Update CVE sources 2024-06-08 09:32
This commit is contained in:
0xMarcio
@@ -15,6 +15,7 @@ No PoCs from references.
|
||||
#### Github
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/CVEDB/PoC-List
|
||||
- https://github.com/DrewSC13/Linpeas
|
||||
- https://github.com/cedelasen/htb-laboratory
|
||||
- https://github.com/chorankates/Irked
|
||||
- https://github.com/siddicky/Boiler_CTF
|
||||
|
||||
17
2012/CVE-2012-1156.md
Normal file
17
2012/CVE-2012-1156.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2012-1156](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1156)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Moodle before 2.2.2 has users' private files included in course backups
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://moodle.org/mod/forum/discuss.php?d=198623
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2012/CVE-2012-4567.md
Normal file
17
2012/CVE-2012-4567.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2012-4567](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4567)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) inc/inc.ClassUI.php or (2) out/out.DocumentNotify.php.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2012/CVE-2012-4568.md
Normal file
17
2012/CVE-2012-4568.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2012-4568](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4568)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2012/CVE-2012-4569.md
Normal file
17
2012/CVE-2012-4569.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2012-4569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4569)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Multiple cross-site scripting (XSS) vulnerabilities in out/out.UsrMgr.php in LetoDMS (formerly MyDMS) before 3.3.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2012/CVE-2012-4570.md
Normal file
17
2012/CVE-2012-4570.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2012-4570](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4570)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -263,6 +263,7 @@ Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allo
|
||||
- https://github.com/k0mi-tg/OSCP
|
||||
- https://github.com/k0mi-tg/OSCP-note
|
||||
- https://github.com/kai5263499/awesome-container-security
|
||||
- https://github.com/karanlvm/DirtyPipe-Exploit
|
||||
- https://github.com/katlol/stars
|
||||
- https://github.com/kcgthb/RHEL6.x-COW
|
||||
- https://github.com/kdn111/linux-kernel-exploitation
|
||||
|
||||
@@ -10,6 +10,7 @@ The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote a
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://www.slideshare.net/codewhitesec/java-deserialization-vulnerabilities-the-forgotten-bug-class-deepsec-edition
|
||||
- https://groups.google.com/forum/#!original/jenkinsci-advisories/-fc-w9tNEJE/GRvEzWoJBgAJ
|
||||
- https://www.cloudbees.com/jenkins-security-advisory-2016-11-16
|
||||
- https://www.exploit-db.com/exploits/44642/
|
||||
|
||||
@@ -128,6 +128,7 @@ The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2
|
||||
- https://github.com/rosonsec/Exploits
|
||||
- https://github.com/seeu-inspace/easyg
|
||||
- https://github.com/sponkmonk/Ladon_english_update
|
||||
- https://github.com/stormblack/smbvuln
|
||||
- https://github.com/substing/blue_ctf
|
||||
- https://github.com/sunylife24/TryHackMe2
|
||||
- https://github.com/sunzu94/AD-Attack-Defense
|
||||
|
||||
@@ -39,6 +39,7 @@ Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older
|
||||
- https://github.com/Threekiii/Vulhub-Reproduce
|
||||
- https://github.com/Tim1995/FINAL
|
||||
- https://github.com/Whoopsunix/PPPVULNS
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/Z0fhack/Goby_POC
|
||||
- https://github.com/Zero094/Vulnerability-verification
|
||||
- https://github.com/asa1997/topgear_test
|
||||
|
||||
17
2018/CVE-2018-25034.md
Normal file
17
2018/CVE-2018-25034.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2018-25034](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25034)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation of the argument ServiceSetIdentifier with the input ><script>alert(1)</script> as part of POST Request leads to basic cross site scripting (Persistent). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-126695.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://vuldb.com/?id.126695
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -48,6 +48,7 @@ In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in
|
||||
- https://github.com/Threekiii/Awesome-POC
|
||||
- https://github.com/Threekiii/Vulhub-Reproduce
|
||||
- https://github.com/Tyro-Shan/gongkaishouji
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
|
||||
- https://github.com/ZTK-009/Penetration_PoC
|
||||
- https://github.com/aaron3238/phpfpmexploit
|
||||
|
||||
@@ -161,6 +161,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/8097-Botcats/23-24-master
|
||||
- https://github.com/8097-Botcats/NEWrobotSDK
|
||||
- https://github.com/8101Metalmorphosis/Powerplay-2023
|
||||
- https://github.com/8696-Trobotix/template
|
||||
- https://github.com/87it/ftc-vc-demo
|
||||
- https://github.com/8872/centerstage
|
||||
- https://github.com/8872/tinycmd
|
||||
@@ -200,6 +201,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/ATurico26/201-Centerstage-2023-Aidan-code
|
||||
- https://github.com/Aar2d2006/ftc-non-sped-build-fuckery-go-kys
|
||||
- https://github.com/Aarav188/FTC
|
||||
- https://github.com/AaronHero03/FTCTeleOperate
|
||||
- https://github.com/AaronTreeCan/WashingtonCodersCode
|
||||
- https://github.com/AbbeySieg/ftc-4962-rocketts-2023
|
||||
- https://github.com/AbbyW89/something-real
|
||||
@@ -223,6 +225,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/Al-Tex/RobotController7.1
|
||||
- https://github.com/AlCadrone8588/Center-Stage
|
||||
- https://github.com/Alabala492/FtcRobotControllerCenter
|
||||
- https://github.com/AldenWohlgemuth/road-runner-quickstart-master
|
||||
- https://github.com/Alec7-prog/RoweboticCliquePowerPlay
|
||||
- https://github.com/AlejandroE25/FTC_POWER_PLAY
|
||||
- https://github.com/AlejandroE25/TNT-Robot-Controller
|
||||
@@ -237,6 +240,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/Alexander-Maples/FTCRobotController
|
||||
- https://github.com/Alisa1098/CenterStage4326
|
||||
- https://github.com/Alitma5094/Howard-Robotics-17394-Team-Code
|
||||
- https://github.com/AllNew101/Test_Intothedeep
|
||||
- https://github.com/AllysonAB/allysonab
|
||||
- https://github.com/AllysonAB/ftcCenterStage_Allison
|
||||
- https://github.com/Alokxmathur/Center-Stage---Giraffe
|
||||
@@ -314,6 +318,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/AsianKoala/FTC_14607_new
|
||||
- https://github.com/AsianKoala/koawalib_quickstart
|
||||
- https://github.com/AsianKoala/robotroopers_koawalib
|
||||
- https://github.com/Asvaka/XDriveChallenge
|
||||
- https://github.com/Atlas-CNB/centerstage-2024
|
||||
- https://github.com/Atlas-CNB/powerplay-2023
|
||||
- https://github.com/AtomicRobotics3805/2024-Centerstage
|
||||
@@ -372,6 +377,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/Bargain18/7172-Portfolio
|
||||
- https://github.com/Bargain18/Power-Play
|
||||
- https://github.com/Bargain18/Test
|
||||
- https://github.com/BaronClaps/PedroBot
|
||||
- https://github.com/BaronClaps/TomorrowTeamCode
|
||||
- https://github.com/Bartimus03/RoboticsCode
|
||||
- https://github.com/BaryonsFTC5119/Baryons_Power_Play
|
||||
@@ -424,6 +430,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/BossBots/PowerPlay
|
||||
- https://github.com/BossBots/PowerPlay-Use-this-one-
|
||||
- https://github.com/BossBots/Tutorials
|
||||
- https://github.com/BotNotFound/XDriveChallenge
|
||||
- https://github.com/BotcatsSoftware/Ultimate-Goal-SDK
|
||||
- https://github.com/BotcatsSoftware/Ultimate-Goal-SDK-master
|
||||
- https://github.com/BotcatsSoftware/VirtualRobotMaster2020
|
||||
@@ -1031,7 +1038,9 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/FlapJack20221/fuzzy-tribble
|
||||
- https://github.com/Floofyer/FtcRobotController
|
||||
- https://github.com/FlourishAndBots/PowerPlayReal
|
||||
- https://github.com/ForceCEITI/SDK-FTC
|
||||
- https://github.com/FreehandBlock51/FTCRobot2023
|
||||
- https://github.com/FreehandBlock51/XDriveChallenge
|
||||
- https://github.com/Friends-Robotics/freight-frenzy-robot-repo
|
||||
- https://github.com/Friends-Robotics/main-robot-repo
|
||||
- https://github.com/Friends-Robotics/powerplay-robot-repo
|
||||
@@ -1107,6 +1116,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/GramGra07/FTC-RobotController-2021-10448
|
||||
- https://github.com/GramGra07/FtcRobotController-10448-2022-23
|
||||
- https://github.com/GramGra07/FtcRobotController-10448-2022-23_priv-V2
|
||||
- https://github.com/GramGra07/FtcRobotController_2024-25_5115
|
||||
- https://github.com/GramGra07/OLD_FTC-RobotController202110448
|
||||
- https://github.com/GramGra07/OLD_FtcRobotController-10448-2022-23
|
||||
- https://github.com/GrangerMaherjava/FtcRobotController-master-2
|
||||
@@ -1128,6 +1138,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/Hackercats/Ultimate-Goal
|
||||
- https://github.com/HamzaEbeida/MarvelsOfVRIC
|
||||
- https://github.com/HamzaEbeida/offseason-ftc
|
||||
- https://github.com/Harsha23871/HarshaPractieBot_5_24_24
|
||||
- https://github.com/Harshiv15/FGC2023-TeamGB
|
||||
- https://github.com/Hav0k42/FTC-2020-Ultimate-Goal
|
||||
- https://github.com/HazenRobotics/center-stage
|
||||
@@ -1164,6 +1175,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/HiveMindRobotics/RobotController
|
||||
- https://github.com/HiveMindRobotics/RobotController-2022
|
||||
- https://github.com/Homosapiens-RO109/2024-CenterStage
|
||||
- https://github.com/Homosapiens-RO109/Centerstage2024
|
||||
- https://github.com/Hopkins-Robotics-Gray-12377/freight-frenzy-12377
|
||||
- https://github.com/HotchkissEFXGearcats/MecanumST2023
|
||||
- https://github.com/HotchkissEFXGearcats/OctobotST2023
|
||||
@@ -1349,10 +1361,12 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/KeeganPren/Dukes-CenterStage
|
||||
- https://github.com/KennedyRoboEagles/FTC2021-FreightFrenzy
|
||||
- https://github.com/Kenneth-Olibrice/State-of-Mind-2022-2023
|
||||
- https://github.com/KeshavAnandCode/Offseason-FtcRobotController
|
||||
- https://github.com/KevinYang2021/centerstage-ftc
|
||||
- https://github.com/KeyboardSpam815/11723-PowerPlay2
|
||||
- https://github.com/KilianCollins/23871PracBot11223
|
||||
- https://github.com/KilianCollins/HEEEEEEEEE
|
||||
- https://github.com/KilianCollins/PracticeRobot_5_23_24
|
||||
- https://github.com/KilianCollins/TEST11018023
|
||||
- https://github.com/Kimzs/FirstT
|
||||
- https://github.com/KineticCodeabots/Codeabot-TeamCode
|
||||
@@ -1588,6 +1602,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/NDCLRobotics/2022-FreightFrenzy
|
||||
- https://github.com/NDCLRobotics/2023-PowerPlay
|
||||
- https://github.com/NDRoboknights/FTC-UG-2021
|
||||
- https://github.com/NDS3K/FtcRobotController-master
|
||||
- https://github.com/NKKFu/bootz-code-2021
|
||||
- https://github.com/NKKFu/roboot-ftc-code-2021
|
||||
- https://github.com/NKKFu/tpx-2022
|
||||
@@ -1614,6 +1629,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/Ne-k/10332-PowerPlay
|
||||
- https://github.com/NebuDev14/base-example
|
||||
- https://github.com/NedMihnea/CODU-FREIGHT-FRENZY
|
||||
- https://github.com/NeelM1123/ftc2024
|
||||
- https://github.com/Nekarone/FTC-19280-Freight-Frenzy-Code
|
||||
- https://github.com/NelsonWong2026/FTC-CenterStage-24132
|
||||
- https://github.com/NemesisX09/T265-TEST
|
||||
@@ -1653,6 +1669,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/NipunNagendra/6210centerstage
|
||||
- https://github.com/Niskayuna-RoboWarriors/ftc-2021
|
||||
- https://github.com/Nitr0gue/RadicalRaidersPowerPlay
|
||||
- https://github.com/NoName1dea/18458-Zenith-ItD
|
||||
- https://github.com/NoahBlaut/SnakeByte2022
|
||||
- https://github.com/NoblesRobotics/ftc
|
||||
- https://github.com/NoblesRobotics/robbie
|
||||
@@ -1889,6 +1906,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/RoboRacers/FtcRobotControllerCenterstage
|
||||
- https://github.com/RoboRacers/FtcRobotControllerVeer
|
||||
- https://github.com/RoboRacers/RoboRacersCenterstage
|
||||
- https://github.com/RoboRacers/RoboRacersIntoTheDeep
|
||||
- https://github.com/RoboSapiens-Programare/cod-powerplay-2022-2023
|
||||
- https://github.com/RoboSapiens2021/SathvikMovement
|
||||
- https://github.com/RoboSapiens2021/ftc-2022-2023
|
||||
@@ -2092,9 +2110,12 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/SuperstellarHannah/WISER
|
||||
- https://github.com/Suvan8806/15024
|
||||
- https://github.com/Suvan8806/FtcRobotController-master-15024
|
||||
- https://github.com/SvenXD/Personal-ToolBox
|
||||
- https://github.com/Swampbots/FreightFrenzy
|
||||
- https://github.com/Swampbots/UltimateGoal
|
||||
- https://github.com/Swampbots/UltimateGoal6.0
|
||||
- https://github.com/Symple25125/ProjectArm
|
||||
- https://github.com/Symple25125/centerStage2024
|
||||
- https://github.com/T-Code07/FTC-LRCA-Joshua
|
||||
- https://github.com/T-Lind/POWER-PLAY
|
||||
- https://github.com/TBHGodPro/FTC-24729-2023
|
||||
@@ -2286,6 +2307,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/Tundrabots7083/7083-robot-code-2021-2022
|
||||
- https://github.com/Tundrabots7083/delta-bots-robot-code-2021-2022
|
||||
- https://github.com/Turbo-V8-14259/14259-Center-Stage
|
||||
- https://github.com/Tyler-Stocks/FTCLibTest
|
||||
- https://github.com/Tyler-Stocks/Ftc-Testing
|
||||
- https://github.com/Type-C-5526/Centerstage
|
||||
- https://github.com/Tysty/FTC-Software-Training-2023-2024
|
||||
@@ -2688,6 +2710,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/brotherhobo/2022-2023-FTC
|
||||
- https://github.com/brotherhobo/FTC-2022-2023
|
||||
- https://github.com/brotherhobo/Monocular-Visual-Odometry-FTC
|
||||
- https://github.com/brotherhobo/Pedro-Pathing-Quickstart
|
||||
- https://github.com/bruhyz07/2022_Ecliptic
|
||||
- https://github.com/bryancross/2021-Controller
|
||||
- https://github.com/bsoist/FreightFrenzy
|
||||
@@ -2829,6 +2852,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/dtomkoFRC/ftc-template
|
||||
- https://github.com/ducati-red916/Centerstage_2023-24
|
||||
- https://github.com/duckstroms/Web-CTF-Cheatsheet
|
||||
- https://github.com/duckyduckies/CENTERSTAGE
|
||||
- https://github.com/dushantpanchbhai/Agastya_FTC_2023
|
||||
- https://github.com/dushantpanchbhai/TIS_Salaam_Bombay
|
||||
- https://github.com/dushantpanchbhai/TIS_UpACreek
|
||||
@@ -2968,6 +2992,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/ftc13100/FreightFrenzy-2022
|
||||
- https://github.com/ftc13100/Practice-For-Programming
|
||||
- https://github.com/ftc13100/Programming-Practice-2023
|
||||
- https://github.com/ftc13100/Rising-Tides
|
||||
- https://github.com/ftc13100/UltimateGoal-2021
|
||||
- https://github.com/ftc14103/robot
|
||||
- https://github.com/ftc14158/FreightFrenzy2
|
||||
@@ -3056,6 +3081,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/ftcwaylandmi/2023-22154-RR
|
||||
- https://github.com/fungloonchong/ict3203_lab_quiz_1_notes
|
||||
- https://github.com/fwprobotics/3507-ultimategoal-rc
|
||||
- https://github.com/fzzytronics/ain
|
||||
- https://github.com/gagne-3/DRSS_20_21_Road_Runner_Testing
|
||||
- https://github.com/gagne-3/DRSS_20_21_Season_Auto_Update
|
||||
- https://github.com/gagne-3/DRSS_20_21_Season_Auto_Update_OLD
|
||||
@@ -3190,12 +3216,14 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/ishaspatil/pre-season-ftc-sdk
|
||||
- https://github.com/its3D56/Power-Play
|
||||
- https://github.com/ivas-does-bugs/FTC-Ultimate-Goal-ABSOTech
|
||||
- https://github.com/ivyw0426/XDrivePractice
|
||||
- https://github.com/ixInvalid/FTCRobotController
|
||||
- https://github.com/ixInvalid/FTCRobotController-v8.1.1
|
||||
- https://github.com/ixInvalid/Fibby
|
||||
- https://github.com/j4igupta/ftc-2023
|
||||
- https://github.com/j4igupta/ftc-tachyonics-2023
|
||||
- https://github.com/j4igupta/ftc-tachyonics-2023-init
|
||||
- https://github.com/j5155/testftc1
|
||||
- https://github.com/jaanvic25/GeneralRelativity21-22
|
||||
- https://github.com/jabernat/jabernaut1
|
||||
- https://github.com/jacen214/Jack2020
|
||||
@@ -3282,6 +3310,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/kausalyap/FTC_PowerPlay_OpenCV
|
||||
- https://github.com/kchrobotics/tubularcode2020ultimategoal
|
||||
- https://github.com/kennedyrobotics1/FtcRobotController-master
|
||||
- https://github.com/kennedyrobotics1/RoadRunnerOffseason
|
||||
- https://github.com/kennhung/FTC_2021_Playground
|
||||
- https://github.com/kermodes19767/freightfrenzy
|
||||
- https://github.com/kevinthegreat1/FTC-2021-2022-Team-15943
|
||||
@@ -3315,6 +3344,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/kroisssant/bjkbbkbjk
|
||||
- https://github.com/kronbot/powerplayv2
|
||||
- https://github.com/krusche-sensetence/jquery-2.2.4-patched
|
||||
- https://github.com/kuek64/20077_Centerstage_Pedro
|
||||
- https://github.com/kuek64/TheTomorrowTeam
|
||||
- https://github.com/kuek64/TomorrowTeamMeep
|
||||
- https://github.com/kunhantsai/FtcRobotController
|
||||
@@ -3495,6 +3525,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/panthera2021/FtcRobotController
|
||||
- https://github.com/panthera2021/Ultimate-Goal-6.1
|
||||
- https://github.com/paparul29/CenterStage-mecanum
|
||||
- https://github.com/paparul29/Road-To-Global-2024
|
||||
- https://github.com/papereater42/FireRoboticsMockSeason2023
|
||||
- https://github.com/par26/FtcRobotController-master
|
||||
- https://github.com/parallelepiped2718/Team-2993-base
|
||||
@@ -3747,6 +3778,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/sms-robotics/UltimateGoal2020
|
||||
- https://github.com/smvoigt/STEM_ftc
|
||||
- https://github.com/sofiaalfenito/FtcRobotController
|
||||
- https://github.com/sofiafurman/OdomNew
|
||||
- https://github.com/soniakhanvilkar/alpacas_ug_2020
|
||||
- https://github.com/soph002/KarmaRobotics-TV
|
||||
- https://github.com/soph002/KarmaRobotics-main
|
||||
@@ -3890,6 +3922,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/titans17576/SummerWithVidyoot
|
||||
- https://github.com/titans17576/UltimateGoalMeet1
|
||||
- https://github.com/tizso/ftc-startech-2024
|
||||
- https://github.com/tjunga/final-2023-2024
|
||||
- https://github.com/tjunga/pc-code
|
||||
- https://github.com/tmetelev/Error404_23
|
||||
- https://github.com/tmetelev/FtcRobotController-master
|
||||
@@ -3907,6 +3940,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/trc492/Ftc2022FreightFrenzy
|
||||
- https://github.com/trc492/Ftc2023PowerPlay
|
||||
- https://github.com/trc492/Ftc2024CenterStage
|
||||
- https://github.com/trc492/FtcTemplate
|
||||
- https://github.com/trevorkw7/first-tech-challenge-2020-2021
|
||||
- https://github.com/trialandterror-16800/Robot-Controller
|
||||
- https://github.com/trinayhari/final0s1s
|
||||
@@ -3922,6 +3956,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/tudor-Spaima/FTCRobotController
|
||||
- https://github.com/tundrabots/2021-2022-Robot-Code
|
||||
- https://github.com/turbokazax/NyxPardus-FtcRobotController-master
|
||||
- https://github.com/turtle4831/14708-offseason
|
||||
- https://github.com/turtle4831/DogBytes-CenterStage
|
||||
- https://github.com/turtlewalkers/freightfrenzy
|
||||
- https://github.com/udayamaddi/9686-CenterStage
|
||||
@@ -4011,6 +4046,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/xCellenceRobotics/robotics-ftc
|
||||
- https://github.com/xRoALex/ProgrammingLessons
|
||||
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
|
||||
- https://github.com/xboxman234/ANDRIOD-STUIDO-FOR-LE-EPIC-ROBOTICS-THEAM-NO-CAP-FR-FR
|
||||
- https://github.com/xiangqianyou/Example
|
||||
- https://github.com/xtremejames1/15118_2022-23
|
||||
- https://github.com/yablockoo/FTC2023
|
||||
|
||||
@@ -14,4 +14,5 @@ No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
|
||||
|
||||
@@ -35,6 +35,7 @@ In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the
|
||||
- https://github.com/CnHack3r/Penetration_PoC
|
||||
- https://github.com/Cyc1eC/CVE-2019-13272
|
||||
- https://github.com/De4dCr0w/Linux-kernel-EoP-exp
|
||||
- https://github.com/DrewSC13/Linpeas
|
||||
- https://github.com/EchoGin404/-
|
||||
- https://github.com/EchoGin404/gongkaishouji
|
||||
- https://github.com/Getshell/LinuxTQ
|
||||
|
||||
@@ -46,6 +46,7 @@ No PoCs from references.
|
||||
- https://github.com/SofianeHamlaoui/Conti-Clear
|
||||
- https://github.com/TCM-Course-Resources/Windows-Privilege-Escalation-Resources
|
||||
- https://github.com/Tyro-Shan/gongkaishouji
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
|
||||
- https://github.com/YgorAlberto/Ethical-Hacker
|
||||
- https://github.com/YgorAlberto/ygoralberto.github.io
|
||||
|
||||
@@ -61,6 +61,7 @@ In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can
|
||||
- https://github.com/TCM-Course-Resources/Linux-Privilege-Escalation-Resources
|
||||
- https://github.com/Tharana/Exploiting-a-Linux-kernel-vulnerability
|
||||
- https://github.com/Tharana/vulnerability-exploitation
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/ZeusBanda/Linux_Priv-Esc_Cheatsheet
|
||||
- https://github.com/a-nonymou-s/Agent-Sudo
|
||||
- https://github.com/aWtlcm9h/Memo
|
||||
|
||||
@@ -15,6 +15,7 @@ An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bo
|
||||
#### Github
|
||||
- https://github.com/Al1ex/LinuxEelvation
|
||||
- https://github.com/De4dCr0w/Linux-kernel-EoP-exp
|
||||
- https://github.com/DrewSC13/Linpeas
|
||||
- https://github.com/JlSakuya/Linux-Privilege-Escalation-Exploits
|
||||
- https://github.com/bsauce/kernel-exploit-factory
|
||||
- https://github.com/bsauce/kernel-security-learning
|
||||
|
||||
@@ -27,6 +27,7 @@ In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigg
|
||||
- https://github.com/DarkFunct/CVE_Exploits
|
||||
- https://github.com/Dinesh-999/Hacking_contents
|
||||
- https://github.com/Drakfunc/CVE_Exploits
|
||||
- https://github.com/DrewSC13/Linpeas
|
||||
- https://github.com/InesMartins31/iot-cves
|
||||
- https://github.com/Ly0nt4r/OSCP
|
||||
- https://github.com/N1et/CVE-2019-18634
|
||||
|
||||
@@ -37,6 +37,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
|
||||
- https://github.com/SukaraLin/CVE-2019-2890
|
||||
- https://github.com/Waseem27-art/ART-TOOLKIT
|
||||
- https://github.com/Weik1/Artillery
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/YellowVeN0m/Pentesters-toolbox
|
||||
- https://github.com/ZO1RO/CVE-2019-2890
|
||||
- https://github.com/aiici/weblogicAllinone
|
||||
|
||||
@@ -29,6 +29,7 @@ Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw
|
||||
- https://github.com/EchoGin404/gongkaishouji
|
||||
- https://github.com/Elsfa7-110/kenzer-templates
|
||||
- https://github.com/GhostTroops/TOP
|
||||
- https://github.com/KTH-LangSec/server-side-prototype-pollution
|
||||
- https://github.com/LandGrey/CVE-2019-7609
|
||||
- https://github.com/Mehedi-Babu/web_security_cyber
|
||||
- https://github.com/Mr-xn/Penetration_Testing_POC
|
||||
|
||||
@@ -72,6 +72,7 @@ A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) valid
|
||||
- https://github.com/SherlockSec/CVE-2020-0601
|
||||
- https://github.com/Threekiii/Awesome-POC
|
||||
- https://github.com/Tyro-Shan/gongkaishouji
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
|
||||
- https://github.com/Yamato-Security/EnableWindowsLogSettings
|
||||
- https://github.com/YoannDqr/CVE-2020-0601
|
||||
|
||||
@@ -39,6 +39,7 @@ No PoCs from references.
|
||||
- https://github.com/NetW0rK1le3r/awesome-hacking-lists
|
||||
- https://github.com/Q4n/CVE-2020-1362
|
||||
- https://github.com/Tyro-Shan/gongkaishouji
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
|
||||
- https://github.com/ZTK-009/Penetration_PoC
|
||||
- https://github.com/cyberanand1337x/bug-bounty-2022
|
||||
|
||||
@@ -25,6 +25,7 @@ No PoCs from references.
|
||||
- https://github.com/SouthWind0/southwind0.github.io
|
||||
- https://github.com/Threekiii/Awesome-POC
|
||||
- https://github.com/Threekiii/Vulhub-Reproduce
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/Z0fhack/Goby_POC
|
||||
- https://github.com/alphaSeclab/sec-daily-2020
|
||||
- https://github.com/apachecn-archive/Middleware-Vulnerability-detection
|
||||
|
||||
@@ -171,6 +171,7 @@ An elevation of privilege vulnerability exists when an attacker establishes a vu
|
||||
- https://github.com/WiIs0n/Zerologon_CVE-2020-1472
|
||||
- https://github.com/WillOram/ADReset
|
||||
- https://github.com/XTeam-Wing/Hunting-Active-Directory
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/XiaoliChan/zerologon-Shot
|
||||
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
|
||||
- https://github.com/YangSirrr/YangsirStudyPlan
|
||||
|
||||
@@ -37,5 +37,6 @@ An elevation of privilege vulnerability exists when the Windows AppX Deployment
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/gitaramos/links
|
||||
|
||||
|
||||
@@ -74,6 +74,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
|
||||
- https://github.com/Umarovm/-Patched-McMaster-University-Blind-Command-Injection
|
||||
- https://github.com/Weik1/Artillery
|
||||
- https://github.com/XTeam-Wing/CVE-2020-14882
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/Yang0615777/PocList
|
||||
- https://github.com/Z0fhack/Goby_POC
|
||||
- https://github.com/Zero094/Vulnerability-verification
|
||||
|
||||
@@ -30,6 +30,7 @@ An issue was discovered in SaltStack Salt through 3002. Sending crafted web requ
|
||||
- https://github.com/SexyBeast233/SecBooks
|
||||
- https://github.com/Threekiii/Awesome-POC
|
||||
- https://github.com/Threekiii/Vulhub-Reproduce
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/Z0fhack/Goby_POC
|
||||
- https://github.com/bakery312/Vulhub-Reproduce
|
||||
- https://github.com/d4n-sec/d4n-sec.github.io
|
||||
|
||||
@@ -25,6 +25,7 @@
|
||||
- https://github.com/FDlucifer/Proxy-Attackchain
|
||||
- https://github.com/HackingCost/AD_Pentest
|
||||
- https://github.com/SexyBeast233/SecBooks
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/alphaSeclab/sec-daily-2020
|
||||
- https://github.com/hktalent/bug-bounty
|
||||
- https://github.com/laoqin1234/https-github.com-HackingCost-AD_Pentest
|
||||
|
||||
@@ -47,6 +47,7 @@ No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/alphaSeclab/sec-daily-2020
|
||||
- https://github.com/developer3000S/PoC-in-GitHub
|
||||
- https://github.com/hectorgie/PoC-in-GitHub
|
||||
|
||||
@@ -51,6 +51,7 @@ No PoCs from references.
|
||||
- https://github.com/Strokekilla/Rubeus
|
||||
- https://github.com/Whiteh4tWolf/Attack-Defense
|
||||
- https://github.com/XTeam-Wing/Hunting-Active-Directory
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/ZyberPatrol/Active-Directory
|
||||
- https://github.com/alphaSeclab/sec-daily-2020
|
||||
- https://github.com/aymankhder/AD-attack-defense
|
||||
|
||||
17
2020/CVE-2020-19294.md
Normal file
17
2020/CVE-2020-19294.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2020-19294](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19294)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://www.seebug.org/vuldb/ssvid-97952
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -66,6 +66,7 @@ A vulnerability in the web services interface of Cisco Adaptive Security Applian
|
||||
- https://github.com/Tyro-Shan/gongkaishouji
|
||||
- https://github.com/Veids/CVE-2020-3452_auto
|
||||
- https://github.com/XDev05/CVE-2020-3452-PoC
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
|
||||
- https://github.com/Z0fhack/Goby_POC
|
||||
- https://github.com/ZTK-009/Penetration_PoC
|
||||
|
||||
@@ -20,6 +20,7 @@ No PoCs from references.
|
||||
- https://github.com/HimmelAward/Goby_POC
|
||||
- https://github.com/PalindromeLabs/Java-Deserialization-CVEs
|
||||
- https://github.com/SexyBeast233/SecBooks
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/Z0fhack/Goby_POC
|
||||
- https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
@@ -105,6 +105,7 @@ In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.
|
||||
- https://github.com/Un4gi/CVE-2020-5902
|
||||
- https://github.com/Waseem27-art/ART-TOOLKIT
|
||||
- https://github.com/WingsSec/Meppo
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/YIXINSHUWU/Penetration_Testing_POC
|
||||
- https://github.com/YellowVeN0m/Pentesters-toolbox
|
||||
- https://github.com/Ygodsec/-
|
||||
|
||||
@@ -21,6 +21,7 @@ CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and be
|
||||
- https://github.com/CVEDB/top
|
||||
- https://github.com/GhostTroops/TOP
|
||||
- https://github.com/JERRY123S/all-poc
|
||||
- https://github.com/XTeam-Wing/RedTeaming2020
|
||||
- https://github.com/cyberanand1337x/bug-bounty-2022
|
||||
- https://github.com/developer3000S/PoC-in-GitHub
|
||||
- https://github.com/hectorgie/PoC-in-GitHub
|
||||
|
||||
@@ -32,6 +32,7 @@ A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in n
|
||||
- https://github.com/Ch4nc3n/PublicExploitation
|
||||
- https://github.com/ChoKyuWon/exploit_articles
|
||||
- https://github.com/Dikens88/hopp
|
||||
- https://github.com/DrewSC13/Linpeas
|
||||
- https://github.com/EGI-Federation/SVG-advisories
|
||||
- https://github.com/Ha0-Y/LinuxKernelExploits
|
||||
- https://github.com/Ha0-Y/kernel-exploit-cve
|
||||
|
||||
@@ -61,6 +61,7 @@ Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based
|
||||
- https://github.com/DanielShmu/OSCP-Cheat-Sheet
|
||||
- https://github.com/DarkFunct/CVE_Exploits
|
||||
- https://github.com/Drakfunc/CVE_Exploits
|
||||
- https://github.com/DrewSC13/Linpeas
|
||||
- https://github.com/EGI-Federation/SVG-advisories
|
||||
- https://github.com/EdgeSecurityTeam/Vulnerability
|
||||
- https://github.com/EvilAnne/2021-Read-article
|
||||
|
||||
@@ -28,6 +28,7 @@ It was found that polkit could be tricked into bypassing the credential checks f
|
||||
- https://github.com/BizarreLove/CVE-2021-3560
|
||||
- https://github.com/CharonDefalt/linux-exploit
|
||||
- https://github.com/Desm0ndChan/OSCP-cheatsheet
|
||||
- https://github.com/DrewSC13/Linpeas
|
||||
- https://github.com/EGI-Federation/SVG-advisories
|
||||
- https://github.com/GibzB/THM-Captured-Rooms
|
||||
- https://github.com/HadessCS/Awesome-Privilege-Escalation
|
||||
|
||||
@@ -66,6 +66,7 @@ A local privilege escalation vulnerability was found on polkit's pkexec utility.
|
||||
- https://github.com/DavidSerre/Pwnkit
|
||||
- https://github.com/Desm0ndChan/OSCP-cheatsheet
|
||||
- https://github.com/DosAmp/pkwned
|
||||
- https://github.com/DrewSC13/Linpeas
|
||||
- https://github.com/EstamelGG/CVE-2021-4034-NoGCC
|
||||
- https://github.com/Ethical-Dyl/gamingserver-writeup
|
||||
- https://github.com/Ethical-Dyl/road-writeup
|
||||
|
||||
@@ -14,5 +14,6 @@ A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/me
|
||||
|
||||
#### Github
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/karanlvm/DirtyPipe-Exploit
|
||||
- https://github.com/si1ent-le/CVE-2022-0847
|
||||
|
||||
|
||||
@@ -222,6 +222,7 @@ A flaw was found in the way the "flags" member of the new pipe buffer structure
|
||||
- https://github.com/jxpsx/CVE-2022-0847-DirtyPipe-Exploits
|
||||
- https://github.com/k0mi-tg/CVE-POC
|
||||
- https://github.com/kaosagnt/ansible-everyday
|
||||
- https://github.com/karanlvm/DirtyPipe-Exploit
|
||||
- https://github.com/karimhabush/cyberowl
|
||||
- https://github.com/kdn111/linux-kernel-exploitation
|
||||
- https://github.com/kgwanjala/oscp-cheatsheet
|
||||
|
||||
@@ -25,6 +25,7 @@ O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vulnerabilit
|
||||
- https://github.com/trhacknon/Pocingit
|
||||
- https://github.com/whoforget/CVE-POC
|
||||
- https://github.com/wy876/POC
|
||||
- https://github.com/wy876/wiki
|
||||
- https://github.com/youwizard/CVE-POC
|
||||
- https://github.com/zecool/cve
|
||||
|
||||
|
||||
@@ -14,6 +14,7 @@ Parse Server is an open source http web server backend. In versions prior to 4.1
|
||||
|
||||
#### Github
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/KTH-LangSec/server-side-prototype-pollution
|
||||
- https://github.com/NaInSec/CVE-PoC-in-GitHub
|
||||
- https://github.com/SYRTI/POC_to_review
|
||||
- https://github.com/WhooAmii/POC_to_review
|
||||
|
||||
@@ -50,4 +50,5 @@ No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/Wack0/dubiousdisk
|
||||
|
||||
|
||||
@@ -50,5 +50,6 @@ No PoCs from references.
|
||||
#### Github
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/Haera/NTCrawler
|
||||
- https://github.com/haera/NTCrawler
|
||||
- https://github.com/tanjiti/sec_profile
|
||||
|
||||
|
||||
@@ -14,5 +14,6 @@ No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/KTH-LangSec/server-side-prototype-pollution
|
||||
- https://github.com/tanjiti/sec_profile
|
||||
|
||||
|
||||
18
2022/CVE-2022-41878.md
Normal file
18
2022/CVE-2022-41878.md
Normal file
@@ -0,0 +1,18 @@
|
||||
### [CVE-2022-41878](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41878)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option `requestKeywordDenylist` can be injected via Cloud Code Webhooks or Triggers. This will result in the keyword being saved to the database, bypassing the `requestKeywordDenylist` option. This issue is fixed in versions 4.10.19, and 5.3.2. If upgrade is not possible, the following Workarounds may be applied: Configure your firewall to only allow trusted servers to make request to the Parse Server Cloud Code Webhooks API, or block the API completely if you are not using the feature.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/KTH-LangSec/server-side-prototype-pollution
|
||||
|
||||
17
2022/CVE-2022-41879.md
Normal file
17
2022/CVE-2022-41879.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2022-41879](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41879)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.3 or 4.10.20, a compromised Parse Server Cloud Code Webhook target endpoint allows an attacker to use prototype pollution to bypass the Parse Server `requestKeywordDenylist` option. This issue has been patched in versions 5.3.3 and 4.10.20. There are no known workarounds.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/KTH-LangSec/server-side-prototype-pollution
|
||||
|
||||
@@ -18,6 +18,7 @@ No PoCs from references.
|
||||
- https://github.com/NexovaDev/UpdateHub
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
- https://github.com/Threekiii/CVE
|
||||
- https://github.com/WalccDev/CVE-2023-2033
|
||||
- https://github.com/dan-mba/python-selenium-news
|
||||
|
||||
@@ -16,6 +16,7 @@ No PoCs from references.
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
- https://github.com/Threekiii/CVE
|
||||
- https://github.com/ayman-m/rosetta
|
||||
- https://github.com/karimhabush/cyberowl
|
||||
|
||||
55
2023/CVE-2023-21560.md
Normal file
55
2023/CVE-2023-21560.md
Normal file
@@ -0,0 +1,55 @@
|
||||
### [CVE-2023-21560](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21560)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
&color=blue)
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Windows Boot Manager Security Feature Bypass Vulnerability
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/Wack0/dubiousdisk
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
17
2023/CVE-2023-23917.md
Normal file
17
2023/CVE-2023-23917.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2023-23917](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23917)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affect the cloud infrastructure. This attack vector also may increase the impact of XSS to RCE which is dangerous for self-hosted users as well.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/KTH-LangSec/server-side-prototype-pollution
|
||||
|
||||
17
2023/CVE-2023-26793.md
Normal file
17
2023/CVE-2023-26793.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2023-26793](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26793)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in read_io_status function in src/modbus.c.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/stephane/libmodbus/issues/683
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -19,6 +19,7 @@ No PoCs from references.
|
||||
#### Github
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
- https://github.com/jake-44/Research
|
||||
- https://github.com/karimhabush/cyberowl
|
||||
|
||||
|
||||
@@ -19,6 +19,7 @@ No PoCs from references.
|
||||
- https://github.com/C4ndyF1sh/CrashControl
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
- https://github.com/ZZY3312/CVE-2023-28206
|
||||
- https://github.com/acceleratortroll/acceleratortroll
|
||||
- https://github.com/jake-44/Research
|
||||
|
||||
43
2023/CVE-2023-28249.md
Normal file
43
2023/CVE-2023-28249.md
Normal file
@@ -0,0 +1,43 @@
|
||||
### [CVE-2023-28249](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28249)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
&color=blue)
|
||||
&color=blue)
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Windows Boot Manager Security Feature Bypass Vulnerability
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/Wack0/dubiousdisk
|
||||
|
||||
43
2023/CVE-2023-28269.md
Normal file
43
2023/CVE-2023-28269.md
Normal file
@@ -0,0 +1,43 @@
|
||||
### [CVE-2023-28269](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28269)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
&color=blue)
|
||||
&color=blue)
|
||||
|
||||
|
||||
&color=blue)
|
||||
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Windows Boot Manager Security Feature Bypass Vulnerability
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/Wack0/dubiousdisk
|
||||
|
||||
@@ -66,6 +66,7 @@ No PoCs from references.
|
||||
- https://github.com/unam4/CVE-2023-28432-minio_update_rce
|
||||
- https://github.com/whoami13apt/files2
|
||||
- https://github.com/wy876/POC
|
||||
- https://github.com/wy876/wiki
|
||||
- https://github.com/xk-mt/CVE-2023-28432
|
||||
- https://github.com/yTxZx/CVE-2023-28432
|
||||
- https://github.com/yuyongxr/minio_cve-2023-28432
|
||||
|
||||
17
2023/CVE-2023-29725.md
Normal file
17
2023/CVE-2023-29725.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2023-29725](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29725)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29725/CVE%20detail.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2023/CVE-2023-29737.md
Normal file
17
2023/CVE-2023-29737.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2023-29737](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29737)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause a denial of service via the database files.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29737/CVE%20detail.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -10,6 +10,7 @@ An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unau
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29739/CVE%20detail.md
|
||||
- https://play.google.com/store/apps/details?id=com.amdroidalarmclock.amdroid
|
||||
|
||||
#### Github
|
||||
|
||||
@@ -10,6 +10,7 @@ An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unau
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29740/CVE%20detail.md
|
||||
- https://play.google.com/store/apps/details?id=com.amdroidalarmclock.amdroid
|
||||
|
||||
#### Github
|
||||
|
||||
17
2023/CVE-2023-29749.md
Normal file
17
2023/CVE-2023-29749.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2023-29749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29749)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29749/CVE%20detailed.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2023/CVE-2023-29752.md
Normal file
17
2023/CVE-2023-29752.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2023-29752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29752)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29752/CVE%20detailed.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2023/CVE-2023-29757.md
Normal file
17
2023/CVE-2023-29757.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2023-29757](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29757)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/LianKee/SO-CVEs/blob/main/CVEs/CVE-2023-29757/CVE%20detailed.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -16,6 +16,7 @@ Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote a
|
||||
#### Github
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
- https://github.com/Threekiii/CVE
|
||||
- https://github.com/Uniguri/CVE-1day
|
||||
- https://github.com/ZonghaoLi777/githubTrending
|
||||
|
||||
@@ -14,4 +14,5 @@ Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An
|
||||
|
||||
#### Github
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/KTH-LangSec/server-side-prototype-pollution
|
||||
|
||||
|
||||
@@ -13,5 +13,5 @@ Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with
|
||||
- https://www.elastic.co/community/security/
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
- https://github.com/KTH-LangSec/server-side-prototype-pollution
|
||||
|
||||
|
||||
@@ -14,4 +14,5 @@ No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/em1ga3l/cve-msrc-extractor
|
||||
- https://github.com/theryeguy92/HTB-Solar-Lab
|
||||
|
||||
|
||||
@@ -51,4 +51,5 @@ Openfire is an XMPP server licensed under the Open Source Apache License. Openfi
|
||||
- https://github.com/ohnonoyesyes/CVE-2023-32315
|
||||
- https://github.com/pinguimfu/kinsing-killer
|
||||
- https://github.com/tangxiaofeng7/CVE-2023-32315-Openfire-Bypass
|
||||
- https://github.com/theryeguy92/HTB-Solar-Lab
|
||||
|
||||
|
||||
@@ -22,4 +22,5 @@ No PoCs from references.
|
||||
#### Github
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
|
||||
|
||||
@@ -15,5 +15,6 @@ No PoCs from references.
|
||||
#### Github
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
- https://github.com/xairy/linux-kernel-exploitation
|
||||
|
||||
|
||||
@@ -15,5 +15,6 @@ No PoCs from references.
|
||||
#### Github
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
- https://github.com/xairy/linux-kernel-exploitation
|
||||
|
||||
|
||||
@@ -15,5 +15,6 @@ No PoCs from references.
|
||||
#### Github
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
- https://github.com/xairy/linux-kernel-exploitation
|
||||
|
||||
|
||||
@@ -20,4 +20,5 @@ Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying
|
||||
- https://github.com/onion2203/Lab_Reportlab
|
||||
- https://github.com/sahiloj/CVE-2023-33732
|
||||
- https://github.com/tanjiti/sec_profile
|
||||
- https://github.com/theryeguy92/HTB-Solar-Lab
|
||||
|
||||
|
||||
@@ -18,4 +18,5 @@ No PoCs from references.
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://github.com/seal-community/patches
|
||||
- https://github.com/testing-felickz/docker-scout-demo
|
||||
- https://github.com/zgimszhd61/openai-sec-test-cve-quickstart
|
||||
|
||||
|
||||
@@ -14,4 +14,5 @@ No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://github.com/zgimszhd61/openai-security-app-quickstart
|
||||
|
||||
|
||||
17
2023/CVE-2023-36475.md
Normal file
17
2023/CVE-2023-36475.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2023-36475](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36475)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/KTH-LangSec/server-side-prototype-pollution
|
||||
|
||||
21
2023/CVE-2023-40424.md
Normal file
21
2023/CVE-2023-40424.md
Normal file
@@ -0,0 +1,21 @@
|
||||
### [CVE-2023-40424](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40424)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/zgimszhd61/openai-sec-test-cve-quickstart
|
||||
|
||||
@@ -17,5 +17,6 @@ No PoCs from references.
|
||||
#### Github
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
- https://github.com/houjingyi233/macOS-iOS-system-security
|
||||
|
||||
|
||||
@@ -19,6 +19,7 @@ No PoCs from references.
|
||||
- https://github.com/MrR0b0t19/vulnerabilidad-LibWebP-CVE-2023-41064
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
- https://github.com/alsaeroth/CVE-2023-41064-POC
|
||||
- https://github.com/apt0factury/CVE-2023-41064
|
||||
- https://github.com/caoweiquan322/NotEnough
|
||||
|
||||
@@ -17,6 +17,7 @@ No PoCs from references.
|
||||
#### Github
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
- https://github.com/XLsn0w/Cydia
|
||||
- https://github.com/XLsn0w/Cydiapps
|
||||
- https://github.com/XLsn0w/TrollStore2
|
||||
|
||||
@@ -17,4 +17,5 @@ No PoCs from references.
|
||||
#### Github
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
|
||||
|
||||
@@ -19,6 +19,7 @@ No PoCs from references.
|
||||
- https://github.com/J3Ss0u/CVE-2023-41993
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
- https://github.com/ZonghaoLi777/githubTrending
|
||||
- https://github.com/aneasystone/github-trending
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@@ -22,5 +22,6 @@ No PoCs from references.
|
||||
- https://github.com/Moonshieldgru/Moonshieldgru
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
- https://github.com/xairy/linux-kernel-exploitation
|
||||
|
||||
|
||||
17
2023/CVE-2023-42363.md
Normal file
17
2023/CVE-2023-42363.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2023-42363](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42363)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/cdupuis/aspnetapp
|
||||
|
||||
17
2023/CVE-2023-42364.md
Normal file
17
2023/CVE-2023-42364.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2023-42364](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42364)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/cdupuis/aspnetapp
|
||||
|
||||
17
2023/CVE-2023-42365.md
Normal file
17
2023/CVE-2023-42365.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2023-42365](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42365)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/cdupuis/aspnetapp
|
||||
|
||||
17
2023/CVE-2023-42366.md
Normal file
17
2023/CVE-2023-42366.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2023-42366](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42366)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/cdupuis/aspnetapp
|
||||
|
||||
@@ -18,4 +18,5 @@ No PoCs from references.
|
||||
#### Github
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
|
||||
|
||||
@@ -18,4 +18,5 @@ No PoCs from references.
|
||||
#### Github
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
|
||||
|
||||
@@ -22,5 +22,7 @@ NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthent
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://github.com/nvn1729/advisories
|
||||
- https://github.com/tanjiti/sec_profile
|
||||
- https://github.com/wjlin0/poc-doc
|
||||
- https://github.com/wy876/POC
|
||||
- https://github.com/wy876/wiki
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
- https://seclists.org/fulldisclosure/2024/Mar/9
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@@ -12,6 +12,7 @@ The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. Th
|
||||
|
||||
#### Reference
|
||||
- http://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html
|
||||
- http://seclists.org/fulldisclosure/2024/Apr/18
|
||||
- https://packetstormsecurity.com/files/175676/Apache-ActiveMQ-Unauthenticated-Remote-Code-Execution.html
|
||||
|
||||
#### Github
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
- https://www.vicarius.io/vsociety/posts/shadowray-cve-2023-48022-exploit
|
||||
|
||||
#### Github
|
||||
- https://github.com/0x656565/CVE-2023-48022
|
||||
|
||||
@@ -10,6 +10,7 @@ An authentication bypass vulnerability was found in Stilog Visual Planning 8. It
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- http://seclists.org/fulldisclosure/2024/Apr/1
|
||||
- https://www.schutzwerk.com/advisories/SCHUTZWERK-SA-2023-003.txt
|
||||
- https://www.schutzwerk.com/blog/schutzwerk-sa-2023-003/
|
||||
|
||||
|
||||
@@ -19,6 +19,7 @@ No PoCs from references.
|
||||
- https://github.com/Keeper-Security/gitbook-release-notes
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
|
||||
- https://github.com/RENANZG/My-Forensics
|
||||
- https://github.com/Threekiii/CVE
|
||||
- https://github.com/Trinadh465/platform_external_libvpx_v1.4.0_CVE-2023-5217
|
||||
- https://github.com/Trinadh465/platform_external_libvpx_v1.8.0_CVE-2023-5217
|
||||
|
||||
17
2023/CVE-2023-5585.md
Normal file
17
2023/CVE-2023-5585.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2023-5585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5585)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input "><script>confirm (document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242170 is the identifier assigned to this vulnerability.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://vuldb.com/?id.242170
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
17
2023/CVE-2023-5729.md
Normal file
17
2023/CVE-2023-5729.md
Normal file
@@ -0,0 +1,17 @@
|
||||
### [CVE-2023-5729](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5729)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://bugzilla.mozilla.org/show_bug.cgi?id=1823720
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user