mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-08 22:35:37 +02:00
Update CVE sources 2024-08-27 19:05
This commit is contained in:
0xMarcio
@@ -60,6 +60,7 @@ The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote
|
||||
- https://github.com/crypticdante/CVE-2007-2447
|
||||
- https://github.com/gwyomarch/Lame-HTB-Writeup-FR
|
||||
- https://github.com/hussien-almalki/Hack_lame
|
||||
- https://github.com/jaydenxjayden/HTB-writeup
|
||||
- https://github.com/jwardsmith/Penetration-Testing
|
||||
- https://github.com/k4u5h41/CVE-2007-2447
|
||||
- https://github.com/macosta-42/Exploit-Development
|
||||
|
||||
@@ -56,6 +56,7 @@ The SSL protocol, as used in certain configurations in Microsoft Windows and Mic
|
||||
- https://github.com/odolezal/D-Link-DIR-655
|
||||
- https://github.com/orgTestCodacy11KRepos110MB/repo-3654-reg
|
||||
- https://github.com/pashicop/3.9_1
|
||||
- https://github.com/password123456/setup-apache-http-server-with-shorts-security-best-practice
|
||||
- https://github.com/stanmay77/security
|
||||
- https://github.com/swod00/litecoin_demo
|
||||
- https://github.com/tzaffi/testssl-report
|
||||
|
||||
@@ -102,6 +102,7 @@ The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses
|
||||
- https://github.com/nikolay480/devops-netology
|
||||
- https://github.com/odolezal/D-Link-DIR-655
|
||||
- https://github.com/pashicop/3.9_1
|
||||
- https://github.com/password123456/setup-apache-http-server-with-shorts-security-best-practice
|
||||
- https://github.com/puppetlabs/puppetlabs-compliance_profile
|
||||
- https://github.com/r0metheus/poodle-attack
|
||||
- https://github.com/r0metheus/poodle-attack-poc
|
||||
|
||||
@@ -201,6 +201,7 @@ A remote code execution vulnerability exists in Remote Desktop Services formerly
|
||||
- https://github.com/chalern/Pentest-Tools
|
||||
- https://github.com/chandiradeshan12/CVE-Reports-and-TryHackMe-Room-Creation
|
||||
- https://github.com/ciakim/CVE-2019-0709
|
||||
- https://github.com/clcert/clcert-web
|
||||
- https://github.com/clcert/clcert.cl
|
||||
- https://github.com/closethe/CVE-2019-0708-POC
|
||||
- https://github.com/codereveryday/Programming-Hacking-Resources
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2019-10894](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10894)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://usn.ubuntu.com/3986-1/
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -10,7 +10,7 @@ In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file pars
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
- https://usn.ubuntu.com/3986-1/
|
||||
|
||||
#### Github
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2019-10896](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10896)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://usn.ubuntu.com/3986-1/
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2019-10899](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10899)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://usn.ubuntu.com/3986-1/
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2019-10901](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10901)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://usn.ubuntu.com/3986-1/
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -11,6 +11,7 @@ In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS diss
|
||||
|
||||
#### Reference
|
||||
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15568
|
||||
- https://usn.ubuntu.com/3986-1/
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -2495,6 +2495,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/WhitmoreLakeRobotics/2020-GameChangers-Club
|
||||
- https://github.com/WhitmoreLakeRobotics/2022-Mecanum
|
||||
- https://github.com/WhitmoreLakeRobotics/2022-TSOC
|
||||
- https://github.com/WhitmoreLakeRobotics/2023-FTC-CenterStage
|
||||
- https://github.com/Wilke000/FTC-arm_drive-2023
|
||||
- https://github.com/WillRages/23-24_CenterStage6093
|
||||
- https://github.com/William-McGonagle/Maincode-2021
|
||||
@@ -3415,6 +3416,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/lakeridgeacademy/2022-power-play
|
||||
- https://github.com/lancelarsen/PhoenixForceFreightFrenzy
|
||||
- https://github.com/lancelarsen/PhoenixForceUltimateGoal
|
||||
- https://github.com/lancelarsen/PhoenixForceUltimateGoal2
|
||||
- https://github.com/largoftc/Firsttech
|
||||
- https://github.com/larrytao05/FtcRobotController
|
||||
- https://github.com/laupetre/FTC-2021
|
||||
@@ -4145,6 +4147,7 @@ jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishan
|
||||
- https://github.com/zachwaffle4/InvictaCode-21-22
|
||||
- https://github.com/zaheersufi/power-play-16911
|
||||
- https://github.com/zandersmall/Robotics2020Code
|
||||
- https://github.com/zedaes/PG-Odometry
|
||||
- https://github.com/zeitlerquintet/jquery-2.2.4-patched
|
||||
- https://github.com/zeitlersensetence/jquery-2.2.4-patched
|
||||
- https://github.com/zema1/oracle-vuln-crawler
|
||||
|
||||
@@ -10,6 +10,7 @@ In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash.
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://usn.ubuntu.com/3986-1/
|
||||
- https://www.oracle.com/security-alerts/cpujan2020.html
|
||||
|
||||
#### Github
|
||||
|
||||
@@ -11,6 +11,7 @@ In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related disse
|
||||
|
||||
#### Reference
|
||||
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15447
|
||||
- https://usn.ubuntu.com/3986-1/
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2019-9214](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9214)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://usn.ubuntu.com/3986-1/
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -104,6 +104,7 @@ It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was in
|
||||
- https://github.com/cyberanand1337x/bug-bounty-2022
|
||||
- https://github.com/cybfar/cve-2021-42013-httpd
|
||||
- https://github.com/d4n-sec/d4n-sec.github.io
|
||||
- https://github.com/defronixpro/Defronix-Cybersecurity-Roadmap
|
||||
- https://github.com/dial25sd/arf-vulnerable-vm
|
||||
- https://github.com/e-hakson/OSCP
|
||||
- https://github.com/eljosep/OSCP-Guide
|
||||
|
||||
@@ -13,5 +13,5 @@ A vulnerability was found in novel-plus 3.6.2 and classified as critical. Affect
|
||||
- https://github.com/OYyunshen/Poc/blob/main/Novel-PlusSqli1.pdf
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
- https://github.com/N0boy-0/vulenv
|
||||
|
||||
|
||||
@@ -21,6 +21,7 @@ Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware
|
||||
- https://github.com/BrittanyKuhn/javascript-tutorial
|
||||
- https://github.com/CVEDB/awesome-cve-repo
|
||||
- https://github.com/CVEDB/top
|
||||
- https://github.com/FeatherStark/GIOP-Protocol-Analysis
|
||||
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
|
||||
- https://github.com/KimJun1010/WeblogicTool
|
||||
- https://github.com/MMarch7/weblogic_CVE-2023-21931_POC-EXP
|
||||
|
||||
@@ -0,0 +1,18 @@
|
||||
### [CVE-2023-26315](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26315)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
The Xiaomi router AX9000 has a post-authentication command injection vulnerability. This vulnerability is caused by the lack of input filtering, allowing an attacker to exploit it to obtain root access to the device.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/Mr-xn/Penetration_Testing_POC
|
||||
- https://github.com/winmt/winmt
|
||||
|
||||
@@ -13,6 +13,7 @@ An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the c
|
||||
- https://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel/
|
||||
|
||||
#### Github
|
||||
- https://github.com/0-d3y/CVE-2023-29489
|
||||
- https://github.com/0-d3y/XSS_1915
|
||||
- https://github.com/1337r0j4n/CVE-2023-29489
|
||||
- https://github.com/Abdullah7-ma/CVE-2023-29489
|
||||
|
||||
@@ -13,6 +13,7 @@ Ghost before 5.42.1 allows remote attackers to read arbitrary files within the a
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/AXRoux/Ghost-Path-Traversal-CVE-2023-32235-
|
||||
- https://github.com/VEEXH/Ghost-Path-Traversal-CVE-2023-32235-
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
|
||||
@@ -13,5 +13,6 @@ social-media-skeleton is an uncompleted social media project. A SQL injection vu
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/N0boy-0/vulenv
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
|
||||
@@ -14,6 +14,7 @@ A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been clas
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/sectool
|
||||
- https://github.com/PumpkinBridge/CVE-2023-4542
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://github.com/tanjiti/sec_profile
|
||||
- https://github.com/wjlin0/poc-doc
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2023-4545](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4545)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is an unknown function of the file ?r=recruit/bgchecks/export&checkids=x. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238056. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/siyu15/cve/blob/main/sql.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2023-49582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49582)
|
||||
&color=blue)
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h)Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
### [CVE-2023-4993](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4993)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
### [CVE-2023-5983](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5983)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
### [CVE-2023-6190](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6190)
|
||||
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
### [CVE-2024-0563](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0563)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
|
||||
@@ -18,6 +18,7 @@ No PoCs from references.
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
- https://github.com/k3ppf0r/2024-PocLib
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://github.com/nvn1729/advisories
|
||||
- https://github.com/tanjiti/sec_profile
|
||||
- https://github.com/wjlin0/poc-doc
|
||||
- https://github.com/wy876/POC
|
||||
|
||||
@@ -26,5 +26,6 @@ Windows USB Print Driver Elevation of Privilege Vulnerability
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/5angjun/5angjun
|
||||
- https://github.com/NaInSec/CVE-LIST
|
||||
|
||||
|
||||
@@ -26,5 +26,6 @@ Windows USB Print Driver Elevation of Privilege Vulnerability
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/5angjun/5angjun
|
||||
- https://github.com/NaInSec/CVE-LIST
|
||||
|
||||
|
||||
@@ -13,5 +13,6 @@ Cacti provides an operational monitoring and fault management framework. Prior t
|
||||
- https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88
|
||||
|
||||
#### Github
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://github.com/tanjiti/sec_profile
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows a
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
- https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape
|
||||
|
||||
#### Github
|
||||
- https://github.com/Marven11/CVE-2024-28397
|
||||
|
||||
@@ -15,6 +15,7 @@ XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 a
|
||||
#### Github
|
||||
- https://github.com/Ostorlab/KEV
|
||||
- https://github.com/bigb0x/CVE-2024-31982
|
||||
- https://github.com/defronixpro/Defronix-Cybersecurity-Roadmap
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
- https://github.com/tanjiti/sec_profile
|
||||
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-34087](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34087)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://themodernham.com/bbs-hacking-discovering-rce-within-bpq32-seh-based-buffer-overflow/
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-34510](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34510)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Gradio before 4.20 allows credential leakage on Windows.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/nvn1729/advisories
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-35178](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-35178)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other network-accessible machines or 3rd party services using that credential. Or an attacker perform an NTLM relay attack without cracking the credential to gain access to other network-accessible machines. This vulnerability is fixed in 2.14.1.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/nvn1729/advisories
|
||||
|
||||
@@ -52,6 +52,7 @@ Windows TCP/IP Remote Code Execution Vulnerability
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/0xMarcio/cve
|
||||
- https://github.com/being1943/my_rss_reader
|
||||
- https://github.com/kherrick/hacker-news
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-38859](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38859)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-39097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39097)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/gnuboard/g6/issues/582
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-39641](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39641)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-39645](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39645)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-39657](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39657)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Cross-Site Request Forgery (CSRF) vulnerability in Sender Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce.This issue affects Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce: from n/a through 2.6.18.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
@@ -0,0 +1,19 @@
|
||||
### [CVE-2024-41173](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41173)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local authentication bypass by a low privileged attacker.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@@ -0,0 +1,19 @@
|
||||
### [CVE-2024-41174](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41174)
|
||||
|
||||
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@@ -0,0 +1,19 @@
|
||||
### [CVE-2024-41175](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41175)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
The IPC-Diagnostics package included in TwinCAT/BSD is vulnerable to a local denial-of-service attack by a low privileged attacker.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@@ -0,0 +1,19 @@
|
||||
### [CVE-2024-41176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41176)
|
||||
|
||||
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged localattacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code inthe context of user “root” via a crafted HTTP request.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42008](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42008)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42009)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -10,7 +10,7 @@ mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
- https://sonarsource.com/blog/government-emails-at-risk-critical-cross-site-scripting-vulnerability-in-roundcube-webmail/
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42474](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42474)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/nvn1729/advisories
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42554](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42554)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_added.php.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/7d2ebfe6dfa87eecf8f3e6d4eefc48ba
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42555](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42555)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/afd445b90e13a27a6422cea2f5ff0f64
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42556](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42556)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type parameter at admin_room_removed.php.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/9688bcdd3e05ba79ebf4ff1042609b20
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42557](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42557)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/0785597ae7abc8f10cd5c5537f5467b5
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42560](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42560)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A cross-site scripting (XSS) vulnerability in the component update_page_details.php of Blood Bank And Donation Management System commit dc9e039 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Details parameter.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/4c05ee72ab4b365ef81c199aaa0558d0
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42562](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42562)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoice_number parameter at preview.php.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/2dcca275bcc18e8058cefef714a2f61b
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42567](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42567)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the sid parameter at /search.php?action=2.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/96ba3f6ccd333480aa86e7078c4886d7
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42568](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42568)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/38a30275374ef796ab860795f5df4dac
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42569)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at paidclass.php.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/20a81dbf47d371e1dabe08f350c8185d
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42571](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42571)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at insertattendance.php.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/5c8e289fa66702fd3acbed558ee449dd
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42574](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42574)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at attendance.php.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/7064f8bbd3977ee665a098efcd0170c0
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42575](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42575)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at substaff.php.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/2fddc00b33b038cd778c1e4fb1936a15
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42576](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42576)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A Cross-Site Request Forgery (CSRF) in the component edit_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/50a1d8ad7effd9ccd089952602c831d3
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42578](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42578)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A Cross-Site Request Forgery (CSRF) in the component edit_product.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/5eacc7e418e3b73b7ad1fa05d1a72aeb
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42579](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42579)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/ed59fb8b35a220dfa064a3a3cb1ecb1b
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42580](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42580)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A Cross-Site Request Forgery (CSRF) in the component edit_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/8a05309486637d8c6ce8c6624ec1e897
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42581](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42581)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A Cross-Site Request Forgery (CSRF) in the component delete_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/2bd26343ccdff7c759f62d332c8caff6
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42582](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42582)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A Cross-Site Request Forgery (CSRF) in the component delete_categorie.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/c0d78b257ce1e661be30de1ce9551d27
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42583](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42583)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A Cross-Site Request Forgery (CSRF) in the component delete_user.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/dac0206b8de14763bdbe2b6bb7020cdc
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42585](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42585)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A Cross-Site Request Forgery (CSRF) in the component delete_media.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/topsky979/33de7a4bd7a4517a26fa4e4911b7fb1d
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42604](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42604)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_group.php?mode=delete&group_id=3
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/jinwu1234567890/cms2/tree/main/1/readme.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42605](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42605)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/edit_page.php?link_id=1
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/jinwu1234567890/cms2/tree/main/3/readme.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42607](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42607)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=database
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/jinwu1234567890/cms2/tree/main/9/readme.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42609](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42609)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_backup.php?dobackup=avatars
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/jinwu1234567890/cms2/tree/main/8/readme.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42611](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42611)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/admin_page.php?link_id=1&mode=delete
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/jinwu1234567890/cms2/tree/main/4/readme.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42613](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42613)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=install&widget=akismet
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/jinwu1234567890/cms2/tree/main/14/readme.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42616](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42616)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_widgets.php?action=remove&widget=Statistics
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/jinwu1234567890/cms2/tree/main/13/readme.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42617](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42617)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_config.php?action=save&var_id=32
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/jinwu1234567890/cms2/tree/main/11/readme.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42619](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42619)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/domain_management.php?id=0&list=whitelist&remove=pligg.com
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/jinwu1234567890/cms2/tree/main/17/readme.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42621](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42621)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/admin_editor.php
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/jinwu1234567890/cms2/tree/main/12/readme.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42636](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42636)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/iami233/cve/issues/1
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42787](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42787)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "description" parameter fields.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42789](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42789)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/controller.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42815](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42815)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
In the TP-Link RE365 V1_180213, there is a buffer overflow vulnerability due to the lack of length verification for the USER_AGENT field in /usr/bin/httpd. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://gist.github.com/XiaoCurry/14d46e0becd79d9bb9907f2fbe147cfe
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -13,6 +13,7 @@ An eval Injection vulnerability in the component invesalius/reader/dicom.py of I
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/alessio-romano/Sfoffo-Pentesting-Notes
|
||||
- https://github.com/alessio-romano/alessio-romano
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42852](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42852)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Cross Site Scripting vulnerability in AcuToWeb server v.10.5.0.7577C8b allows a remote attacker to execute arbitrary code via the index.php component.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/Hebing123/cve/issues/64
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-42906](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42906)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
- https://github.com/Alkatraz97/CVEs/blob/main/CVE-2024-42906.md
|
||||
|
||||
#### Github
|
||||
No PoCs found on GitHub currently.
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
### [CVE-2024-42992](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-42992)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Python Pip Pandas v2.2.2 was discovered to contain an arbitrary file read vulnerability.
|
||||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
|
||||
|
||||
### POC
|
||||
|
||||
|
||||
@@ -10,7 +10,7 @@ An issue in the downloader.php component of TOSEI online store management system
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
- https://gist.github.com/b0rgch3n/6ba0b04da7e48ead20f10b15088fd244
|
||||
|
||||
#### Github
|
||||
- https://github.com/b0rgch3n/b0rgch3n
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43116](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43116)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Cross-Site Request Forgery (CSRF) vulnerability in 10up Simple Local Avatars.This issue affects Simple Local Avatars: from n/a through 2.7.10.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43117](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43117)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Cross-Site Request Forgery (CSRF) vulnerability in WPMU DEV Hummingbird.This issue affects Hummingbird: from n/a through 3.9.1.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43214](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43214)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Missing Authorization vulnerability in myCred.This issue affects myCred: from n/a through 2.7.2.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43230](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43230)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Shared Files – File Upload Form Shared Files.This issue affects Shared Files: from n/a through 1.7.28.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43251](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43251)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Bit Apps Bit Form Pro.This issue affects Bit Form Pro: from n/a through 2.6.4.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43255](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43255)
|
||||
|
||||
|
||||
&color=brighgreen)
|
||||
|
||||
### Description
|
||||
|
||||
Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore allows Cross-Site Scripting (XSS).This issue affects MyBookTable Bookstore: from n/a through 3.3.9.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43257](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43257)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Nouthemes Leopard - WordPress offload media.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43258](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43258)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Store Locator Plus.This issue affects Store Locator Plus: from n/a through 2311.17.01.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43259](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43259)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in JEM Plugins Order Export for WooCommerce.This issue affects Order Export for WooCommerce: from n/a through 3.23.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
@@ -0,0 +1,17 @@
|
||||
### [CVE-2024-43264](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43264)
|
||||
|
||||
|
||||
|
||||
|
||||
### Description
|
||||
|
||||
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Mediavine Create by Mediavine.This issue affects Create by Mediavine: from n/a through 1.9.8.
|
||||
|
||||
### POC
|
||||
|
||||
#### Reference
|
||||
No PoCs from references.
|
||||
|
||||
#### Github
|
||||
- https://github.com/20142995/nuclei-templates
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user