Remote%20Connect%20Server&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V3.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%3A%20Improper%20Input%20Validation&color=brighgreen) ### Description diff --git a/2022/CVE-2022-32254.md b/2022/CVE-2022-32254.md index 628284dda..d24317a24 100644 --- a/2022/CVE-2022-32254.md +++ b/2022/CVE-2022-32254.md @@ -1,6 +1,6 @@ ### [CVE-2022-32254](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32254) ![](https://img.shields.io/static/v1?label=Product&message=SINEMA%20Remote%20Connect%20Server&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V3.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-532%3A%20Insertion%20of%20Sensitive%20Information%20into%20Log%20File&color=brighgreen) ### Description diff --git a/2022/CVE-2022-34346.md b/2022/CVE-2022-34346.md new file mode 100644 index 000000000..30c1c6c4d --- /dev/null +++ b/2022/CVE-2022-34346.md @@ -0,0 +1,17 @@ +### [CVE-2022-34346](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34346) +![](https://img.shields.io/static/v1?label=Product&message=Intel(R)%20Media%20SDK%20software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20before%20version%2022.2.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=escalation%20of%20privilege&color=brighgreen) + +### Description + +Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Orange-Cyberdefense/CVE-repository + diff --git a/2022/CVE-2022-34918.md b/2022/CVE-2022-34918.md index 4b4b30f04..0d8506eeb 100644 --- a/2022/CVE-2022-34918.md +++ b/2022/CVE-2022-34918.md @@ -35,6 +35,7 @@ An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug - https://github.com/SirElmard/ethical_hacking - https://github.com/Snoopy-Sec/Localroot-ALL-CVE - https://github.com/WhooAmii/POC_to_review +- https://github.com/a-roshbaik/Linux-Privilege-Escalation-Exploits - https://github.com/bsauce/kernel-exploit-factory - https://github.com/bsauce/kernel-security-learning - https://github.com/dkb4rb/KernelExploiting diff --git a/2022/CVE-2022-36530.md b/2022/CVE-2022-36530.md new file mode 100644 index 000000000..b0895fe78 --- /dev/null +++ b/2022/CVE-2022-36530.md @@ -0,0 +1,17 @@ +### [CVE-2022-36530](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36530) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent related parameters of the info.php page. + +### POC + +#### Reference +- https://github.com/jianyan74/rageframe2/issues/106?by=xboy(Topsec) + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-37967.md b/2022/CVE-2022-37967.md index 74c13e9e4..323b368ac 100644 --- a/2022/CVE-2022-37967.md +++ b/2022/CVE-2022-37967.md @@ -41,6 +41,7 @@ No PoCs from references. - https://github.com/RkDx/MyRuby - https://github.com/Strokekilla/Rubeus - https://github.com/qobil7681/Password-cracker +- https://github.com/santan2020/ck2 - https://github.com/syedrizvinet/lib-repos-Rubeus - https://github.com/ycdxsb/WindowsPrivilegeEscalation diff --git a/2022/CVE-2022-38749.md b/2022/CVE-2022-38749.md index 13202dfd3..1026d2ad3 100644 --- a/2022/CVE-2022-38749.md +++ b/2022/CVE-2022-38749.md @@ -10,7 +10,7 @@ Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Ser ### POC #### Reference -No PoCs from references. +- https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2022/CVE-2022-38750.md b/2022/CVE-2022-38750.md index 77513c295..63d0c428a 100644 --- a/2022/CVE-2022-38750.md +++ b/2022/CVE-2022-38750.md @@ -10,7 +10,7 @@ Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Ser ### POC #### Reference -No PoCs from references. +- https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027 #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2022/CVE-2022-38751.md b/2022/CVE-2022-38751.md index 8024766e4..d250cb12e 100644 --- a/2022/CVE-2022-38751.md +++ b/2022/CVE-2022-38751.md @@ -10,7 +10,7 @@ Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Ser ### POC #### Reference -No PoCs from references. +- https://bitbucket.org/snakeyaml/snakeyaml/issues/530/stackoverflow-oss-fuzz-47039 #### Github - https://github.com/ARPSyndicate/cvemon diff --git a/2022/CVE-2022-40438.md b/2022/CVE-2022-40438.md new file mode 100644 index 000000000..59f6828e9 --- /dev/null +++ b/2022/CVE-2022-40438.md @@ -0,0 +1,17 @@ +### [CVE-2022-40438](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40438) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Buffer overflow vulnerability in function AP4_MemoryByteStream::WritePartial in mp42aac in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2022/CVE-2022-40439.md b/2022/CVE-2022-40439.md index 370e4da03..4225638a7 100644 --- a/2022/CVE-2022-40439.md +++ b/2022/CVE-2022-40439.md @@ -13,5 +13,5 @@ An memory leak issue was discovered in AP4_StdcFileByteStream::Create in mp42ts - https://github.com/axiomatic-systems/Bento4/issues/750 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-40487.md b/2022/CVE-2022-40487.md new file mode 100644 index 000000000..f12ff1aec --- /dev/null +++ b/2022/CVE-2022-40487.md @@ -0,0 +1,17 @@ +### [CVE-2022-40487](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40487) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload. + +### POC + +#### Reference +- http://processwire.com + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-40488.md b/2022/CVE-2022-40488.md new file mode 100644 index 000000000..4bd68dadb --- /dev/null +++ b/2022/CVE-2022-40488.md @@ -0,0 +1,17 @@ +### [CVE-2022-40488](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40488) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF). + +### POC + +#### Reference +- http://processwire.com + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-41120.md b/2022/CVE-2022-41120.md index ca5a0b052..d1816502f 100644 --- a/2022/CVE-2022-41120.md +++ b/2022/CVE-2022-41120.md @@ -16,4 +16,5 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/Wh04m1001/SysmonEoP - https://github.com/pxcs/CVE-29343-Sysmon-list +- https://github.com/pxcs/CVE_Sysmon_Report diff --git a/2022/CVE-2022-43032.md b/2022/CVE-2022-43032.md new file mode 100644 index 000000000..5ee23c50f --- /dev/null +++ b/2022/CVE-2022-43032.md @@ -0,0 +1,17 @@ +### [CVE-2022-43032](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43032) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Bento4 v1.6.0-639. There is a memory leak in AP4_DescriptorFactory::CreateDescriptorFromStream in Core/Ap4DescriptorFactory.cpp, as demonstrated by mp42aac. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2022/CVE-2022-43033.md b/2022/CVE-2022-43033.md new file mode 100644 index 000000000..98a1c1003 --- /dev/null +++ b/2022/CVE-2022-43033.md @@ -0,0 +1,17 @@ +### [CVE-2022-43033](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43033) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Bento4 1.6.0-639. There is a bad free in the component AP4_HdlrAtom::~AP4_HdlrAtom() which allows attackers to cause a Denial of Service (DoS) via a crafted input. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2022/CVE-2022-43034.md b/2022/CVE-2022-43034.md new file mode 100644 index 000000000..3c869a264 --- /dev/null +++ b/2022/CVE-2022-43034.md @@ -0,0 +1,17 @@ +### [CVE-2022-43034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43034) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Bento4 v1.6.0-639. There is a heap buffer overflow vulnerability in the AP4_BitReader::SkipBits(unsigned int) function in mp42ts. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2022/CVE-2022-43035.md b/2022/CVE-2022-43035.md new file mode 100644 index 000000000..b56bba81c --- /dev/null +++ b/2022/CVE-2022-43035.md @@ -0,0 +1,17 @@ +### [CVE-2022-43035](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43035) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Bento4 v1.6.0-639. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a Denial of Service (DoS), as demonstrated by mp42aac. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2022/CVE-2022-43037.md b/2022/CVE-2022-43037.md new file mode 100644 index 000000000..68f6a2ca5 --- /dev/null +++ b/2022/CVE-2022-43037.md @@ -0,0 +1,17 @@ +### [CVE-2022-43037](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43037) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in Bento4 1.6.0-639. There is a memory leak in the function AP4_File::ParseStream in /Core/Ap4File.cpp. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2022/CVE-2022-43038.md b/2022/CVE-2022-43038.md new file mode 100644 index 000000000..35a5b161c --- /dev/null +++ b/2022/CVE-2022-43038.md @@ -0,0 +1,17 @@ +### [CVE-2022-43038](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43038) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadCache() function in mp42ts. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2022/CVE-2022-43039.md b/2022/CVE-2022-43039.md index 66e07ae61..1d0809a02 100644 --- a/2022/CVE-2022-43039.md +++ b/2022/CVE-2022-43039.md @@ -13,5 +13,5 @@ GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation v - https://github.com/gpac/gpac/issues/2281 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43040.md b/2022/CVE-2022-43040.md index d454924b7..b1b4e6a59 100644 --- a/2022/CVE-2022-43040.md +++ b/2022/CVE-2022-43040.md @@ -13,5 +13,5 @@ GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer ov - https://github.com/gpac/gpac/issues/2280 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43042.md b/2022/CVE-2022-43042.md index 5c0473c59..5ed1ac30e 100644 --- a/2022/CVE-2022-43042.md +++ b/2022/CVE-2022-43042.md @@ -13,5 +13,5 @@ GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer ov - https://github.com/gpac/gpac/issues/2278 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43043.md b/2022/CVE-2022-43043.md index 5671cad5c..06af4fb34 100644 --- a/2022/CVE-2022-43043.md +++ b/2022/CVE-2022-43043.md @@ -13,5 +13,5 @@ GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation v - https://github.com/gpac/gpac/issues/2276 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43044.md b/2022/CVE-2022-43044.md index 84901bc1e..9473b33c6 100644 --- a/2022/CVE-2022-43044.md +++ b/2022/CVE-2022-43044.md @@ -13,5 +13,5 @@ GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation v - https://github.com/gpac/gpac/issues/2282 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43045.md b/2022/CVE-2022-43045.md index 70ca65f4e..55282ee3e 100644 --- a/2022/CVE-2022-43045.md +++ b/2022/CVE-2022-43045.md @@ -13,5 +13,5 @@ GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation v - https://github.com/gpac/gpac/issues/2277 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43235.md b/2022/CVE-2022-43235.md index b91aa3d03..1da3d6f9f 100644 --- a/2022/CVE-2022-43235.md +++ b/2022/CVE-2022-43235.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/337 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43236.md b/2022/CVE-2022-43236.md index 53c6208a6..ffa31cd69 100644 --- a/2022/CVE-2022-43236.md +++ b/2022/CVE-2022-43236.md @@ -14,4 +14,5 @@ Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability #### Github - https://github.com/ARPSyndicate/cvemon +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43237.md b/2022/CVE-2022-43237.md index eadd97df3..f4afd6f25 100644 --- a/2022/CVE-2022-43237.md +++ b/2022/CVE-2022-43237.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability - https://github.com/strukturag/libde265/issues/344 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43238.md b/2022/CVE-2022-43238.md index 5b28ed0c0..0448eb89f 100644 --- a/2022/CVE-2022-43238.md +++ b/2022/CVE-2022-43238.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_ - https://github.com/strukturag/libde265/issues/336 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43239.md b/2022/CVE-2022-43239.md index 622e1170d..e06556221 100644 --- a/2022/CVE-2022-43239.md +++ b/2022/CVE-2022-43239.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/341 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43240.md b/2022/CVE-2022-43240.md index ab88cca95..a5d71e1f7 100644 --- a/2022/CVE-2022-43240.md +++ b/2022/CVE-2022-43240.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/335 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43241.md b/2022/CVE-2022-43241.md index d80b1d5fb..283cdcf48 100644 --- a/2022/CVE-2022-43241.md +++ b/2022/CVE-2022-43241.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_ - https://github.com/strukturag/libde265/issues/338 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43242.md b/2022/CVE-2022-43242.md index 1c17079b4..93891ca36 100644 --- a/2022/CVE-2022-43242.md +++ b/2022/CVE-2022-43242.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/340 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43243.md b/2022/CVE-2022-43243.md index 00db1765f..c5441b02e 100644 --- a/2022/CVE-2022-43243.md +++ b/2022/CVE-2022-43243.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/339 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43244.md b/2022/CVE-2022-43244.md index 159ada725..38995087d 100644 --- a/2022/CVE-2022-43244.md +++ b/2022/CVE-2022-43244.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/342 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43245.md b/2022/CVE-2022-43245.md index 861e2320a..712201ede 100644 --- a/2022/CVE-2022-43245.md +++ b/2022/CVE-2022-43245.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao - https://github.com/strukturag/libde265/issues/352 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43248.md b/2022/CVE-2022-43248.md index 75bf2c627..95644c728 100644 --- a/2022/CVE-2022-43248.md +++ b/2022/CVE-2022-43248.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/349 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43249.md b/2022/CVE-2022-43249.md index d1c84ec06..198b277e1 100644 --- a/2022/CVE-2022-43249.md +++ b/2022/CVE-2022-43249.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/345 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43250.md b/2022/CVE-2022-43250.md index 4f8e04a16..eab9fce33 100644 --- a/2022/CVE-2022-43250.md +++ b/2022/CVE-2022-43250.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/346 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43252.md b/2022/CVE-2022-43252.md index a0ae247d3..f342ad1e0 100644 --- a/2022/CVE-2022-43252.md +++ b/2022/CVE-2022-43252.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/347 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43253.md b/2022/CVE-2022-43253.md index 3b876b94a..fccaaf1ca 100644 --- a/2022/CVE-2022-43253.md +++ b/2022/CVE-2022-43253.md @@ -13,5 +13,5 @@ Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability v - https://github.com/strukturag/libde265/issues/348 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43254.md b/2022/CVE-2022-43254.md index bb92d8263..5a725a765 100644 --- a/2022/CVE-2022-43254.md +++ b/2022/CVE-2022-43254.md @@ -13,5 +13,5 @@ GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak v - https://github.com/gpac/gpac/issues/2284 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-43255.md b/2022/CVE-2022-43255.md index 8b9ab1e32..97139edfc 100644 --- a/2022/CVE-2022-43255.md +++ b/2022/CVE-2022-43255.md @@ -13,5 +13,5 @@ GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak v - https://github.com/gpac/gpac/issues/2285 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-44704.md b/2022/CVE-2022-44704.md index 6ff127ea9..f0c8976d0 100644 --- a/2022/CVE-2022-44704.md +++ b/2022/CVE-2022-44704.md @@ -16,4 +16,5 @@ No PoCs from references. - https://github.com/ARPSyndicate/cvemon - https://github.com/Wh04m1001/SysmonEoP - https://github.com/pxcs/CVE-29343-Sysmon-list +- https://github.com/pxcs/CVE_Sysmon_Report diff --git a/2022/CVE-2022-45669.md b/2022/CVE-2022-45669.md index 8914f4553..a6cb852e4 100644 --- a/2022/CVE-2022-45669.md +++ b/2022/CVE-2022-45669.md @@ -15,4 +15,5 @@ Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the ind #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/iceyjchen/VulnerabilityProjectRecords +- https://github.com/jiceylc/VulnerabilityProjectRecords diff --git a/2022/CVE-2022-45670.md b/2022/CVE-2022-45670.md index 10bbcacf3..1b612dfe5 100644 --- a/2022/CVE-2022-45670.md +++ b/2022/CVE-2022-45670.md @@ -15,4 +15,5 @@ Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the pin #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/iceyjchen/VulnerabilityProjectRecords +- https://github.com/jiceylc/VulnerabilityProjectRecords diff --git a/2022/CVE-2022-45673.md b/2022/CVE-2022-45673.md index 5310d759d..23ab5eab6 100644 --- a/2022/CVE-2022-45673.md +++ b/2022/CVE-2022-45673.md @@ -15,4 +15,5 @@ Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) vi #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/iceyjchen/VulnerabilityProjectRecords +- https://github.com/jiceylc/VulnerabilityProjectRecords diff --git a/2022/CVE-2022-45674.md b/2022/CVE-2022-45674.md index 71c71d372..856dc8fd9 100644 --- a/2022/CVE-2022-45674.md +++ b/2022/CVE-2022-45674.md @@ -15,4 +15,5 @@ Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery (CSRF) vi #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/iceyjchen/VulnerabilityProjectRecords +- https://github.com/jiceylc/VulnerabilityProjectRecords diff --git a/2022/CVE-2022-45796.md b/2022/CVE-2022-45796.md new file mode 100644 index 000000000..7ac8f40ce --- /dev/null +++ b/2022/CVE-2022-45796.md @@ -0,0 +1,17 @@ +### [CVE-2022-45796](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45796) +![](https://img.shields.io/static/v1?label=Product&message=SHARP%20multifunction%20printers&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=Digital%20Full-color%20Multifunctional%20System%3C%3D%20202%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen) + +### Description + +Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier allows remote attackers to execute arbitrary commands via unspecified vectors. + +### POC + +#### Reference +- http://seclists.org/fulldisclosure/2024/Jul/0 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2022/CVE-2022-47069.md b/2022/CVE-2022-47069.md index eb6786120..c9c3c4443 100644 --- a/2022/CVE-2022-47069.md +++ b/2022/CVE-2022-47069.md @@ -13,5 +13,5 @@ p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via t - https://sourceforge.net/p/p7zip/bugs/241/ #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-48063.md b/2022/CVE-2022-48063.md index 963562932..69f0c04a1 100644 --- a/2022/CVE-2022-48063.md +++ b/2022/CVE-2022-48063.md @@ -13,5 +13,5 @@ GNU Binutils before 2.40 was discovered to contain an excessive memory consumpti - https://sourceware.org/bugzilla/show_bug.cgi?id=29924 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-48064.md b/2022/CVE-2022-48064.md index b440d49c2..d8a4b06f6 100644 --- a/2022/CVE-2022-48064.md +++ b/2022/CVE-2022-48064.md @@ -13,5 +13,5 @@ GNU Binutils before 2.40 was discovered to contain an excessive memory consumpti - https://sourceware.org/bugzilla/show_bug.cgi?id=29922 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-48065.md b/2022/CVE-2022-48065.md index 3af1ef4a2..cb72e8305 100644 --- a/2022/CVE-2022-48065.md +++ b/2022/CVE-2022-48065.md @@ -13,5 +13,5 @@ GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability v - https://sourceware.org/bugzilla/show_bug.cgi?id=29925 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2022/CVE-2022-4968.md b/2022/CVE-2022-4968.md index 8fd644bf3..32dd1f010 100644 --- a/2022/CVE-2022-4968.md +++ b/2022/CVE-2022-4968.md @@ -1,11 +1,11 @@ ### [CVE-2022-4968](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4968) ![](https://img.shields.io/static/v1?label=Product&message=Netplan&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%201.0%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-497&color=brighgreen) ### Description -netplan leaks the private key of wireguard to local users. A security fix will be released soon. +netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected. ### POC diff --git a/2023/CVE-2023-0400.md b/2023/CVE-2023-0400.md index 100ddbec2..f79939667 100644 --- a/2023/CVE-2023-0400.md +++ b/2023/CVE-2023-0400.md @@ -13,5 +13,5 @@ The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in ve - https://kcm.trellix.com/corporate/index?page=content&id=SB10394&locale=en_US #### Github -No PoCs found on GitHub currently. +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-1773.md b/2023/CVE-2023-1773.md new file mode 100644 index 000000000..659b4db6d --- /dev/null +++ b/2023/CVE-2023-1773.md @@ -0,0 +1,17 @@ +### [CVE-2023-1773](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1773) +![](https://img.shields.io/static/v1?label=Product&message=Rockoa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.3.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Code%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-2033.md b/2023/CVE-2023-2033.md index f39043864..018a1f5e9 100644 --- a/2023/CVE-2023-2033.md +++ b/2023/CVE-2023-2033.md @@ -22,6 +22,7 @@ No PoCs from references. - https://github.com/Threekiii/CVE - https://github.com/WalccDev/CVE-2023-2033 - https://github.com/dan-mba/python-selenium-news +- https://github.com/doyensec/awesome-electronjs-hacking - https://github.com/gretchenfrage/CVE-2023-2033-analysis - https://github.com/insoxin/CVE-2023-2033 - https://github.com/karimhabush/cyberowl diff --git a/2023/CVE-2023-20598.md b/2023/CVE-2023-20598.md index 77165471e..28f8b4c07 100644 --- a/2023/CVE-2023-20598.md +++ b/2023/CVE-2023-20598.md @@ -24,6 +24,7 @@ An improper privilege management in the AMD Radeon™ Graphics driver may allow No PoCs from references. #### Github +- https://github.com/0xsyr0/OSCP - https://github.com/hfiref0x/KDU - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-20872.md b/2023/CVE-2023-20872.md new file mode 100644 index 000000000..fddf15021 --- /dev/null +++ b/2023/CVE-2023-20872.md @@ -0,0 +1,17 @@ +### [CVE-2023-20872](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20872) +![](https://img.shields.io/static/v1?label=Product&message=VMware%20Workstation%20Pro%20%2F%20Player%20(Workstation)%20and%20VMware%20Fusion&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20read%2Fwrite%20vulnerability&color=brighgreen) + +### Description + +VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-20938.md b/2023/CVE-2023-20938.md index 9db9f3fbd..adeef5975 100644 --- a/2023/CVE-2023-20938.md +++ b/2023/CVE-2023-20938.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/IamAlch3mist/Awesome-Android-Vulnerability-Research +- https://github.com/xairy/linux-kernel-exploitation diff --git a/2023/CVE-2023-20945.md b/2023/CVE-2023-20945.md new file mode 100644 index 000000000..35fea945d --- /dev/null +++ b/2023/CVE-2023-20945.md @@ -0,0 +1,17 @@ +### [CVE-2023-20945](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20945) +![](https://img.shields.io/static/v1?label=Product&message=Android&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20privilege&color=brighgreen) + +### Description + +In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-246932269 + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-21266.md b/2023/CVE-2023-21266.md index 0b0f7f388..58ce58fad 100644 --- a/2023/CVE-2023-21266.md +++ b/2023/CVE-2023-21266.md @@ -5,7 +5,7 @@ ### Description -In killBackgroundProcesses of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. +In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. ### POC diff --git a/2023/CVE-2023-21400.md b/2023/CVE-2023-21400.md index fe98289ca..ca1a8a955 100644 --- a/2023/CVE-2023-21400.md +++ b/2023/CVE-2023-21400.md @@ -13,5 +13,5 @@ In multiple functions of io_uring.c, there is a possible kernel memory corrupti - http://packetstormsecurity.com/files/175072/Kernel-Live-Patch-Security-Notice-LSN-0098-1.html #### Github -No PoCs found on GitHub currently. +- https://github.com/xairy/linux-kernel-exploitation diff --git a/2023/CVE-2023-21768.md b/2023/CVE-2023-21768.md index b7546c144..f71bccfcb 100644 --- a/2023/CVE-2023-21768.md +++ b/2023/CVE-2023-21768.md @@ -30,6 +30,7 @@ Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerabili - https://github.com/Cruxer8Mech/Idk - https://github.com/Dy-Baby/nullmap - https://github.com/GhostTroops/TOP +- https://github.com/Gyarbij/xknow_infosec - https://github.com/HKxiaoli/Windows_AFD_LPE_CVE-2023-21768 - https://github.com/Ha0-Y/CVE-2023-21768 - https://github.com/HasanIftakher/win11-Previlage-escalation diff --git a/2023/CVE-2023-21839.md b/2023/CVE-2023-21839.md index dbfdf3476..a650e8e59 100644 --- a/2023/CVE-2023-21839.md +++ b/2023/CVE-2023-21839.md @@ -57,6 +57,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/labesterOct/CVE-2024-20931 - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/qi4L/WeblogicScan.go - https://github.com/r00t4dm/r00t4dm - https://github.com/skyblueflag/WebSecurityStudy diff --git a/2023/CVE-2023-21931.md b/2023/CVE-2023-21931.md index d79a06fd7..de297aa55 100644 --- a/2023/CVE-2023-21931.md +++ b/2023/CVE-2023-21931.md @@ -29,5 +29,6 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/gobysec/Weblogic - https://github.com/hktalent/TOP - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/trganda/starrlist diff --git a/2023/CVE-2023-22463.md b/2023/CVE-2023-22463.md index faff17b8a..8b3fb7820 100644 --- a/2023/CVE-2023-22463.md +++ b/2023/CVE-2023-22463.md @@ -16,6 +16,7 @@ No PoCs from references. - https://github.com/20142995/pocsuite3 - https://github.com/DarkFunct/CVE_Exploits - https://github.com/Threekiii/Awesome-POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/ggjkjk/1444 - https://github.com/ibaiw/2023Hvv diff --git a/2023/CVE-2023-22515.md b/2023/CVE-2023-22515.md index 8f4321d63..c3eab2f0c 100644 --- a/2023/CVE-2023-22515.md +++ b/2023/CVE-2023-22515.md @@ -67,6 +67,7 @@ Atlassian has been made aware of an issue reported by a handful of customers whe - https://github.com/mumble99/rvision_task - https://github.com/netlas-io/netlas-dorks - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/rxerium/CVE-2023-22515 - https://github.com/rxerium/stars - https://github.com/s1d6point7bugcrowd/CVE-2023-22515-check diff --git a/2023/CVE-2023-22527.md b/2023/CVE-2023-22527.md index e2fdeda50..3dbd4bc1a 100644 --- a/2023/CVE-2023-22527.md +++ b/2023/CVE-2023-22527.md @@ -35,6 +35,7 @@ A template injection vulnerability on older versions of Confluence Data Center a - https://github.com/ReAbout/web-sec - https://github.com/RevoltSecurities/CVE-2023-22527 - https://github.com/Sudistark/patch-diff-CVE-2023-22527 +- https://github.com/T0ngMystic/Vulnerability_List - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Awesome-Redteam - https://github.com/Threekiii/CVE @@ -59,6 +60,7 @@ A template injection vulnerability on older versions of Confluence Data Center a - https://github.com/lions2012/Penetration_Testing_POC - https://github.com/netlas-io/netlas-dorks - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/onewinner/VulToolsKit - https://github.com/ramirezs4/Tips-and-tools-forensics---RS4 - https://github.com/sanjai-AK47/CVE-2023-22527 - https://github.com/tanjiti/sec_profile diff --git a/2023/CVE-2023-23388.md b/2023/CVE-2023-23388.md new file mode 100644 index 000000000..1f0cfc8a9 --- /dev/null +++ b/2023/CVE-2023-23388.md @@ -0,0 +1,35 @@ +### [CVE-2023-23388](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23388) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201607&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%201809&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2020H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202016&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019%20(Server%20Core%20installation)&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.5786%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.4131%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19042.2728%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.2728%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.2728%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.1607%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.1696%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.1413%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-681%3A%20Incorrect%20Conversion%20between%20Numeric%20Types&color=brighgreen) + +### Description + +Windows Bluetooth Driver Elevation of Privilege Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-2375.md b/2023/CVE-2023-2375.md new file mode 100644 index 000000000..1a7034f82 --- /dev/null +++ b/2023/CVE-2023-2375.md @@ -0,0 +1,17 @@ +### [CVE-2023-2375](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2375) +![](https://img.shields.io/static/v1?label=Product&message=EdgeRouter%20X&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%202.0.9-hotfix.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Command%20Injection&color=brighgreen) + +### Description + +A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227651. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-24159.md b/2023/CVE-2023-24159.md index 199ddb295..50389bef5 100644 --- a/2023/CVE-2023-24159.md +++ b/2023/CVE-2023-24159.md @@ -15,4 +15,5 @@ TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulne #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/iceyjchen/VulnerabilityProjectRecords +- https://github.com/jiceylc/VulnerabilityProjectRecords diff --git a/2023/CVE-2023-24160.md b/2023/CVE-2023-24160.md index d5231d155..8ac14b50b 100644 --- a/2023/CVE-2023-24160.md +++ b/2023/CVE-2023-24160.md @@ -15,4 +15,5 @@ TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulne #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/iceyjchen/VulnerabilityProjectRecords +- https://github.com/jiceylc/VulnerabilityProjectRecords diff --git a/2023/CVE-2023-24161.md b/2023/CVE-2023-24161.md index 89d79ffdf..9046615cf 100644 --- a/2023/CVE-2023-24161.md +++ b/2023/CVE-2023-24161.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/iceyjchen/VulnerabilityProjectRecords +- https://github.com/jiceylc/VulnerabilityProjectRecords diff --git a/2023/CVE-2023-24322.md b/2023/CVE-2023-24322.md index 29b4c3b42..49044b70d 100644 --- a/2023/CVE-2023-24322.md +++ b/2023/CVE-2023-24322.md @@ -16,4 +16,5 @@ A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx comp - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates - https://github.com/blakduk/Advisories +- https://github.com/gnarkill78/CSA_S2_2024 diff --git a/2023/CVE-2023-2474.md b/2023/CVE-2023-2474.md index ba43ffb81..d94709b72 100644 --- a/2023/CVE-2023-2474.md +++ b/2023/CVE-2023-2474.md @@ -10,6 +10,7 @@ A vulnerability has been found in Rebuild 3.2 and classified as problematic. Thi ### POC #### Reference +- https://gitee.com/getrebuild/rebuild/issues/I6W4M2 - https://vuldb.com/?id.227866 #### Github diff --git a/2023/CVE-2023-24871.md b/2023/CVE-2023-24871.md new file mode 100644 index 000000000..2fddd2b95 --- /dev/null +++ b/2023/CVE-2023-24871.md @@ -0,0 +1,27 @@ +### [CVE-2023-24871](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24871) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2020H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2010%20Version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2021H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%2011%20version%2022H2&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19042.2728%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.2728%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.2728%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.1607%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.1696%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.1413%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-190%3A%20Integer%20Overflow%20or%20Wraparound&color=brighgreen) + +### Description + +Windows Bluetooth Service Remote Code Execution Vulnerability + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-24932.md b/2023/CVE-2023-24932.md index 0b7628fbc..d1832f3f4 100644 --- a/2023/CVE-2023-24932.md +++ b/2023/CVE-2023-24932.md @@ -24,22 +24,22 @@ ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202019&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022%2C%2023H2%20Edition%20(Server%20Core%20installation)&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Windows%20Server%202022&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20N%2FA%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20048%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.6085%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.4645%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.10240.20710%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.14393.7159%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.17763.6054%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19042.2965%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.2965%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.2965%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.1850%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.2176%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.1992%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3447%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22175%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.26623%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.26623%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24374%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.21063%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19044.4651%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.19045.4651%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.20348.2582%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22000.3079%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22621.3880%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.22631.3880%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=10.0.0%3C%2010.0.25398.1009%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.0.6003.22769%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.0.0%3C%206.1.7601.27219%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.1.0%3C%206.1.7601.27219%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.2.0%3C%206.2.9200.24975%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=6.3.0%3C%206.3.9600.22074%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Security%20Feature%20Bypass&color=brighgreen) ### Description diff --git a/2023/CVE-2023-25194.md b/2023/CVE-2023-25194.md index 4bb66515e..52fa469fb 100644 --- a/2023/CVE-2023-25194.md +++ b/2023/CVE-2023-25194.md @@ -36,6 +36,7 @@ A possible security vulnerability has been identified in Apache Kafka Connect AP - https://github.com/srchen1987/springcloud-distributed-transaction - https://github.com/turn1tup/Writings - https://github.com/vulncheck-oss/cve-2023-25194 +- https://github.com/vulncheck-oss/go-exploit - https://github.com/whoforget/CVE-POC - https://github.com/youwizard/CVE-POC diff --git a/2023/CVE-2023-2523.md b/2023/CVE-2023-2523.md index fc2087f54..045a4c798 100644 --- a/2023/CVE-2023-2523.md +++ b/2023/CVE-2023-2523.md @@ -15,6 +15,7 @@ A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. #### Github - https://github.com/Any3ite/CVE-2023-2523 - https://github.com/Co5mos/nuclei-tps +- https://github.com/TrojanAZhen/Self_Back - https://github.com/bingtangbanli/cve-2023-2523-and-cve-2023-2648 - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/kuang-zy/2023-Weaver-pocs diff --git a/2023/CVE-2023-2648.md b/2023/CVE-2023-2648.md index 21d2759ab..66d5b88aa 100644 --- a/2023/CVE-2023-2648.md +++ b/2023/CVE-2023-2648.md @@ -16,6 +16,7 @@ A vulnerability was found in Weaver E-Office 9.5. It has been classified as crit - https://github.com/Co5mos/nuclei-tps - https://github.com/MD-SEC/MDPOCS - https://github.com/MzzdToT/HAC_Bored_Writing +- https://github.com/TrojanAZhen/Self_Back - https://github.com/bingtangbanli/cve-2023-2523-and-cve-2023-2648 - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/kuang-zy/2023-Weaver-pocs diff --git a/2023/CVE-2023-27372.md b/2023/CVE-2023-27372.md index 3732685dd..d01a0c74c 100644 --- a/2023/CVE-2023-27372.md +++ b/2023/CVE-2023-27372.md @@ -20,6 +20,7 @@ SPIP before 4.2.1 allows Remote Code Execution via form values in the public are - https://github.com/Pari-Malam/CVE-2023-27372 - https://github.com/RSTG0D/CVE-2023-27372-PoC - https://github.com/ThatNotEasy/CVE-2023-27372 +- https://github.com/TrojanAZhen/Self_Back - https://github.com/abrahim7112/Vulnerability-checking-program-for-Android - https://github.com/izzz0/CVE-2023-27372-POC - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-27636.md b/2023/CVE-2023-27636.md new file mode 100644 index 000000000..c6e426ba3 --- /dev/null +++ b/2023/CVE-2023-27636.md @@ -0,0 +1,17 @@ +### [CVE-2023-27636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27636) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor. + +### POC + +#### Reference +- https://www.exploit-db.com/exploits/52035 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-2796.md b/2023/CVE-2023-2796.md index 20ae560ab..1e65507fc 100644 --- a/2023/CVE-2023-2796.md +++ b/2023/CVE-2023-2796.md @@ -14,5 +14,6 @@ The EventON WordPress plugin before 2.1.2 lacks authentication and authorization - https://wpscan.com/vulnerability/e9ef793c-e5a3-4c55-beee-56b0909f7a0d #### Github +- https://github.com/NoTsPepino/Shodan-Dorking - https://github.com/nullfuzz-pentest/shodan-dorks diff --git a/2023/CVE-2023-28432.md b/2023/CVE-2023-28432.md index e9c86d299..4cbe71af5 100644 --- a/2023/CVE-2023-28432.md +++ b/2023/CVE-2023-28432.md @@ -44,6 +44,7 @@ No PoCs from references. - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/CVE - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/acheiii/CVE-2023-28432 - https://github.com/atk7r/Taichi - https://github.com/bakery312/Vulhub-Reproduce @@ -51,6 +52,7 @@ No PoCs from references. - https://github.com/bingtangbanli/VulnerabilityTools - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/gmh5225/Awesome-ML-Security_ +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/gobysec/CVE-2023-28432 - https://github.com/h0ng10/CVE-2023-28432_docker - https://github.com/hktalent/TOP diff --git a/2023/CVE-2023-28486.md b/2023/CVE-2023-28486.md index 338308751..152a302f5 100644 --- a/2023/CVE-2023-28486.md +++ b/2023/CVE-2023-28486.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/vulsio/goval-dictionary diff --git a/2023/CVE-2023-28487.md b/2023/CVE-2023-28487.md index ec253d345..0bf685f57 100644 --- a/2023/CVE-2023-28487.md +++ b/2023/CVE-2023-28487.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/vulsio/goval-dictionary diff --git a/2023/CVE-2023-29300.md b/2023/CVE-2023-29300.md index 4ff2c75e8..62ae37733 100644 --- a/2023/CVE-2023-29300.md +++ b/2023/CVE-2023-29300.md @@ -18,6 +18,7 @@ No PoCs from references. - https://github.com/Ostorlab/KEV - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/XRSec/AWVS-Update - https://github.com/Y4tacker/JavaSec - https://github.com/ggjkjk/1444 diff --git a/2023/CVE-2023-29489.md b/2023/CVE-2023-29489.md index 26b39f0ba..277679c51 100644 --- a/2023/CVE-2023-29489.md +++ b/2023/CVE-2023-29489.md @@ -31,6 +31,7 @@ An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the c - https://github.com/ViperM4sk/cpanel-xss-177 - https://github.com/ctflearner/Learn365 - https://github.com/daffainfo/Oneliner-Bugbounty +- https://github.com/gnarkill78/CSA_S2_2024 - https://github.com/haxor1337x/Scanner-CVE-2023-29489 - https://github.com/htrgouvea/spellbook - https://github.com/ipk1/CVE-2023-29489.py diff --git a/2023/CVE-2023-30237.md b/2023/CVE-2023-30237.md index 7e5cff2a7..d6ad8f982 100644 --- a/2023/CVE-2023-30237.md +++ b/2023/CVE-2023-30237.md @@ -10,6 +10,7 @@ CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DL ### POC #### Reference +- https://cwe.mitre.org/data/definitions/77.html - https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/ #### Github diff --git a/2023/CVE-2023-30800.md b/2023/CVE-2023-30800.md new file mode 100644 index 000000000..8a5fe6f0b --- /dev/null +++ b/2023/CVE-2023-30800.md @@ -0,0 +1,17 @@ +### [CVE-2023-30800](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30800) +![](https://img.shields.io/static/v1?label=Product&message=RouterOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-787%20Out-of-bounds%20Write&color=brighgreen) + +### Description + +The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-3141.md b/2023/CVE-2023-3141.md new file mode 100644 index 000000000..7a83b0da4 --- /dev/null +++ b/2023/CVE-2023-3141.md @@ -0,0 +1,17 @@ +### [CVE-2023-3141](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3141) +![](https://img.shields.io/static/v1?label=Product&message=Kernel&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-416&color=brighgreen) + +### Description + +A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. + +### POC + +#### Reference +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-31582.md b/2023/CVE-2023-31582.md new file mode 100644 index 000000000..fa7cfadec --- /dev/null +++ b/2023/CVE-2023-31582.md @@ -0,0 +1,17 @@ +### [CVE-2023-31582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31582) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. + +### POC + +#### Reference +- https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-32233.md b/2023/CVE-2023-32233.md index 94272d2a1..e5fc42edc 100644 --- a/2023/CVE-2023-32233.md +++ b/2023/CVE-2023-32233.md @@ -37,6 +37,7 @@ In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when - https://github.com/oscpname/OSCP_cheat - https://github.com/revanmalang/OSCP - https://github.com/sirhc505/CVE_TOOLS +- https://github.com/tanjiti/sec_profile - https://github.com/txuswashere/OSCP - https://github.com/void0red/CVE-2023-32233 - https://github.com/xairy/linux-kernel-exploitation diff --git a/2023/CVE-2023-32315.md b/2023/CVE-2023-32315.md index ab4ebc0bc..d8cd8a5eb 100644 --- a/2023/CVE-2023-32315.md +++ b/2023/CVE-2023-32315.md @@ -33,6 +33,7 @@ Openfire is an XMPP server licensed under the Open Source Apache License. Openfi - https://github.com/ThatNotEasy/CVE-2023-32315 - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/XRSec/AWVS-Update - https://github.com/aneasystone/github-trending - https://github.com/bakery312/Vulhub-Reproduce diff --git a/2023/CVE-2023-3268.md b/2023/CVE-2023-3268.md index a404987c7..17553e391 100644 --- a/2023/CVE-2023-3268.md +++ b/2023/CVE-2023-3268.md @@ -10,7 +10,7 @@ An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-32832.md b/2023/CVE-2023-32832.md index 42c7460eb..d1e41cc66 100644 --- a/2023/CVE-2023-32832.md +++ b/2023/CVE-2023-32832.md @@ -13,5 +13,5 @@ In video, there is a possible memory corruption due to a race condition. This co - http://packetstormsecurity.com/files/175662/Android-mtk_jpeg-Driver-Race-Condition-Privilege-Escalation.html #### Github -No PoCs found on GitHub currently. +- https://github.com/xairy/linux-kernel-exploitation diff --git a/2023/CVE-2023-32837.md b/2023/CVE-2023-32837.md index 70a08047b..0fe991550 100644 --- a/2023/CVE-2023-32837.md +++ b/2023/CVE-2023-32837.md @@ -13,5 +13,5 @@ In video, there is a possible out of bounds write due to a missing bounds check. - http://packetstormsecurity.com/files/175665/mtk-jpeg-Driver-Out-Of-Bounds-Read-Write.html #### Github -No PoCs found on GitHub currently. +- https://github.com/xairy/linux-kernel-exploitation diff --git a/2023/CVE-2023-32878.md b/2023/CVE-2023-32878.md new file mode 100644 index 000000000..957d32800 --- /dev/null +++ b/2023/CVE-2023-32878.md @@ -0,0 +1,17 @@ +### [CVE-2023-32878](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32878) +![](https://img.shields.io/static/v1?label=Product&message=MT6762%2C%20MT6765%2C%20MT6833%2C%20MT6879%2C%20MT6883%2C%20MT6885%2C%20MT6983%2C%20MT8167%2C%20MT8168%2C%20MT8188%2C%20MT8321%2C%20MT8765%2C%20MT8766%2C%20MT8768%2C%20MT8781%2C%20MT8786%2C%20MT8788%2C%20MT8789%2C%20MT8791T%2C%20MT8797%2C%20MT8798&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%2C%2013.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Information%20Disclosure&color=brighgreen) + +### Description + +In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2023/CVE-2023-32882.md b/2023/CVE-2023-32882.md new file mode 100644 index 000000000..056a973cd --- /dev/null +++ b/2023/CVE-2023-32882.md @@ -0,0 +1,17 @@ +### [CVE-2023-32882](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32882) +![](https://img.shields.io/static/v1?label=Product&message=MT6762%2C%20MT6765%2C%20MT6833%2C%20MT6879%2C%20MT6883%2C%20MT6885%2C%20MT6983%2C%20MT8167%2C%20MT8168%2C%20MT8188%2C%20MT8321%2C%20MT8765%2C%20MT8766%2C%20MT8768%2C%20MT8781%2C%20MT8786%2C%20MT8788%2C%20MT8789%2C%20MT8791T%2C%20MT8797%2C%20MT8798&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20Android%2012.0%2C%2013.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Elevation%20of%20Privilege&color=brighgreen) + +### Description + +In battery, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308616. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/xairy/linux-kernel-exploitation + diff --git a/2023/CVE-2023-33252.md b/2023/CVE-2023-33252.md index f81cc03a2..ee1b07a5b 100644 --- a/2023/CVE-2023-33252.md +++ b/2023/CVE-2023-33252.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/ARPSyndicate/cvemon - https://github.com/BeosinBlockchainSecurity/Security-Incident-Reports +- https://github.com/brycewai/Web3-Security diff --git a/2023/CVE-2023-33303.md b/2023/CVE-2023-33303.md new file mode 100644 index 000000000..2d565450a --- /dev/null +++ b/2023/CVE-2023-33303.md @@ -0,0 +1,17 @@ +### [CVE-2023-33303](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33303) +![](https://img.shields.io/static/v1?label=Product&message=FortiEDR&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=5.0.0%3C%3D%205.0.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Execute%20unauthorized%20code%20or%20commands&color=brighgreen) + +### Description + +A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/Orange-Cyberdefense/CVE-repository + diff --git a/2023/CVE-2023-33468.md b/2023/CVE-2023-33468.md index 66502d945..d82659577 100644 --- a/2023/CVE-2023-33468.md +++ b/2023/CVE-2023-33468.md @@ -10,7 +10,7 @@ KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.13 ### POC #### Reference -No PoCs from references. +- http://kramerav.com #### Github - https://github.com/Sharpe-nl/CVEs diff --git a/2023/CVE-2023-33469.md b/2023/CVE-2023-33469.md index 4c8f5deeb..d2f450cdb 100644 --- a/2023/CVE-2023-33469.md +++ b/2023/CVE-2023-33469.md @@ -10,7 +10,7 @@ In instances where the screen is visible and remote mouse connection is enabled, ### POC #### Reference -No PoCs from references. +- http://kramerav.com #### Github - https://github.com/Sharpe-nl/CVEs diff --git a/2023/CVE-2023-33669.md b/2023/CVE-2023-33669.md index 268394b50..509edc824 100644 --- a/2023/CVE-2023-33669.md +++ b/2023/CVE-2023-33669.md @@ -15,5 +15,6 @@ Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the ti #### Github - https://github.com/DDizzzy79/Tenda-CVE +- https://github.com/retr0reg/Tenda-Ac8v4-PoC - https://github.com/retr0reg/Tenda-CVE diff --git a/2023/CVE-2023-33670.md b/2023/CVE-2023-33670.md index 3e1587e9b..0f3af7ba7 100644 --- a/2023/CVE-2023-33670.md +++ b/2023/CVE-2023-33670.md @@ -15,5 +15,6 @@ Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the ti #### Github - https://github.com/DDizzzy79/Tenda-CVE +- https://github.com/retr0reg/Tenda-Ac8v4-PoC - https://github.com/retr0reg/Tenda-CVE diff --git a/2023/CVE-2023-33671.md b/2023/CVE-2023-33671.md index 9099c323c..9881d6d9c 100644 --- a/2023/CVE-2023-33671.md +++ b/2023/CVE-2023-33671.md @@ -15,5 +15,6 @@ Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the de #### Github - https://github.com/DDizzzy79/Tenda-CVE +- https://github.com/retr0reg/Tenda-Ac8v4-PoC - https://github.com/retr0reg/Tenda-CVE diff --git a/2023/CVE-2023-33672.md b/2023/CVE-2023-33672.md index 9155ed0de..96a09c759 100644 --- a/2023/CVE-2023-33672.md +++ b/2023/CVE-2023-33672.md @@ -15,5 +15,6 @@ Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the sh #### Github - https://github.com/DDizzzy79/Tenda-CVE +- https://github.com/retr0reg/Tenda-Ac8v4-PoC - https://github.com/retr0reg/Tenda-CVE diff --git a/2023/CVE-2023-33673.md b/2023/CVE-2023-33673.md index d2e6da6a1..8be252f4c 100644 --- a/2023/CVE-2023-33673.md +++ b/2023/CVE-2023-33673.md @@ -15,5 +15,6 @@ Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the fi #### Github - https://github.com/DDizzzy79/Tenda-CVE +- https://github.com/retr0reg/Tenda-Ac8v4-PoC - https://github.com/retr0reg/Tenda-CVE diff --git a/2023/CVE-2023-33675.md b/2023/CVE-2023-33675.md index ac9cc8e3b..ede6c6936 100644 --- a/2023/CVE-2023-33675.md +++ b/2023/CVE-2023-33675.md @@ -15,5 +15,6 @@ Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the ti #### Github - https://github.com/DDizzzy79/Tenda-CVE +- https://github.com/retr0reg/Tenda-Ac8v4-PoC - https://github.com/retr0reg/Tenda-CVE diff --git a/2023/CVE-2023-33768.md b/2023/CVE-2023-33768.md index 611a53a25..fbacf604a 100644 --- a/2023/CVE-2023-33768.md +++ b/2023/CVE-2023-33768.md @@ -10,7 +10,7 @@ Incorrect signature verification of the firmware during the Device Firmware Upda ### POC #### Reference -No PoCs from references. +- https://play.google.com/store/apps/details?id=com.belkin.wemoandroid&hl=en_US&gl=US #### Github - https://github.com/Fr0stM0urne/CVE-2023-33768 diff --git a/2023/CVE-2023-33829.md b/2023/CVE-2023-33829.md index 8cf2d3d57..ee8bf79ab 100644 --- a/2023/CVE-2023-33829.md +++ b/2023/CVE-2023-33829.md @@ -11,6 +11,7 @@ A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v #### Reference - http://packetstormsecurity.com/files/172588/SCM-Manager-1.60-Cross-Site-Scripting.html +- https://bitbucket.org/sdorra/docker-scm-manager/src/master/ - https://github.com/n3gox/Stored-XSS-on-SCM-Manager-1.60 #### Github diff --git a/2023/CVE-2023-33919.md b/2023/CVE-2023-33919.md index 7c1d218f0..5030d5946 100644 --- a/2023/CVE-2023-33919.md +++ b/2023/CVE-2023-33919.md @@ -13,6 +13,7 @@ A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPC #### Reference - http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html - http://seclists.org/fulldisclosure/2023/Jul/14 +- http://seclists.org/fulldisclosure/2024/Jul/4 #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-33951.md b/2023/CVE-2023-33951.md index c1a42948c..5d47231b0 100644 --- a/2023/CVE-2023-33951.md +++ b/2023/CVE-2023-33951.md @@ -4,6 +4,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.8%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) diff --git a/2023/CVE-2023-33952.md b/2023/CVE-2023-33952.md index e6dfcdaab..27d275c2e 100644 --- a/2023/CVE-2023-33952.md +++ b/2023/CVE-2023-33952.md @@ -4,6 +4,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.8%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Double%20Free&color=brighgreen) diff --git a/2023/CVE-2023-34256.md b/2023/CVE-2023-34256.md index b5662d8ee..a7c056ae2 100644 --- a/2023/CVE-2023-34256.md +++ b/2023/CVE-2023-34256.md @@ -10,7 +10,7 @@ ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.3 #### Github - https://github.com/vin01/bogus-cves diff --git a/2023/CVE-2023-3450.md b/2023/CVE-2023-3450.md index 356a959ea..aa9659b77 100644 --- a/2023/CVE-2023-3450.md +++ b/2023/CVE-2023-3450.md @@ -13,6 +13,7 @@ A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. No PoCs from references. #### Github +- https://github.com/TrojanAZhen/Self_Back - https://github.com/caopengyan/CVE-2023-3450 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/yuanjinyuyuyu/CVE-2023-3450 diff --git a/2023/CVE-2023-35789.md b/2023/CVE-2023-35789.md new file mode 100644 index 000000000..c71be1634 --- /dev/null +++ b/2023/CVE-2023-35789.md @@ -0,0 +1,17 @@ +### [CVE-2023-35789](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35789) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/vulsio/goval-dictionary + diff --git a/2023/CVE-2023-35823.md b/2023/CVE-2023-35823.md new file mode 100644 index 000000000..fd118e9f1 --- /dev/null +++ b/2023/CVE-2023-35823.md @@ -0,0 +1,17 @@ +### [CVE-2023-35823](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35823) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c. + +### POC + +#### Reference +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-35824.md b/2023/CVE-2023-35824.md new file mode 100644 index 000000000..cf90ae2de --- /dev/null +++ b/2023/CVE-2023-35824.md @@ -0,0 +1,17 @@ +### [CVE-2023-35824](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35824) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. + +### POC + +#### Reference +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-35826.md b/2023/CVE-2023-35826.md new file mode 100644 index 000000000..b19f173bf --- /dev/null +++ b/2023/CVE-2023-35826.md @@ -0,0 +1,17 @@ +### [CVE-2023-35826](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35826) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c. + +### POC + +#### Reference +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-35828.md b/2023/CVE-2023-35828.md index 45735b5a6..a07c7daa0 100644 --- a/2023/CVE-2023-35828.md +++ b/2023/CVE-2023-35828.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was f ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 #### Github - https://github.com/Trinadh465/linux-4.19.72_CVE-2023-35828 diff --git a/2023/CVE-2023-35829.md b/2023/CVE-2023-35829.md index 622c8cb52..eb6407150 100644 --- a/2023/CVE-2023-35829.md +++ b/2023/CVE-2023-35829.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was f ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2 #### Github - https://github.com/20142995/sectool diff --git a/2023/CVE-2023-36845.md b/2023/CVE-2023-36845.md index 55cc70e89..a83feebd3 100644 --- a/2023/CVE-2023-36845.md +++ b/2023/CVE-2023-36845.md @@ -45,6 +45,7 @@ A PHP External Variable Modification vulnerability in J-Web of Juniper Networks - https://github.com/tanjiti/sec_profile - https://github.com/toanln-cov/CVE-2023-36845 - https://github.com/vulncheck-oss/cve-2023-36845-scanner +- https://github.com/vulncheck-oss/go-exploit - https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844 - https://github.com/zaenhaxor/CVE-2023-36845 diff --git a/2023/CVE-2023-38426.md b/2023/CVE-2023-38426.md index 81a178d93..5329f920b 100644 --- a/2023/CVE-2023-38426.md +++ b/2023/CVE-2023-38426.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bo ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 #### Github - https://github.com/chenghungpan/test_data diff --git a/2023/CVE-2023-38427.md b/2023/CVE-2023-38427.md index 13bd0ce69..35b72fced 100644 --- a/2023/CVE-2023-38427.md +++ b/2023/CVE-2023-38427.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu. ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.8 #### Github - https://github.com/chenghungpan/test_data diff --git a/2023/CVE-2023-38428.md b/2023/CVE-2023-38428.md index b61714d90..c81e8610b 100644 --- a/2023/CVE-2023-38428.md +++ b/2023/CVE-2023-38428.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 #### Github - https://github.com/chenghungpan/test_data diff --git a/2023/CVE-2023-38429.md b/2023/CVE-2023-38429.md index 8170f1585..311017fe7 100644 --- a/2023/CVE-2023-38429.md +++ b/2023/CVE-2023-38429.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4 #### Github - https://github.com/chenghungpan/test_data diff --git a/2023/CVE-2023-38430.md b/2023/CVE-2023-38430.md index 64ecce4da..6bafd02db 100644 --- a/2023/CVE-2023-38430.md +++ b/2023/CVE-2023-38430.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validat ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.9 #### Github - https://github.com/chenghungpan/test_data diff --git a/2023/CVE-2023-38431.md b/2023/CVE-2023-38431.md index 45f28480b..54049a009 100644 --- a/2023/CVE-2023-38431.md +++ b/2023/CVE-2023-38431.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connecti ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.8 #### Github - https://github.com/chenghungpan/test_data diff --git a/2023/CVE-2023-38432.md b/2023/CVE-2023-38432.md index 20f02b5ec..9b84e8497 100644 --- a/2023/CVE-2023-38432.md +++ b/2023/CVE-2023-38432.md @@ -10,7 +10,7 @@ An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2mis ### POC #### Reference -No PoCs from references. +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.10 #### Github - https://github.com/chenghungpan/test_data diff --git a/2023/CVE-2023-38646.md b/2023/CVE-2023-38646.md index c90dacd55..ccb7c6ad1 100644 --- a/2023/CVE-2023-38646.md +++ b/2023/CVE-2023-38646.md @@ -43,6 +43,7 @@ Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 all - https://github.com/Threekiii/Awesome-POC - https://github.com/Threekiii/CVE - https://github.com/Threekiii/Vulhub-Reproduce +- https://github.com/TrojanAZhen/Self_Back - https://github.com/UserConnecting/Exploit-CVE-2023-38646-Metabase - https://github.com/Xuxfff/CVE-2023-38646-Poc - https://github.com/Zenmovie/CVE-2023-38646 diff --git a/2023/CVE-2023-3881.md b/2023/CVE-2023-3881.md new file mode 100644 index 000000000..ca6922d8e --- /dev/null +++ b/2023/CVE-2023-3881.md @@ -0,0 +1,18 @@ +### [CVE-2023-3881](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3881) +![](https://img.shields.io/static/v1?label=Product&message=Beauty%20Salon%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%201.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brighgreen) + +### Description + +A vulnerability classified as critical was found in Campcodes Beauty Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235243. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/AnugiArrawwala/CVE-Research +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2023/CVE-2023-38941.md b/2023/CVE-2023-38941.md new file mode 100644 index 000000000..87801d248 --- /dev/null +++ b/2023/CVE-2023-38941.md @@ -0,0 +1,17 @@ +### [CVE-2023-38941](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38941) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/oxagast/oxasploits + diff --git a/2023/CVE-2023-38947.md b/2023/CVE-2023-38947.md index c91a4ad1e..d1d4e6651 100644 --- a/2023/CVE-2023-38947.md +++ b/2023/CVE-2023-38947.md @@ -11,6 +11,7 @@ An arbitrary file upload vulnerability in the /languages/install.php component o #### Reference - https://gitee.com/CTF-hacker/pwn/issues/I7LH2N +- https://packetstormsecurity.com/files/176018/WBCE-CMS-1.6.1-Shell-Upload.html #### Github No PoCs found on GitHub currently. diff --git a/2023/CVE-2023-39070.md b/2023/CVE-2023-39070.md index b89549dbe..fbe0d2f34 100644 --- a/2023/CVE-2023-39070.md +++ b/2023/CVE-2023-39070.md @@ -13,5 +13,5 @@ An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code - https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1/ #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-3979.md b/2023/CVE-2023-3979.md index f77f1c1ed..b00534dc4 100644 --- a/2023/CVE-2023-3979.md +++ b/2023/CVE-2023-3979.md @@ -5,7 +5,7 @@ ### Description -An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch. +An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch. ### POC diff --git a/2023/CVE-2023-39848.md b/2023/CVE-2023-39848.md index 98de84a1b..1e4ca8dab 100644 --- a/2023/CVE-2023-39848.md +++ b/2023/CVE-2023-39848.md @@ -21,6 +21,7 @@ No PoCs from references. - https://github.com/CapiDeveloper/DVWA - https://github.com/Cybersecurity-test-team/digininja - https://github.com/DHFrisk/Tarea6-DVWA +- https://github.com/Demo-MBI/DVWA - https://github.com/ErwinNavarroGT/DVWA-master - https://github.com/HMPDocker/hmpdockertp - https://github.com/HowAreYouChristian/crs @@ -45,7 +46,9 @@ No PoCs from references. - https://github.com/Security-Test-Account/DVWA - https://github.com/ShrutikaNakhale/DVWA2 - https://github.com/Slon12jr/DVWA +- https://github.com/StepsOnes/dvwa - https://github.com/TINNI-Lal/DVWA +- https://github.com/VasuAz400/DVWA - https://github.com/Yahyazaizi/application-test-security - https://github.com/Zahidkhan1221/DWVA - https://github.com/andersongodoy/DVWA-CORRIGIDO @@ -53,12 +56,16 @@ No PoCs from references. - https://github.com/astojanovicmds/DVWA - https://github.com/bhupe1009/dvwa - https://github.com/blackdustbb/DVWA +- https://github.com/caishenwong/DVWA - https://github.com/chelsea309/dvwa +- https://github.com/cloudsecnetwork/demo-app - https://github.com/cuongbtu/dvwa_config - https://github.com/davinci96/-aplicacion-vulnerable - https://github.com/deftdeft2000/nl_kitkat +- https://github.com/devsecopsteam2022/pruebarepo - https://github.com/digininja/DVWA - https://github.com/djstevanovic98/DVWA-test +- https://github.com/ekemena97/Jen - https://github.com/ganate34/damnwebapp - https://github.com/ganate34/diva - https://github.com/gauravsec/dvwa @@ -67,14 +74,19 @@ No PoCs from references. - https://github.com/https-github-com-Sambit-rgb/DVWA - https://github.com/imayou123/DVWA - https://github.com/imtiyazhack/DVWA +- https://github.com/jayaprakashmurthy/Sonarcloudjp - https://github.com/jlcmux/DWVA-Desafio3 - https://github.com/jmsanderscybersec/DVWA - https://github.com/johdgft/digininja - https://github.com/kaushik-qp/DVWA-2 +- https://github.com/kowan7/DVWA - https://github.com/krrajesh-git/DVWA +- https://github.com/kyphan38/dvwa - https://github.com/luisaamaya005/DVWA2 - https://github.com/marinheiromc/DVWA +- https://github.com/mindara09/test-sast-dvwa - https://github.com/nkshilpa21/DVWA +- https://github.com/phipk02/dvwa - https://github.com/piwpiw-ouch/dvwa - https://github.com/poo45600y6/DVNA - https://github.com/ppmojipp/owasp-web-dvwa @@ -82,15 +94,19 @@ No PoCs from references. - https://github.com/pramodkadam777/DVWA - https://github.com/rohitis001/web_security - https://github.com/rootrttttt/dvwa +- https://github.com/sahiljaiswal7370/DVWA_APP - https://github.com/selap/Tarea-4 - https://github.com/sn0xdd/source - https://github.com/snyk-rogerio/DVWA - https://github.com/struxnet/demorepo +- https://github.com/tallesbarros28/aaaeeffweeg - https://github.com/tcameron99/demo - https://github.com/timfranklinbright/dvwa - https://github.com/truongnhudatt/dvwa - https://github.com/ut-101/DVWA-Test +- https://github.com/villhect/dvwa - https://github.com/vinr48/newport - https://github.com/vrbegft/ninja2 +- https://github.com/yelprofessor/dvwa_git - https://github.com/yhaddam/Webapp2 diff --git a/2023/CVE-2023-40305.md b/2023/CVE-2023-40305.md index 8a2e2bc25..1123c1ead 100644 --- a/2023/CVE-2023-40305.md +++ b/2023/CVE-2023-40305.md @@ -13,5 +13,5 @@ GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c v - https://savannah.gnu.org/bugs/index.php?64503 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-41251.md b/2023/CVE-2023-41251.md new file mode 100644 index 000000000..2815de6bb --- /dev/null +++ b/2023/CVE-2023-41251.md @@ -0,0 +1,19 @@ +### [CVE-2023-41251](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41251) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A stack-based buffer overflow vulnerability exists in the boa formRoute functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1894 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-4165.md b/2023/CVE-2023-4165.md index b610cd903..3cbb58b52 100644 --- a/2023/CVE-2023-4165.md +++ b/2023/CVE-2023-4165.md @@ -13,6 +13,7 @@ A vulnerability, which was classified as critical, was found in Tongda OA. This - https://github.com/nagenanhai/cve/blob/main/sql.md #### Github +- https://github.com/TrojanAZhen/Self_Back - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/izj007/wechat - https://github.com/mvpyyds/CVE-2023-4165 diff --git a/2023/CVE-2023-4166.md b/2023/CVE-2023-4166.md index 964c6995d..75862c7b7 100644 --- a/2023/CVE-2023-4166.md +++ b/2023/CVE-2023-4166.md @@ -15,6 +15,7 @@ No PoCs from references. #### Github - https://github.com/DarkFunct/CVE_Exploits - https://github.com/MzzdToT/HAC_Bored_Writing +- https://github.com/TrojanAZhen/Self_Back - https://github.com/Ultramanzhang/obsfir - https://github.com/ZUEB-CybersecurityGroup/obsfir - https://github.com/d4n-sec/d4n-sec.github.io diff --git a/2023/CVE-2023-4220.md b/2023/CVE-2023-4220.md index 314ea6ecf..bc81ef730 100644 --- a/2023/CVE-2023-4220.md +++ b/2023/CVE-2023-4220.md @@ -13,5 +13,6 @@ Unrestricted file upload in big file upload functionality in `/main/inc/lib/java - https://starlabs.sg/advisories/23/23-4220 #### Github -No PoCs found on GitHub currently. +- https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/nr4x4/CVE-2023-4220 diff --git a/2023/CVE-2023-4226.md b/2023/CVE-2023-4226.md index 8efa6c925..474950c7f 100644 --- a/2023/CVE-2023-4226.md +++ b/2023/CVE-2023-4226.md @@ -13,5 +13,5 @@ Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1. - https://starlabs.sg/advisories/23/23-4226 #### Github -No PoCs found on GitHub currently. +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-42282.md b/2023/CVE-2023-42282.md index 514245829..630c4f95f 100644 --- a/2023/CVE-2023-42282.md +++ b/2023/CVE-2023-42282.md @@ -11,7 +11,10 @@ The ip package before 1.1.9 for Node.js might allow SSRF because some IP address #### Reference - https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html +- https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/ #### Github +- https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/seal-community/patches +- https://github.com/vin01/bogus-cves diff --git a/2023/CVE-2023-42465.md b/2023/CVE-2023-42465.md index 7b53ed45a..94f1d8e9b 100644 --- a/2023/CVE-2023-42465.md +++ b/2023/CVE-2023-42465.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/fkie-cad/nvd-json-data-feeds +- https://github.com/vulsio/goval-dictionary diff --git a/2023/CVE-2023-4427.md b/2023/CVE-2023-4427.md index 1d4f12d0f..f2d629955 100644 --- a/2023/CVE-2023-4427.md +++ b/2023/CVE-2023-4427.md @@ -16,6 +16,7 @@ Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allow - https://github.com/fkie-cad/nvd-json-data-feeds - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/rycbar77/V8Exploits +- https://github.com/rycbar77/rycbar77 - https://github.com/sploitem/v8-writeups - https://github.com/tianstcht/CVE-2023-4427 diff --git a/2023/CVE-2023-44313.md b/2023/CVE-2023-44313.md index 2cd5bd7a2..5fd019cef 100644 --- a/2023/CVE-2023-44313.md +++ b/2023/CVE-2023-44313.md @@ -14,4 +14,5 @@ No PoCs from references. #### Github - https://github.com/tanjiti/sec_profile +- https://github.com/wy876/POC diff --git a/2023/CVE-2023-44315.md b/2023/CVE-2023-44315.md index 161928b61..a9270f514 100644 --- a/2023/CVE-2023-44315.md +++ b/2023/CVE-2023-44315.md @@ -1,6 +1,6 @@ ### [CVE-2023-44315](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44315) ![](https://img.shields.io/static/v1?label=Product&message=SINEC%20NMS&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20%3C%20V2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) ### Description diff --git a/2023/CVE-2023-44487.md b/2023/CVE-2023-44487.md index 1e77ac6fd..4aa189d56 100644 --- a/2023/CVE-2023-44487.md +++ b/2023/CVE-2023-44487.md @@ -42,6 +42,7 @@ The HTTP/2 protocol allows a denial of service (server resource consumption) bec - https://github.com/projectcontour/contour/pull/5826 - https://github.com/tempesta-tech/tempesta/issues/1986 - https://github.com/varnishcache/varnish-cache/issues/3996 +- https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/ - https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event #### Github diff --git a/2023/CVE-2023-45215.md b/2023/CVE-2023-45215.md new file mode 100644 index 000000000..d8af58421 --- /dev/null +++ b/2023/CVE-2023-45215.md @@ -0,0 +1,19 @@ +### [CVE-2023-45215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45215) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1891 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-45288.md b/2023/CVE-2023-45288.md index a7628b077..8089f8a7e 100644 --- a/2023/CVE-2023-45288.md +++ b/2023/CVE-2023-45288.md @@ -19,6 +19,7 @@ No PoCs from references. - https://github.com/Ampferl/poc_http2-continuation-flood - https://github.com/DrewskyDev/H2Flood - https://github.com/Vos68/HTTP2-Continuation-Flood-PoC +- https://github.com/aerospike-managed-cloud-services/flb-output-gcs - https://github.com/blackmagic2023/http-2-DOS-PoC - https://github.com/hex0punk/cont-flood-poc - https://github.com/mkloubert/go-package-manager diff --git a/2023/CVE-2023-45498.md b/2023/CVE-2023-45498.md index 17b822d5a..b40ea147c 100644 --- a/2023/CVE-2023-45498.md +++ b/2023/CVE-2023-45498.md @@ -16,5 +16,5 @@ VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to c - https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/ #### Github -No PoCs found on GitHub currently. +- https://github.com/Chocapikk/Chocapikk diff --git a/2023/CVE-2023-45499.md b/2023/CVE-2023-45499.md index 18ae870df..565cbc338 100644 --- a/2023/CVE-2023-45499.md +++ b/2023/CVE-2023-45499.md @@ -16,5 +16,5 @@ VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to c - https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/ #### Github -No PoCs found on GitHub currently. +- https://github.com/Chocapikk/Chocapikk diff --git a/2023/CVE-2023-45651.md b/2023/CVE-2023-45651.md index 146dccc1e..622347813 100644 --- a/2023/CVE-2023-45651.md +++ b/2023/CVE-2023-45651.md @@ -1,11 +1,11 @@ ### [CVE-2023-45651](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45651) ![](https://img.shields.io/static/v1?label=Product&message=WP%20Attachments&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%205.0.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) ### Description -Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments plugin <= 5.0.6 versions. +Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11. ### POC diff --git a/2023/CVE-2023-45830.md b/2023/CVE-2023-45830.md index 559065c31..eed2dfa69 100644 --- a/2023/CVE-2023-45830.md +++ b/2023/CVE-2023-45830.md @@ -1,11 +1,11 @@ ### [CVE-2023-45830](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45830) ![](https://img.shields.io/static/v1?label=Product&message=Accessibility%20Suite%20by%20Online%20ADA&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%204.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20SQL%20Command%20('SQL%20Injection')&color=brighgreen) ### Description -Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11. +Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12. ### POC diff --git a/2023/CVE-2023-46214.md b/2023/CVE-2023-46214.md index 7801cd7ef..3940f2a6e 100644 --- a/2023/CVE-2023-46214.md +++ b/2023/CVE-2023-46214.md @@ -16,7 +16,9 @@ No PoCs from references. #### Github - https://github.com/AdamCrosser/awesome-vuln-writeups +- https://github.com/Chocapikk/Chocapikk - https://github.com/Marco-zcl/POC +- https://github.com/TrojanAZhen/Self_Back - https://github.com/UNC1739/awesome-vulnerability-research - https://github.com/d4n-sec/d4n-sec.github.io - https://github.com/nathan31337/Splunk-RCE-poc diff --git a/2023/CVE-2023-4622.md b/2023/CVE-2023-4622.md index dd9d3621f..36c136627 100644 --- a/2023/CVE-2023-4622.md +++ b/2023/CVE-2023-4622.md @@ -14,4 +14,5 @@ A use-after-free vulnerability in the Linux kernel's af_unix component can be ex #### Github - https://github.com/nidhi7598/linux-4.19.72_net_CVE-2023-4622 +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-46280.md b/2023/CVE-2023-46280.md index 9445d4b46..6a75d326b 100644 --- a/2023/CVE-2023-46280.md +++ b/2023/CVE-2023-46280.md @@ -2,7 +2,9 @@ ![](https://img.shields.io/static/v1?label=Product&message=S7-PCT&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20Automation%20Tool&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20BATCH%20V9.1&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20NET%20PC%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20NET%20PC%20Software%20V16&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20NET%20PC%20Software%20V17&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20NET%20PC%20Software%20V18&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20PCS%207%20V9.1&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20PDM%20V9.2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=SIMATIC%20Route%20Control%20V9.1&color=blue) @@ -31,17 +33,22 @@ ![](https://img.shields.io/static/v1?label=Product&message=Totally%20Integrated%20Automation%20Portal%20(TIA%20Portal)%20V19&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=%3D%20All%20versions%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V16%20Update%206%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V18%20SP1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V18%20Update%204%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V19%20SP1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V19%20Update%202%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V2.0%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V3.18%20P025%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V3.19%20P010%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V6.23%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V7.5%20SP2%20Update%2017%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20V8.0%20Update%205%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125%3A%20Out-of-bounds%20Read&color=brighgreen) ### Description -A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions), SIMATIC WinCC Unified PC Runtime (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions), SIMATIC WinCC V8.0 (All versions), SINAMICS Startdrive (All versions < V19 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel. +A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V16 (All versions), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC PCS 7 V9.1 (All versions), SIMATIC PDM V9.2 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel. ### POC diff --git a/2023/CVE-2023-46404.md b/2023/CVE-2023-46404.md index d6988e03c..904c47ed3 100644 --- a/2023/CVE-2023-46404.md +++ b/2023/CVE-2023-46404.md @@ -10,6 +10,7 @@ PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulner ### POC #### Reference +- https://bitbucket.org/utmandrew/pcrs/commits/5f18bcbb383b7d73f7a8b399cc52b23597d752ae - https://github.com/windecks/CVE-2023-46404 #### Github diff --git a/2023/CVE-2023-46604.md b/2023/CVE-2023-46604.md index 54b02d908..989226e8e 100644 --- a/2023/CVE-2023-46604.md +++ b/2023/CVE-2023-46604.md @@ -69,6 +69,7 @@ The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. Th - https://github.com/venkycs/cy8 - https://github.com/vjayant93/CVE-2023-46604-POC - https://github.com/vulncheck-oss/cve-2023-46604 +- https://github.com/vulncheck-oss/go-exploit - https://github.com/whitfieldsdad/cisa_kev - https://github.com/zengzzzzz/golang-trending-archive diff --git a/2023/CVE-2023-46685.md b/2023/CVE-2023-46685.md new file mode 100644 index 000000000..dd0ed686b --- /dev/null +++ b/2023/CVE-2023-46685.md @@ -0,0 +1,17 @@ +### [CVE-2023-46685](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46685) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-259%3A%20Use%20of%20Hard-coded%20Password&color=brighgreen) + +### Description + +A hard-coded password vulnerability exists in the telnetd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A set of specially crafted network packets can lead to arbitrary command execution. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1871 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-47856.md b/2023/CVE-2023-47856.md new file mode 100644 index 000000000..ea98131ac --- /dev/null +++ b/2023/CVE-2023-47856.md @@ -0,0 +1,19 @@ +### [CVE-2023-47856](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47856) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A stack-based buffer overflow vulnerability exists in the boa set_RadvdPrefixParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1892 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-48106.md b/2023/CVE-2023-48106.md index f088a9d11..c34cdc54d 100644 --- a/2023/CVE-2023-48106.md +++ b/2023/CVE-2023-48106.md @@ -13,5 +13,5 @@ Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker t - https://github.com/zlib-ng/minizip-ng/issues/740 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-48107.md b/2023/CVE-2023-48107.md index 5ac54c3c0..db67599cd 100644 --- a/2023/CVE-2023-48107.md +++ b/2023/CVE-2023-48107.md @@ -13,5 +13,5 @@ Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker t - https://github.com/zlib-ng/minizip-ng/issues/739 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-48270.md b/2023/CVE-2023-48270.md new file mode 100644 index 000000000..bbf15e4a0 --- /dev/null +++ b/2023/CVE-2023-48270.md @@ -0,0 +1,19 @@ +### [CVE-2023-48270](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48270) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1876 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-48362.md b/2023/CVE-2023-48362.md new file mode 100644 index 000000000..9dbdbf5d6 --- /dev/null +++ b/2023/CVE-2023-48362.md @@ -0,0 +1,17 @@ +### [CVE-2023-48362](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48362) +![](https://img.shields.io/static/v1?label=Product&message=Apache%20Drill&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.19.0%3C%201.21.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-611%20Improper%20Restriction%20of%20XML%20External%20Entity%20Reference&color=brighgreen) + +### Description + +XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.Users are recommended to upgrade to version 1.21.2, which fixes this issue. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tanjiti/sec_profile + diff --git a/2023/CVE-2023-49073.md b/2023/CVE-2023-49073.md new file mode 100644 index 000000000..0d9426e1d --- /dev/null +++ b/2023/CVE-2023-49073.md @@ -0,0 +1,19 @@ +### [CVE-2023-49073](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49073) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A stack-based buffer overflow vulnerability exists in the boa formFilter functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1875 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-49188.md b/2023/CVE-2023-49188.md index 2e08d3147..c08f6e288 100644 --- a/2023/CVE-2023-49188.md +++ b/2023/CVE-2023-49188.md @@ -1,11 +1,11 @@ ### [CVE-2023-49188](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49188) ![](https://img.shields.io/static/v1?label=Product&message=Track%20Geolocation%20Of%20Users%20Using%20Contact%20Form%207&color=blue) -![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%3C%3D%201.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen) ### Description -Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 1.4. +Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 2.0. ### POC diff --git a/2023/CVE-2023-49460.md b/2023/CVE-2023-49460.md index f53b2ec76..31a820a41 100644 --- a/2023/CVE-2023-49460.md +++ b/2023/CVE-2023-49460.md @@ -13,5 +13,5 @@ libheif v1.17.5 was discovered to contain a segmentation violation via the funct - https://github.com/strukturag/libheif/issues/1046 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-49462.md b/2023/CVE-2023-49462.md index 2af365601..670bf6d2f 100644 --- a/2023/CVE-2023-49462.md +++ b/2023/CVE-2023-49462.md @@ -13,5 +13,5 @@ libheif v1.17.5 was discovered to contain a segmentation violation via the compo - https://github.com/strukturag/libheif/issues/1043 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-49463.md b/2023/CVE-2023-49463.md index a449cc1d3..858ed5a73 100644 --- a/2023/CVE-2023-49463.md +++ b/2023/CVE-2023-49463.md @@ -13,5 +13,5 @@ libheif v1.17.5 was discovered to contain a segmentation violation via the funct - https://github.com/strukturag/libheif/issues/1042 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-49464.md b/2023/CVE-2023-49464.md index 36c33db88..686d077cc 100644 --- a/2023/CVE-2023-49464.md +++ b/2023/CVE-2023-49464.md @@ -13,5 +13,5 @@ libheif v1.17.5 was discovered to contain a segmentation violation via the funct - https://github.com/strukturag/libheif/issues/1044 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-49465.md b/2023/CVE-2023-49465.md index 2835fccf5..d4263ab80 100644 --- a/2023/CVE-2023-49465.md +++ b/2023/CVE-2023-49465.md @@ -13,5 +13,5 @@ Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability - https://github.com/strukturag/libde265/issues/435 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-49467.md b/2023/CVE-2023-49467.md index bd95e3e2d..926d39da5 100644 --- a/2023/CVE-2023-49467.md +++ b/2023/CVE-2023-49467.md @@ -13,5 +13,5 @@ Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability - https://github.com/strukturag/libde265/issues/434 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-49468.md b/2023/CVE-2023-49468.md index 1669a5533..902656646 100644 --- a/2023/CVE-2023-49468.md +++ b/2023/CVE-2023-49468.md @@ -13,5 +13,5 @@ Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerabilit - https://github.com/strukturag/libde265/issues/432 #### Github -No PoCs found on GitHub currently. +- https://github.com/fdu-sec/NestFuzz diff --git a/2023/CVE-2023-49593.md b/2023/CVE-2023-49593.md new file mode 100644 index 000000000..028e8d440 --- /dev/null +++ b/2023/CVE-2023-49593.md @@ -0,0 +1,17 @@ +### [CVE-2023-49593](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49593) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-489%3A%20Leftover%20Debug%20Code&color=brighgreen) + +### Description + +Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted network request can lead to arbitrary command execution. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1873 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-49595.md b/2023/CVE-2023-49595.md new file mode 100644 index 000000000..ce258f813 --- /dev/null +++ b/2023/CVE-2023-49595.md @@ -0,0 +1,19 @@ +### [CVE-2023-49595](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49595) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1878 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-49867.md b/2023/CVE-2023-49867.md new file mode 100644 index 000000000..10063a312 --- /dev/null +++ b/2023/CVE-2023-49867.md @@ -0,0 +1,19 @@ +### [CVE-2023-49867](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49867) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1904 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-50239.md b/2023/CVE-2023-50239.md new file mode 100644 index 000000000..aa679b2c0 --- /dev/null +++ b/2023/CVE-2023-50239.md @@ -0,0 +1,19 @@ +### [CVE-2023-50239](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50239) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `interfacename` request's parameter. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1893 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-50240.md b/2023/CVE-2023-50240.md new file mode 100644 index 000000000..d0e87e713 --- /dev/null +++ b/2023/CVE-2023-50240.md @@ -0,0 +1,19 @@ +### [CVE-2023-50240](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50240) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `AdvDefaultPreference` request's parameter. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1893 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-50243.md b/2023/CVE-2023-50243.md new file mode 100644 index 000000000..5fbed6148 --- /dev/null +++ b/2023/CVE-2023-50243.md @@ -0,0 +1,19 @@ +### [CVE-2023-50243](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50243) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `comment` request's parameter. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1895 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-50244.md b/2023/CVE-2023-50244.md new file mode 100644 index 000000000..11623a67d --- /dev/null +++ b/2023/CVE-2023-50244.md @@ -0,0 +1,19 @@ +### [CVE-2023-50244](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50244) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-121%3A%20Stack-based%20Buffer%20Overflow&color=brighgreen) + +### Description + +Two stack-based buffer overflow vulnerabilities exist in the boa formIpQoS functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `entry_name` request's parameter. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1895 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-50381.md b/2023/CVE-2023-50381.md new file mode 100644 index 000000000..fc2d1aac9 --- /dev/null +++ b/2023/CVE-2023-50381.md @@ -0,0 +1,19 @@ +### [CVE-2023-50381](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50381) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `targetAPSsid` request's parameter. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1899 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-50382.md b/2023/CVE-2023-50382.md new file mode 100644 index 000000000..ce9314da8 --- /dev/null +++ b/2023/CVE-2023-50382.md @@ -0,0 +1,19 @@ +### [CVE-2023-50382](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50382) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `peerPin` request's parameter. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1899 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-50383.md b/2023/CVE-2023-50383.md new file mode 100644 index 000000000..755695444 --- /dev/null +++ b/2023/CVE-2023-50383.md @@ -0,0 +1,19 @@ +### [CVE-2023-50383](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50383) +![](https://img.shields.io/static/v1?label=Product&message=WBR-6013&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=rtl819x%20Jungle%20SDK&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20RER4_A_v3411b_2T2R_LEV_09_170623%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%20v3.4.11%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78%3A%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +Three os command injection vulnerabilities exist in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to arbitrary command execution. An attacker can send a series of HTTP requests to trigger these vulnerabilities.This command injection is related to the `localPin` request's parameter. + +### POC + +#### Reference +- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1899 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-50917.md b/2023/CVE-2023-50917.md index ff8495cb0..d825fcd17 100644 --- a/2023/CVE-2023-50917.md +++ b/2023/CVE-2023-50917.md @@ -15,6 +15,7 @@ MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution vi #### Github - https://github.com/Chocapikk/CVE-2023-50917 +- https://github.com/Chocapikk/Chocapikk - https://github.com/Chocapikk/My-CVEs - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2023/CVE-2023-51104.md b/2023/CVE-2023-51104.md index bae2a6860..4d89dd173 100644 --- a/2023/CVE-2023-51104.md +++ b/2023/CVE-2023-51104.md @@ -5,7 +5,7 @@ ### Description -A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero. +A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero. ### POC diff --git a/2023/CVE-2023-51219.md b/2023/CVE-2023-51219.md index 969b2cf91..68f3fdcaa 100644 --- a/2023/CVE-2023-51219.md +++ b/2023/CVE-2023-51219.md @@ -5,7 +5,7 @@ ### Description -A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controller JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access token could be used to takeover another user's account and read her/his chat messages. +A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access token could be used to take over another user's account and read her/his chat messages. ### POC diff --git a/2023/CVE-2023-51437.md b/2023/CVE-2023-51437.md index 2c290ae2c..6a5a8f686 100644 --- a/2023/CVE-2023-51437.md +++ b/2023/CVE-2023-51437.md @@ -1,7 +1,7 @@ ### [CVE-2023-51437](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51437) ![](https://img.shields.io/static/v1?label=Product&message=Apache%20Pulsar&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202.10.5%20&color=brighgreen) -![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-200%3A%20Exposure%20of%20Sensitive%20Information%20to%20an%20Unauthorized%20Actor&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-203%20Observable%20Discrepancy&color=brighgreen) ### Description diff --git a/2023/CVE-2023-51444.md b/2023/CVE-2023-51444.md index bda96f20c..80c048b8c 100644 --- a/2023/CVE-2023-51444.md +++ b/2023/CVE-2023-51444.md @@ -15,6 +15,7 @@ GeoServer is an open source software server written in Java that allows users to - https://osgeo-org.atlassian.net/browse/GEOS-11176 #### Github +- https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/NaInSec/CVE-LIST - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2023/CVE-2023-52251.md b/2023/CVE-2023-52251.md index 6675dac83..2d3dea271 100644 --- a/2023/CVE-2023-52251.md +++ b/2023/CVE-2023-52251.md @@ -15,5 +15,8 @@ An issue discovered in provectus kafka-ui 0.4.0 through 0.7.1 allows remote atta #### Github - https://github.com/BobTheShoplifter/CVE-2023-52251-POC +- https://github.com/Mr-xn/Penetration_Testing_POC +- https://github.com/Ostorlab/KEV - https://github.com/nomi-sec/PoC-in-GitHub +- https://github.com/wy876/POC diff --git a/2023/CVE-2023-52340.md b/2023/CVE-2023-52340.md new file mode 100644 index 000000000..d670b952a --- /dev/null +++ b/2023/CVE-2023-52340.md @@ -0,0 +1,17 @@ +### [CVE-2023-52340](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52340) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket. + +### POC + +#### Reference +- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-52428.md b/2023/CVE-2023-52428.md new file mode 100644 index 000000000..af0661638 --- /dev/null +++ b/2023/CVE-2023-52428.md @@ -0,0 +1,18 @@ +### [CVE-2023-52428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52428) +![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component. + +### POC + +#### Reference +- https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77e +- https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526/ + +#### Github +- https://github.com/Azure/kafka-sink-azure-kusto + diff --git a/2023/CVE-2023-5360.md b/2023/CVE-2023-5360.md index 84d029600..3060143e3 100644 --- a/2023/CVE-2023-5360.md +++ b/2023/CVE-2023-5360.md @@ -16,6 +16,7 @@ The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not #### Github - https://github.com/1337r0j4n/CVE-2023-5360 - https://github.com/Chocapikk/CVE-2023-5360 +- https://github.com/Chocapikk/Chocapikk - https://github.com/Jenderal92/WP-CVE-2023-5360 - https://github.com/Pushkarup/CVE-2023-5360 - https://github.com/angkerithhack001/CVE-2023-5360-PoC diff --git a/2023/CVE-2023-5633.md b/2023/CVE-2023-5633.md index 9531b0960..65453c311 100644 --- a/2023/CVE-2023-5633.md +++ b/2023/CVE-2023-5633.md @@ -4,6 +4,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.8%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free&color=brighgreen) diff --git a/2023/CVE-2023-5675.md b/2023/CVE-2023-5675.md index 8c4ed24f9..2534a6a28 100644 --- a/2023/CVE-2023-5675.md +++ b/2023/CVE-2023-5675.md @@ -4,10 +4,10 @@ ![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Serverless&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20K&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20Quarkus&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Service%20Registry&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Fuse%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Process%20Automation%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apicurio%20Registry&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20OptaPlanner%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus%202.13.9.Final&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus%203.2.9.Final&color=blue) diff --git a/2023/CVE-2023-5981.md b/2023/CVE-2023-5981.md index b2de6e6a3..2e4b0ddd3 100644 --- a/2023/CVE-2023-5981.md +++ b/2023/CVE-2023-5981.md @@ -1,4 +1,6 @@ ### [CVE-2023-5981](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5981) +![](https://img.shields.io/static/v1?label=Product&message=RHODF-4.15-RHEL-9&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2023/CVE-2023-6350.md b/2023/CVE-2023-6350.md new file mode 100644 index 000000000..a891ba085 --- /dev/null +++ b/2023/CVE-2023-6350.md @@ -0,0 +1,17 @@ +### [CVE-2023-6350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6350) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=119.0.6045.199%3C%20119.0.6045.199%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20after%20free&color=brighgreen) + +### Description + +Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2023/CVE-2023-6351.md b/2023/CVE-2023-6351.md new file mode 100644 index 000000000..2c9404557 --- /dev/null +++ b/2023/CVE-2023-6351.md @@ -0,0 +1,17 @@ +### [CVE-2023-6351](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6351) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=119.0.6045.199%3C%20119.0.6045.199%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20after%20free&color=brighgreen) + +### Description + +Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2023/CVE-2023-6356.md b/2023/CVE-2023-6356.md index 5097b50e8..e3b5ed4a5 100644 --- a/2023/CVE-2023-6356.md +++ b/2023/CVE-2023-6356.md @@ -1,4 +1,5 @@ ### [CVE-2023-6356](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6356) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2023/CVE-2023-6535.md b/2023/CVE-2023-6535.md index 428f444f7..01942e6a9 100644 --- a/2023/CVE-2023-6535.md +++ b/2023/CVE-2023-6535.md @@ -1,4 +1,5 @@ ### [CVE-2023-6535](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6535) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2023/CVE-2023-6536.md b/2023/CVE-2023-6536.md index 2005baa07..ec2179308 100644 --- a/2023/CVE-2023-6536.md +++ b/2023/CVE-2023-6536.md @@ -1,4 +1,5 @@ ### [CVE-2023-6536](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6536) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2023/CVE-2023-6546.md b/2023/CVE-2023-6546.md index cbcfaf6f6..68a3ee904 100644 --- a/2023/CVE-2023-6546.md +++ b/2023/CVE-2023-6546.md @@ -1,7 +1,12 @@ ### [CVE-2023-6546](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6546) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.7-RHEL-8&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.2%20Advanced%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.4%20Advanced%20Mission%20Critical%20Update%20Support&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.4%20Telecommunications%20Update%20Service&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.4%20Update%20Services%20for%20SAP%20Solutions&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.8%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) diff --git a/2023/CVE-2023-6606.md b/2023/CVE-2023-6606.md index 7f2325f4a..5ae9806d7 100644 --- a/2023/CVE-2023-6606.md +++ b/2023/CVE-2023-6606.md @@ -1,4 +1,5 @@ ### [CVE-2023-6606](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6606) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2023/CVE-2023-6610.md b/2023/CVE-2023-6610.md index a1c7cb69e..b23a0fd49 100644 --- a/2023/CVE-2023-6610.md +++ b/2023/CVE-2023-6610.md @@ -1,4 +1,5 @@ ### [CVE-2023-6610](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6610) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2023/CVE-2023-6704.md b/2023/CVE-2023-6704.md new file mode 100644 index 000000000..d44af5022 --- /dev/null +++ b/2023/CVE-2023-6704.md @@ -0,0 +1,17 @@ +### [CVE-2023-6704](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6704) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=120.0.6099.109%3C%20120.0.6099.109%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20after%20free&color=brighgreen) + +### Description + +Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High) + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fdu-sec/NestFuzz + diff --git a/2023/CVE-2023-6717.md b/2023/CVE-2023-6717.md index 9060aa926..3feda2180 100644 --- a/2023/CVE-2023-6717.md +++ b/2023/CVE-2023-6717.md @@ -1,11 +1,10 @@ ### [CVE-2023-6717](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6717) ![](https://img.shields.io/static/v1?label=Product&message=Migration%20Toolkit%20for%20Applications%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Migration%20Toolkit%20for%20Applications%207&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Serverless&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=RHOSS-1.33-RHEL-8&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Decision%20Manager%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Developer%20Hub&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Service%20Registry&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20A-MQ%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Data%20Grid%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%206&color=blue) @@ -16,6 +15,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20GitOps&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Process%20Automation%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Single%20Sign-On%207&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apicurio%20Registry&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Keycloak%2022&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Keycloak%2022.0.10&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus&color=blue) diff --git a/2023/CVE-2023-6725.md b/2023/CVE-2023-6725.md index d653b0383..41e7c6769 100644 --- a/2023/CVE-2023-6725.md +++ b/2023/CVE-2023-6725.md @@ -4,6 +4,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1%20for%20RHEL%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2018.0&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Insufficient%20Granularity%20of%20Access%20Control&color=brighgreen) diff --git a/2023/CVE-2023-7012.md b/2023/CVE-2023-7012.md new file mode 100644 index 000000000..9e72c263c --- /dev/null +++ b/2023/CVE-2023-7012.md @@ -0,0 +1,17 @@ +### [CVE-2023-7012](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7012) +![](https://img.shields.io/static/v1?label=Product&message=Chrome&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=117.0.5938.62%3C%20117.0.5938.62%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Insufficient%20data%20validation&color=brighgreen) + +### Description + +Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium) + +### POC + +#### Reference +- https://issues.chromium.org/issues/40061509 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-7045.md b/2023/CVE-2023-7045.md new file mode 100644 index 000000000..1beb39132 --- /dev/null +++ b/2023/CVE-2023-7045.md @@ -0,0 +1,17 @@ +### [CVE-2023-7045](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7045) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=13.11%3C%2016.10.6%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%3A%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +A CSRF vulnerability exists within GitLab CE/EE from versions 13.11 before 16.10.6, from 16.11 before 16.11.3, from 17.0 before 17.0.1. By leveraging this vulnerability, an attacker could exfiltrate anti-CSRF tokens via the Kubernetes Agent Server (KAS). + +### POC + +#### Reference +- https://gitlab.com/gitlab-org/gitlab/-/issues/436358 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-7268.md b/2023/CVE-2023-7268.md new file mode 100644 index 000000000..a7ad6b16e --- /dev/null +++ b/2023/CVE-2023-7268.md @@ -0,0 +1,17 @@ +### [CVE-2023-7268](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7268) +![](https://img.shields.io/static/v1?label=Product&message=ArtPlacer%20Widget&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.21.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-862%20Missing%20Authorization&color=brighgreen) + +### Description + +The ArtPlacer Widget WordPress plugin before 2.21.2 does not have authorisation check in place when deleting widgets, allowing ay authenticated users, such as subscriber, to delete arbitrary widgets + +### POC + +#### Reference +- https://wpscan.com/vulnerability/9ac233dd-e00d-4aee-a41c-0de6e8aaefd7/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-7269.md b/2023/CVE-2023-7269.md new file mode 100644 index 000000000..73777377d --- /dev/null +++ b/2023/CVE-2023-7269.md @@ -0,0 +1,18 @@ +### [CVE-2023-7269](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7269) +![](https://img.shields.io/static/v1?label=Product&message=ArtPlacer%20Widget&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.21.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The ArtPlacer Widget WordPress plugin before 2.21.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1e8e1186-323b-473b-a0c4-580dc94020d7/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-7270.md b/2023/CVE-2023-7270.md new file mode 100644 index 000000000..fa169265a --- /dev/null +++ b/2023/CVE-2023-7270.md @@ -0,0 +1,18 @@ +### [CVE-2023-7270](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7270) +![](https://img.shields.io/static/v1?label=Product&message=FreeOffice&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Office&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) +![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen) + +### Description + +An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed.The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running as the SYSTEM user when using the repair function of msiexec.exe. This allows a local, low-privileged attacker to use a chain of actions, to open a fully functional cmd.exe with the privileges of the SYSTEM user. + +### POC + +#### Reference +- https://r.sec-consult.com/softmaker + +#### Github +No PoCs found on GitHub currently. + diff --git a/2023/CVE-2023-7271.md b/2023/CVE-2023-7271.md new file mode 100644 index 000000000..b7d065bba --- /dev/null +++ b/2023/CVE-2023-7271.md @@ -0,0 +1,19 @@ +### [CVE-2023-7271](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7271) +![](https://img.shields.io/static/v1?label=Product&message=EMUI&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=HarmonyOS&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2014.0.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Version&message=%3D%204.2.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-840%20Business%20Logic%20Errors&color=brighgreen) + +### Description + +Privilege escalation vulnerability in the NMS moduleImpact: Successful exploitation of this vulnerability will affect availability. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/fkie-cad/nvd-json-data-feeds + diff --git a/2024/CVE-2024-0044.md b/2024/CVE-2024-0044.md index af96041cd..4f581510c 100644 --- a/2024/CVE-2024-0044.md +++ b/2024/CVE-2024-0044.md @@ -14,6 +14,7 @@ In createSessionInternal of PackageInstallerService.java, there is a possible ru - https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html #### Github +- https://github.com/GhostTroops/TOP - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile diff --git a/2024/CVE-2024-0056.md b/2024/CVE-2024-0056.md index ce417b08b..6e154ec1a 100644 --- a/2024/CVE-2024-0056.md +++ b/2024/CVE-2024-0056.md @@ -45,4 +45,5 @@ No PoCs from references. #### Github - https://github.com/NaInSec/CVE-LIST +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-0151.md b/2024/CVE-2024-0151.md new file mode 100644 index 000000000..c28dd09c4 --- /dev/null +++ b/2024/CVE-2024-0151.md @@ -0,0 +1,17 @@ +### [CVE-2024-0151](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0151) +![](https://img.shields.io/static/v1?label=Product&message=Arm%20v8-M%20Security%20Extensions%20Requirements%20on%20Development%20Tools&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=1.0%3C%201.4%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-241%20Improper%20Handling%20of%20Unexpected%20Data%20Type&color=brighgreen) + +### Description + +Insufficient argument checking in Secure state Entry functions in software using Cortex-M Security Extensions (CMSE), that has been compiled using toolchains that implement 'Arm v8-M Security Extensions Requirements on Development Tools' prior to version 1.4, allows an attacker to pass values to Secure state that are out of range for types smaller than 32-bits. Out of range values might lead to incorrect operations in secure state. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/STMicroelectronics/gnu-tools-for-stm32 + diff --git a/2024/CVE-2024-0193.md b/2024/CVE-2024-0193.md index 65eada929..cf04ffe86 100644 --- a/2024/CVE-2024-0193.md +++ b/2024/CVE-2024-0193.md @@ -1,8 +1,10 @@ ### [CVE-2024-0193](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0193) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.0%20Update%20Services%20for%20SAP%20Solutions&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20After%20Free&color=brighgreen) diff --git a/2024/CVE-2024-0517.md b/2024/CVE-2024-0517.md index 74588ce57..019f0af24 100644 --- a/2024/CVE-2024-0517.md +++ b/2024/CVE-2024-0517.md @@ -15,5 +15,6 @@ No PoCs from references. #### Github - https://github.com/Uniguri/CVE-1day - https://github.com/ret2eax/exploits +- https://github.com/rycbar77/V8Exploits - https://github.com/sploitem/v8-writeups diff --git a/2024/CVE-2024-0553.md b/2024/CVE-2024-0553.md index 38155282b..939d28f45 100644 --- a/2024/CVE-2024-0553.md +++ b/2024/CVE-2024-0553.md @@ -1,4 +1,6 @@ ### [CVE-2024-0553](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0553) +![](https://img.shields.io/static/v1?label=Product&message=RHODF-4.15-RHEL-9&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2024/CVE-2024-0565.md b/2024/CVE-2024-0565.md index 78738889b..7643eafa1 100644 --- a/2024/CVE-2024-0565.md +++ b/2024/CVE-2024-0565.md @@ -1,4 +1,5 @@ ### [CVE-2024-0565](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0565) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.7-RHEL-8&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2024/CVE-2024-0567.md b/2024/CVE-2024-0567.md index ba0a2a253..08608ba4d 100644 --- a/2024/CVE-2024-0567.md +++ b/2024/CVE-2024-0567.md @@ -1,4 +1,6 @@ ### [CVE-2024-0567](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0567) +![](https://img.shields.io/static/v1?label=Product&message=RHODF-4.15-RHEL-9&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2024/CVE-2024-0646.md b/2024/CVE-2024-0646.md index 50a961e63..aee7c544a 100644 --- a/2024/CVE-2024-0646.md +++ b/2024/CVE-2024-0646.md @@ -1,4 +1,5 @@ ### [CVE-2024-0646](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0646) +![](https://img.shields.io/static/v1?label=Product&message=RHOL-5.8-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) diff --git a/2024/CVE-2024-0874.md b/2024/CVE-2024-0874.md index 0635d7063..d1f82dfb4 100644 --- a/2024/CVE-2024-0874.md +++ b/2024/CVE-2024-0874.md @@ -1,7 +1,7 @@ ### [CVE-2024-0874](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0874) ![](https://img.shields.io/static/v1?label=Product&message=Logging%20Subsystem%20for%20Red%20Hat%20OpenShift&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Advanced%20Cluster%20Management%20for%20Kubernetes%202&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.16&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Use%20of%20Cache%20Containing%20Sensitive%20Information&color=brighgreen) diff --git a/2024/CVE-2024-0974.md b/2024/CVE-2024-0974.md new file mode 100644 index 000000000..9b2c81c25 --- /dev/null +++ b/2024/CVE-2024-0974.md @@ -0,0 +1,17 @@ +### [CVE-2024-0974](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0974) +![](https://img.shields.io/static/v1?label=Product&message=Social%20Media%20Widget&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.0.9%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +The Social Media Widget WordPress plugin before 4.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) + +### POC + +#### Reference +- https://wpscan.com/vulnerability/7f8e5e63-a928-443e-9771-8b3f51f5eb9e/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-0985.md b/2024/CVE-2024-0985.md index a0511ddb4..f308693d1 100644 --- a/2024/CVE-2024-0985.md +++ b/2024/CVE-2024-0985.md @@ -10,7 +10,7 @@ Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allo ### POC #### Reference -No PoCs from references. +- https://saites.dev/projects/personal/postgres-cve-2024-0985/ #### Github - https://github.com/NaInSec/CVE-LIST diff --git a/2024/CVE-2024-1062.md b/2024/CVE-2024-1062.md index 35a169f44..96ae045fd 100644 --- a/2024/CVE-2024-1062.md +++ b/2024/CVE-2024-1062.md @@ -1,11 +1,13 @@ ### [CVE-2024-1062](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1062) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Directory%20Server%2011.7%20for%20RHEL%208&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Directory%20Server%2011.8%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Directory%20Server%2012&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%206&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208.6%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Heap-based%20Buffer%20Overflow&color=brighgreen) diff --git a/2024/CVE-2024-1086.md b/2024/CVE-2024-1086.md index a96ce909b..1853670d8 100644 --- a/2024/CVE-2024-1086.md +++ b/2024/CVE-2024-1086.md @@ -51,6 +51,7 @@ A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables compon - https://github.com/rootkalilocalhost/CVE-2024-1086 - https://github.com/seekerzz/MyRSSSync - https://github.com/tanjiti/sec_profile +- https://github.com/trganda/starrlist - https://github.com/uhub/awesome-c - https://github.com/unresolv/stars - https://github.com/wuhanstudio/awesome-stars diff --git a/2024/CVE-2024-1141.md b/2024/CVE-2024-1141.md index 5db271580..7b532310b 100644 --- a/2024/CVE-2024-1141.md +++ b/2024/CVE-2024-1141.md @@ -2,6 +2,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2016.1&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2016.2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1%20for%20RHEL%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2018.0&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Logging%20of%20Excessive%20Data&color=brighgreen) diff --git a/2024/CVE-2024-1151.md b/2024/CVE-2024-1151.md index 755eca52f..cc5a48c41 100644 --- a/2024/CVE-2024-1151.md +++ b/2024/CVE-2024-1151.md @@ -3,6 +3,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue) ![](https://img.shields.io/static/v1?label=Vulnerability&message=Stack-based%20Buffer%20Overflow&color=brighgreen) diff --git a/2024/CVE-2024-1234.md b/2024/CVE-2024-1234.md index b149458de..860cfa53f 100644 --- a/2024/CVE-2024-1234.md +++ b/2024/CVE-2024-1234.md @@ -13,6 +13,7 @@ The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored No PoCs from references. #### Github +- https://github.com/0x41424142/qualyspy - https://github.com/CraigDonkin/Microsoft-CVE-Lookup - https://github.com/EDJIM143341/Project---Ethical-Hacking-Report - https://github.com/KyJr3os/Ethical-Hacking-Technical-Report diff --git a/2024/CVE-2024-1330.md b/2024/CVE-2024-1330.md new file mode 100644 index 000000000..0ae9e2190 --- /dev/null +++ b/2024/CVE-2024-1330.md @@ -0,0 +1,17 @@ +### [CVE-2024-1330](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1330) +![](https://img.shields.io/static/v1?label=Product&message=kadence-blocks-pro&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.3.8%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Control&color=brighgreen) + +### Description + +The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the database. + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1988815b-7a53-4657-9b1c-1f83c9f9ccfd/ + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-1394.md b/2024/CVE-2024-1394.md index 1356fe0c4..fcbafaeb3 100644 --- a/2024/CVE-2024-1394.md +++ b/2024/CVE-2024-1394.md @@ -3,6 +3,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Developer%20Tools%20and%20Services&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Pipelines&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=OpenShift%20Serverless&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=RHODF-4.16-RHEL-9&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%201.2&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%202&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Ansible%20Automation%20Platform%202.4%20for%20RHEL%208&color=blue) @@ -13,6 +14,8 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.0%20Update%20Services%20for%20SAP%20Solutions&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Enterprise%20Linux%209.2%20Extended%20Update%20Support&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.12&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenShift%20Container%20Platform%204.13&color=blue) @@ -27,8 +30,8 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1%20for%20RHEL%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1%20for%20RHEL%209&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2017.1&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20OpenStack%20Platform%2018.0&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Openshift%20Container%20Storage%204&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Openshift%20Data%20Foundation%204&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Service%20Interconnect%201&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Software%20Collections&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Storage%203&color=blue) diff --git a/2024/CVE-2024-1512.md b/2024/CVE-2024-1512.md index b4e714dc7..ab1e3205a 100644 --- a/2024/CVE-2024-1512.md +++ b/2024/CVE-2024-1512.md @@ -15,4 +15,5 @@ No PoCs from references. #### Github - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/rat-c/CVE-2024-1512 +- https://github.com/wy876/POC diff --git a/2024/CVE-2024-1635.md b/2024/CVE-2024-1635.md index 8ae431e0c..4668bd40f 100644 --- a/2024/CVE-2024-1635.md +++ b/2024/CVE-2024-1635.md @@ -6,7 +6,6 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Data%20Grid%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20K&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Camel%20Quarkus&color=blue) -![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20Integration%20Service%20Registry&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Data%20Grid%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20JBoss%20Enterprise%20Application%20Platform%207.4%20for%20RHEL%208&color=blue) @@ -22,6 +21,7 @@ ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%204.0%20for%20Spring%20Boot&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Quarkus&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apache%20Camel%20for%20Spring%20Boot&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Apicurio%20Registry&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20OptaPlanner%208&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=Red%20Hat%20build%20of%20Quarkus&color=blue) ![](https://img.shields.io/static/v1?label=Product&message=streams%20for%20Apache%20Kafka&color=blue) diff --git a/2024/CVE-2024-1845.md b/2024/CVE-2024-1845.md new file mode 100644 index 000000000..95510b259 --- /dev/null +++ b/2024/CVE-2024-1845.md @@ -0,0 +1,17 @@ +### [CVE-2024-1845](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1845) +![](https://img.shields.io/static/v1?label=Product&message=VikRentCar%20Car%20Rental%20Management%20System&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%201.3.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks + +### POC + +#### Reference +- https://wpscan.com/vulnerability/a8d7b564-36e0-4f05-9b49-1b441f453d0a/ + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-1963.md b/2024/CVE-2024-1963.md new file mode 100644 index 000000000..b71e46ff6 --- /dev/null +++ b/2024/CVE-2024-1963.md @@ -0,0 +1,17 @@ +### [CVE-2024-1963](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1963) +![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=8.4%3C%2016.10.7%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%3A%20Uncontrolled%20Resource%20Consumption&color=brighgreen) + +### Description + +An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.4 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial of service by sending specially crafted requests. + +### POC + +#### Reference +- https://gitlab.com/gitlab-org/gitlab/-/issues/443577 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-20399.md b/2024/CVE-2024-20399.md new file mode 100644 index 000000000..37c283313 --- /dev/null +++ b/2024/CVE-2024-20399.md @@ -0,0 +1,17 @@ +### [CVE-2024-20399](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20399) +![](https://img.shields.io/static/v1?label=Product&message=Cisco%20NX-OS%20Software&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%206.0(2)A6(1)%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20an%20OS%20Command%20('OS%20Command%20Injection')&color=brighgreen) + +### Description + +A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific configuration CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected configuration CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root. Note: To successfully exploit this vulnerability on a Cisco NX-OS device, an attacker must have Administrator credentials. + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-2040.md b/2024/CVE-2024-2040.md new file mode 100644 index 000000000..b7460acc5 --- /dev/null +++ b/2024/CVE-2024-2040.md @@ -0,0 +1,17 @@ +### [CVE-2024-2040](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2040) +![](https://img.shields.io/static/v1?label=Product&message=Himer&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%202.1.1%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen) + +### Description + +The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack + +### POC + +#### Reference +- https://wpscan.com/vulnerability/1b97bbf0-c7d1-4e6c-bb80-f9bf45fbfe1e/ + +#### Github +- https://github.com/20142995/nuclei-templates + diff --git a/2024/CVE-2024-20666.md b/2024/CVE-2024-20666.md index 5ad4e0147..5fee43c60 100644 --- a/2024/CVE-2024-20666.md +++ b/2024/CVE-2024-20666.md @@ -38,6 +38,7 @@ No PoCs from references. #### Github - https://github.com/MHimken/WinRE-Customization - https://github.com/NaInSec/CVE-LIST +- https://github.com/invaderslabs/CVE-2024-20666 - https://github.com/nnotwen/Script-For-CVE-2024-20666 - https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-21006.md b/2024/CVE-2024-21006.md index 8d8747626..8b3c247e9 100644 --- a/2024/CVE-2024-21006.md +++ b/2024/CVE-2024-21006.md @@ -17,4 +17,6 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware - https://github.com/netlas-io/netlas-dorks - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/tanjiti/sec_profile +- https://github.com/wy876/POC +- https://github.com/wy876/wiki diff --git a/2024/CVE-2024-21183.md b/2024/CVE-2024-21183.md new file mode 100644 index 000000000..2f3b3b17a --- /dev/null +++ b/2024/CVE-2024-21183.md @@ -0,0 +1,17 @@ +### [CVE-2024-21183](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21183) +![](https://img.shields.io/static/v1?label=Product&message=WebLogic%20Server&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=%3D%2012.2.1.4.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Easily%20exploitable%20vulnerability%20allows%20unauthenticated%20attacker%20with%20network%20access%20via%20T3%2C%20IIOP%20to%20compromise%20Oracle%20WebLogic%20Server.%20%20Successful%20attacks%20of%20this%20vulnerability%20can%20result%20in%20%20unauthorized%20access%20to%20critical%20data%20or%20complete%20access%20to%20all%20Oracle%20WebLogic%20Server%20accessible%20data.&color=brighgreen) + +### Description + +Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). + +### POC + +#### Reference +No PoCs from references. + +#### Github +- https://github.com/tanjiti/sec_profile + diff --git a/2024/CVE-2024-21490.md b/2024/CVE-2024-21490.md index 317fd9815..3796d3308 100644 --- a/2024/CVE-2024-21490.md +++ b/2024/CVE-2024-21490.md @@ -15,6 +15,7 @@ This affects versions of the package angular from 1.3.0. A regular expression us - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746 - https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747 - https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113 +- https://support.herodevs.com/hc/en-us/articles/25715686953485-CVE-2024-21490-AngularJS-Regular-Expression-Denial-of-Service-ReDoS #### Github - https://github.com/fkie-cad/nvd-json-data-feeds diff --git a/2024/CVE-2024-21513.md b/2024/CVE-2024-21513.md new file mode 100644 index 000000000..d369e64e8 --- /dev/null +++ b/2024/CVE-2024-21513.md @@ -0,0 +1,17 @@ +### [CVE-2024-21513](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21513) +![](https://img.shields.io/static/v1?label=Product&message=langchain-experimental&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0.0.15%3C%200.0.21%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Arbitrary%20Code%20Execution&color=brighgreen) + +### Description + +Versions of the package langchain-experimental from 0.0.15 and before 0.0.21 are vulnerable to Arbitrary Code Execution when retrieving values from the database, the code will attempt to call 'eval' on all values. An attacker can exploit this vulnerability and execute arbitrary python code if they can control the input prompt and the server is configured with VectorSQLDatabaseChain. **Notes:** Impact on the Confidentiality, Integrity and Availability of the vulnerable component: Confidentiality: Code execution happens within the impacted component, in this case langchain-experimental, so all resources are necessarily accessible. Integrity: There is nothing protected by the impacted component inherently. Although anything returned from the component counts as 'information' for which the trustworthiness can be compromised. Availability: The loss of availability isn't caused by the attack itself, but it happens as a result during the attacker's post-exploitation steps. Impact on the Confidentiality, Integrity and Availability of the subsequent system: As a legitimate low-privileged user of the package (PR:L) the attacker does not have more access to data owned by the package as a result of this vulnerability than they did with normal usage (e.g. can query the DB). The unintended action that one can perform by breaking out of the app environment and exfiltrating files, making remote connections etc. happens during the post exploitation phase in the subsequent system - in this case, the OS. AT:P: An attacker needs to be able to influence the input prompt, whilst the server is configured with the VectorSQLDatabaseChain plugin. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-PYTHON-LANGCHAINEXPERIMENTAL-7278171 + +#### Github +No PoCs found on GitHub currently. + diff --git a/2024/CVE-2024-21514.md b/2024/CVE-2024-21514.md index 42dcbbfa5..418e53b14 100644 --- a/2024/CVE-2024-21514.md +++ b/2024/CVE-2024-21514.md @@ -13,5 +13,5 @@ This affects versions of the package opencart/opencart from 0.0.0. An SQL Inject - https://security.snyk.io/vuln/SNYK-PHP-OPENCARTOPENCART-7266565 #### Github -No PoCs found on GitHub currently. +- https://github.com/nomi-sec/PoC-in-GitHub diff --git a/2024/CVE-2024-21520.md b/2024/CVE-2024-21520.md new file mode 100644 index 000000000..5c8b2d698 --- /dev/null +++ b/2024/CVE-2024-21520.md @@ -0,0 +1,18 @@ +### [CVE-2024-21520](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21520) +![](https://img.shields.io/static/v1?label=Product&message=djangorestframework&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%203.15.2%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20Scripting%20(XSS)&color=brighgreen) + +### Description + +Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with
tags. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-PYTHON-DJANGORESTFRAMEWORK-7252137 + +#### Github +- https://github.com/ch4n3-yoon/ch4n3-yoon +- https://github.com/nomi-sec/PoC-in-GitHub + diff --git a/2024/CVE-2024-21521.md b/2024/CVE-2024-21521.md new file mode 100644 index 000000000..dc2867c86 --- /dev/null +++ b/2024/CVE-2024-21521.md @@ -0,0 +1,17 @@ +### [CVE-2024-21521](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21521) +![](https://img.shields.io/static/v1?label=Product&message=%40discordjs%2Fopus&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service%20(DoS)&color=brighgreen) + +### Description + +All versions of the package @discordjs/opus are vulnerable to Denial of Service (DoS) due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-DISCORDJSOPUS-6370643 + +#### Github +- https://github.com/dellalibera/dellalibera + diff --git a/2024/CVE-2024-21522.md b/2024/CVE-2024-21522.md new file mode 100644 index 000000000..5ea2ea3ee --- /dev/null +++ b/2024/CVE-2024-21522.md @@ -0,0 +1,17 @@ +### [CVE-2024-21522](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21522) +![](https://img.shields.io/static/v1?label=Product&message=audify&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Validation%20of%20Array%20Index&color=brighgreen) + +### Description + +All versions of the package audify are vulnerable to Improper Validation of Array Index when frameSize is provided to the new OpusDecoder().decode or new OpusDecoder().decodeFloat functions it is not checked for negative values. This can lead to a process crash. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-AUDIFY-6370700 + +#### Github +- https://github.com/dellalibera/dellalibera + diff --git a/2024/CVE-2024-21523.md b/2024/CVE-2024-21523.md new file mode 100644 index 000000000..03d9f2158 --- /dev/null +++ b/2024/CVE-2024-21523.md @@ -0,0 +1,17 @@ +### [CVE-2024-21523](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21523) +![](https://img.shields.io/static/v1?label=Product&message=images&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service%20(DoS)&color=brighgreen) + +### Description + +All versions of the package images are vulnerable to Denial of Service (DoS) due to providing unexpected input types to several different functions. This makes it possible to reach an assert macro, leading to a process crash. **Note:** By providing some specific integer values (like 0) to the size function, it is possible to obtain a Segmentation fault error, leading to the process crash. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-IMAGES-6421826 + +#### Github +- https://github.com/dellalibera/dellalibera + diff --git a/2024/CVE-2024-21524.md b/2024/CVE-2024-21524.md new file mode 100644 index 000000000..5cfb082ee --- /dev/null +++ b/2024/CVE-2024-21524.md @@ -0,0 +1,17 @@ +### [CVE-2024-21524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21524) +![](https://img.shields.io/static/v1?label=Product&message=node-stringbuilder&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Out-of-bounds%20Read&color=brighgreen) + +### Description + +All versions of the package node-stringbuilder are vulnerable to Out-of-bounds Read due to incorrect memory length calculation, by calling ToBuffer, ToString, or CharAt on a StringBuilder object with a non-empty string value input. It's possible to return previously allocated memory, for example, by providing negative indexes, leading to an Information Disclosure. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-NODESTRINGBUILDER-6421617 + +#### Github +- https://github.com/dellalibera/dellalibera + diff --git a/2024/CVE-2024-21525.md b/2024/CVE-2024-21525.md new file mode 100644 index 000000000..161bda273 --- /dev/null +++ b/2024/CVE-2024-21525.md @@ -0,0 +1,17 @@ +### [CVE-2024-21525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21525) +![](https://img.shields.io/static/v1?label=Product&message=node-twain&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Check%20or%20Handling%20of%20Exceptional%20Conditions&color=brighgreen) + +### Description + +All versions of the package node-twain are vulnerable to Improper Check or Handling of Exceptional Conditions due to the length of the source data not being checked. Creating a new twain.TwainSDK with a productName or productFamily, manufacturer, version.info property of length >= 34 chars leads to a buffer overflow vulnerability. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-NODETWAIN-6421153 + +#### Github +- https://github.com/dellalibera/dellalibera + diff --git a/2024/CVE-2024-21526.md b/2024/CVE-2024-21526.md new file mode 100644 index 000000000..5d29d620b --- /dev/null +++ b/2024/CVE-2024-21526.md @@ -0,0 +1,17 @@ +### [CVE-2024-21526](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21526) +![](https://img.shields.io/static/v1?label=Product&message=speaker&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%20*%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Denial%20of%20Service%20(DoS)&color=brighgreen) + +### Description + +All versions of the package speaker are vulnerable to Denial of Service (DoS) when providing unexpected input types to the channels property of the Speaker object makes it possible to reach an assert macro. Exploiting this vulnerability can lead to a process crash. + +### POC + +#### Reference +- https://security.snyk.io/vuln/SNYK-JS-SPEAKER-6370676 + +#### Github +- https://github.com/dellalibera/dellalibera + diff --git a/2024/CVE-2024-21527.md b/2024/CVE-2024-21527.md new file mode 100644 index 000000000..9d00932bd --- /dev/null +++ b/2024/CVE-2024-21527.md @@ -0,0 +1,21 @@ +### [CVE-2024-21527](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21527) +![](https://img.shields.io/static/v1?label=Product&message=github.com%2Fgotenberg%2Fgotenberg%2Fv8%2Fpkg%2Fgotenberg&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=github.com%2Fgotenberg%2Fgotenberg%2Fv8%2Fpkg%2Fmodules%2Fchromium&color=blue) +![](https://img.shields.io/static/v1?label=Product&message=github.com%2Fgotenberg%2Fgotenberg%2Fv8%2Fpkg%2Fmodules%2Fwebhook&color=blue) +![](https://img.shields.io/static/v1?label=Version&message=0%3C%208.1.0%20&color=brighgreen) +![](https://img.shields.io/static/v1?label=Vulnerability&message=Server-side%20Request%20Forgery%20(SSRF)&color=brighgreen) + +### Description + +Versions of the package github.com/gotenberg/gotenberg/v8/pkg/gotenberg before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/chromium before 8.1.0; versions of the package github.com/gotenberg/gotenberg/v8/pkg/modules/webhook before 8.1.0 are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when a request is made to a file via localhost, such as