Update CVE sources 2024-06-10 18:01

2006/CVE-2006-2937.md

@@ -10,6 +10,7 @@ OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to c
 ### POC
 
 #### Reference
+- http://www.ubuntu.com/usn/usn-353-1
 - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
 - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
 - http://www.vmware.com/support/player/doc/releasenotes_player.html

2006/CVE-2006-2940.md

@@ -10,6 +10,7 @@ OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows at
 ### POC
 
 #### Reference
+- http://www.ubuntu.com/usn/usn-353-1
 - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
 - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
 - http://www.vmware.com/support/player/doc/releasenotes_player.html

2006/CVE-2006-3738.md

@@ -10,6 +10,7 @@ Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0
 ### POC
 
 #### Reference
+- http://www.ubuntu.com/usn/usn-353-1
 - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
 - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9370

2006/CVE-2006-4343.md

@@ -10,6 +10,7 @@ The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0
 ### POC
 
 #### Reference
+- http://www.ubuntu.com/usn/usn-353-1
 - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
 - http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
 - http://www.vmware.com/support/player/doc/releasenotes_player.html

2007/CVE-2007-0695.md

@@ -0,0 +1,17 @@
+### [CVE-2007-0695](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0695)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.  NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.
+
+### POC
+
+#### Reference
+- http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260
+
+#### Github
+No PoCs found on GitHub currently.
+

2007/CVE-2007-0696.md

@@ -0,0 +1,17 @@
+### [CVE-2007-0696](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0696)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site scripting (XSS) vulnerability in error messages in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, different vectors than CVE-2007-0611.
+
+### POC
+
+#### Reference
+- http://sourceforge.net/project/shownotes.php?release_id=481131&group_id=98260
+
+#### Github
+No PoCs found on GitHub currently.
+

2010/CVE-2010-4091.md

@@ -10,7 +10,7 @@ The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x befor
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://extraexploit.blogspot.com/2010/11/full-disclosure-xplpdf-adober-reader-94.html
 
 #### Github
 - https://github.com/0xCyberY/CVE-T4PDF

2012/CVE-2012-6150.md

@@ -10,7 +10,7 @@ The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in S
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/USN-2054-1
 
 #### Github
 - https://github.com/Live-Hack-CVE/CVE-2012-6150

2013/CVE-2013-0228.md

@@ -12,6 +12,7 @@ The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.
 #### Reference
 - http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
 - http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
+- http://www.ubuntu.com/usn/USN-1797-1
 - http://www.ubuntu.com/usn/USN-1808-1
 - http://www.ubuntu.com/usn/USN-1808-1
 

2013/CVE-2013-0914.md

@@ -14,6 +14,7 @@ The flush_signal_handlers function in kernel/signal.c in the Linux kernel before
 - http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
 - http://www.ubuntu.com/usn/USN-1788-1
 - http://www.ubuntu.com/usn/USN-1788-1
+- http://www.ubuntu.com/usn/USN-1797-1
 
 #### Github
 No PoCs found on GitHub currently.

2013/CVE-2013-1767.md

@@ -14,6 +14,7 @@ Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in t
 - http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
 - http://www.ubuntu.com/usn/USN-1788-1
 - http://www.ubuntu.com/usn/USN-1788-1
+- http://www.ubuntu.com/usn/USN-1797-1
 
 #### Github
 No PoCs found on GitHub currently.

2013/CVE-2013-1792.md

@@ -14,6 +14,7 @@ Race condition in the install_user_keyrings function in security/keys/process_ke
 - http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
 - http://www.ubuntu.com/usn/USN-1788-1
 - http://www.ubuntu.com/usn/USN-1788-1
+- http://www.ubuntu.com/usn/USN-1797-1
 
 #### Github
 - https://github.com/wcventure/PERIOD

2013/CVE-2013-2546.md

@@ -12,6 +12,7 @@ The report API in the crypto user configuration API in the Linux kernel through
 #### Reference
 - http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
 - http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
+- http://www.ubuntu.com/usn/USN-1797-1
 
 #### Github
 No PoCs found on GitHub currently.

2013/CVE-2013-2547.md

@@ -12,6 +12,7 @@ The crypto_report_one function in crypto/crypto_user.c in the report API in the
 #### Reference
 - http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
 - http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
+- http://www.ubuntu.com/usn/USN-1797-1
 
 #### Github
 No PoCs found on GitHub currently.

2013/CVE-2013-2548.md

@@ -12,6 +12,7 @@ The crypto_report_one function in crypto/crypto_user.c in the report API in the
 #### Reference
 - http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
 - http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
+- http://www.ubuntu.com/usn/USN-1797-1
 
 #### Github
 No PoCs found on GitHub currently.

2013/CVE-2013-4408.md

@@ -0,0 +1,17 @@
+### [CVE-2013-4408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4408)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via an invalid fragment length in a DCE-RPC packet.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-2054-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2013/CVE-2013-4475.md

@@ -10,7 +10,7 @@ Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/USN-2054-1
 
 #### Github
 - https://github.com/Live-Hack-CVE/CVE-2013-4475

2014/CVE-2014-3181.md

@@ -0,0 +1,17 @@
+### [CVE-2014-3181](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-2376-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-3184.md

@@ -0,0 +1,17 @@
+### [CVE-2014-3184](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-2376-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-3185.md

@@ -0,0 +1,17 @@
+### [CVE-2014-3185](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-2376-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-3186.md

@@ -0,0 +1,17 @@
+### [CVE-2014-3186](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-2376-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-6271.md

@@ -179,6 +179,7 @@ GNU Bash through 4.3 processes trailing strings after function definitions in th
 - https://github.com/Jsmoreira02/Jsmoreira02
 - https://github.com/Juan921030/awesome-hacking
 - https://github.com/K3ysTr0K3R/CVE-2014-6271-EXPLOIT
+- https://github.com/K3ysTr0K3R/K3ysTr0K3R
 - https://github.com/KJOONHWAN/CVE-Exploit-Demonstration
 - https://github.com/Kaizhe/attacker
 - https://github.com/KateFayra/auto_vulnerability_tester

2014/CVE-2014-6410.md

@@ -0,0 +1,17 @@
+### [CVE-2014-6410](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-2376-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2014/CVE-2014-6416.md

@@ -10,7 +10,7 @@ Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/USN-2376-1
 
 #### Github
 - https://github.com/Live-Hack-CVE/CVE-2014-6416

2014/CVE-2014-6417.md

@@ -10,7 +10,7 @@ net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not p
 ### POC
 
 #### Reference
-No PoCs from references.
+- http://www.ubuntu.com/usn/USN-2376-1
 
 #### Github
 - https://github.com/Live-Hack-CVE/CVE-2014-6417

2014/CVE-2014-6418.md

@@ -0,0 +1,17 @@
+### [CVE-2014-6418](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6418)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-2376-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2016/CVE-2016-7146.md

@@ -10,6 +10,7 @@ MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks
 ### POC
 
 #### Reference
+- http://www.ubuntu.com/usn/USN-3137-1
 - https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html
 - https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html
 

2016/CVE-2016-7148.md

@@ -10,6 +10,7 @@ MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks
 ### POC
 
 #### Reference
+- http://www.ubuntu.com/usn/USN-3137-1
 - https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html
 - https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html
 

2016/CVE-2016-9119.md

@@ -0,0 +1,17 @@
+### [CVE-2016-9119](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9119)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
+
+### POC
+
+#### Reference
+- http://www.ubuntu.com/usn/USN-3137-1
+
+#### Github
+No PoCs found on GitHub currently.
+

2017/CVE-2017-0781.md

@@ -33,6 +33,7 @@ A remote code execution vulnerability in the Android system (bluetooth). Product
 - https://github.com/Miracle963/bluetooth-cve
 - https://github.com/RavSS/Bluetooth-Crash-CVE-2017-0785
 - https://github.com/WinMin/Protocol-Vul
+- https://github.com/X3eRo0/android712-blueborne
 - https://github.com/XsafeAdmin/BlueBorne
 - https://github.com/chankruze/blueborne
 - https://github.com/coh7eiqu8thaBu/BookMark

2017/CVE-2017-0785.md

@@ -42,6 +42,7 @@ A information disclosure vulnerability in the Android system (bluetooth). Produc
 - https://github.com/RavSS/Bluetooth-Crash-CVE-2017-0785
 - https://github.com/S3cur3Th1sSh1t/Pentest-Tools
 - https://github.com/Waseem27-art/ART-TOOLKIT
+- https://github.com/X3eRo0/android712-blueborne
 - https://github.com/XsafeAdmin/BlueBorne
 - https://github.com/YellowVeN0m/Pentesters-toolbox
 - https://github.com/aymankhalfatni/CVE-2017-0785

2019/CVE-2019-10126.md

@@ -18,6 +18,7 @@ A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_ua
 - http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
 - https://seclists.org/bugtraq/2019/Jun/26
 - https://seclists.org/bugtraq/2019/Jun/26
+- https://usn.ubuntu.com/4117-1/
 - https://usn.ubuntu.com/4118-1/
 - https://usn.ubuntu.com/4118-1/
 

2019/CVE-2019-10638.md

@@ -16,6 +16,7 @@ In the Linux kernel before 5.1.7, a device can be tracked by an attacker using t
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.7
 - https://usn.ubuntu.com/4115-1/
 - https://usn.ubuntu.com/4115-1/
+- https://usn.ubuntu.com/4117-1/
 - https://usn.ubuntu.com/4118-1/
 - https://usn.ubuntu.com/4118-1/
 - https://www.oracle.com/security-alerts/cpuApr2021.html

2019/CVE-2019-12984.md

@@ -14,6 +14,7 @@ A NULL pointer dereference vulnerability in the function nfc_genl_deactivate_tar
 - http://packetstormsecurity.com/files/154245/Kernel-Live-Patch-Security-Notice-LSN-0054-1.html
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.13
+- https://usn.ubuntu.com/4117-1/
 - https://usn.ubuntu.com/4118-1/
 - https://usn.ubuntu.com/4118-1/
 

2019/CVE-2019-13233.md

@@ -14,6 +14,7 @@ In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-aft
 - http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.9
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.9
+- https://usn.ubuntu.com/4117-1/
 - https://usn.ubuntu.com/4118-1/
 - https://usn.ubuntu.com/4118-1/
 

2019/CVE-2019-13272.md

@@ -24,6 +24,7 @@ In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the
 - http://packetstormsecurity.com/files/165051/Linux-Kernel-5.1.x-PTRACE_TRACEME-pkexec-Local-Privilege-Escalation.html
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.17
+- https://usn.ubuntu.com/4117-1/
 - https://usn.ubuntu.com/4118-1/
 - https://usn.ubuntu.com/4118-1/
 

2019/CVE-2019-14283.md

@@ -20,6 +20,7 @@ In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does no
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3
 - https://usn.ubuntu.com/4115-1/
 - https://usn.ubuntu.com/4115-1/
+- https://usn.ubuntu.com/4117-1/
 - https://usn.ubuntu.com/4118-1/
 - https://usn.ubuntu.com/4118-1/
 

2019/CVE-2019-14284.md

@@ -20,6 +20,7 @@ In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of serv
 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2.3
 - https://usn.ubuntu.com/4115-1/
 - https://usn.ubuntu.com/4115-1/
+- https://usn.ubuntu.com/4117-1/
 - https://usn.ubuntu.com/4118-1/
 - https://usn.ubuntu.com/4118-1/
 

2019/CVE-2019-3846.md

@@ -18,6 +18,7 @@ A flaw that allowed an attacker to corrupt memory and possibly escalate privileg
 - http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html
 - https://seclists.org/bugtraq/2019/Jun/26
 - https://seclists.org/bugtraq/2019/Jun/26
+- https://usn.ubuntu.com/4117-1/
 - https://usn.ubuntu.com/4118-1/
 - https://usn.ubuntu.com/4118-1/
 

2019/CVE-2019-3900.md

@@ -14,6 +14,7 @@ An infinite loop issue was found in the vhost_net kernel module in Linux Kernel
 - http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
 - https://usn.ubuntu.com/4115-1/
 - https://usn.ubuntu.com/4115-1/
+- https://usn.ubuntu.com/4117-1/
 - https://usn.ubuntu.com/4118-1/
 - https://usn.ubuntu.com/4118-1/
 - https://www.oracle.com/security-alerts/cpuApr2021.html

2020/CVE-2020-0688.md

@@ -22,6 +22,7 @@ A remote code execution vulnerability exists in Microsoft Exchange software when
 
 #### Github
 - https://github.com/0x783kb/Security-operation-book
+- https://github.com/0xMarcio/cve
 - https://github.com/0xMrNiko/Awesome-Red-Teaming
 - https://github.com/0xT11/CVE-POC
 - https://github.com/1337-llama/CVE-2020-0688-Python3

2020/CVE-2020-0796.md

@@ -32,6 +32,7 @@ A remote code execution vulnerability exists in the way that the Microsoft Serve
 
 #### Github
 - https://github.com/0day404/vulnerability-poc
+- https://github.com/0xMarcio/cve
 - https://github.com/0xT11/CVE-POC
 - https://github.com/0xcyberpj/windows-exploitation
 - https://github.com/0xeb-bp/cve-2020-0796

2020/CVE-2020-1472.md

@@ -43,6 +43,7 @@ An elevation of privilege vulnerability exists when an attacker establishes a vu
 - https://github.com/0x783kb/Security-operation-book
 - https://github.com/0xHunterr/OSCP-Study-Notes
 - https://github.com/0xHunterr/OSCP-Studying-Notes
+- https://github.com/0xMarcio/cve
 - https://github.com/0xStrygwyr/OSCP-Guide
 - https://github.com/0xT11/CVE-POC
 - https://github.com/0xZipp0/BIBLE

2020/CVE-2020-18657.md

@@ -0,0 +1,17 @@
+### [CVE-2020-18657](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18657)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.
+
+### POC
+
+#### Reference
+- https://www.seebug.org/vuldb/ssvid-97929
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-18658.md

@@ -0,0 +1,17 @@
+### [CVE-2020-18658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18658)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php.
+
+### POC
+
+#### Reference
+- https://www.seebug.org/vuldb/ssvid-97930
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-18659.md

@@ -0,0 +1,17 @@
+### [CVE-2020-18659](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18659)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php
+
+### POC
+
+#### Reference
+- https://www.seebug.org/vuldb/ssvid-97931
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-18661.md

@@ -0,0 +1,17 @@
+### [CVE-2020-18661](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18661)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via the url parameter to bbs/login.php.
+
+### POC
+
+#### Reference
+- https://www.seebug.org/vuldb/ssvid-97925
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-18716.md

@@ -0,0 +1,17 @@
+### [CVE-2020-18716](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18716)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.
+
+### POC
+
+#### Reference
+- https://www.seebug.org/vuldb/ssvid-97867
+
+#### Github
+No PoCs found on GitHub currently.
+

2020/CVE-2020-2551.md

@@ -16,6 +16,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
 #### Github
 - https://github.com/0x727/JNDIExploit
 - https://github.com/0xAbbarhSF/CVE-Exploit
+- https://github.com/0xMarcio/cve
 - https://github.com/0xMrNiko/Awesome-Red-Teaming
 - https://github.com/0xT11/CVE-POC
 - https://github.com/0xlane/CVE-2020-2551

2020/CVE-2020-5902.md

@@ -35,6 +35,7 @@ In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.
 - https://github.com/0day404/vulnerability-poc
 - https://github.com/0x783kb/Security-operation-book
 - https://github.com/0xAbdullah/CVE-2020-5902
+- https://github.com/0xMarcio/cve
 - https://github.com/0xMrNiko/Awesome-Red-Teaming
 - https://github.com/0xPugal/One-Liners
 - https://github.com/0xPugazh/One-Liners

2021/CVE-2021-1675.md

@@ -56,6 +56,7 @@ Windows Print Spooler Remote Code Execution Vulnerability
 - https://github.com/0x727/usefull-elevation-of-privilege
 - https://github.com/0xHunterr/OSCP-Study-Notes
 - https://github.com/0xHunterr/OSCP-Studying-Notes
+- https://github.com/0xMarcio/cve
 - https://github.com/0xStrygwyr/OSCP-Guide
 - https://github.com/0xZipp0/OSCP
 - https://github.com/0xaniketB/HackTheBox-Driver

2021/CVE-2021-21972.md

@@ -22,6 +22,7 @@ The vSphere Client (HTML5) contains a remote code execution vulnerability in a v
 - https://github.com/0day404/vulnerability-poc
 - https://github.com/0ps/pocassistdb
 - https://github.com/0x783kb/Security-operation-book
+- https://github.com/0xMarcio/cve
 - https://github.com/0xStrygwyr/OSCP-Guide
 - https://github.com/0xZipp0/OSCP
 - https://github.com/0xsyr0/OSCP

2021/CVE-2021-31166.md

@@ -20,6 +20,7 @@ HTTP Protocol Stack Remote Code Execution Vulnerability
 #### Github
 - https://github.com/0vercl0k/0vercl0k
 - https://github.com/0vercl0k/CVE-2021-31166
+- https://github.com/0xMarcio/cve
 - https://github.com/0xmaximus/Home-Demolisher
 - https://github.com/20142995/sectool
 - https://github.com/ARPSyndicate/cvemon

2021/CVE-2021-3156.md

@@ -37,6 +37,7 @@ Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based
 - https://github.com/0day404/vulnerability-poc
 - https://github.com/0x4ndy/clif
 - https://github.com/0x7183/CVE-2021-3156
+- https://github.com/0xMarcio/cve
 - https://github.com/0xStrygwyr/OSCP-Guide
 - https://github.com/0xZipp0/OSCP
 - https://github.com/0xdevil/CVE-2021-3156

2021/CVE-2021-4034.md

@@ -22,6 +22,7 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility.
 - https://github.com/0x01-sec/CVE-2021-4034-
 - https://github.com/0x05a/my-cve-2021-4034-poc
 - https://github.com/0x4ndy/CVE-2021-4034-PoC
+- https://github.com/0xMarcio/cve
 - https://github.com/0xNix/CVE-2021-4034
 - https://github.com/0xStrygwyr/OSCP-Guide
 - https://github.com/0xZipp0/OSCP

2021/CVE-2021-44228.md

@@ -66,6 +66,7 @@ Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12
 - https://github.com/0xCyberY/CVE-T4PDF
 - https://github.com/0xDexter0us/Log4J-Scanner
 - https://github.com/0xInfection/LogMePwn
+- https://github.com/0xMarcio/cve
 - https://github.com/0xPugal/One-Liners
 - https://github.com/0xPugazh/One-Liners
 - https://github.com/0xRyan/log4j-nullroute

2022/CVE-2022-0185.md

@@ -16,6 +16,7 @@ A heap-based buffer overflow flaw was found in the way the legacy_parse_param fu
 - https://www.willsroot.io/2022/01/cve-2022-0185.html
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/0xTen/pwn-gym
 - https://github.com/20142995/sectool
 - https://github.com/ARPSyndicate/cvemon

2022/CVE-2022-0847.md

@@ -24,6 +24,7 @@ A flaw was found in the way the "flags" member of the new pipe buffer structure
 #### Github
 - https://github.com/0day404/vulnerability-poc
 - https://github.com/0xIronGoat/dirty-pipe
+- https://github.com/0xMarcio/cve
 - https://github.com/0xStrygwyr/OSCP-Guide
 - https://github.com/0xTen/pwn-gym
 - https://github.com/0xZipp0/OSCP

2022/CVE-2022-0995.md

@@ -18,6 +18,7 @@ An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch
 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93ce93587d36493f2f86921fa79921b3cba63fbb
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/1nzag/CVE-2022-0995
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Al1ex/LinuxEelvation

2022/CVE-2022-23222.md

@@ -14,6 +14,7 @@ No PoCs from references.
 
 #### Github
 - https://github.com/0day404/vulnerability-poc
+- https://github.com/0xMarcio/cve
 - https://github.com/0xsmirk/vehicle-kernel-exploit
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Al1ex/LinuxEelvation

2022/CVE-2022-25636.md

@@ -20,6 +20,7 @@ net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows loca
 - https://www.oracle.com/security-alerts/cpujul2022.html
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/20142995/sectool
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/B0nfee/CVE-2022-25636

2022/CVE-2022-2588.md

@@ -25,6 +25,7 @@ It was discovered that the cls_route filter implementation in the Linux kernel w
 - https://www.openwall.com/lists/oss-security/2022/08/09/6
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/20142995/sectool
 - https://github.com/ARGOeu-Metrics/secmon-probes
 - https://github.com/ARPSyndicate/cvemon

2022/CVE-2022-30190.md

@@ -47,6 +47,7 @@ A remote code execution vulnerability exists when MSDT is called using the URL p
 
 #### Github
 - https://github.com/0xAbbarhSF/FollinaXploit
+- https://github.com/0xMarcio/cve
 - https://github.com/0xStarFord/FollinaXploit
 - https://github.com/0xStrygwyr/OSCP-Guide
 - https://github.com/0xZipp0/OSCP

2022/CVE-2022-33679.md

@@ -33,6 +33,7 @@ Windows Kerberos Elevation of Privilege Vulnerability
 No PoCs from references.
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Amulab/CVE-2022-33679
 - https://github.com/Ascotbe/Kernelhub

2022/CVE-2022-39197.md

@@ -16,6 +16,7 @@ An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Stri
 - https://www.cobaltstrike.com/blog/tag/release/
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/20142995/sectool
 - https://github.com/4nth0ny1130/CVE-2022-39197-fix_patch
 - https://github.com/ARPSyndicate/cvemon

2023/CVE-2023-0386.md

@@ -16,6 +16,7 @@ A flaw was found in the Linux kernel, where unauthorized access to the execution
 - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/20142995/sectool
 - https://github.com/3yujw7njai/CVE-2023-0386
 - https://github.com/AabyssZG/AWD-Guide

2023/CVE-2023-20887.md

@@ -14,6 +14,7 @@ Aria Operations for Networks contains a command injection vulnerability. A malic
 - http://packetstormsecurity.com/files/173761/VMWare-Aria-Operations-For-Networks-Remote-Command-Execution.html
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/Awrrays/FrameVul
 - https://github.com/CVEDB/awesome-cve-repo

2023/CVE-2023-21608.md

@@ -13,6 +13,7 @@ Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earl
 No PoCs from references.
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/ARPSyndicate/cvemon
 - https://github.com/CVEDB/PoC-List
 - https://github.com/CVEDB/awesome-cve-repo

2023/CVE-2023-21768.md

@@ -18,6 +18,7 @@ Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerabili
 - http://packetstormsecurity.com/files/171606/Ancillary-Function-Driver-AFD-For-Winsock-Privilege-Escalation.html
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/0xsyr0/OSCP
 - https://github.com/2lambda123/diaphora
 - https://github.com/3yujw7njai/CVE-2023-21768-POC

2023/CVE-2023-23397.md

@@ -20,6 +20,7 @@ Microsoft Outlook Elevation of Privilege Vulnerability
 No PoCs from references.
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/0xsyr0/OSCP
 - https://github.com/20142995/sectool
 - https://github.com/3yujw7njai/CVE-2023-23397-POC

2023/CVE-2023-29060.md

@@ -0,0 +1,17 @@
+### [CVE-2023-29060](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29060)
+![](https://img.shields.io/static/v1?label=Product&message=FACSChorus&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=5.0%3C%3D%205.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1299%20Missing%20Protection%20Mechanism%20for%20Alternate%20Hardware%20Interface&color=brighgreen)
+
+### Description
+
+The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.
+
+### POC
+
+#### Reference
+- https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-29061.md

@@ -0,0 +1,17 @@
+### [CVE-2023-29061](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29061)
+![](https://img.shields.io/static/v1?label=Product&message=FACSChorus&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=5.0%3C%3D%205.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-306%20Missing%20Authentication%20for%20Critical%20Function&color=brighgreen)
+
+### Description
+
+There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication.
+
+### POC
+
+#### Reference
+- https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-29062.md

@@ -0,0 +1,17 @@
+### [CVE-2023-29062](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29062)
+![](https://img.shields.io/static/v1?label=Product&message=FACSChorus&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=5.0%3C%3D%205.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-287%20Improper%20Authentication&color=brighgreen)
+
+### Description
+
+The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS, or MDNS and will result in NTLMv2 hashes being sent to a malicious entity position on the local network. These hashes can subsequently be attacked through brute force and cracked if a weak password is used. This attack would only apply to domain joined systems.
+
+### POC
+
+#### Reference
+- https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-29063.md

@@ -0,0 +1,17 @@
+### [CVE-2023-29063](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29063)
+![](https://img.shields.io/static/v1?label=Product&message=FACSChorus&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=5.0%3C%3D%205.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1299%20Missing%20Protection%20Mechanism%20for%20Alternate%20Hardware%20Interface&color=brighgreen)
+
+### Description
+
+The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encryption key from a dump of the workstation RAM during startup.
+
+### POC
+
+#### Reference
+- https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-29064.md

@@ -0,0 +1,17 @@
+### [CVE-2023-29064](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29064)
+![](https://img.shields.io/static/v1?label=Product&message=FACSChorus&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=5.0%3C%3D%205.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-798%20Use%20of%20Hard-coded%20Credentials&color=brighgreen)
+
+### Description
+
+The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts.
+
+### POC
+
+#### Reference
+- https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-29065.md

@@ -0,0 +1,17 @@
+### [CVE-2023-29065](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29065)
+![](https://img.shields.io/static/v1?label=Product&message=FACSChorus&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=5.0%3C%3D%205.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-277%20Insecure%20Inherited%20Permissions&color=brighgreen)
+
+### Description
+
+The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.
+
+### POC
+
+#### Reference
+- https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-29066.md

@@ -0,0 +1,17 @@
+### [CVE-2023-29066](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29066)
+![](https://img.shields.io/static/v1?label=Product&message=FACSChorus&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=5.0%3C%3D%205.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-266%20Incorrect%20Privilege%20Assignment&color=brighgreen)
+
+### Description
+
+The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders.
+
+### POC
+
+#### Reference
+- https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-32233.md

@@ -16,6 +16,7 @@ In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when
 - https://news.ycombinator.com/item?id=35879660
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/0xsyr0/OSCP
 - https://github.com/ARGOeu-Metrics/secmon-probes
 - https://github.com/CVEDB/awesome-cve-repo

2023/CVE-2023-3623.md

@@ -0,0 +1,17 @@
+### [CVE-2023-3623](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3623)
+![](https://img.shields.io/static/v1?label=Product&message=Mountain%20Flood%20Disaster%20Prevention%20Monitoring%20and%20Early%20Warning%20System&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%2020230704%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-434%20Unrestricted%20Upload&color=brighgreen)
+
+### Description
+
+A vulnerability was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230704. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Duty/AjaxHandle/UploadHandler.ashx of the component Duty Module. The manipulation of the argument Filedata leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233576. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://github.com/luoshaokai/cve/blob/main/one.md
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-38831.md

@@ -16,6 +16,7 @@ RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user
 - https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/80r1ng/CVE-2023-38831-EXP
 - https://github.com/Ahmed1Al/CVE-2023-38831-winrar-exploit
 - https://github.com/AskarKasimov/1337Rpwn4

2023/CVE-2023-4771.md

@@ -0,0 +1,17 @@
+### [CVE-2023-4771](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4771)
+![](https://img.shields.io/static/v1?label=Product&message=CKEditor&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%204.15.1%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
+
+### Description
+
+A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information.
+
+### POC
+
+#### Reference
+No PoCs from references.
+
+#### Github
+- https://github.com/nomi-sec/PoC-in-GitHub
+

2023/CVE-2023-4863.md

@@ -22,6 +22,7 @@ Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and lib
 - https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/Blaukovitch/GOOGLE_CHROME_Windows_7_CRACK
 - https://github.com/CVEDB/awesome-cve-repo
 - https://github.com/CVEDB/top

2023/CVE-2023-4911.md

@@ -28,6 +28,7 @@ A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so whi
 - https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/0xsyr0/OSCP
 - https://github.com/20142995/sectool
 - https://github.com/BlessedRebuS/OSCP-Pentesting-Cheatsheet

2023/CVE-2023-7025.md

@@ -0,0 +1,17 @@
+### [CVE-2023-7025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7025)
+![](https://img.shields.io/static/v1?label=Product&message=hedron-domain-hook&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%203.8.0.12-0k0.0%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-284%20Improper%20Access%20Controls&color=brighgreen)
+
+### Description
+
+A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. It has been declared as critical. This vulnerability affects the function init_kcm of the component DBus Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-248578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
+
+### POC
+
+#### Reference
+- https://vuldb.com/?id.248578
+
+#### Github
+No PoCs found on GitHub currently.
+

2023/CVE-2023-7028.md

@@ -13,6 +13,7 @@ An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 pr
 No PoCs from references.
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/0xsyr0/OSCP
 - https://github.com/Azathothas/Stars
 - https://github.com/CVE-Reversing/CVE-Reversing

2023/CVE-2023-7108.md

@@ -12,6 +12,7 @@ A vulnerability classified as problematic has been found in code-projects E-Comm
 #### Reference
 - https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20Stored%20Cross-site%20Scripting.md
 - https://github.com/h4md153v63n/CVEs/blob/main/E-Commerce_Website/E-Commerce%20Website%20-%20Stored%20Cross-site%20Scripting.md
+- https://vuldb.com/?id.249003
 
 #### Github
 - https://github.com/h4md153v63n/CVEs

2024/CVE-2024-1086.md

@@ -18,6 +18,7 @@ A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables compon
 - https://pwning.tech/nftables/
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/0xsyr0/OSCP
 - https://github.com/Alicey0719/docker-POC_CVE-2024-1086
 - https://github.com/BachoSeven/stellestelline

2024/CVE-2024-21338.md

@@ -31,6 +31,7 @@ Windows Kernel Elevation of Privilege Vulnerability
 - https://decoded.avast.io/janvojtesek/lazarus-and-the-fudmodule-rootkit-beyond-byovd-with-an-admin-to-kernel-zero-day/
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/GhostTroops/TOP
 - https://github.com/UMU618/CVE-2024-21338
 - https://github.com/Zombie-Kaiser/CVE-2024-21338-x64-build-

2024/CVE-2024-21413.md

@@ -19,6 +19,7 @@ Microsoft Outlook Remote Code Execution Vulnerability
 - https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/CMNatic/CVE-2024-21413
 - https://github.com/DevAkabari/CVE-2024-21413
 - https://github.com/GhostTroops/TOP

2024/CVE-2024-21683.md

@@ -13,6 +13,7 @@ This High severity RCE (Remote Code Execution) vulnerability was introduced in v
 No PoCs from references.
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/Arbeys/CVE-2024-21683-PoC
 - https://github.com/GhostTroops/TOP
 - https://github.com/Threekiii/CVE

2024/CVE-2024-21762.md

@@ -14,6 +14,7 @@ A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 th
 No PoCs from references.
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/AlexLondan/CVE-2024-21762-Fortinet-RCE-ALLWORK
 - https://github.com/BetterCzz/CVE-2024-20291-POC
 - https://github.com/BishopFox/cve-2024-21762-check

2024/CVE-2024-22120.md

@@ -14,6 +14,7 @@ Zabbix server can perform command execution for configured scripts. After comman
 - https://support.zabbix.com/browse/ZBX-24505
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/GhostTroops/TOP
 - https://github.com/Threekiii/CVE
 - https://github.com/W01fh4cker/CVE-2024-22120-RCE

2024/CVE-2024-22549.md

@@ -10,6 +10,7 @@ FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of
 ### POC
 
 #### Reference
+- https://github.com/cccbbbttt/cms/blob/main/1.md
 - https://github.com/cccbbbttt/cms/blob/main/1.md
 
 #### Github

2024/CVE-2024-23897.md

@@ -16,6 +16,7 @@ Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of
 - http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/10T4/PoC-Fix-jenkins-rce_CVE-2024-23897
 - https://github.com/20142995/sectool
 - https://github.com/3yujw7njai/CVE-2024-23897

2024/CVE-2024-2408.md

@@ -0,0 +1,18 @@
+### [CVE-2024-2408](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408)
+![](https://img.shields.io/static/v1?label=Product&message=PHP&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request:  https://github.com/openssl/openssl/pull/13817  (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable.PHP Windows builds for the versions 8.1.29, 8.2.20 and 8.3.8 and above include OpenSSL patches that fix the vulnerability.
+
+### POC
+
+#### Reference
+- https://github.com/php/php-src/security/advisories/GHSA-hh26-4ppw-5864
+
+#### Github
+- https://github.com/chnzzh/OpenSSL-CVE-lib
+- https://github.com/fkie-cad/nvd-json-data-feeds
+

2024/CVE-2024-24919.md

@@ -25,6 +25,7 @@ No PoCs from references.
 - https://github.com/GoatSecurity/CVE-2024-24919
 - https://github.com/GuayoyoCyber/CVE-2024-24919
 - https://github.com/J4F9S5D2Q7/CVE-2024-24919
+- https://github.com/J4F9S5D2Q7/CVE-2024-24919-CHECKPOINT
 - https://github.com/LucasKatashi/CVE-2024-24919
 - https://github.com/MohamedWagdy7/CVE-2024-24919
 - https://github.com/Ostorlab/KEV
@@ -52,6 +53,7 @@ No PoCs from references.
 - https://github.com/nullcult/CVE-2024-24919-Exploit
 - https://github.com/numencyber/Vulnerability_PoC
 - https://github.com/pewc0/CVE-2024-24919
+- https://github.com/protonnegativo/CVE-2024-24919
 - https://github.com/r4p3c4/CVE-2024-24919-Checkpoint-Firewall-VPN-Check
 - https://github.com/r4p3c4/CVE-2024-24919-Exploit-PoC-Checkpoint-Firewall-VPN
 - https://github.com/satchhacker/cve-2024-24919

2024/CVE-2024-25600.md

@@ -17,6 +17,7 @@ Improper Control of Generation of Code ('Code Injection') vulnerability in Codee
 
 #### Github
 - https://github.com/0bl1v10nf0rg0773n/0BL1V10N-CVE-2024-25600-Bricks-Builder-plugin-for-WordPress
+- https://github.com/0xMarcio/cve
 - https://github.com/Chocapikk/CVE-2024-25600
 - https://github.com/Christbowel/CVE-2024-25600_Nuclei-Template
 - https://github.com/GhostTroops/TOP

2024/CVE-2024-27198.md

@@ -13,6 +13,7 @@ In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform
 No PoCs from references.
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/CharonDefalt/CVE-2024-27198-RCE
 - https://github.com/Chocapikk/CVE-2024-27198
 - https://github.com/Donata64/tc_test01

2024/CVE-2024-27199.md

@@ -13,6 +13,7 @@ In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limite
 No PoCs from references.
 
 #### Github
+- https://github.com/0xMarcio/cve
 - https://github.com/CharonDefalt/CVE-2024-27198-RCE
 - https://github.com/Donata64/tc_test01
 - https://github.com/GhostTroops/TOP

2024/CVE-2024-27936.md

@@ -14,5 +14,5 @@ Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults.
 - https://github.com/denoland/deno/security/advisories/GHSA-m4pq-fv2w-6hrw
 
 #### Github
-No PoCs found on GitHub currently.
+- https://github.com/fkie-cad/nvd-json-data-feeds